Skip to content

OSRDrivers/kmexts

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
README.md
 
 
cmcallbacks.cpp
 
 
excallbacks.cpp
 
 
kmexts.cpp
 
 
kmexts.h
 
 
kmexts.sln
 
 
kmexts.vcxproj
 
 
obcallbacks.cpp
 
 
pscallbacks.cpp
 
 
Kernel Mode Extensions Driver Building Installation

README.md

Kernel Mode Extensions Driver

This is a very simple driver that registers the callbacks using the following routines:

  • CmRegisterCallback
  • CmRegisterCallbackEx
  • ExRegisterCallback
  • ObRegisterCallbacks
  • PsSetCreateProcessNotifyRoutine
  • PsSetCreateProcessNotifyRoutineEx
  • PsSetCreateProcessNotifyRoutineEx2
  • PsSetCreateThreadNotifyRoutine
  • PsSetCreateThreadNotifyRoutineEx
  • PsSetLoadImageNotifyRoutine

In each callback registered the driver DbgPrints some minimal amount of information describing the operation. It is meant as a convenient way to play with the behavior and invocation of these callbacks on different versions of Windows.

Building

The provided solution builds in Visual Studio 2015 with the Windows 10 1607 WDK

Installation

Create a service entry for the driver:

sc create kmexts binpath=c:\users\osr\desktop\kmexts.sys type=kernel start=demand

Then start the driver:

net start kmexts

Be sure to have DbgPrint messages enabled for your target machine either via the Registry or the debugger. See Getting DbgPrint Output to Appear in Vista and Later.

About

Simple driver to register all available process, thread, image, Registry, and Object callbacks

Resources

Readme

Stars

102 stars

Watchers

8 watching

Forks

36 forks

Releases

No releases published

Packages

No packages published

Languages