Kernel Driver Utility v1.1.1

KDU - Kernel Driver Utility

The purpose of this tool is to give a simple way to explore Windows kernel/components without doing a lot of additional work or setting up local debugger. It features:

Protected Processes Hijacking via Process object modification;
Driver Signature Enforcement Overrider (similar to DSEFIx);
Driver loader for bypassing Driver Signature Enforcement (similar to TDL/Stryker);
Support of various vulnerable drivers use as functionality "providers".

System Requirements

x64 Windows 7/8/8.1/10;
Administrative privilege is required.

Currently Supported Providers

Provider Id	Product Vendor	Driver	Software package	Code base	Version
0	Intel	IQVM64/Nal	Network Adapter Diagnostic Driver	Original	1.03.0.7
1	MSI	RTCore64	MSI Afterburner	Semi-original	4.6.2 build 15658 and below
2	Gigabyte	Gdrv	Gigabyte TOOLS	MAPMEM NTDDK 3.51	Undefined
3	ASUSTeK	ATSZIO64	ASUSTeK WinFlash utility	Semi-original	Undefined
4	Patriot	MsIo64	Patriot Viper RGB utility	WINIO	1.0
5	ASRock	GLCKIO2	ASRock Polychrome RGB	WINIO	1.0.4
6	G.SKILL	EneIo64	G.SKILL Trident Z Lighting Control	WINIO	1.00.08
7	EVGA	WinRing0x64	EVGA Precision X1	WINRING0	1.0.2.0
8	Thermaltake	EneTechIo64	Thermaltake TOUGHRAM software	WINIO	1.0.3
9	Huawei	PhyMemx64	Huawei MateBook Manager software	WINIO	Undefined
10	Realtek	RtkIo64	Realtek Dash Client Utility	PHYMEM	Various
11	MSI	EneTechIo64	MSI Dragon Center	WINIO	Various
12	LG	LHA	LG Device Manager	Semi-original	1.6.0.2
13	ASUSTeK	AsIO2	ASUS GPU Tweak	WINIO	2.1.7.1 and below
14	PassMark	DirectIo64	PassMark Performance Test	Original	10.1 and below

Mitigation

Modern hardware with Windows 10 last version installed and HVCI enabled 
[HVCI] (https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity)

Changelog

v 1.1.1 from May 16, 2021 (1.1.1.2105)

• PassMark provider added
• DSEFix rewrite for newest Win10 versions support