v 1.2.8

Added asrdrv106 as provider 28 (CVE-2020-15368) Internal rearrange Readme updated
Qy486 · Dec 2, 2022 · 319f5d0 · 319f5d0
1 parent 154faf7
commit 319f5d0
Show file tree

Hide file tree

Showing 66 changed files with 1,429 additions and 257 deletions.
diff --git a/KDU.sha256 b/KDU.sha256
diff --git a/README.md b/README.md
@@ -132,6 +132,7 @@ You use it at your own risk. Some lazy AV may flag this tool as hacktool/malware
 | 25          | Zemana         | amsdk       | WatchDog/MalwareFox/Zemana AM      | Original          | 3.0.0 and below             |                      |
 | 26          | HiRes Ent.     | inpoutx64   | Various                            | WINIO             | 1.2.0 and below             |                      |
 | 27          | PassMark       | DirectIo64  | PassMark OSForensics               | Original          | Any                         |                      |
+| 28          | ASRock         | AsrDrv106   | Phantom Gaming Tuning              | RwEverything      | 1.0.6 and below             |                      |
 
 ###### *At commit time, data maybe inaccurate.
 
@@ -193,6 +194,7 @@ Using this program might crash your computer with BSOD. Compiled binary and sour
 * KDU v1.1 release and bonus (AsIO3.sys unlock), https://swapcontext.blogspot.com/2021/04/kdu-v11-release-and-bonus-asio3sys.html
 * GhostEmperor: From ProxyLogon to kernel mode, https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/
 * KDU v1.2 release and the wonderful world of Microsoft incoherency, https://swapcontext.blogspot.com/2022/02/kdu-v12-release-and-wonderful-world-of.html
+* How to exploit a vulnerable windows driver, https://github.com/stong/CVE-2020-15368
 
 # Wormhole drivers code
 

diff --git a/Source/Hamakaze/KDU.vcxproj b/Source/Hamakaze/KDU.vcxproj
@@ -134,6 +134,7 @@
     <ClCompile Include="drvmap.cpp" />
     <ClCompile Include="dsefix.cpp" />
     <ClCompile Include="hde\hde64.c" />
+    <ClCompile Include="idrv\asrdrv.cpp" />
     <ClCompile Include="idrv\atszio.cpp" />
     <ClCompile Include="idrv\dbk.cpp" />
     <ClCompile Include="idrv\dbutil.cpp" />
@@ -181,6 +182,7 @@
     <ClInclude Include="dsefix.h" />
     <ClInclude Include="global.h" />
     <ClInclude Include="hde\hde64.h" />
+    <ClInclude Include="idrv\asrdrv.h" />
     <ClInclude Include="idrv\atszio.h" />
     <ClInclude Include="idrv\dbk.h" />
     <ClInclude Include="idrv\ldrsc.h" />
@@ -202,6 +204,7 @@
     <ClInclude Include="ipcsvc.h" />
     <ClInclude Include="shellcode.h" />
     <ClInclude Include="diag.h" />
+    <ClInclude Include="sig.h" />
     <ClInclude Include="wdksup.h" />
     <ClInclude Include="kduplist.h" />
     <ClInclude Include="kduprov.h" />

diff --git a/Source/Hamakaze/KDU.vcxproj.filters b/Source/Hamakaze/KDU.vcxproj.filters
@@ -174,6 +174,9 @@
     <ClCompile Include="idrv\zemana.cpp">
       <Filter>Source Files\idrv</Filter>
     </ClCompile>
+    <ClCompile Include="idrv\asrdrv.cpp">
+      <Filter>Source Files\idrv</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="global.h">
@@ -320,6 +323,12 @@
     <ClInclude Include="..\Shared\kdubase.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="idrv\asrdrv.h">
+      <Filter>Source Files\idrv</Filter>
+    </ClInclude>
+    <ClInclude Include="sig.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="resource.rc">

diff --git a/Source/Hamakaze/KDU.vcxproj.user b/Source/Hamakaze/KDU.vcxproj.user
@@ -1,11 +1,11 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <LocalDebuggerCommandArguments>-test</LocalDebuggerCommandArguments>
+    <LocalDebuggerCommandArguments>-prv 28 -map c:\install\dummy2.sys</LocalDebuggerCommandArguments>
     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <LocalDebuggerCommandArguments>-prv 27 -map c:\install\dummy.sys</LocalDebuggerCommandArguments>
+    <LocalDebuggerCommandArguments>-prv 28 -map c:\install\dummy2.sys</LocalDebuggerCommandArguments>
     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
   </PropertyGroup>
 </Project>
diff --git a/Source/Hamakaze/diag.cpp b/Source/Hamakaze/diag.cpp
@@ -4,9 +4,9 @@
 *
 *  TITLE:       DIAG.CPP
 *
-*  VERSION:     1.25
+*  VERSION:     1.28
 *
-*  DATE:        17 Aug 2022
+*  DATE:        21 Nov 2022
 *
 *  Hamakaze system diagnostics component.
 *
@@ -766,6 +766,62 @@ VOID KDUListDrivers(
 
 }
 
+VOID KDUListMemoryLayout()
+{
+    PCM_FULL_RESOURCE_DESCRIPTOR pDesc;
+    PCM_RESOURCE_LIST pList = supQueryPhysicalMemoryLayout();
+    PCM_PARTIAL_RESOURCE_DESCRIPTOR pPartialDesc;
+    if (pList == NULL)
+        return;
+
+    printf_s("ResourceList Count %lx\r\n", pList->Count);
+    for (ULONG i = 0; i < pList->Count; i++) {
+        pDesc = &pList->List[i];
+
+        printf_s("pDesc[%lu].PartialResourceList.Count %lu\r\n",
+            i,
+            pDesc->PartialResourceList.Count);
+
+        for (ULONG j = 0; j < pDesc->PartialResourceList.Count; j++) {
+
+            pPartialDesc = &pDesc->PartialResourceList.PartialDescriptors[j];
+
+            if (pPartialDesc->Type == CmResourceTypeMemory ||
+                pPartialDesc->Type == CmResourceTypeMemoryLarge)
+            {
+                ULONGLONG length = pPartialDesc->u.Memory.Length;
+
+                switch (pPartialDesc->Flags & CM_RESOURCE_MEMORY_LARGE)
+                {
+                case CM_RESOURCE_MEMORY_LARGE_40:
+                    length <<= 8;
+                    break;
+                case CM_RESOURCE_MEMORY_LARGE_48:
+                    length <<= 16;
+                    break;
+                case CM_RESOURCE_MEMORY_LARGE_64:
+                    length <<= 32;
+                    break;
+                }
+
+                printf_s("#%lu Flags 0x%04lX 0x%016llX::0x%016llX (length 0x%016llX, %llu Mb)\r\n",
+                    j,
+                    pPartialDesc->Flags,
+                    pPartialDesc->u.Memory.Start.QuadPart,
+                    pPartialDesc->u.Memory.Start.QuadPart + length,
+                    length,
+                    length / 1024 / 1024);
+
+            }
+            else {
+                printf_s("#%lu Type 0x%04lX, Flags 0x%04lX\r\n", j, pPartialDesc->Type, pPartialDesc->Flags);
+            }
+        }
+
+    }
+    supHeapFree(pList);
+}
+
 VOID KDUDiagStart()
 {
     PRTL_PROCESS_MODULES pvModules;
@@ -811,6 +867,9 @@ VOID KDUDiagStart()
 
         printf_s("> List of registered minifilters\r\n");
         KDUListFilters();
+
+        printf_s("> Physical memory layout\r\n");
+        KDUListMemoryLayout();
     }
     __except (EXCEPTION_EXECUTE_HANDLER) {
         supPrintfEvent(kduEventError, "Exception (0x%lX) during diagnostics\r\n", GetExceptionCode());