v 1.0.1

Two another clones of WinIO added:
EneIo from G.SKILL Trident Z Lighting Control;
GLCKIO2 from ASRock Polychrome RGB;
README update.
(release candidate 1)

KDU.sha256

@@ -1,6 +1,6 @@
 6ce17d185826dc452c50b1908315ff151cd57319f11ab6eb337dbe180f111fd4 *Bin\dummy.sys
 eefc8b804938fa0976416ae18efa0e30e67b537e7ce50d94dba7022971d17f19 *Bin\dummy2.sys
-74f4998278e617d3470c3371d712fd9218a6e6f6f007963b66b01b13d69e5934 *Bin\kdu.exe
+03634ba3d188bae97510851348143425bd4df30f432448fd0852b8e8ad0a5d7c *Bin\kdu.exe
 06cf7aeac5256e35f45da73594faa704083f94809772c218e9cbf0c86c076438 *Bin\license.txt
 323d910f93683453d45239a0528d3c3cda7f2608fca864fd2a687184ffe129fe *Help\kdu1.png
 a1d7a51549914833a3414a93646952c25deabe072d8a271b54e10727f923b479 *Help\kdu2.png
@@ -33,26 +33,28 @@ d45cf40c855a135898e4b35d0b5b2d00e3ad251a97d3f47990248116f22ff45e *Source\Example
 2019a70984210f2a51a5ee4e248847d63f39a8938a149f2ada3d46aa0abd5dbb *Source\Hamakaze\drvmap.h
 6a8c282dd0fb89807f1901e4f956c16f84f8f601a883b1ffc79afffbe76e9799 *Source\Hamakaze\global.h
 5a24f52c5c86d7d7da91bf5c06f151f9bb20ec715ca6c117b8f3e82f05a7fa80 *Source\Hamakaze\irp.h
-975cef84c77c8be845a7431f90a1d91564fdbf2eca29de12e971d96df852bc57 *Source\Hamakaze\KDU.vcxproj
-266599840dbb029c64bdc94cb5fc4c92726f03120d547a02e1ef949abe8d251f *Source\Hamakaze\KDU.vcxproj.filters
-0232e1301d7f921de4505a73d7b6df3ac1cbef8bfcdb9e53433be3a63bad25f5 *Source\Hamakaze\KDU.vcxproj.user
-66955360a66413e8527d3dfb6fd069a628f56097beeeb40f1cddebed3b613733 *Source\Hamakaze\kduprov.cpp
-1db73d6a14a13c7c3b3fdef415797ebb7c3fe2228b28048c2ae73985f73e4858 *Source\Hamakaze\kduprov.h
-b597aeae6865312703d103987f29d81b41741f6eb1b65193f8546d9e10a41d3c *Source\Hamakaze\main.cpp
+238f9e3f4ec3174b9a1b54208797b21a956175df407c0ad12500d8b7f522e6cc *Source\Hamakaze\KDU.vcxproj
+01733897e0ef01f5ea6489a0d40c1a39194ed6c7f1fc48996f0ab9dec6cb855b *Source\Hamakaze\KDU.vcxproj.filters
+548b2ca3c772769a4ed8dc4c49f59e1dfd4e1f6f8b9180e838abc1d1b2e1b43f *Source\Hamakaze\KDU.vcxproj.user
+d9325da6fffa510d38bf13cbcbea892a32058fc972c3e07169d4fc124c9327e1 *Source\Hamakaze\kduprov.cpp
+1a9e11bbc6dfc04d53c708b16a25cd4613adf2e6a266203abf9f02a5db285a9f *Source\Hamakaze\kduprov.h
+b9fa27b5bc833e59603a0298769a5b5cd03203702570f782b5a6f7f1931dd886 *Source\Hamakaze\main.cpp
 bba53e5adc6f885de5d49ebf194851d733fa6ed0dbe822dcdbb83ce66432cb98 *Source\Hamakaze\pagewalk.cpp
 545ecf7e669b6b28753a02e33fae6f503750d26cf0bf9089701f401fd24e0dd1 *Source\Hamakaze\pagewalk.h
 4f48c6b97e236d05eb0f0f3704e461ed9c41dd9ff8bc777ba8d2e332cf27f9c0 *Source\Hamakaze\ps.cpp
 d413c012b1157c4f42b7b7bc8558c9a6efcaacae87855e90b3c187b179694625 *Source\Hamakaze\ps.h
-86be07d82809b9550cf9770128897c832619644f9411eb53eb015d3c91b1db1d *Source\Hamakaze\resource.h
-29207fe4680120a400c8a2d715dcfc7c8d0cda7bb50a86ce2be594665cb66903 *Source\Hamakaze\resource.rc
+ad97469932fbb49936908bf92f4fe5c5e5ba480f228dd04ebfbf9a4f93aef9a0 *Source\Hamakaze\resource.h
+990a822ecc48ba37951a3d572cd0da5eb1e659b33135b2b4590f2b842ec4f20b *Source\Hamakaze\resource.rc
 2bff6723c30c6d398ac97cb19ba915e0b9eb664d49b4d521c8eeeef1d7420ad3 *Source\Hamakaze\sup.cpp
 f09de1aaf4ee3b811fb6a221f10c702b8c49b17199f1ed73a3ac51827119b460 *Source\Hamakaze\sup.h
-c8c64156d021a4455aaf4f2943c5f84c8e8c92c6b91b3d1f3c95cee8f3841cfe *Source\Hamakaze\tests.cpp
+f984d6c0aab4df7490861523f1dd85f38d0c85b4130f7ca3f712d388c40c5d9b *Source\Hamakaze\tests.cpp
 e9149f07beca9c705a89d1a48273f8d7d8413b62c96d463228e853769871de33 *Source\Hamakaze\tests.h
 e779b895304d6c623ac55db37b5616144dcbcf56f7a47da7660f12e36201ade0 *Source\Hamakaze\victim.cpp
 f26fc0e6c1267c30701d8d2cf137bd7a191ddbbd4bcff691cef98fd060cbebcb *Source\Hamakaze\victim.h
 fce521e579303ffe6322c265b129bb57e7d57b9b8db9fa401788df13593ea2d0 *Source\Hamakaze\drv\ATSZIO64.bin
+9ac009a3a4b7811e99a2778d1e81f84ea2d1fded5354761e65a3fab615802015 *Source\Hamakaze\drv\eneio64.bin
 e929863625643e6d2989c591cd5b0f07533011e289c044241f08a3ab49c23994 *Source\Hamakaze\drv\gdrv.bin
+0ff7ff440111c8e0f3ceea41ddb2977ea657374c82e42ec0cc8674c61d5119b2 *Source\Hamakaze\drv\glckio2.bin
 fe0048a958e0300b56b511cc0499984fc396d8dfa07c3f320a40a68ee3ee5298 *Source\Hamakaze\drv\iQVM64.bin
 f0d2058856503f1673bf52a5483bd2095d842b7dac09008eb9bcb918ee6fb6e9 *Source\Hamakaze\drv\msio64.bin
 0d9fd42f0f48dccc82f3034ab31b418218885ddfbc70d413bd4f585282af7d59 *Source\Hamakaze\drv\procexp.bin
@@ -65,14 +67,14 @@ b774446d2f110ce954fb0a710f4693c5562ddbd8d56fe84106f2ee80db8b50a2 *Source\Hamakaz
 14853874821e94b36c4ab73ec3827a1c24a0e87c832f5c2dc48b3e691c072fd3 *Source\Hamakaze\idrv\atszio.h
 bd0e4a63ea5ef237ea3aeb0e3f4e38f6945d46a53895ea2acdcd7b3da22730a6 *Source\Hamakaze\idrv\gdrv.cpp
 ca98adb0dcb6da143c9f92a318330b6e5c9b5356d7c98dde86b90abde2238b73 *Source\Hamakaze\idrv\gdrv.h
-8b70e022e68e198dfe61b3e76251ac9a4b72e94ded21c1d26e81f9b1e0ef0a89 *Source\Hamakaze\idrv\msio.cpp
-968011251ac1159e9810f642944767ca4b8918b423bd36bcdb2c511b4dafa302 *Source\Hamakaze\idrv\msio.h
 4bbb0d7f62f45a777ce4a301000b50a27e596a13761aff5b922a429a06ed450d *Source\Hamakaze\idrv\nal.cpp
 b6bc334bbbb596fa46dd3e3aca8050f567625a861d3cd688208cfd67bd582f80 *Source\Hamakaze\idrv\nal.h
 d3b41832142b78302fa8d24abe0a915c5044373fd28ac11012786e8eff20bf52 *Source\Hamakaze\idrv\rtcore.cpp
 415623944767bff1bc57cc040b04cf353327cec556881420ed145b88d3188c6f *Source\Hamakaze\idrv\rtcore.h
 a0ed8a22c14b35bccd1ff0f45c8b23cad0f8c3af1d8e924caf4bfd63dfb02d89 *Source\Hamakaze\idrv\rzpnk.cpp
 36ec0baeec7b61dbd9936507fcf1bf5aefec08e96ffe3bcb4883785ea2d9a542 *Source\Hamakaze\idrv\rzpnk.h
+2a3423e1da977dd73feb5cc03864d59015983ac200ac393f48b074b4d989e9b8 *Source\Hamakaze\idrv\winio.cpp
+20ae49514ef66afe059974d7e0c3be33474b733e21d54c041969e0b0e962a305 *Source\Hamakaze\idrv\winio.h
 893b90b942372928009bad64f166c7018701497e4f7cd1753cdc44f76da06707 *Source\Hamakaze\minirtl\cmdline.c
 bd6fe82852c4fcdfab559defa33ea394b752a4e4a5ac0653ae20c4a94b0175ed *Source\Hamakaze\minirtl\cmdline.h
 699258f2b140da030776ab418e46c6eab8ba99682677a756274fcb2402ad5c34 *Source\Hamakaze\minirtl\minirtl.h
@@ -92,3 +94,5 @@ ef1b18997ea473ac8d516ef60efc64b9175418b8f078e088d783fdaef2544969 *Source\Hamakaz
 ee225e15f4150c64efd5e890585c8dc0d37d2572c5d54a773a319d35128c32aa *Source\Hamakaze\ntos\halamd64.h
 0e1535a719ececda767b7e0e049170a4eb375329a730973f87a681dc8bd9392a *Source\Hamakaze\ntos\ntos.h
 de7bdf0bd4acec31c963b916331399bce23c155e3002f0a8152a4a36af13faf8 *Source\Hamakaze\res\274.ico
+f4f160e9433e243879221d87b595bba793d175922ca9e00a62e6a7325bb65fab *Source\Hamakaze\tinyaes\aes.c
+bcdcd7fa768aef1e5b53846750585352f461746e303585a09c3933589b69aee6 *Source\Hamakaze\tinyaes\aes.h

README.md

@@ -88,7 +88,9 @@ You use it at your own risk. Some lazy AV may flag this tool as hacktool/malware
 + RTCore64 driver from MSI Afterburner of version 4.6.2 build 15658 and below;
 + Gdrv driver from various Gigabyte TOOLS of undefined version;
 + ATSZIO64 driver from ASUSTeK WinFlash utility of various versions;
-+ MICSYS MsIo driver from Patriot Viper RGB utility of version 1.0.
++ MICSYS MsIo (WinIo) driver from Patriot Viper RGB utility of version 1.0;
++ GLCKIO2 (WinIo) driver from ASRock Polychrome RGB of version 1.0.4;
++ EneIo (WinIo) driver from G.SKILL Trident Z Lighting Control of version 1.00.08.
 
 More providers maybe added in the future.
 
@@ -109,6 +111,10 @@ In order to build from source you need Microsoft Visual Studio 2019 and later ve
 
 Using this program might render your computer into BSOD. Compiled binary and source code provided AS-IS in help it will be useful BUT WITHOUT WARRANTY OF ANY KIND.
 
+# Third party code usage
+
+* TinyAES, https://github.com/kokke/tiny-AES-c
+
 # References
 
 * Turla Driver Loader, https://github.com/hfiref0x/TDL
@@ -122,6 +128,13 @@ Using this program might render your computer into BSOD. Compiled binary and sou
 * CVE-2019-18845, https://www.activecyber.us/activelabs/viper-rgb-driver-local-privilege-escalation-cve-2019-18845
 * DEFCON27: Get off the kernel if you cant drive, https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf
 
+# Wormhole drivers code
+
+They are used in multiple products from hardware vendors mostly in unmodified state. They all break OS security model and additionally bugged. Links are for educational purposes of how not to do your drivers. Note that following github accounts have nothing to do with these code, they are just forked/uploaded it.
+
+* WinIo 3.0 BSOD/CVE generator, https://github.com/starofrainnight/winio/blob/master/Source/Drv/WinIo.c
+* WinRing0 BSOD/CVE generator, https://github.com/QCute/WinRing0/blob/master/dll/sys/OpenLibSys.c
+
 # Authors
 
 (c) 2020 KDU Project

Source/Hamakaze/KDU.vcxproj

@@ -106,7 +106,7 @@
     <ClCompile Include="hde\hde64.c" />
     <ClCompile Include="idrv\atszio.cpp" />
     <ClCompile Include="idrv\gdrv.cpp" />
-    <ClCompile Include="idrv\msio.cpp" />
+    <ClCompile Include="idrv\winio.cpp" />
     <ClCompile Include="idrv\nal.cpp" />
     <ClCompile Include="idrv\rtcore.cpp" />
     <ClCompile Include="main.cpp" />
@@ -127,6 +127,7 @@
     <ClCompile Include="ps.cpp" />
     <ClCompile Include="sup.cpp" />
     <ClCompile Include="tests.cpp" />
+    <ClCompile Include="tinyaes\aes.c" />
     <ClCompile Include="victim.cpp" />
   </ItemGroup>
   <ItemGroup>
@@ -137,7 +138,7 @@
     <ClInclude Include="hde\hde64.h" />
     <ClInclude Include="idrv\atszio.h" />
     <ClInclude Include="idrv\gdrv.h" />
-    <ClInclude Include="idrv\msio.h" />
+    <ClInclude Include="idrv\winio.h" />
     <ClInclude Include="idrv\nal.h" />
     <ClInclude Include="idrv\rtcore.h" />
     <ClInclude Include="irp.h" />
@@ -153,6 +154,7 @@
     <ClInclude Include="resource.h" />
     <ClInclude Include="sup.h" />
     <ClInclude Include="tests.h" />
+    <ClInclude Include="tinyaes\aes.h" />
     <ClInclude Include="victim.h" />
   </ItemGroup>
   <ItemGroup>
@@ -164,7 +166,9 @@
   </ItemGroup>
   <ItemGroup>
     <None Include="drv\ATSZIO64.bin" />
+    <None Include="drv\eneio64.bin" />
     <None Include="drv\gdrv.bin" />
+    <None Include="drv\glckio2.bin" />
     <None Include="drv\iQVM64.bin" />
     <None Include="drv\msio64.bin" />
     <None Include="drv\procexp.bin" />

Source/Hamakaze/KDU.vcxproj.filters

@@ -25,6 +25,9 @@
     <Filter Include="ntos">
       <UniqueIdentifier>{1df1a36e-45d4-430a-a401-9415b50be4bd}</UniqueIdentifier>
     </Filter>
+    <Filter Include="tinyaes">
+      <UniqueIdentifier>{c53b77e9-0d5d-4eb3-91d8-1b71f16abd1d}</UniqueIdentifier>
+    </Filter>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="main.cpp">
@@ -105,9 +108,12 @@
     <ClCompile Include="idrv\atszio.cpp">
       <Filter>Source Files\idrv</Filter>
     </ClCompile>
-    <ClCompile Include="idrv\msio.cpp">
+    <ClCompile Include="idrv\winio.cpp">
       <Filter>Source Files\idrv</Filter>
     </ClCompile>
+    <ClCompile Include="tinyaes\aes.c">
+      <Filter>tinyaes</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="global.h">
@@ -179,9 +185,12 @@
     <ClInclude Include="ntos\halamd64.h">
       <Filter>ntos</Filter>
     </ClInclude>
-    <ClInclude Include="idrv\msio.h">
+    <ClInclude Include="idrv\winio.h">
       <Filter>Source Files\idrv</Filter>
     </ClInclude>
+    <ClInclude Include="tinyaes\aes.h">
+      <Filter>tinyaes</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="resource.rc">
@@ -215,5 +224,11 @@
     <None Include="drv\msio64.bin">
       <Filter>Resource Files</Filter>
     </None>
+    <None Include="drv\glckio2.bin">
+      <Filter>Resource Files</Filter>
+    </None>
+    <None Include="drv\eneio64.bin">
+      <Filter>Resource Files</Filter>
+    </None>
   </ItemGroup>
 </Project>

Source/Hamakaze/KDU.vcxproj.user

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <LocalDebuggerCommandArguments>-list</LocalDebuggerCommandArguments>
+    <LocalDebuggerCommandArguments>-test</LocalDebuggerCommandArguments>
     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
   </PropertyGroup>
 </Project>