A shitty implementation of what i wanted to do. Should require some fixing to make it work.
The project consists of several key components:
The core kernel-mode driver that handles memory operations, PML4 manipulation, and IOCTL communication.
A driver mapper utility that facilitates loading unsigned drivers into the Windows kernel.
A component that prepares the system for driver loading and handles initialization.
The user-mode interface that communicates with the kernel driver to perform operations.
- Visual Studio 2019 or newer
- Windows Driver Kit (WDK)
- Windows SDK
- C++ development tools
- Open
core.slnin Visual Studio - Select the desired configuration (Debug/Release)
- Build the solution
- Load the driver using the KDMapper utility
- Use the usermode interface to communicate with the driver
- Perform memory operations as needed
// Example usage in usermode
if (!device_t.start_service()) {
m_log("[-] Driver not loaded\n");
return 0;
}
// Get process ID
device_t.m_pid = device_t.get_process_id("target.exe");
// Resolve DTB (Directory Table Base)
if (!device_t.resolve_dtb()) {
m_log("[-] failed to get dtb\n");
return FALSE;
}
// Get module base address
device_t.m_base = device_t.get_module_base(0);This project is licensed under the MIT License - see the LICENSE file for details.
Contributions are welcome. Please feel free to submit a Pull Request.