dev140

Add provider 42
hfiref0x · Oct 22, 2023 · a86a61b · a86a61b
1 parent 6799bc7
commit a86a61b
Show file tree

Hide file tree

Showing 60 changed files with 62 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -147,7 +147,8 @@ You use it at your own risk. Some lazy AV may flag this tool as hacktool/malware
 | 38          | Pavel Yosifovich | KRegExp  | Kernel Registry Explorer        | Original          | Undefined              |                      |
 | 39          | Inspect Element LTD | EchoDrv  | Echo AntiCheat (spyware)     | Original          | Undefined              |                      |
 | 40          | NVidia | nvoclock  | NVidia System Utility Driver     | Original          | 7.0.0.32              |                      |
-| 41          | Binalyze | IREC  | Binalyze DFIR     | Original          | Undefined              |                      |
+| 41          | Binalyze | IREC  | Binalyze DFIR     | Original          | 3.11.0              |                      |
+| 42          | DavidXXW | PhyDMACC  | SLIC ToolKit     | WINRING0          | 1.2.0              |                      |
 
 ###### *At commit time, data maybe inaccurate.
 

diff --git a/Source/Hamakaze/KDU.vcxproj.user b/Source/Hamakaze/KDU.vcxproj.user
@@ -1,11 +1,12 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <LocalDebuggerCommandArguments>-list</LocalDebuggerCommandArguments>
+    <LocalDebuggerCommandArguments>
+    </LocalDebuggerCommandArguments>
     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <LocalDebuggerCommandArguments>-prv 40 -dse 6</LocalDebuggerCommandArguments>
+    <LocalDebuggerCommandArguments>-prv 42 -map c:\install\dummy2.sys</LocalDebuggerCommandArguments>
     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
   </PropertyGroup>
 </Project>
diff --git a/Source/Hamakaze/idrv/binalyze.cpp b/Source/Hamakaze/idrv/binalyze.cpp
@@ -53,4 +53,4 @@ BOOL WINAPI BeDrvOpenProcess(
     *ProcessHandle = UlongToHandle(data);
 
     return bResult;
-}
+}
diff --git a/Source/Hamakaze/kduplist.h b/Source/Hamakaze/kduplist.h
@@ -1178,5 +1178,32 @@ static KDU_PROVIDER g_KDUProviders[] =
         (provValidatePrerequisites)NULL,
 
         (provOpenProcess)BeDrvOpenProcess
-     }
+     },
+
+    {
+        NULL,
+
+        (provStartVulnerableDriver)KDUProvStartVulnerableDriver,
+        (provStopVulnerableDriver)KDUProvStopVulnerableDriver,
+
+        (provRegisterDriver)NULL,
+        (provUnregisterDriver)NULL,
+        (provPreOpenDriver)NULL,
+        (provPostOpenDriver)KDUProviderPostOpen,
+        (provMapDriver)KDUMapDriver,
+        (provControlDSE)KDUControlDSE2,
+
+        (provReadKernelVM)NULL,
+        (provWriteKernelVM)NULL,
+
+        (provVirtualToPhysical)NULL,
+        (provQueryPML4)NULL,
+        (provReadPhysicalMemory)WRZeroReadPhysicalMemory,
+        (provWritePhysicalMemory)WRZeroWritePhysicalMemory,
+
+        (provValidatePrerequisites)NULL,
+
+        (provOpenProcess)NULL
+    }
+
 };
diff --git a/Source/Hamakaze/res/SB_SMBUS_SDK.bin b/Source/Hamakaze/res/SB_SMBUS_SDK.bin
diff --git a/Source/Hamakaze/res/Taigei32.bin b/Source/Hamakaze/res/Taigei32.bin
diff --git a/Source/Hamakaze/tests.cpp b/Source/Hamakaze/tests.cpp
@@ -4,9 +4,9 @@
 *
 *  TITLE:       TESTS.CPP
 *
-*  VERSION:     1.34
+*  VERSION:     1.40
 *
-*  DATE:        16 Sep 2023
+*  DATE:        21 Oct 2023
 *
 *  KDU tests.
 *
@@ -188,7 +188,7 @@ VOID KDUTest()
    // KDUTestLoad();
 
    // TestSymbols();
-    Context = KDUProviderCreate(40, 
+    Context = KDUProviderCreate(42, 
         FALSE, 
         NT_WIN10_20H1, 
         KDU_SHELLCODE_V1, 

diff --git a/Source/Shared/consts.h b/Source/Shared/consts.h
@@ -141,7 +141,7 @@
 #define IDR_KEXPLORE                    139
 #define IDR_KOBJEXP                     140
 #define IDR_KREGEXP                     141
-#define IDR_RESERVED8                   142
+#define IDR_PHYDMACC                    142
 #define IDR_ECHODRV                     143
 #define IDR_NVOCLOCK                    144
 #define IDR_IREC                        145
@@ -191,6 +191,7 @@
 #define KDU_PROVIDER_ECHODRV            39
 #define KDU_PROVIDER_NVOCLOCK           40
 #define KDU_PROVIDER_BINALYZE_IREC      41
+#define KDU_PROVIDER_PHYDMACC           42
 
 #define KDU_PROVIDER_DEFAULT KDU_PROVIDER_INTEL_NAL
 

diff --git a/Source/Tanikaze/data/AsusCertService.bin b/Source/Tanikaze/data/AsusCertService.bin
diff --git a/Source/Tanikaze/data/KMUEXE.bin b/Source/Tanikaze/data/KMUEXE.bin
diff --git a/Source/Tanikaze/data/KMUSIG.bin b/Source/Tanikaze/data/KMUSIG.bin
@@ -1,2 +1,2 @@
-���7?��;���z��,]�qq�>Vf[��&S�>��o��ְ��kFzQ���y,�-ҷ}e�I8��q^g�0��^���r*�(��a�7p}�?�4FjB\0K$1g^퉄���b���V`ʹ��%뇱�7�*��֯>��wi�
+���7?a�ce��z��,]�qq�>Vf[��&S�>��o��ְ��kFzQ���y,�-ҷ}e�I8��q^g�0��^���r*�(��a�7p}�?�4FjB\0K$1g^퉄���b���V`ʹ��%뇱�7�*��֯>��wi�
 mV?�SH��/�0�8��H�]��

diff --git a/Source/Tanikaze/data/dbutilcat.bin b/Source/Tanikaze/data/dbutilcat.bin
diff --git a/Source/Tanikaze/data/dbutilinf.bin b/Source/Tanikaze/data/dbutilinf.bin
diff --git a/Source/Tanikaze/drv/ALSysIO64.bin b/Source/Tanikaze/drv/ALSysIO64.bin
diff --git a/Source/Tanikaze/drv/AMDRyzenMasterDriver.bin b/Source/Tanikaze/drv/AMDRyzenMasterDriver.bin
diff --git a/Source/Tanikaze/drv/ATSZIO64.bin b/Source/Tanikaze/drv/ATSZIO64.bin
diff --git a/Source/Tanikaze/drv/AsIO3.bin b/Source/Tanikaze/drv/AsIO3.bin
diff --git a/Source/Tanikaze/drv/AsrDrv106.bin b/Source/Tanikaze/drv/AsrDrv106.bin
diff --git a/Source/Tanikaze/drv/DbUtil2_3.bin b/Source/Tanikaze/drv/DbUtil2_3.bin
diff --git a/Source/Tanikaze/drv/DirectIo64.bin b/Source/Tanikaze/drv/DirectIo64.bin
diff --git a/Source/Tanikaze/drv/DirectIo64_2.bin b/Source/Tanikaze/drv/DirectIo64_2.bin
diff --git a/Source/Tanikaze/drv/EneIo64.bin b/Source/Tanikaze/drv/EneIo64.bin
diff --git a/Source/Tanikaze/drv/EneTechIo64.bin b/Source/Tanikaze/drv/EneTechIo64.bin
diff --git a/Source/Tanikaze/drv/GLCKIO2.bin b/Source/Tanikaze/drv/GLCKIO2.bin
diff --git a/Source/Tanikaze/drv/HW64.bin b/Source/Tanikaze/drv/HW64.bin
diff --git a/Source/Tanikaze/drv/KExplore.bin b/Source/Tanikaze/drv/KExplore.bin
diff --git a/Source/Tanikaze/drv/KObjExp.bin b/Source/Tanikaze/drv/KObjExp.bin
diff --git a/Source/Tanikaze/drv/KRegExp.bin b/Source/Tanikaze/drv/KRegExp.bin
diff --git a/Source/Tanikaze/drv/LDD.bin b/Source/Tanikaze/drv/LDD.bin
diff --git a/Source/Tanikaze/drv/MsIo64.bin b/Source/Tanikaze/drv/MsIo64.bin
diff --git a/Source/Tanikaze/drv/PhyDMACC.bin b/Source/Tanikaze/drv/PhyDMACC.bin
diff --git a/Source/Tanikaze/drv/Phymemx64.bin b/Source/Tanikaze/drv/Phymemx64.bin
diff --git a/Source/Tanikaze/drv/RTCore64.bin b/Source/Tanikaze/drv/RTCore64.bin
diff --git a/Source/Tanikaze/drv/SysDrv3S.bin b/Source/Tanikaze/drv/SysDrv3S.bin
diff --git a/Source/Tanikaze/drv/WinRing0x64.bin b/Source/Tanikaze/drv/WinRing0x64.bin
diff --git a/Source/Tanikaze/drv/amsdk.bin b/Source/Tanikaze/drv/amsdk.bin
diff --git a/Source/Tanikaze/drv/asio2.bin b/Source/Tanikaze/drv/asio2.bin
diff --git a/Source/Tanikaze/drv/dbk64.bin b/Source/Tanikaze/drv/dbk64.bin
diff --git a/Source/Tanikaze/drv/dbutildrv2.bin b/Source/Tanikaze/drv/dbutildrv2.bin
diff --git a/Source/Tanikaze/drv/echo_driver.bin b/Source/Tanikaze/drv/echo_driver.bin
diff --git a/Source/Tanikaze/drv/ene2.bin b/Source/Tanikaze/drv/ene2.bin
diff --git a/Source/Tanikaze/drv/etdsupp.bin b/Source/Tanikaze/drv/etdsupp.bin
diff --git a/Source/Tanikaze/drv/gdrv.bin b/Source/Tanikaze/drv/gdrv.bin
diff --git a/Source/Tanikaze/drv/gmerdrv.bin b/Source/Tanikaze/drv/gmerdrv.bin
diff --git a/Source/Tanikaze/drv/heavenluo.bin b/Source/Tanikaze/drv/heavenluo.bin
diff --git a/Source/Tanikaze/drv/iQVM64.bin b/Source/Tanikaze/drv/iQVM64.bin
diff --git a/Source/Tanikaze/drv/inpoutx64.bin b/Source/Tanikaze/drv/inpoutx64.bin
diff --git a/Source/Tanikaze/drv/irec.bin b/Source/Tanikaze/drv/irec.bin
diff --git a/Source/Tanikaze/drv/kprocesshacker.bin b/Source/Tanikaze/drv/kprocesshacker.bin
diff --git a/Source/Tanikaze/drv/lha.bin b/Source/Tanikaze/drv/lha.bin
diff --git a/Source/Tanikaze/drv/mimidrv.bin b/Source/Tanikaze/drv/mimidrv.bin
diff --git a/Source/Tanikaze/drv/nvoclock.bin b/Source/Tanikaze/drv/nvoclock.bin
diff --git a/Source/Tanikaze/drv/pcdsrvc_x64.bin b/Source/Tanikaze/drv/pcdsrvc_x64.bin
diff --git a/Source/Tanikaze/drv/physmem.bin b/Source/Tanikaze/drv/physmem.bin
diff --git a/Source/Tanikaze/drv/procexp1627.bin b/Source/Tanikaze/drv/procexp1627.bin
diff --git a/Source/Tanikaze/drv/procexp1702.bin b/Source/Tanikaze/drv/procexp1702.bin
diff --git a/Source/Tanikaze/drv/rtkio64.bin b/Source/Tanikaze/drv/rtkio64.bin
diff --git a/Source/Tanikaze/resource.h b/Source/Tanikaze/resource.h
@@ -40,6 +40,7 @@
 #define IDR_KEXPLORE                    139
 #define IDR_KOBJEXP                     140
 #define IDR_KREGEXP                     141
+#define IDR_PHYDMACC                    142
 #define IDR_ECHODRV                     143
 #define IDR_NVOCLOCK                    144
 #define IDR_IREC                        145

diff --git a/Source/Tanikaze/resource.rc b/Source/Tanikaze/resource.rc
@@ -146,15 +146,17 @@ IDR_NVOCLOCK            RCDATA                  "drv\\nvoclock.bin"
 
 IDR_IREC                RCDATA                  "drv\\irec.bin"
 
+IDR_PHYDMACC            RCDATA                  "drv\\PhyDMACC.bin"
+
 
 /////////////////////////////////////////////////////////////////////////////
 //
 // Version
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,1,7,2310
- PRODUCTVERSION 1,1,7,2310
+ FILEVERSION 1,1,8,2310
+ PRODUCTVERSION 1,1,8,2310
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -171,12 +173,12 @@ BEGIN
         BEGIN
             VALUE "CompanyName", "UG North"
             VALUE "FileDescription", "Kernel Driver Utility Database"
-            VALUE "FileVersion", "1.1.7.2310"
+            VALUE "FileVersion", "1.1.8.2310"
             VALUE "InternalName", "Tanikaze.dll"
             VALUE "LegalCopyright", "Copyright (C) 2020 - 2023 KDU Project"
             VALUE "OriginalFilename", "Tanikaze.dll"
             VALUE "ProductName", "KDU"
-            VALUE "ProductVersion", "1.1.7.2310"
+            VALUE "ProductVersion", "1.1.8.2310"
         END
     END
     BLOCK "VarFileInfo"

diff --git a/Source/Tanikaze/tanikaze.h b/Source/Tanikaze/tanikaze.h
@@ -653,6 +653,21 @@ KDU_DB_ENTRY gProvEntry[] = {
         (LPWSTR)L"IREC",
         (LPWSTR)L"IREC",
         (LPWSTR)L"Microsoft Windows Hardware Compatibility Publisher"
+    },
+
+    {
+        KDU_MIN_NTBUILDNUMBER,
+        KDU_MAX_NTBUILDNUMBER,
+        IDR_PHYDMACC,
+        KDU_PROVIDER_PHYDMACC,
+        KDU_VICTIM_PE1702,
+        SourceBaseWinRing0,
+        KDUPROV_FLAGS_PHYSICAL_BRUTE_FORCE,
+        KDUPROV_SC_ALL_DEFAULT,
+        (LPWSTR)L"SLIC ToolKit",
+        (LPWSTR)L"PhyDMACC",
+        (LPWSTR)L"PhyDMACC_1_2_0",
+        (LPWSTR)L"Suzhou Ind. Park ShiSuanKeJi Co., Ltd."
     }
 
 };