Kernel Shellcode Loader
Building the Driver
- Open a WDK build prompt
ez.cmdto build and sign the driver and build the user-space app
- Output files will be in the
The user-space executable will install the driver if it is not already installed.
Building the User-Space Application Without msvcrt (optional)
- Open a Visual Studio build prompt
- Change to this directory
cl.exe /Fekscldr.exe /I..\inc kscldr_u.c resource.res
bcdedit /set testsigning on
- Set up kernel debugging (likely entails
bcdedit /set debug on).
- Not essential, but if you want to see debug output, be sure to adjust the
The setting is literally named
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Debug Print Filter] "DEFAULT"=dword:00000008
DEFAULT(as opposed to the
(Default)value that is present under all registry keys). For details, see: Getting DbgPrint Output To Appear In Vista and Later
- Copy the user-space executable
kscldr.exeto the target machine. It will install the driver when you run it.
Optional Target Setup
Sure, you can install the driver manually if you really want to:
sc create kscldr type= kernel start= demand binPath= %CD%\kscldr.sys
The spaces after the equals are important, alas.
- Open either SysInternals'
DbgViewor your kernel debugger
If compiled with
CFG_EN_ENFORCE_BREAKPOINT disabled (see
then the tool requires an additional requirement indicating whether to issue a
kernel breakpoint prior to entering the shellcode.