Skip to content

Kernel Driver Utility v1.0.0
Compare
Choose a tag to compare
@hfiref0x hfiref0x released this 09 Feb 04:37
· 117 commits to master since this release
v1.0.0
efd90a3
This commit was signed with the committer’s verified signature.
hfiref0x
GPG key ID: 5A20EE3C6F09AF95
Verified
Learn about vigilant mode.

KDU - Kernel Driver Utility

The purpose of this tool is to give a simple way to explore Windows kernel/components without doing a lot of additional work or setting up local debugger. It features:

Protected Processes Hijacking via Process object modification;
Driver loader for bypassing Driver Signature Enforcement (similar to TDL/Stryker);
Support of various vulnerable drivers use as functionality "providers".

System Requirements

x64 Windows 7/8/8.1/10;
Administrative privilege is required.

Currently Supported Providers

Intel Network Adapter Diagnostic Driver of version 1.03.0.7;
RTCore64 driver from MSI Afterburner of version 4.6.2 build 15658 and below;
Gdrv driver from various Gigabyte TOOLS of undefined version;
ATSZIO64 driver from ASUSTeK WinFlash utility of various versions;
MICSYS MsIo driver from Patriot Viper RGB utility of version 1.0.

Mitigation

Modern hardware with Windows 10 last version installed and HVCI enabled 
[HVCI] (https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity)

Changelog

v 1.0.0 from Feb 09, 2020

  • Initial release
Assets 2
Loading