diff --git a/Source/Hamakaze/KDU.vcxproj.user b/Source/Hamakaze/KDU.vcxproj.user
index f99e547..b5542cb 100644
--- a/Source/Hamakaze/KDU.vcxproj.user
+++ b/Source/Hamakaze/KDU.vcxproj.user
@@ -1,11 +1,11 @@
- -test
+ -prv 14 -map c:\install\dummy.sys
WindowsLocalDebugger
- -prv 48 -map c:\install\dummy.sys
+ -prv 14 -map c:\install\dummy.sys
WindowsLocalDebugger
\ No newline at end of file
diff --git a/Source/Hamakaze/kduprov.cpp b/Source/Hamakaze/kduprov.cpp
index 6e02f10..9282c6a 100644
--- a/Source/Hamakaze/kduprov.cpp
+++ b/Source/Hamakaze/kduprov.cpp
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2020 - 2023
+* (C) COPYRIGHT AUTHORS, 2020 - 2024
*
* TITLE: KDUPROV.CPP
*
-* VERSION: 1.40
+* VERSION: 1.41
*
-* DATE: 21 Oct 2023
+* DATE: 30 Mar 2024
*
* Vulnerable drivers provider abstraction layer.
*
@@ -778,6 +778,8 @@ HINSTANCE KDUProviderLoadDB(
)
{
HINSTANCE hInstance;
+ KDU_DB_VERSION *pVersionInfo;
+ BOOL bFailed = TRUE;
FUNCTION_ENTER_MSG(__FUNCTION__);
@@ -786,12 +788,50 @@ HINSTANCE KDUProviderLoadDB(
if (hInstance) {
printf_s("[+] Drivers database \"%ws\" loaded at 0x%p\r\n", DRV64DLL, hInstance);
- gProvTable = (PKDU_DB)GetProcAddress(hInstance, "gProvTable");
- if (gProvTable == NULL) {
- supPrintfEvent(kduEventError, "[!] Providers table not found\r\n");
+ do {
+
+ pVersionInfo = (PKDU_DB_VERSION)GetProcAddress(hInstance, "gVersion");
+ if (pVersionInfo == NULL) {
+ supPrintfEvent(kduEventError, "[!] Providers version data not found\r\n");
+ break;
+ }
+
+ if (pVersionInfo->MajorVersion != KDU_VERSION_MAJOR ||
+ pVersionInfo->MinorVersion != KDU_VERSION_MINOR ||
+ pVersionInfo->Revision != KDU_VERSION_REVISION ||
+ pVersionInfo->Build != KDU_VERSION_BUILD)
+ {
+ supPrintfEvent(kduEventError, "[!] Providers database has wrong version, expected %lu.%lu.%lu.%lu, got %lu.%lu.%lu.%lu\r\n",
+ KDU_VERSION_MAJOR,
+ KDU_VERSION_MINOR,
+ KDU_VERSION_REVISION,
+ KDU_VERSION_BUILD,
+ pVersionInfo->MajorVersion,
+ pVersionInfo->MinorVersion,
+ pVersionInfo->Revision,
+ pVersionInfo->Build);
+
+ break;
+ }
+ else {
+ printf_s("[+] Drivers database version is OK\r\n");
+ }
+
+ gProvTable = (PKDU_DB)GetProcAddress(hInstance, "gProvTable");
+ if (gProvTable == NULL) {
+ supPrintfEvent(kduEventError, "[!] Providers table not found\r\n");
+ break;
+ }
+
+ bFailed = FALSE;
+
+ } while (FALSE);
+
+ if (bFailed) {
FreeLibrary(hInstance);
hInstance = NULL;
}
+
}
else {
supShowWin32Error("[!] Cannot load drivers database", GetLastError());
diff --git a/Source/Hamakaze/res/SB_SMBUS_SDK.bin b/Source/Hamakaze/res/SB_SMBUS_SDK.bin
index 349d774..9b46c61 100644
Binary files a/Source/Hamakaze/res/SB_SMBUS_SDK.bin and b/Source/Hamakaze/res/SB_SMBUS_SDK.bin differ
diff --git a/Source/Hamakaze/res/Taigei32.bin b/Source/Hamakaze/res/Taigei32.bin
index 21b3885..35062b9 100644
Binary files a/Source/Hamakaze/res/Taigei32.bin and b/Source/Hamakaze/res/Taigei32.bin differ
diff --git a/Source/Hamakaze/resource.rc b/Source/Hamakaze/resource.rc
index 0ade2df..ca8a594 100644
--- a/Source/Hamakaze/resource.rc
+++ b/Source/Hamakaze/resource.rc
@@ -51,8 +51,8 @@ END
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,4,1,2312
- PRODUCTVERSION 1,4,1,2312
+ FILEVERSION 1,4,1,2403
+ PRODUCTVERSION 1,4,1,2403
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -69,12 +69,12 @@ BEGIN
BEGIN
VALUE "CompanyName", "UG North"
VALUE "FileDescription", "Kernel Driver Utility"
- VALUE "FileVersion", "1.4.1.2312"
+ VALUE "FileVersion", "1.4.1.2403"
VALUE "InternalName", "Hamakaze.exe"
VALUE "LegalCopyright", "Copyright (C) 2020 - 2024 KDU Project"
VALUE "OriginalFilename", "Hamakaze.exe"
VALUE "ProductName", "KDU"
- VALUE "ProductVersion", "1.4.1.2312"
+ VALUE "ProductVersion", "1.4.1.2403"
END
END
BLOCK "VarFileInfo"
diff --git a/Source/Shared/consts.h b/Source/Shared/consts.h
index dd83024..f44be6c 100644
--- a/Source/Shared/consts.h
+++ b/Source/Shared/consts.h
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2020 - 2023
+* (C) COPYRIGHT AUTHORS, 2020 - 2024
*
* TITLE: CONSTS.H
*
* VERSION: 1.41
*
-* DATE: 11 Dec 2023
+* DATE: 30 Mar 2024
*
* Global consts.
*
@@ -22,15 +22,15 @@
#define KDU_VERSION_MAJOR 1
#define KDU_VERSION_MINOR 4
#define KDU_VERSION_REVISION 1
-#define KDU_VERSION_BUILD 2312
-#define KDU_COPYRIGHT_YEAR 2023
+#define KDU_VERSION_BUILD 2403
+#define KDU_COPYRIGHT_YEAR 2024
#define KDU_MIN_NTBUILDNUMBER 0x1DB1 //Windows 7 SP1
#define KDU_MAX_NTBUILDNUMBER 0xFFFFFFFF //Undefined
#define IPC_GET_HANDLE 0x1337
-#define KDU_SYNC_MUTANT 0x2312
+#define KDU_SYNC_MUTANT 0x2403
#define NT_REG_PREP L"\\Registry\\Machine"
#define DRIVER_REGKEY L"%wS\\System\\CurrentControlSet\\Services\\%wS"
diff --git a/Source/Shared/kdubase.h b/Source/Shared/kdubase.h
index be1e2cb..ac8236f 100644
--- a/Source/Shared/kdubase.h
+++ b/Source/Shared/kdubase.h
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2022 - 2023
+* (C) COPYRIGHT AUTHORS, 2022 - 2024
*
* TITLE: KDUBASE.H
*
-* VERSION: 1.31
+* VERSION: 1.41
*
-* DATE: 08 Apr 2023
+* DATE: 30 Mar 2024
*
* Base KDU definitions.
*
@@ -68,3 +68,10 @@ typedef struct _KDU_DB {
ULONG NumberOfEntries;
KDU_DB_ENTRY* Entries;
} KDU_DB, * PKDU_DB;
+
+typedef struct _KDU_DB_VERSION {
+ WORD MajorVersion;
+ WORD MinorVersion;
+ WORD Revision;
+ WORD Build;
+} KDU_DB_VERSION, * PKDU_DB_VERSION;
diff --git a/Source/Shared/ntos/ntos.h b/Source/Shared/ntos/ntos.h
index 90b860b..340de02 100644
--- a/Source/Shared/ntos/ntos.h
+++ b/Source/Shared/ntos/ntos.h
@@ -1,13 +1,13 @@
/************************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2015 - 2023
+* (C) COPYRIGHT AUTHORS, 2015 - 2024
* Translated from Microsoft sources/debugger or mentioned elsewhere.
*
* TITLE: NTOS.H
*
-* VERSION: 1.219
+* VERSION: 1.223
*
-* DATE: 21 Jul 2023
+* DATE: 12 Mar 2024
*
* Common header file for the ntos API functions and definitions.
*
@@ -101,6 +101,7 @@ typedef ULONGLONG REGHANDLE, *PREGHANDLE;
typedef PVOID *PDEVICE_MAP;
typedef PVOID PHEAD;
typedef PVOID PEJOB;
+typedef PVOID PKTHREAD;
typedef struct _IO_TIMER* PIO_TIMER;
typedef LARGE_INTEGER PHYSICAL_ADDRESS;
typedef struct _EJOB* PESILO;
@@ -5516,6 +5517,61 @@ typedef struct _EMP_CALLBACK_LIST_ENTRY {
SINGLE_LIST_ENTRY CallbackListEntry;
} EMP_CALLBACK_LIST_ENTRY, * PEMP_CALLBACK_LIST_ENTRY;
+typedef enum _IO_NOTIFICATION_EVENT_CATEGORY {
+ EventCategoryReserved,
+ EventCategoryHardwareProfileChange,
+ EventCategoryDeviceInterfaceChange,
+ EventCategoryTargetDeviceChange
+} IO_NOTIFICATION_EVENT_CATEGORY;
+
+typedef
+NTSTATUS
+(*PDRIVER_NOTIFICATION_CALLBACK_ROUTINE) (
+ IN PVOID NotificationStructure,
+ IN PVOID Context
+ );
+
+typedef struct _KGUARDED_MUTEX {
+ LONG Count;
+ PKTHREAD Owner;
+ ULONG Contention;
+ KEVENT Event;
+ union {
+ struct {
+ SHORT KernelApcDisable;
+ SHORT SpecialApcDisable;
+ };
+
+ ULONG CombinedApcDisable;
+ };
+
+} KGUARDED_MUTEX, * PKGUARDED_MUTEX;
+
+typedef struct _DEVICE_CLASS_NOTIFY_ENTRY {
+
+ //
+ // Header entries
+ //
+
+ LIST_ENTRY ListEntry;
+ IO_NOTIFICATION_EVENT_CATEGORY EventCategory;
+ ULONG SessionId;
+ HANDLE SessionHandle;
+ PDRIVER_NOTIFICATION_CALLBACK_ROUTINE CallbackRoutine;
+ PVOID Context;
+ PDRIVER_OBJECT DriverObject;
+ USHORT RefCount;
+ BOOLEAN Unregistered;
+ PKGUARDED_MUTEX Lock;
+ PERESOURCE EntryLock;
+ //
+ // ClassGuid - the guid of the device class we are interested in
+ //
+
+ GUID ClassGuid;
+
+} DEVICE_CLASS_NOTIFY_ENTRY, * PDEVICE_CLASS_NOTIFY_ENTRY;
+
/*
** Callbacks END
*/
@@ -6920,10 +6976,15 @@ typedef struct _PROCESS_MITIGATION_POLICY_INFORMATION {
/*
** KUSER_SHARED_DATA START
*/
-#define NX_SUPPORT_POLICY_ALWAYSOFF 0
-#define NX_SUPPORT_POLICY_ALWAYSON 1
-#define NX_SUPPORT_POLICY_OPTIN 2
-#define NX_SUPPORT_POLICY_OPTOUT 3
+#define NX_SUPPORT_POLICY_ALWAYSOFF 0
+#define NX_SUPPORT_POLICY_ALWAYSON 1
+#define NX_SUPPORT_POLICY_OPTIN 2
+#define NX_SUPPORT_POLICY_OPTOUT 3
+
+#define SEH_VALIDATION_POLICY_ON 0
+#define SEH_VALIDATION_POLICY_OFF 1
+#define SEH_VALIDATION_POLICY_TELEMETRY 2
+#define SEH_VALIDATION_POLICY_DEFER 3
#include
typedef struct _KSYSTEM_TIME {
@@ -7004,7 +7065,7 @@ typedef struct _KUSER_SHARED_DATA {
ULONG Reserved3;
volatile ULONG TimeSlip;
ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture;
- ULONG AltArchitecturePad;
+ ULONG BootId; //previously AltArchitecturePad
LARGE_INTEGER SystemExpirationDate;
ULONG SuiteMask;
BOOLEAN KdDebuggerEnabled;
@@ -7114,6 +7175,8 @@ typedef struct _KUSER_SHARED_DATA {
KSYSTEM_TIME FeatureConfigurationChangeStamp;
ULONG Spare;
+ ULONG64 UserPointerAuthMask;
+
} KUSER_SHARED_DATA, *PKUSER_SHARED_DATA;
#include
@@ -9726,7 +9789,18 @@ NTSYSAPI
NTSTATUS
NTAPI
RtlDefaultNpAcl(
- _Out_ PACL *Acl);
+ _Out_ PACL* Acl);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlAddProcessTrustLabelAce(
+ _Inout_ PACL Acl,
+ _In_ ULONG AceRevision,
+ _In_ ULONG AceFlags,
+ _In_ PSID ProcessTrustLabelSid,
+ _In_ UCHAR AceType,
+ _In_ ACCESS_MASK AccessMask);
NTSYSAPI
BOOLEAN
@@ -12147,6 +12221,21 @@ NtNotifyChangeDirectoryFile(
_In_ ULONG CompletionFilter,
_In_ BOOLEAN WatchTree);
+NTSYSAPI
+NTSTATUS
+NTAPI
+NtCopyFileChunk(
+ _In_ HANDLE SourceHandle,
+ _In_ HANDLE DestinationHandle,
+ _In_opt_ HANDLE EventHandle,
+ _Out_ PIO_STATUS_BLOCK IoStatusBlock,
+ _In_ ULONG Length,
+ _In_ PLARGE_INTEGER SourceOffset,
+ _In_ PLARGE_INTEGER DestOffset,
+ _In_opt_ PULONG SourceKey,
+ _In_opt_ PULONG DestKey,
+ _In_ ULONG Flags);
+
NTSYSAPI
NTSTATUS
NTAPI
@@ -13463,6 +13552,15 @@ NtQueryPerformanceCounter(
_Out_ PLARGE_INTEGER PerformanceCounter,
_Out_opt_ PLARGE_INTEGER PerformanceFrequency);
+NTSYSAPI
+NTSTATUS
+NTAPI
+NtConvertBetweenAuxiliaryCounterAndPerformanceCounter(
+ _In_ BOOLEAN ConvertAuxiliaryToPerformanceCounter,
+ _In_ PLARGE_INTEGER PerformanceOrAuxiliaryCounterValue,
+ _Out_ PLARGE_INTEGER ConvertedValue,
+ _Out_opt_ PLARGE_INTEGER ConversionError);
+
/************************************************************************************
*
* Process and Thread API.
@@ -14955,6 +15053,22 @@ NtRaiseHardError(
_In_ ULONG ValidResponseOptions,
_Out_ PULONG Response);
+/************************************************************************************
+*
+* IoRing API.
+*
+************************************************************************************/
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+NtCreateIoRing(
+ _Out_ PHANDLE IoRingHandle,
+ _In_ ULONG CreateParametersLength,
+ _In_ PVOID CreateParameters,
+ _In_ ULONG OutputParametersLength,
+ _Out_ PVOID OutputParameters);
+
/************************************************************************************
*
* Thread Pooling API and definitions.
diff --git a/Source/Tanikaze/export.def b/Source/Tanikaze/export.def
index e6c141b..1103eaf 100644
--- a/Source/Tanikaze/export.def
+++ b/Source/Tanikaze/export.def
@@ -1,2 +1,3 @@
EXPORTS
gProvTable
+gVersion
diff --git a/Source/Tanikaze/resource.rc b/Source/Tanikaze/resource.rc
index e785316..148fad2 100644
--- a/Source/Tanikaze/resource.rc
+++ b/Source/Tanikaze/resource.rc
@@ -173,8 +173,8 @@ IDR_ASROCKDRV4 RCDATA "drv\\AsrDrv107.bin"
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,1,9,2312
- PRODUCTVERSION 1,1,9,2312
+ FILEVERSION 1,2,0,2403
+ PRODUCTVERSION 1,2,0,2403
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -191,12 +191,12 @@ BEGIN
BEGIN
VALUE "CompanyName", "UG North"
VALUE "FileDescription", "Kernel Driver Utility Database"
- VALUE "FileVersion", "1.1.9.2312"
+ VALUE "FileVersion", "1.2.0.2403"
VALUE "InternalName", "Tanikaze.dll"
VALUE "LegalCopyright", "Copyright (C) 2020 - 2024 KDU Project"
VALUE "OriginalFilename", "Tanikaze.dll"
VALUE "ProductName", "KDU"
- VALUE "ProductVersion", "1.1.9.2312"
+ VALUE "ProductVersion", "1.2.0.2403"
END
END
BLOCK "VarFileInfo"
diff --git a/Source/Tanikaze/tanikaze.h b/Source/Tanikaze/tanikaze.h
index 0651e9d..867eb2a 100644
--- a/Source/Tanikaze/tanikaze.h
+++ b/Source/Tanikaze/tanikaze.h
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2020 - 2023
+* (C) COPYRIGHT AUTHORS, 2020 - 2024
*
* TITLE: CONSTS.H
*
-* VERSION: 1.19
+* VERSION: 1.20
*
-* DATE: 10 Dec 2023
+* DATE: 30 Mar 2024
*
* Tanikaze helper dll (part of KDU project).
*
@@ -816,6 +816,13 @@ extern "C" {
gProvEntry
};
+ KDU_DB_VERSION gVersion = {
+ KDU_VERSION_MAJOR,
+ KDU_VERSION_MINOR,
+ KDU_VERSION_REVISION,
+ KDU_VERSION_BUILD
+ };
+
#ifdef __cplusplus
}
#endif
\ No newline at end of file