Skip to content

Kernel Driver Utility v1.1.2

Compare
Choose a tag to compare
@hfiref0x hfiref0x released this 30 Jan 02:52
· 92 commits to master since this release
b33b233

KDU - Kernel Driver Utility

The purpose of this tool is to give a simple way to explore Windows kernel/components without doing a lot of additional work or setting up local debugger. It features:

Protected Processes Hijacking via Process object modification;
Driver Signature Enforcement Overrider (similar to DSEFIx);
Driver loader for bypassing Driver Signature Enforcement (similar to TDL/Stryker);
Support of various vulnerable drivers use as functionality "providers".

System Requirements

x64 Windows 7/8/8.1/10/11;
Administrative privilege is required.

Currently Supported Providers

Provider Id Product Vendor Driver Software package Code base Version
0 Intel IQVM64/Nal Network Adapter Diagnostic Driver Original 1.03.0.7
1 MSI RTCore64 MSI Afterburner Semi-original 4.6.2 build 15658 and below
2 Gigabyte Gdrv Gigabyte TOOLS MAPMEM NTDDK 3.51 Undefined
3 ASUSTeK ATSZIO64 ASUSTeK WinFlash utility Semi-original Undefined
4 Patriot MsIo64 Patriot Viper RGB utility WINIO 1.0
5 ASRock GLCKIO2 ASRock Polychrome RGB WINIO 1.0.4
6 G.SKILL EneIo64 G.SKILL Trident Z Lighting Control WINIO 1.00.08
7 EVGA WinRing0x64 EVGA Precision X1 WINRING0 1.0.2.0
8 Thermaltake EneTechIo64 Thermaltake TOUGHRAM software WINIO 1.0.3
9 Huawei PhyMemx64 Huawei MateBook Manager software WINIO Undefined
10 Realtek RtkIo64 Realtek Dash Client Utility PHYMEM Various
11 MSI EneTechIo64 MSI Dragon Center WINIO Various
12 LG LHA LG Device Manager Semi-original 1.6.0.2
13 ASUSTeK AsIO2 ASUS GPU Tweak WINIO 2.1.7.1 and below
14 PassMark DirectIo64 PassMark Performance Test Original 10.1 and below
15 GMER GmerDrv Gmer "Antirootkit" Original 2.2 and below
16 Dell DBUtil_2_3 Dell BIOS Utility Original 2.3 and below

Mitigation

Modern hardware with Windows 10 last version installed and HVCI enabled 
[HVCI] (https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity)

Changelog

v 1.1.2 from Jan 28, 2022 (1.1.2.2201)

  • Dell dbutil_2_3 (CVE-2021-21551) provider added
  • GMER "Antirootkit" provider added
  • Fix for invalid Tanikaze compilation result