v 1.1.0

Additional provider added, CVE-2019-8372
Readme updated;
(release candidate 2)

KDU.sha256

@@ -1,7 +1,7 @@
-d637984a1866f76b3660c00decf1130d84ddc9a8fde540f2ec6a73b3e99c92c6 *Bin\drv64.dll
+fd325d696bf72019c2296e909283bd65c8a5075fa29b76410696c43e4bd15eb7 *Bin\drv64.dll
 293cb9a86a3f89e377ef5c6716d70bbdfd9c57ff0a07d484bd8abc1f521e70cc *Bin\dummy.sys
 82370b38b940f98013a6506a82c35913ec810f312d93b93b5406f3caf07bda9f *Bin\dummy2.sys
-ec17ccfbb8577e7bf496741994d5d566fd27a876c58ad20c48943c63244121c9 *Bin\kdu.exe
+8346a03d4d81ff1c903b41eeebc1c51172922c40a9c9abd88033289676cd6af2 *Bin\kdu.exe
 d1de3738065ee9682af1efa91a14addcf50bfc5828cf78efd7b5182a714fcdfd *Bin\license.txt
 323d910f93683453d45239a0528d3c3cda7f2608fca864fd2a687184ffe129fe *Help\kdu1.png
 a1d7a51549914833a3414a93646952c25deabe072d8a271b54e10727f923b479 *Help\kdu2.png
@@ -27,56 +27,58 @@ d45cf40c855a135898e4b35d0b5b2d00e3ad251a97d3f47990248116f22ff45e *Source\Example
 1a429882d1bfd0455b00155d19dc4dd494e25e80a87fd3a0f9b318b33ac1b871 *Source\Examples\DummyDrv2\dummy\main.c
 103a979ec980d48e7c27199433b0ecbb1fdcdebf8ee96c84c8db2cae0aa4ced8 *Source\Examples\DummyDrv2\dummy\main.h
 10b9fe09b9357cb3c35a00a8b09ae24141ec5941a37c461c2a296d822aa2b512 *Source\Examples\DummyDrv2\dummy\r3request.c
-ec57dd8bb32017fc3601579e07aa1e588f739f5de960a896bab11f180d7a5ea5 *Source\Hamakaze\compess.cpp
+44644d5cc4b2c892bc56e8ccf9049bc834fa3375c224ab4b8a911bbdfbc1c675 *Source\Hamakaze\compess.cpp
 369a8f1d6cf3919dd77d631c57b89cd02b1eb73831ff54d108ede6367ed9f4c0 *Source\Hamakaze\compress.h
-bbef6bc6c031f5d337398afef0d094ca6987a7907901490b54d1bb85e95410a8 *Source\Hamakaze\consts.h
-f29d0c4fe990c38742ea0cba48169153a9c2981d06de90d7697282b59a2c8681 *Source\Hamakaze\drvmap.cpp
+957976f88c807cb69dad326ece79d53e06b1b6bd0f38162ee381b3098c765e8f *Source\Hamakaze\consts.h
+735c639bfc08aff9b2492eec01a43e2ad380fd16e41b06a591661bf8f26c38d8 *Source\Hamakaze\drvmap.cpp
 bf441b39bc025f2222b1e40fd1afde4fe997b251bce19423cc02b462c5ca929e *Source\Hamakaze\drvmap.h
-c3ae763e68f61645ecceb3ed04bda705f4e3120d893a707b01d82d725ed54c33 *Source\Hamakaze\dsefix.cpp
+f89ac71bdf3da199f6fe1329d229a5b415f185e7abf4773bc919079e4426f9f0 *Source\Hamakaze\dsefix.cpp
 c8b1ae58b617d925bf2a19fd5c0a21071f653458d175482c2f2e74b55ecb6066 *Source\Hamakaze\dsefix.h
 6fa1dd9a0d98c77c9771ac9101cb2113f3a0c4694b3496c76a5f95364da339ce *Source\Hamakaze\global.h
-2bba920132c9453a5e9a1ae6cf392a0ef238262fbec27cea43ddd9e4f936aa68 *Source\Hamakaze\KDU.vcxproj
-7d5c3da9f0af126b839d20d4a3f09fbe20a069de2f4a9a120c1299923fc44291 *Source\Hamakaze\KDU.vcxproj.filters
-e28b6d6190896074c23d4943b760653dc4ea47ec13a05ae937c35633d1026822 *Source\Hamakaze\KDU.vcxproj.user
-f01d57f2c6a3847839d253a5bb3b0ea0987c19df95f78b9a400c5c3c525da2b7 *Source\Hamakaze\kduplist.h
-25c7a1429c58eb175a6c8bea2a215ee15f850da6df9e6542299f99c459570d35 *Source\Hamakaze\kduprov.cpp
-ad49b2da0ce31363b5733dbfa1af229d5cc10832a48014ec3a866346be42cb6c *Source\Hamakaze\kduprov.h
-ec8207b322a621228a2a887733218cbdacf1c96f8efed017629df76dddb3cf33 *Source\Hamakaze\main.cpp
+bef8c55a59343ee973000f111e5bcb72a2a5f0fda5ee50c690ef9b4dea4bb9a2 *Source\Hamakaze\KDU.vcxproj
+aee0974a0de52eaefa9716211b49c0ef87b949e1ae18594dbfb67f2539214dd9 *Source\Hamakaze\KDU.vcxproj.filters
+b215f619acfd54447992c1dcc7a8ba3619040883ada7747fbbf387503e1d564e *Source\Hamakaze\KDU.vcxproj.user
+54ee88e69bf2dec7adc540bf698a88140083fac34bc320568d2a736519b82c51 *Source\Hamakaze\kduplist.h
+bbb326865324fed339735b0d33a24409a57110fe7e5c8315dfb87d568d9a1962 *Source\Hamakaze\kduprov.cpp
+957b21f799a30a501e7d9ac888cc2f09942f25b165e6ef3bf0df5feae6246ab5 *Source\Hamakaze\kduprov.h
+321d4bd555554c8af4d48e3814c4a63095bd00e18a60f72b04eeae2c49e6c730 *Source\Hamakaze\main.cpp
 b631a32082e8855942ef32eed728bc1b801ff5edd6b3dc3ef97df2b6dfa5434b *Source\Hamakaze\pagewalk.cpp
 545ecf7e669b6b28753a02e33fae6f503750d26cf0bf9089701f401fd24e0dd1 *Source\Hamakaze\pagewalk.h
-1dfd49dbd39f0c63d1398b64d2ea4187b36201ae2cd76c785dfd736ae33284ef *Source\Hamakaze\ps.cpp
+6fab38e28fb9fe4e993a8ce5a932907155927e37cee865332099ffa848f2b394 *Source\Hamakaze\ps.cpp
 b8998a06b4f7a7bc724f22ee0adfad7636e66d75f46ebc065ab7898888fe6017 *Source\Hamakaze\ps.h
 8602466131240873672fd38bc977ca9d4e69e37ccb3f5b716fc695cce1e0b195 *Source\Hamakaze\resource.h
 fd70f9cf3430a4cb6b4fcfe458f211e7464f22624670e9c8819387c89fc7aedb *Source\Hamakaze\resource.rc
-fd7c96a2f38ad20dc1ca6b57a87a7719de8e59436d316dd90f13707d563a39a1 *Source\Hamakaze\shellcode.cpp
+745db22a8df7d294dde642ce1a40a6d41e56f3ae78355eaf77cb2cfcec8f3a99 *Source\Hamakaze\shellcode.cpp
 47f83ecc1674a80151a89994af0242e41a1638eea3fe61b9aceaa0ac437f2b13 *Source\Hamakaze\shellcode.h
-81cb41cc004bd601f38deb7c43cc81cc5c3139b800d3c28c8039d553360f7012 *Source\Hamakaze\sup.cpp
-844df6484ad1e5cfdc083d31a64a2ec095d545c751a93f7100c7e6450f81bb1c *Source\Hamakaze\sup.h
-fb3b4e11412110a1fd27571f6647cdb26a690779eb5b4f60b92afa66abbc6108 *Source\Hamakaze\tests.cpp
+6c63c314f0af76f50a35493681877d1898eb9bf2622f29cced24fb5421f056f4 *Source\Hamakaze\sup.cpp
+6a882bbe359ccd64542e1d8eef5aeda92e79c4a7f879ad5874a973a44c9c9a0c *Source\Hamakaze\sup.h
+2752cd265c5472eb6281f7c7c983e05fa9a5287ea18ffa6d32f17d69672fb7f8 *Source\Hamakaze\tests.cpp
 ad77ae168188a9748713ab5f7532447ca50a539fa8ebbec5ac86b273696b028e *Source\Hamakaze\tests.h
-90390d916e4ea2ee896e5cdf5d0ab39f0b975f935231f1e5ab8ad001b25a10e2 *Source\Hamakaze\victim.cpp
+e0564204976bd689d0dfb07be5f511c9f778848afb67cd62b56a01492f03bf7f *Source\Hamakaze\victim.cpp
 57f9d6b92de51d66e43f12e9caceb2229a0aa4e84a43081d50cb632256c771a0 *Source\Hamakaze\victim.h
 329412146007b0520c3d24522768b46f0e0b4d067def7c851e6a0f20309b9624 *Source\Hamakaze\wdksup.h
 8d3fcef10a20e04ece6190e0de3c89f59a9977b774ab90e8a65a363d7302daeb *Source\Hamakaze\hde\hde64.c
 fd5b39e2865e12b9525ebda8fd9e9658b341ead5932d1bcb412a189f81ca42ca *Source\Hamakaze\hde\hde64.h
 9d37519623d404987300d3f3258148ba9adddfe1bed5f89a0e9e47646819c9c7 *Source\Hamakaze\hde\pstdint.h
 0b6c69ad498e67907e0c574ab06123aee4ec30c99fa181099ea929a8d820bfc1 *Source\Hamakaze\hde\table64.h
-138c1db99ebca1fee89c266b7febe4bf7f275bd8adc6517587e54ac927fb53ad *Source\Hamakaze\idrv\atszio.cpp
+efec363c53200544abf164fc5860096c19231ff169c61ec5576ef6196c57ad3a *Source\Hamakaze\idrv\atszio.cpp
 015a6aff991174a881650c61fe1b28c5bfe3116a02a32abe5295ff389c5b7099 *Source\Hamakaze\idrv\atszio.h
-868870b383a73934b94db7af2880156c9158f973b85b143d4b2278a56d9ee201 *Source\Hamakaze\idrv\mapmem.cpp
-7d8bea821d835ea545a934188191908266aabf3b7e3dac6287ee20305eb67bf1 *Source\Hamakaze\idrv\mapmem.h
-9ce15286cb4b9c882724233f38fac40934e10b844cbb2b1a30b69d00dbca4f31 *Source\Hamakaze\idrv\nal.cpp
-d514bf3a639c437b81a9f73819d48c130e6f00502be4058615c9c8af91875c24 *Source\Hamakaze\idrv\nal.h
-4e5f3191e1cc3860c78ecfa6412d9408d0cc52695041ce5b3fb0829932a1278b *Source\Hamakaze\idrv\phymem.cpp
+c220864dbf36ed019b6b446ee9b0e422eb051cc837854cc3b14f039a0094af25 *Source\Hamakaze\idrv\lha.cpp
+dcb5da7acb4997abbde8372a8daf74dae5727ca5cbf80b26876fdb4cb2a0bc08 *Source\Hamakaze\idrv\lha.h
+90795437576a9afd238f4720638c3e0644afe5b2a273b1de308b70677b8d088a *Source\Hamakaze\idrv\mapmem.cpp
+619e958c85923e3b5326ac1df06eaf081d164cbcaef383ca5cd53f4c6fd73b90 *Source\Hamakaze\idrv\mapmem.h
+ce53137a648e55c800e6641b9cb3bf9c148598bbb47972b947f4e4620ae61c9d *Source\Hamakaze\idrv\nal.cpp
+5cb51cbc6d2b2e3174fc2ebbb713e32c34d4d367f299060f400dac331183d236 *Source\Hamakaze\idrv\nal.h
+9fae1cf81db6f1f82d799bac7ab39107f521df5184e2d0b2b2cd94b1e23dcdbc *Source\Hamakaze\idrv\phymem.cpp
 399a9ced700381d0e3641f2d97a3e9f5dd59cbe22098ac9c0178454f9060d412 *Source\Hamakaze\idrv\phymem.h
-d3b41832142b78302fa8d24abe0a915c5044373fd28ac11012786e8eff20bf52 *Source\Hamakaze\idrv\rtcore.cpp
-415623944767bff1bc57cc040b04cf353327cec556881420ed145b88d3188c6f *Source\Hamakaze\idrv\rtcore.h
+2ff062c55d5d9da7e79001fa3a9b367090e8b201f5954bd9f3e14923ac690586 *Source\Hamakaze\idrv\rtcore.cpp
+08f75ea88874a507c132bafc412c88f9cc9862f78c238dcbd0cc480a04a438f4 *Source\Hamakaze\idrv\rtcore.h
 a0ed8a22c14b35bccd1ff0f45c8b23cad0f8c3af1d8e924caf4bfd63dfb02d89 *Source\Hamakaze\idrv\rzpnk.cpp
 36ec0baeec7b61dbd9936507fcf1bf5aefec08e96ffe3bcb4883785ea2d9a542 *Source\Hamakaze\idrv\rzpnk.h
-019c520e5e253e7f92d254aaf804f30ee8ebfa333fdf4c802b30bdf1b5c857d7 *Source\Hamakaze\idrv\winio.cpp
+9d76c86d6577e4ab62e56d8cbe76bfbea82316630ae9676ea84fd9d52fe12224 *Source\Hamakaze\idrv\winio.cpp
 1fcce56727a3a4b8be5514b14a2924b899e14eb9f39dc65550f2ff1ae1a8f310 *Source\Hamakaze\idrv\winio.h
-154f9992eea4903fcfd70d5b156be3778edf34ae3a85f350476e28fa0a085c65 *Source\Hamakaze\idrv\winring0.cpp
-e5f75a1c9261e08986a3fbe1455465d256da90444dad5e4acf9a53df18f75e54 *Source\Hamakaze\idrv\winring0.h
+f4946622445254d0515abe0899c96b46146c5f4390d56f1d7d09a97780cda396 *Source\Hamakaze\idrv\winring0.cpp
+b9dbf5257f95e5b31f0838f6b192a2dc2b7a6021f73c6249671bdf47b2998ec8 *Source\Hamakaze\idrv\winring0.h
 893b90b942372928009bad64f166c7018701497e4f7cd1753cdc44f76da06707 *Source\Hamakaze\minirtl\cmdline.c
 bd6fe82852c4fcdfab559defa33ea394b752a4e4a5ac0653ae20c4a94b0175ed *Source\Hamakaze\minirtl\cmdline.h
 2a08385892845104b4f07d693ca395eba3a09e4aa89ad791be3807919316ed67 *Source\Hamakaze\minirtl\minirtl.h
@@ -104,10 +106,10 @@ f66c8a7d577c5daad5ccb9d7b1269b2ef274914cf0ed9bb9c8ca3f1755ed26df *Source\Taigei\
 8b14163e1cf7ca090fe44dcf2342eb8a9eac03821b5ff20fd51a16966061d4a7 *Source\Taigei\Taigei.vcxproj
 c06a15e597a68a248263c0e417b21b4b5f32fbd6685871d10e8cc5a22db2cfc3 *Source\Taigei\Taigei.vcxproj.filters
 c06a75b13f855a94d46616796e024c52b499f8f92cf00ccb571ddbc6ff574676 *Source\Taigei\Taigei.vcxproj.user
-29e351431949b975e808fed1d6760879714ea31bb305b8b2d4f481015de60629 *Source\Tanikaze\resource.h
-01876b8103c783e984f5bce5de2497f918339938692ebc2242f6403ebadba567 *Source\Tanikaze\resource.rc
-ff4f8c3f49d11f2a0971d0f71053a199d7f595a9f5c8780d37cc14f4895f8ee2 *Source\Tanikaze\Tanikaze.vcxproj
-29a010645ae4035bd05e17fd69b756448059de40df3772b793ab307096df479e *Source\Tanikaze\Tanikaze.vcxproj.filters
+149a026bc6a232f5b397ade54ffae15d6ce4ab8758706fc7c992861f3fc2bc1a *Source\Tanikaze\resource.h
+254ae16a2271a85195bff7c4e269e1e515cc7c8b83103e0ae2df8b6cd5f0c4d2 *Source\Tanikaze\resource.rc
+2fe095577ec2b12e744d409beafdb0495a03ad2573ef7a108960c14e0048a8e1 *Source\Tanikaze\Tanikaze.vcxproj
+9b350e73bb0edd936d32ed3874c436360a5f88a531dbfb6c5c1baa1b752bc16f *Source\Tanikaze\Tanikaze.vcxproj.filters
 c06a75b13f855a94d46616796e024c52b499f8f92cf00ccb571ddbc6ff574676 *Source\Tanikaze\Tanikaze.vcxproj.user
 0fb2bb7aef5099368666e15e0d9153632d59fed28004c059d7bd189c6f94756d *Source\Tanikaze\drv\ATSZIO64.bin
 3807f05c6f366f8b7c144e794bcc06971c97ba68f93b737cd08067e89915db6a *Source\Tanikaze\drv\ene2.bin
@@ -116,6 +118,7 @@ ceeaced1793b41c31ba19e950532dd84547e29d8fea7616c1170dec247a9043f *Source\Tanikaz
 535d0789ba0e4e1bc7f745d569655b7cbe3cabdbddaa3703f1a72263ef0e8a10 *Source\Tanikaze\drv\gdrv.bin
 603e5ded3aadba9c05cdac5ebb2871f50b38c1935906153e09890aefe4bdcdcd *Source\Tanikaze\drv\GLCKIO2.bin
 6c437a5ca3ce25b930523bc980b596187de3cc4a02efb26e292022278ce1852a *Source\Tanikaze\drv\iQVM64.bin
+420ee2263a2367efbca22ff6be7e094b18e8a6fb1c2b01828a76c9d78f139c3b *Source\Tanikaze\drv\lha.bin
 a8dc2e6c2cf3cd59af18e2ea9964a8b343188ea329f5fd3d8339b00770c84391 *Source\Tanikaze\drv\MsIo64.bin
 cff4a69c13785898a59453978135d67b6855c34b807e031a7c81e45cb7b41785 *Source\Tanikaze\drv\Phymemx64.bin
 1994d6bafbc36bd18cd424e2560f3182c352ac4bfb5c89165e30cc6a86d932d1 *Source\Tanikaze\drv\procexp.bin

README.md

@@ -95,18 +95,21 @@ You use it at your own risk. Some lazy AV may flag this tool as hacktool/malware
 
 # Currently Supported Providers
 
-+ Intel Network Adapter Diagnostic Driver of version 1.03.0.7;
-+ RTCore64 driver from MSI Afterburner of version 4.6.2 build 15658 and below;
-+ Gdrv (MapMem) driver from various Gigabyte TOOLS of undefined version;
-+ ATSZIO64 driver from ASUSTeK WinFlash utility of various versions;
-+ MICSYS MsIo (WinIo) driver from Patriot Viper RGB utility of version 1.0;
-+ GLCKIO2 (WinIo) driver from ASRock Polychrome RGB of version 1.0.4;
-+ EneIo (WinIo) driver from G.SKILL Trident Z Lighting Control of version 1.00.08;
-+ WinRing0x64 driver from EVGA Precision X1 of version 1.0.2.0;
-+ EneTechIo (WinIo) driver from Thermaltake TOUGHRAM software of version 1.0.3;
-+ PhyMemx64 (WinIo) driver from Huawei MateBook Manager software of undefined version;
-+ RtkIo64 (PhyMem) driver from Realtek Dash Client Utility of various versions;
-+ EneTechIo (WinIo) driver from MSI Dragon Center of various versions.
+| Provider Id | Product Vendor | Driver      | Software package                   | Code base         | Version                     |
+|:-----------:|----------------|-------------|------------------------------------|-------------------|-----------------------------|
+|      0      | Intel          | IQVM64      | Network Adapter Diagnostic Driver  | Original          | 1.03.0.7                    |
+|      1      | MSI            | RTCore64    | MSI Afterburner                    | Semi-original     | 4.6.2 build 15658 and below |
+|      2      | Gigabyte       | Gdrv        | Gigabyte TOOLS                     | MAPMEM NTDKK 3.51 | Undefined                   |
+|      3      | ASUSTeK        | ATSZIO64    | ASUSTeK WinFlash utility           | Semi-original     | Undefined                   |
+|      4      | Patriot        | MsIo64      | Patriot Viper RGB utility          | WINIO             | 1.0                         |
+|      5      | ASRock         | GLCKIO2     | ASRock Polychrome RGB              | WINIO             | 1.0.4                       |
+|      6      | G.SKILL        | EneIo64     | G.SKILL Trident Z Lighting Control | WINIO             | 1.00.08                     |
+|      7      | EVGA           | WinRing0x64 | EVGA Precision X1                  | WINRING0          | 1.0.2.0                     |
+|      8      | Thermaltake    | EneTechIo64 | Thermaltake TOUGHRAM software      | WINIO             | 1.0.3                       |
+|      9      | Huawei         | PhyMemx64   | Huawei MateBook Manager software   | WINIO             | Undefined                   |
+|      10     | Realtek        | RtkIo64     | Realtek Dash Client Utility        | PHYMEM            | Various                     |
+|      11     | MSI            | EneTechIo64 | MSI Dragon Center                  | WINIO             | Various                     |
+|      12     | LG             | LHA         | LG Device Manager                  | Semi-original     | 1.6.0.2                     |
 
 More providers maybe added in the future.
 
@@ -144,6 +147,7 @@ Using this program might render your computer into BSOD. Compiled binary and sou
 * ATSZIO64 ASUS Drivers Privilege Escalation, https://github.com/LimiQS/AsusDriversPrivEscala
 * CVE-2019-18845, https://www.activecyber.us/activelabs/viper-rgb-driver-local-privilege-escalation-cve-2019-18845
 * DEFCON27: Get off the kernel if you cant drive, https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf
+* CVE-2019-8372: Local Privilege Elevation in LG Kernel Driver, http://www.jackson-t.ca/lg-driver-lpe.html
 
 # Wormhole drivers code
 

Source/Hamakaze/KDU.vcxproj

@@ -107,6 +107,7 @@
     <ClCompile Include="dsefix.cpp" />
     <ClCompile Include="hde\hde64.c" />
     <ClCompile Include="idrv\atszio.cpp" />
+    <ClCompile Include="idrv\lha.cpp" />
     <ClCompile Include="idrv\mapmem.cpp" />
     <ClCompile Include="idrv\phymem.cpp" />
     <ClCompile Include="idrv\winio.cpp" />
@@ -143,6 +144,7 @@
     <ClInclude Include="global.h" />
     <ClInclude Include="hde\hde64.h" />
     <ClInclude Include="idrv\atszio.h" />
+    <ClInclude Include="idrv\lha.h" />
     <ClInclude Include="idrv\mapmem.h" />
     <ClInclude Include="idrv\phymem.h" />
     <ClInclude Include="idrv\winio.h" />

Source/Hamakaze/KDU.vcxproj.filters

@@ -126,6 +126,9 @@
     <ClCompile Include="shellcode.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="idrv\lha.cpp">
+      <Filter>Source Files\idrv</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="global.h">
@@ -218,6 +221,9 @@
     <ClInclude Include="shellcode.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="idrv\lha.h">
+      <Filter>Source Files\idrv</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="resource.rc">

Source/Hamakaze/KDU.vcxproj.user

@@ -1,11 +1,11 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <LocalDebuggerCommandArguments>-scv 3 -drvn test1 -drvr reg1 -map C:\install\dummy3.sys</LocalDebuggerCommandArguments>
+    <LocalDebuggerCommandArguments>-list</LocalDebuggerCommandArguments>
     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <LocalDebuggerCommandArguments>-prv 9 -map c:\install\dummy.sys</LocalDebuggerCommandArguments>
+    <LocalDebuggerCommandArguments>-prv 11 -map c:\install\dummy.sys</LocalDebuggerCommandArguments>
     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
   </PropertyGroup>
 </Project>

Source/Hamakaze/compess.cpp

@@ -6,7 +6,7 @@
 *
 *  VERSION:     1.10
 *
-*  DATE:        02 Apr 2021
+*  DATE:        15 Apr 2021
 *
 *  Compression support routines.
 *
@@ -142,8 +142,8 @@ PVOID KDUDecompressResource(
         diDelta.uSize = ResourceSize;
 
         if (ApplyDeltaB(DELTA_FILE_TYPE_RAW, diSource, diDelta, &doOutput)) {
-
-            SIZE_T newSize = (DWORD)doOutput.uSize;
+            
+            SIZE_T newSize = doOutput.uSize;
             PVOID decomPtr = doOutput.lpStart;
 
             bValidData = supVerifyMappedImageMatchesChecksum(decomPtr,
@@ -154,8 +154,12 @@ PVOID KDUDecompressResource(
             if (VerifyChecksum) {
 
                 if (bValidData == FALSE) {
-                    printf_s("[!] Error data checksum mismatch! Header sum 0x%lx, calculated sum 0x%lx\r\n",
-                        headerSum, calcSum);
+
+                    supPrintfEvent(kduEventError, 
+                        "[!] Error data checksum mismatch! Header sum 0x%lx, calculated sum 0x%lx\r\n",
+                        headerSum, 
+                        calcSum);
+
                 }
             }
             else {
@@ -180,7 +184,10 @@ PVOID KDUDecompressResource(
 
         }
         else {
-            printf_s("[!] Error decompressing resource, GetLastError %lu\r\n", GetLastError());
+
+            supPrintfEvent(kduEventError, 
+                "[!] Error decompressing resource, GetLastError %lu\r\n", GetLastError());
+
         }
 
         supHeapFree(dataBlob);
@@ -222,7 +229,10 @@ VOID KDUCompressResource(
 
         newFileName = (PWSTR)supHeapAlloc(sz);
         if (newFileName == NULL) {
-            printf_s("[!] Could not allocate memory for filename\r\n");
+
+            supPrintfEvent(kduEventError, 
+                "[!] Could not allocate memory for filename\r\n");
+
         }
         else {
 
@@ -268,7 +278,10 @@ VOID KDUCompressResource(
                         FALSE,
                         NULL) != writeSize)
                     {
-                        printf_s("[!] Error writing to file\r\n");
+
+                        supPrintfEvent(kduEventError, 
+                            "[!] Error writing to file\r\n");
+
                     }
 
                     supHeapFree(dataBlob);
@@ -278,7 +291,9 @@ VOID KDUCompressResource(
             }
             else {
 
-                printf_s("[!] Error compressing resource, GetLastError %lu\r\n", GetLastError());
+                supPrintfEvent(kduEventError, 
+                    "[!] Error compressing resource, GetLastError %lu\r\n", GetLastError());
+
             }
 
             supHeapFree(newFileName);
@@ -288,7 +303,10 @@ VOID KDUCompressResource(
 
     }
     else {
-        printf_s("[!] Could not read input file\r\n");
+
+        supPrintfEvent(kduEventError, 
+            "[!] Could not read input file\r\n");
+
     }
 
     FUNCTION_LEAVE_MSG(__FUNCTION__);