Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to unload vulnerable driver, NTSTATUS (0xC0000010) #49

Closed
hern0s-dev opened this issue Dec 17, 2022 · 1 comment
Closed

Unable to unload vulnerable driver, NTSTATUS (0xC0000010) #49

hern0s-dev opened this issue Dec 17, 2022 · 1 comment
Labels
no feedback available

Comments

@hern0s-dev
Copy link

hern0s-dev commented Dec 17, 2022
edited
Loading

I get this error when I try kdu.exe -dse 6

[#] Kernel Driver Utility v1.2.8 (build 2212) started, (c)2020 - 2022 KDU Project
[#] Build at Fri Dec  9 07:44:47 2022, header checksum 0x4FDEE
[#] Supported x64 OS : Windows 7 and above
[*] CPU vendor string: AuthenticAMD
[*] Windows version: 10.0 build 22621
[*] SecureBoot is disabled on this machine
[+] MSFT Driver block list is disabled
[+] Drivers database "drv64.dll" loaded at 0x00007FF8A1280000
[+] Firmware type (FirmwareTypeUefi)
[+] Provider: "CVE-2015-2291", Name "NalDrv"
[!] Vulnerable driver is already loaded
[+] Driver device "NalDrv" has successfully opened
[+] Executing post-open callback for given provider
[+] Driver device security descriptor set successfully
[+] Module "CI.dll" loaded for pattern search
[!] Could not query DSE state, GetLastError 5
[!] Unable to unload vulnerable driver, NTSTATUS (0xC0000010)
[+] Return value: 0. Bye-bye!

I already tried kdu.exe -prv 0 1 2 3 and others I changed provider but still same. Here is -diag result


> [#] Kernel Driver Utility v1.2.8 (build 2212) started, (c)2020 - 2022 KDU Project
> [#] Build at Fri Dec  9 07:44:47 2022, header checksum 0x4FDEE
> [#] Supported x64 OS : Windows 7 and above
> [*] CPU vendor string: AuthenticAMD
> [*] Windows version: 10.0 build 22621
> [*] SecureBoot is disabled on this machine
> [+] MSFT Driver block list is disabled
> [+] Running system diagnostics
> > System range start FFFF800000000000
> > Speculation mitigation state flags
>         >> SystemKernelVaShadowInformation
>                 KvaShadowEnabled ←[37mFALSE
> ←[37m           KvaShadowUserGlobal ←[37mFALSE
> ←[37m           KvaShadowPcid ←[37mFALSE
> ←[37m           KvaShadowInvpcid ←[37mFALSE
> ←[37m           KvaShadowRequired ←[37mFALSE
> ←[37m           KvaShadowRequiredAvailable ←[32mTRUE
> ←[37m   InvalidPteBit 0
>                 L1DataCacheFlushSupported ←[37mFALSE
> ←[37m           L1TerminalFaultMitigationPresent ←[32mTRUE
> ←[37m   >> SystemSpeculationControlInformation
>                 BpbEnabled ←[32mTRUE
> ←[37m           BpbDisabledSystemPolicy ←[37mFALSE
> ←[37m           BpbDisabledNoHardwareSupport ←[37mFALSE
> ←[37m           SpecCtrlEnumerated ←[32mTRUE
> ←[37m           SpecCmdEnumerated ←[32mTRUE
> ←[37m           IbrsPresent ←[32mTRUE
> ←[37m           StibpPresent ←[32mTRUE
> ←[37m           SmepPresent ←[32mTRUE
> ←[37m           SpeculativeStoreBypassDisableAvailable ←[32mTRUE
> ←[37m           SpeculativeStoreBypassDisableSupported ←[32mTRUE
> ←[37m           SpeculativeStoreBypassDisabledSystemWide ←[37mFALSE
> ←[37m           SpeculativeStoreBypassDisabledKernel ←[37mFALSE
> ←[37m           SpeculativeStoreBypassDisableRequired ←[32mTRUE
> ←[37m           BpbDisabledKernelToUser ←[37mFALSE
> ←[37m           SpecCtrlRetpolineEnabled ←[32mTRUE
> ←[37m           SpecCtrlImportOptimizationEnabled ←[32mTRUE
> ←[37m           EnhancedIbrs ←[37mFALSE
> ←[37m           HvL1tfStatusAvailable ←[37mFALSE
> ←[37m           HvL1tfProcessorNotAffected ←[37mFALSE
> ←[37m           HvL1tfMigitationEnabled ←[37mFALSE
> ←[37m           HvL1tfMigitationNotEnabled_Hardware ←[37mFALSE
> ←[37m           HvL1tfMigitationNotEnabled_LoadOption ←[37mFALSE
> ←[37m           HvL1tfMigitationNotEnabled_CoreScheduler ←[37mFALSE
> ←[37m           EnhancedIbrsReported ←[32mTRUE
> ←[37m           MdsHardwareProtected ←[37mFALSE
> ←[37m           MbClearEnabled ←[37mFALSE
> ←[37m           MbClearReported ←[32mTRUE
> ←[37m           TsxCtrlStatus 3
>                 TsxCtrlReported ←[32mTRUE
> ←[37m           TaaHardwareImmune ←[32mTRUE
> ←[37m   >> SystemSpeculationControlInformation v2
>                 SbdrSsdpHardwareProtected ←[37mFALSE
> ←[37m           FbsdpHardwareProtected ←[37mFALSE
> ←[37m           PsdpHardwareProtected ←[37mFALSE
> ←[37m           FbClearEnabled ←[37mFALSE
> ←[37m           FbClearReported ←[32mTRUE
> ←[37m> List of loaded drivers
>         [#] [ImageBase] [ImageSize] [FileName]
>         0 FFFFF80114400000 17068032 \SystemRoot\system32\ntoskrnl.exe
>         1 FFFFF801115C0000 24576 \SystemRoot\system32\hal.dll
>         2 FFFFF801115D0000 45056 \SystemRoot\system32\kd.dll
>         3 FFFFF80111580000 217088 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
>         4 FFFFF80116A30000 450560 \SystemRoot\System32\drivers\CLFS.SYS
>         5 FFFFF80116A00000 167936 \SystemRoot\System32\drivers\tm.sys
>         6 FFFFF801115E0000 110592 \SystemRoot\system32\PSHED.dll
>         7 FFFFF80116AA0000 53248 \SystemRoot\system32\BOOTVID.dll
>         8 FFFFF80116BD0000 483328 \SystemRoot\System32\drivers\FLTMGR.SYS
>         9 FFFFF80116C80000 397312 \SystemRoot\System32\drivers\msrpc.sys
>         10 FFFFF80116C50000 180224 \SystemRoot\System32\drivers\ksecdd.sys
>         11 FFFFF80116AB0000 1130496 \SystemRoot\System32\drivers\clipsp.sys
>         12 FFFFF80116CF0000 61440 \SystemRoot\System32\drivers\cmimcext.sys
>         13 FFFFF80116D00000 90112 \SystemRoot\System32\drivers\werkernel.sys
>         14 FFFFF80116D20000 49152 \SystemRoot\System32\drivers\ntosext.sys
>         15 FFFFF80116D30000 991232 \SystemRoot\system32\CI.dll
>         16 FFFFF80116E30000 774144 \SystemRoot\System32\drivers\cng.sys
>         17 FFFFF80116EF0000 815104 \SystemRoot\system32\drivers\Wdf01000.sys
>         18 FFFFF80116FE0000 77824 \SystemRoot\system32\drivers\WppRecorder.sys
>         19 FFFFF80116FC0000 94208 \SystemRoot\system32\drivers\WDFLDR.SYS
>         20 FFFFF80117000000 57344 \SystemRoot\System32\DriverStore\FileRepository\prm.inf_amd64_de435dc5c75d64a5\PRM.sys
>         21 FFFFF80117010000 159744 \SystemRoot\System32\Drivers\acpiex.sys
>         22 FFFFF80117040000 114688 \SystemRoot\system32\drivers\SgrmAgent.sys
>         23 FFFFF80117060000 753664 \SystemRoot\System32\drivers\ACPI.sys
>         24 FFFFF80117120000 49152 \SystemRoot\System32\drivers\WMILIB.SYS
>         25 FFFFF80117130000 45056 \SystemRoot\System32\drivers\msisadrv.sys
>         26 FFFFF80117140000 565248 \SystemRoot\System32\drivers\pci.sys
>         27 FFFFF801171D0000 356352 \SystemRoot\System32\drivers\tpm.sys
>         28 FFFFF80117260000 483328 \SystemRoot\System32\drivers\intelpep.sys
>         29 FFFFF801172E0000 98304 \SystemRoot\system32\drivers\WindowsTrustedRT.sys
>         30 FFFFF80117300000 77824 \SystemRoot\System32\drivers\IntelPMT.sys
>         31 FFFFF80117320000 45056 \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
>         32 FFFFF80117330000 90112 \SystemRoot\System32\drivers\pcw.sys
>         33 FFFFF80117350000 372736 \SystemRoot\System32\Drivers\klupd_klif_arkmon.sys
>         34 FFFFF801173B0000 114688 \SystemRoot\System32\drivers\vdrvroot.sys
>         35 FFFFF801173D0000 245760 \SystemRoot\system32\DRIVERS\cm_km.sys
>         36 FFFFF80117410000 200704 \SystemRoot\system32\drivers\pdc.sys
>         37 FFFFF80117450000 98304 \SystemRoot\system32\drivers\CEA.sys
>         38 FFFFF80117470000 208896 \SystemRoot\System32\drivers\partmgr.sys
>         39 FFFFF801174B0000 921600 \SystemRoot\System32\drivers\spaceport.sys
>         40 FFFFF801175A0000 114688 \SystemRoot\System32\drivers\volmgr.sys
>         41 FFFFF801175C0000 409600 \SystemRoot\System32\drivers\volmgrx.sys
>         42 FFFFF80117630000 126976 \SystemRoot\System32\drivers\mountmgr.sys
>         43 FFFFF80117650000 204800 \SystemRoot\System32\drivers\storahci.sys
>         44 FFFFF80117690000 1159168 \SystemRoot\System32\drivers\storport.sys
>         45 FFFFF801177B0000 241664 \SystemRoot\System32\drivers\stornvme.sys
>         46 FFFFF801177F0000 147456 \SystemRoot\System32\drivers\EhStorClass.sys
>         47 FFFFF80117820000 114688 \SystemRoot\System32\drivers\fileinfo.sys
>         48 FFFFF80117840000 290816 \SystemRoot\System32\Drivers\Wof.sys
>         49 FFFFF80117890000 487424 \SystemRoot\system32\drivers\wd\WdFilter.sys
>         50 FFFFF80117910000 3366912 \SystemRoot\System32\Drivers\Ntfs.sys
>         51 FFFFF80117C50000 61440 \SystemRoot\System32\Drivers\Fs_Rec.sys
>         52 FFFFF80117C60000 1630208 \SystemRoot\system32\drivers\ndis.sys
>         53 FFFFF80117DF0000 647168 \SystemRoot\system32\drivers\NETIO.SYS
>         54 FFFFF80117E90000 217088 \SystemRoot\System32\Drivers\ksecpkg.sys
>         55 FFFFF80117ED0000 53248 \SystemRoot\System32\drivers\amdpsp.sys
>         56 FFFFF80117EE0000 3338240 \SystemRoot\System32\drivers\tcpip.sys
>         57 FFFFF80118210000 536576 \SystemRoot\System32\drivers\fwpkclnt.sys
>         58 FFFFF801182A0000 200704 \SystemRoot\System32\drivers\wfplwfs.sys
>         59 FFFFF801182E0000 868352 \SystemRoot\System32\DRIVERS\fvevol.sys
>         60 FFFFF801183C0000 45056 \SystemRoot\System32\drivers\volume.sys
>         61 FFFFF801183D0000 458752 \SystemRoot\System32\drivers\volsnap.sys
>         62 FFFFF80118450000 331776 \SystemRoot\System32\drivers\rdyboost.sys
>         63 FFFFF801184B0000 159744 \SystemRoot\System32\Drivers\mup.sys
>         64 FFFFF801184E0000 172032 \SystemRoot\System32\Drivers\klupd_klif_klbg.sys
>         65 FFFFF80118510000 77824 \SystemRoot\system32\drivers\iorate.sys
>         66 FFFFF80118550000 131072 \SystemRoot\System32\drivers\disk.sys
>         67 FFFFF80118580000 479232 \SystemRoot\System32\drivers\CLASSPNP.SYS
>         68 FFFFF801232D0000 163840 \SystemRoot\System32\Drivers\crashdmp.sys
>         69 FFFFF80123000000 102400 \SystemRoot\system32\DRIVERS\klbackupdisk.sys
>         70 FFFFF80123020000 204800 \SystemRoot\System32\drivers\cdrom.sys
>         71 FFFFF80123060000 581632 \SystemRoot\system32\DRIVERS\klflt.sys
>         72 FFFFF801230F0000 204800 \SystemRoot\system32\DRIVERS\klbackupflt.sys
>         73 FFFFF80123130000 90112 \SystemRoot\system32\drivers\filecrypt.sys
>         74 FFFFF80123150000 65536 \SystemRoot\system32\drivers\tbs.sys
>         75 FFFFF80123170000 1064960 \SystemRoot\system32\DRIVERS\klif.sys
>         76 FFFFF80124BE0000 544768 \SystemRoot\system32\DRIVERS\ks.sys
>         77 FFFFF80124200000 1871872 \SystemRoot\system32\DRIVERS\klhk.sys
>         78 FFFFF801243D0000 720896 \SystemRoot\system32\DRIVERS\klgse.sys
>         79 FFFFF80124490000 77824 \SystemRoot\system32\DRIVERS\klpd.sys
>         80 FFFFF801244B0000 118784 \SystemRoot\system32\DRIVERS\kldisk.sys
>         81 FFFFF801244D0000 45056 \SystemRoot\System32\Drivers\Null.SYS
>         82 FFFFF801244E0000 40960 \SystemRoot\System32\Drivers\Beep.SYS
>         83 FFFFF801244F0000 4689920 \SystemRoot\System32\drivers\dxgkrnl.sys
>         84 FFFFF80124970000 139264 \SystemRoot\System32\drivers\watchdog.sys
>         85 FFFFF801249A0000 94208 \SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_02da009b3d736cc1\BasicDisplay.sys
>         86 FFFFF801249C0000 73728 \SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_amd64_f7df692e0f5ee07f\BasicRender.sys
>         87 FFFFF801249E0000 114688 \SystemRoot\System32\Drivers\Npfs.SYS
>         88 FFFFF80124A00000 73728 \SystemRoot\System32\Drivers\Msfs.SYS
>         89 FFFFF80124A20000 163840 \SystemRoot\System32\Drivers\CimFS.SYS
>         90 FFFFF80124A50000 147456 \SystemRoot\system32\DRIVERS\klwfp.sys
>         91 FFFFF80124A80000 147456 \SystemRoot\system32\DRIVERS\tdx.sys
>         92 FFFFF80124AB0000 69632 \SystemRoot\system32\DRIVERS\TDI.SYS
>         93 FFFFF80124AD0000 331776 \SystemRoot\System32\DRIVERS\netbt.sys
>         94 FFFFF80124B30000 81920 \SystemRoot\system32\drivers\afunix.sys
>         95 FFFFF80124C70000 688128 \SystemRoot\system32\drivers\afd.sys
>         96 FFFFF80124D20000 315392 \SystemRoot\system32\DRIVERS\klwtp.sys
>         97 FFFFF80124D70000 90112 \SystemRoot\system32\DRIVERS\klim6.sys
>         98 FFFFF80124D90000 110592 \SystemRoot\System32\drivers\vwififlt.sys
>         99 FFFFF80124DB0000 176128 \SystemRoot\System32\drivers\pacer.sys
>         100 FFFFF80124DE0000 86016 \SystemRoot\System32\drivers\ndiscap.sys
>         101 FFFFF80124B50000 86016 \SystemRoot\system32\drivers\netbios.sys
>         102 FFFFF80126480000 819200 \SystemRoot\System32\drivers\Vid.sys
>         103 FFFFF80126550000 163840 \SystemRoot\System32\drivers\winhvr.sys
>         104 FFFFF80126580000 86016 \SystemRoot\system32\DRIVERS\klpnpflt.sys
>         105 FFFFF80126000000 512000 \SystemRoot\system32\DRIVERS\rdbss.sys
>         106 FFFFF80126080000 262144 \SystemRoot\System32\drivers\ViGEmBus.sys
>         107 FFFFF801260D0000 77824 \SystemRoot\system32\drivers\nsiproxy.sys
>         108 FFFFF801260F0000 65536 \SystemRoot\System32\drivers\npsvctrig.sys
>         109 FFFFF80126110000 69632 \SystemRoot\System32\drivers\mssmbios.sys
>         110 FFFFF80126130000 299008 \SystemRoot\system32\DRIVERS\kneps.sys
>         111 FFFFF80126180000 229376 \??\C:\ProgramData\Kaspersky Lab\AVP21.3\Bases\klids.sys
>         112 FFFFF801261C0000 184320 \SystemRoot\System32\Drivers\dfsc.sys
>         113 FFFFF80126230000 450560 \SystemRoot\System32\Drivers\fastfat.SYS
>         114 FFFFF801262A0000 106496 \SystemRoot\system32\drivers\bam.sys
>         115 FFFFF801262C0000 376832 \SystemRoot\system32\DRIVERS\ahcache.sys
>         116 FFFFF80126320000 61440 \SystemRoot\System32\drivers\amdxe.sys
>         117 FFFFF80126330000 176128 \SystemRoot\System32\drivers\amdfendr.sys
>         118 FFFFF80126360000 81920 \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_2e50c98177d80a40\CompositeBus.sys
>         119 FFFFF80126380000 61440 \SystemRoot\System32\drivers\kdnic.sys
>         120 FFFFF80126390000 114688 \SystemRoot\System32\DriverStore\FileRepository\amdsafd.inf_amd64_1a1a381a2c0e293c\amdsafd.sys
>         121 FFFFF801263B0000 471040 \SystemRoot\System32\drivers\portcls.sys
>         122 FFFFF80126430000 143360 \SystemRoot\System32\drivers\drmk.sys
>         123 FFFFF80126460000 65536 \SystemRoot\system32\drivers\ksthunk.sys
>         124 FFFFF801265A0000 94208 \SystemRoot\System32\DriverStore\FileRepository\umbus.inf_amd64_8ee833e5ca48d1de\umbus.sys
>         125 FFFFF801270D0000 667648 \SystemRoot\System32\drivers\USBXHCI.SYS
>         126 FFFFF80127180000 286720 \SystemRoot\system32\drivers\ucx01000.sys
>         127 FFFFF80126600000 712704 \SystemRoot\System32\DriverStore\FileRepository\rt25cx21x64.inf_amd64_affac63db0770a78\rt25cx21x64.sys
>         128 FFFFF801266B0000 389120 \SystemRoot\system32\drivers\NetAdapterCx.sys
>         129 FFFFF801388D0000 94785536 \SystemRoot\System32\DriverStore\FileRepository\u0386458.inf_amd64_e0283e9e7966f704\B386218\amdkmdag.sys
>         130 FFFFF8013E340000 192512 \SystemRoot\System32\drivers\HDAudBus.sys
>         131 FFFFF8013E370000 45056 \SystemRoot\System32\drivers\AMDPCIDev.sys
>         132 FFFFF8013E380000 53248 \SystemRoot\System32\drivers\amdgpio2.sys
>         133 FFFFF8013E390000 208896 \SystemRoot\System32\Drivers\msgpioclx.sys
>         134 FFFFF8013E3D0000 53248 \SystemRoot\System32\drivers\wmiacpi.sys
>         135 FFFFF80138600000 282624 \SystemRoot\System32\drivers\amdppm.sys
>         136 FFFFF80138650000 45056 \SystemRoot\System32\drivers\amdgpio3.sys
>         137 FFFFF80138660000 69632 \SystemRoot\System32\DriverStore\FileRepository\uefi.inf_amd64_3abb917fc03c6fa8\UEFI.sys
>         138 FFFFF801386E0000 40960 \SystemRoot\System32\drivers\amdfendrmgr.sys
>         139 FFFFF801386F0000 61440 \SystemRoot\System32\drivers\dtliteusbbus.sys
>         140 FFFFF80138700000 57344 \SystemRoot\System32\drivers\NdisVirtualBus.sys
>         141 FFFFF80138710000 49152 \SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_d84a235075a8ff73\swenum.sys
>         142 FFFFF80138720000 45056 \SystemRoot\System32\drivers\AWCCDriver.sys
>         143 FFFFF80138730000 69632 \SystemRoot\System32\drivers\HidHide.sys
>         144 FFFFF80138750000 45056 \SystemRoot\System32\drivers\dtlitescsibus.sys
>         145 FFFFF80138760000 65536 \SystemRoot\System32\drivers\rdpbus.sys
>         146 FFFFF80138780000 712704 \SystemRoot\System32\drivers\UsbHub3.sys
>         147 FFFFF80138830000 61440 \SystemRoot\System32\drivers\USBD.SYS
>         148 FFFFF80138840000 253952 \SystemRoot\system32\drivers\AtihdWT6.sys
>         149 FFFFF80126710000 528384 \SystemRoot\System32\drivers\HdAudio.sys
>         150 FFFFF80138880000 77824 \SystemRoot\System32\drivers\hidusb.sys
>         151 FFFFF80138680000 278528 \SystemRoot\System32\drivers\HIDCLASS.SYS
>         152 FFFFF801388A0000 90112 \SystemRoot\System32\drivers\HIDPARSE.SYS
>         153 FFFFF8013E3E0000 69632 \SystemRoot\System32\drivers\mouhid.sys
>         154 FFFFF801267A0000 106496 \SystemRoot\system32\DRIVERS\klmouflt.sys
>         155 FFFFF801267C0000 86016 \SystemRoot\System32\drivers\mouclass.sys
>         156 FFFFF801267E0000 73728 \SystemRoot\System32\drivers\kbdhid.sys
>         157 FFFFF80126800000 102400 \SystemRoot\system32\DRIVERS\klkbdflt.sys
>         158 FFFFF80126820000 86016 \SystemRoot\System32\drivers\kbdclass.sys
>         159 FFFFF80126840000 163840 \SystemRoot\System32\drivers\USBSTOR.SYS
>         160 FFFFF80126870000 221184 \SystemRoot\System32\drivers\usbccgp.sys
>         161 FFFFFD379FB50000 696320 \SystemRoot\System32\win32k.sys
>         162 FFFFF801386D0000 49152 \SystemRoot\System32\WIN32KSGD.SYS
>         163 FFFFFD379F600000 3604480 \SystemRoot\System32\win32kbase.sys
>         164 FFFFFD37A06A0000 3837952 \SystemRoot\System32\win32kfull.sys
>         165 FFFFF801268D0000 69632 \SystemRoot\System32\Drivers\dump_dumpstorport.sys
>         166 FFFFF80126930000 241664 \SystemRoot\System32\drivers\dump_stornvme.sys
>         167 FFFFF80126990000 122880 \SystemRoot\System32\Drivers\dump_dumpfve.sys
>         168 FFFFF801269B0000 1138688 \SystemRoot\System32\drivers\dxgmms2.sys
>         169 FFFFF80126AD0000 122880 \SystemRoot\System32\drivers\monitor.sys
>         170 FFFFFD37A0A50000 286720 \SystemRoot\System32\cdd.dll
>         171 FFFFF80126AF0000 356352 \SystemRoot\System32\drivers\WUDFRd.sys
>         172 FFFFF80126B50000 81920 \SystemRoot\system32\drivers\bfs.sys
>         173 FFFFF80126B70000 172032 \SystemRoot\system32\drivers\luafv.sys
>         174 FFFFF80126BA0000 241664 \SystemRoot\system32\drivers\wcifs.sys
>         175 FFFFF80126BE0000 196608 \SystemRoot\System32\drivers\rdpdr.sys
>         176 FFFFF801388C0000 61440 \SystemRoot\System32\drivers\WpdUpFltr.sys
>         177 FFFFF80126C20000 573440 \SystemRoot\system32\drivers\cldflt.sys
>         178 FFFFF80126CB0000 110592 \SystemRoot\system32\drivers\storqosflt.sys
>         179 FFFFF80126CD0000 163840 \SystemRoot\system32\drivers\bindflt.sys
>         180 FFFFF80126D00000 155648 \SystemRoot\system32\DRIVERS\bowser.sys
>         181 FFFFF80126D30000 434176 \SystemRoot\system32\drivers\msquic.sys
>         182 FFFFF80126DA0000 655360 \SystemRoot\system32\DRIVERS\mrxsmb.sys
>         183 FFFFF80126E50000 323584 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
>         184 FFFFF80126EA0000 102400 \SystemRoot\system32\drivers\lltdio.sys
>         185 FFFFF80126EC0000 102400 \SystemRoot\system32\drivers\mslldp.sys
>         186 FFFFF80126EE0000 118784 \SystemRoot\system32\drivers\rspndr.sys
>         187 FFFFF80126F00000 126976 \SystemRoot\System32\DRIVERS\wanarp.sys
>         188 FFFFF80126F20000 757760 \SystemRoot\system32\DRIVERS\nwifi.sys
>         189 FFFFF80126FE0000 102400 \SystemRoot\system32\drivers\ndisuio.sys
>         190 FFFFF80127000000 110592 \SystemRoot\System32\drivers\mpsdrv.sys
>         191 FFFFF80127020000 90112 \SystemRoot\system32\drivers\mmcss.sys
>         192 FFFFF80127040000 53248 \??\C:\Windows\system32\AMDRyzenMasterDriver.sys
>         193 FFFFF80127050000 372736 \SystemRoot\System32\DRIVERS\srvnet.sys
>         194 FFFFF80123300000 856064 \SystemRoot\system32\drivers\peauth.sys
>         195 FFFFF801574B0000 872448 \SystemRoot\System32\DRIVERS\srv2.sys
>         196 FFFFF80157590000 77824 \SystemRoot\System32\drivers\condrv.sys
>         197 FFFFF801575B0000 266240 \SystemRoot\System32\Drivers\klupd_klif_mark.sys
>         198 FFFFF80156600000 6111232 \??\C:\Users\hiper\OneDrive\Masa³st³\KDmapper\NalDrv.sys
>         199 FFFFF80156BE0000 1777664 \SystemRoot\system32\drivers\HTTP.sys
>         200 FFFFF80156DA0000 352256 \SystemRoot\System32\Drivers\klupd_klif_klark.sys
> > List of device and driver objects in the common locations
>         \ -> clfs
>         \ -> FatCdrom
>         \ -> Fat
>         \ -> Ntfs
>         \Device -> 0000006a
>         \Device -> 00000058
>         \Device -> GPIO_1
>         \Device -> 00000044
>         \Device -> NTPNP_PCI0030
>         \Device -> NTPNP_PCI0002
>         \Device -> 00000030
>         \Device -> Nal
>         \Device -> 00000068
>         \Device -> USBPDO-9
>         \Device -> 00000054
>         \Device -> GPIO_2
>         \Device -> AmdLog
>         \Device -> KLIM6_DUMMYklim6
>         \Device -> NTPNP_PCI0031
>         \Device -> NTPNP_PCI0003
>         \Device -> 00000064
>         \Device -> USBPDO-5
>         \Device -> 00000050
>         \Device -> MSGpioClassExt0
>         \Device -> NTPNP_PCI0032
>         \Device -> NTPNP_PCI0004
>         \Device -> MSSGRMAGENTSYS
>         \Device -> 0000000f
>         \Device -> MMCSS
>         \Device -> lltdio
>         \Device -> 00000074
>         \Device -> 00000060
>         \Device -> USBPDO-1
>         \Device -> Bam
>         \Device -> Psched
>         \Device -> Tcp6
>         \Device -> NTPNP_PCI0033
>         \Device -> NTPNP_PCI0005
>         \Device -> 0000001f
>         \Device -> 0000000b
>         \Device -> Ndisuio
>         \Device -> 00000070
>         \Device -> FakeVid10
>         \Device -> RaidPort0
>         \Device -> NTPNP_PCI0034
>         \Device -> NTPNP_PCI0006
>         \Device -> 0000002f
>         \Device -> 0000001b
>         \Device -> 00000009
>         \Device -> SrvAdmin
>         \Device -> FakeVid11
>         \Device -> FakeVid8
>         \Device -> KlDiskCtl
>         \Device -> RaidPort1
>         \Device -> 0000003f
>         \Device -> NTPNP_PCI0035
>         \Device -> NTPNP_PCI0007
>         \Device -> 0000002b
>         \Device -> 00000019
>         \Device -> 00000005
>         \Device -> FakeVid12
>         \Device -> FakeVid4
>         \Device -> 0000004f
>         \Device -> ahcache
>         \Device -> NTPNP_PCI0036
>         \Device -> 0000003b
>         \Device -> NTPNP_PCI0008
>         \Device -> 00000029
>         \Device -> 00000015
>         \Device -> 00000001
>         \Device -> FakeVid13
>         \Device -> FakeVid0
>         \Device -> 0000005f
>         \Device -> _HID00000001
>         \Device -> 0000004b
>         \Device -> IPSECDOSP
>         \Device -> NTPNP_PCI0037
>         \Device -> 00000039
>         \Device -> NTPNP_PCI0009
>         \Device -> 00000025
>         \Device -> 00000011
>         \Device -> klnkd_061303_KLIF
>         \Device -> PEAuth
>         \Device -> FakeVid14
>         \Device -> 0000005b
>         \Device -> 00000049
>         \Device -> NTPNP_PCI0038
>         \Device -> 00000035
>         \Device -> 00000021
>         \Device -> WMIDataDevice
>         \Device -> MPS
>         \Device -> FakeVid15
>         \Device -> 0000006b
>         \Device -> 00000059
>         \Device -> 00000045
>         \Device -> Spaceport
>         \Device -> NTPNP_PCI0039
>         \Device -> 00000031
>         \Device -> LanmanDatagramReceiver
>         \Device -> 00000069
>         \Device -> 00000055
>         \Device -> vwififlt
>         \Device -> WFPL2DPConfig
>         \Device -> ConDrv
>         \Device -> RdpDrPort
>         \Device -> UMDFCtrlDev-38762bd4-7e0f-11ed-8c4e-806e6f6e6963
>         \Device -> 00000065
>         \Device -> USBPDO-6
>         \Device -> 00000051
>         \Device -> Tcp
>         \Device -> DxgKrnl
>         \Device -> NTPNP_PCI0010
>         \Device -> 00000075
>         \Device -> 00000061
>         \Device -> RealTekCard{C71C7B73-2EA3-4E74-A704-ECD4A71B8E26}
>         \Device -> USBPDO-2
>         \Device -> USBFDO-0
>         \Device -> Null
>         \Device -> NTPNP_PCI0011
>         \Device -> 0000000c
>         \Device -> WANARP
>         \Device -> 00000071
>         \Device -> Udp6
>         \Device -> NamedPipe
>         \Device -> NTPNP_PCI0012
>         \Device -> 0000001c
>         \Device -> LLDPCTRL
>         \Device -> RdpDrDvMgr
>         \Device -> FakeVid9
>         \Device -> Video0
>         \Device -> Kneps
>         \Device -> NTPNP_PCI0013
>         \Device -> 0000002c
>         \Device -> 00000006
>         \Device -> FakeVid5
>         \Device -> Video1
>         \Device -> NXTIPSEC
>         \Device -> KsecDD
>         \Device -> 0000003c
>         \Device -> NTPNP_PCI0014
>         \Device -> 00000016
>         \Device -> 00000002
>         \Device -> DeviceApi
>         \Device -> FakeVid1
>         \Device -> Video2
>         \Device -> _HID00000002
>         \Device -> 0000004c
>         \Device -> WFPL2
>         \Device -> MountPointManager
>         \Device -> NTPNP_PCI0015
>         \Device -> 00000026
>         \Device -> CNG
>         \Device -> 00000012
>         \Device -> SrvNet
>         \Device -> Video3
>         \Device -> 0000005c
>         \Device -> lwm
>         \Device -> 00000036
>         \Device -> NTPNP_PCI0016
>         \Device -> 00000022
>         \Device -> KMDF0
>         \Device -> 0000006c
>         \Device -> Video4
>         \Device -> HidHide
>         \Device -> 00000046
>         \Device -> NTPNP_PCI0017
>         \Device -> 00000032
>         \Device -> Video5
>         \Device -> 00000056
>         \Device -> KLWTP_DUMMY
>         \Device -> 00000042
>         \Device -> NTPNP_PCI0018
>         \Device -> UMDFCtrlDev-38762bd0-7e0f-11ed-8c4e-806e6f6e6963
>         \Device -> Video6
>         \Device -> 00000066
>         \Device -> USBPDO-7
>         \Device -> 00000052
>         \Device -> netadaptercx0
>         \Device -> WFP
>         \Device -> NTPNP_PCI0019
>         \Device -> 00000076
>         \Device -> Video7
>         \Device -> 00000062
>         \Device -> USBPDO-3
>         \Device -> USBFDO-1
>         \Device -> amdpsp
>         \Device -> 0000000d
>         \Device -> WwanProt
>         \Device -> 00000072
>         \Device -> DrDynVc
>         \Device -> Mailslot
>         \Device -> HarddiskVolume1
>         \Device -> RawCdRom
>         \Device -> 0000001d
>         \Device -> WANARPV6
>         \Device -> kneps_DUMMY
>         \Device -> RawIp6
>         \Device -> RawIp
>         \Device -> Tdx
>         \Device -> HarddiskVolumeShadowCopy1
>         \Device -> HarddiskVolume2
>         \Device -> VolMgrControl
>         \Device -> 0000002d
>         \Device -> 00000007
>         \Device -> FakeVid6
>         \Device -> PointerClass0
>         \Device -> Nsi
>         \Device -> FsWrap
>         \Device -> HarddiskVolume3
>         \Device -> Mup
>         \Device -> kl_cm.{EE198DD8-F4ED-4799-A748-5A130DE3050E}
>         \Device -> 0000003d
>         \Device -> NTPNP_PCI0020
>         \Device -> WindowsTrustedRT
>         \Device -> 00000017
>         \Device -> 00000003
>         \Device -> FakeVid2
>         \Device -> PointerClass1
>         \Device -> _HID00000003
>         \Device -> 0000004d
>         \Device -> Udp
>         \Device -> HarddiskVolume4
>         \Device -> RawTape
>         \Device -> NTPNP_PCI0021
>         \Device -> 00000027
>         \Device -> 00000013
>         \Device -> klark_041403_KLIF
>         \Device -> Bfs
>         \Device -> 0000005d
>         \Device -> RdpBus
>         \Device -> KLWTP
>         \Device -> HarddiskVolume5
>         \Device -> 00000037
>         \Device -> NTPNP_PCI0022
>         \Device -> 00000023
>         \Device -> 0000006d
>         \Device -> 00000047
>         \Device -> HarddiskVolume6
>         \Device -> NTPNP_PCI0023
>         \Device -> 00000033
>         \Device -> rspndr
>         \Device -> UMDFCtrlDev-38762bfc-7e0f-11ed-8c4e-c5ba839355fb
>         \Device -> UMDFCtrlDev-38762bf3-7e0f-11ed-8c4e-c5ba839355fb
>         \Device -> 00000057
>         \Device -> NetBt_Wins_Export
>         \Device -> 00000043
>         \Device -> HarddiskVolume7
>         \Device -> FileInfo
>         \Device -> NTPNP_PCI0024
>         \Device -> 00000067
>         \Device -> HarddiskVolume8
>         \Device -> USBPDO-8
>         \Device -> 00000053
>         \Device -> klbg_111403_KLIF
>         \Device -> arkmon_021304_KLIF
>         \Device -> NTPNP_PCI0025
>         \Device -> RESOURCE_HUB
>         \Device -> 00000063
>         \Device -> HarddiskVolume9
>         \Device -> KeyboardClass0
>         \Device -> USBPDO-4
>         \Device -> KLIM6klim6
>         \Device -> WfpAle
>         \Device -> Ndis
>         \Device -> NTPNP_PCI0026
>         \Device -> 0000000e
>         \Device -> 00000073
>         \Device -> KeyboardClass1
>         \Device -> USBPDO-0
>         \Device -> DfsClient
>         \Device -> PartmgrControl
>         \Device -> PcwDrv
>         \Device -> NTPNP_PCI0027
>         \Device -> 0000001e
>         \Device -> 0000000a
>         \Device -> KeyboardClass2
>         \Device -> UCX0
>         \Device -> KLWFP_DUMMY
>         \Device -> RdyBoost
>         \Device -> NTPNP_PCI0028
>         \Device -> PciControl
>         \Device -> 0000002e
>         \Device -> 0000001a
>         \Device -> 00000008
>         \Device -> Srv2
>         \Device -> AMDRyzenMasterDriverV19
>         \Device -> FakeVid7
>         \Device -> KeyboardClass3
>         \Device -> Netbios
>         \Device -> Beep
>         \Device -> eQoS
>         \Device -> 0000003e
>         \Device -> RawDisk
>         \Device -> NTPNP_PCI0029
>         \Device -> 0000002a
>         \Device -> 00000018
>         \Device -> 00000004
>         \Device -> FakeVid3
>         \Device -> KeyboardClass4
>         \Device -> _HID00000004
>         \Device -> 0000004e
>         \Device -> NetBT_Tcpip_{C71C7B73-2EA3-4E74-A704-ECD4A71B8E26}
>         \Device -> VRegDriver
>         \Device -> Afd
>         \Device -> 0000003a
>         \Device -> 00000028
>         \Device -> 00000014
>         \Device -> KeyboardClass5
>         \Device -> 0000005e
>         \Device -> _HID00000000
>         \Device -> AWCCDevice
>         \Device -> 0000004a
>         \Device -> NameResTrk
>         \Device -> BitLocker
>         \Device -> 00000038
>         \Device -> NTPNP_PCI0000
>         \Device -> 00000024
>         \Device -> 00000010
>         \Device -> 0000006e
>         \Device -> 0000005a
>         \Device -> 00000048
>         \Device -> 00000034
>         \Device -> NTPNP_PCI0001
>         \Device -> 00000020
>         \Driver -> klkbdflt
>         \Driver -> amdgpio2
>         \Driver -> fvevol
>         \Driver -> vdrvroot
>         \Driver -> NetBT
>         \Driver -> acpiex
>         \Driver -> Wdf01000
>         \Driver -> mpsdrv
>         \Driver -> storahci
>         \Driver -> MMCSS
>         \Driver -> lltdio
>         \Driver -> bam
>         \Driver -> Psched
>         \Driver -> BasicRender
>         \Driver -> disk
>         \Driver -> HTTP
>         \Driver -> NalDrv
>         \Driver -> Ndisuio
>         \Driver -> stornvme
>         \Driver -> klupd_klif_arkmon
>         \Driver -> WscVReg
>         \Driver -> monitor
>         \Driver -> ahcache
>         \Driver -> iorate
>         \Driver -> pcw
>         \Driver -> klupd_klif_klark
>         \Driver -> AmdPPM
>         \Driver -> rt25cx21
>         \Driver -> Ucx01000
>         \Driver -> USBXHCI
>         \Driver -> partmgr
>         \Driver -> PEAUTH
>         \Driver -> MsLldp
>         \Driver -> klmouflt
>         \Driver -> AWCCDriver
>         \Driver -> Vid
>         \Driver -> klim6
>         \Driver -> ACPI_HAL
>         \Driver -> amdgpio3
>         \Driver -> spaceport
>         \Driver -> USBSTOR
>         \Driver -> HidUsb
>         \Driver -> vwififlt
>         \Driver -> condrv
>         \Driver -> DXGKrnl
>         \Driver -> PnpManager
>         \Driver -> RDPDR
>         \Driver -> Null
>         \Driver -> intelpep
>         \Driver -> PRM
>         \Driver -> wanarp
>         \Driver -> SoftwareDevice
>         \Driver -> kneps
>         \Driver -> klflt
>         \Driver -> CLFS
>         \Driver -> WindowsTrustedRTProxy
>         \Driver -> AMDXE
>         \Driver -> NdisCap
>         \Driver -> KSecDD
>         \Driver -> volmgr
>         \Driver -> DeviceApi
>         \Driver -> umbus
>         \Driver -> klpnpflt
>         \Driver -> klbackupdisk
>         \Driver -> CNG
>         \Driver -> Win32k
>         \Driver -> amdfendrmgr
>         \Driver -> npsvctrig
>         \Driver -> volume
>         \Driver -> KSecPkg
>         \Driver -> TPM
>         \Driver -> mouclass
>         \Driver -> HidHide
>         \Driver -> NativeWifiP
>         \Driver -> msisadrv
>         \Driver -> IntelPMT
>         \Driver -> kbdclass
>         \Driver -> dtliteusbbus
>         \Driver -> AMDPCIDev
>         \Driver -> mouhid
>         \Driver -> dtlitescsibus
>         \Driver -> AMDSAFD
>         \Driver -> volsnap
>         \Driver -> amdpsp
>         \Driver -> GPIOClx0101
>         \Driver -> nsiproxy
>         \Driver -> WMIxWDM
>         \Driver -> MsQuic
>         \Driver -> tdx
>         \Driver -> WindowsTrustedRT
>         \Driver -> HDAudBus
>         \Driver -> BasicDisplay
>         \Driver -> rdpbus
>         \Driver -> klwtp
>         \Driver -> klhk
>         \Driver -> kbdhid
>         \Driver -> AtiHDAudioService
>         \Driver -> UEFI
>         \Driver -> pdc
>         \Driver -> rspndr
>         \Driver -> WpdUpFltr
>         \Driver -> WmiAcpi
>         \Driver -> klupd_klif_klbg
>         \Driver -> HdAudAddService
>         \Driver -> NetAdapterCx
>         \Driver -> mssmbios
>         \Driver -> klwfp
>         \Driver -> volmgrx
>         \Driver -> pci
>         \Driver -> NdisVirtualBus
>         \Driver -> kdnic
>         \Driver -> cdrom
>         \Driver -> NDIS
>         \Driver -> cm_km
>         \Driver -> swenum
>         \Driver -> amdfendr
>         \Driver -> klids
>         \Driver -> rdyboost
>         \Driver -> WFPLWFS
>         \Driver -> Tcpip
>         \Driver -> SgrmAgent
>         \Driver -> klupd_klif_mark
>         \Driver -> AMDRyzenMasterDriverV19
>         \Driver -> USBHUB3
>         \Driver -> Beep
>         \Driver -> kldisk
>         \Driver -> usbccgp
>         \Driver -> amdwddmg
>         \Driver -> AFD
>         \Driver -> mountmgr
>         \Driver -> ksthunk
>         \Driver -> ViGEmBus
>         \Driver -> afunix
>         \Driver -> WudfRd
>         \Driver -> CompositeBus
>         \Driver -> EhStorClass
>         \Driver -> ACPI
> > Process (self) handle trace
>         >> 0xFFFFF80114ACCFD7, \SystemRoot\system32\ntoskrnl.exe, base 0xFFFFF80114400000
>         >> 0xFFFFF80114ACD423, \SystemRoot\system32\ntoskrnl.exe, base 0xFFFFF80114400000
>         >> 0xFFFFF8011483D4E8, \SystemRoot\system32\ntoskrnl.exe, base 0xFFFFF80114400000
>         >> 0x00007FF8B60EF2C4, ntdll.dll, base 0x00007FF8B6050000
>         >> 0x00007FF63FC0F928, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC0FD5C, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC0FFEB, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC09F3D, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC0A829, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC0AA0E, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC10820, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF8B44C26BD, KERNEL32.DLL, base 0x00007FF8B44B0000
>         >> 0x00007FF8B60ADFB8, ntdll.dll, base 0x00007FF8B6050000
> > Thread handle trace
>         >> 0xFFFFF80114BB1522, \SystemRoot\system32\ntoskrnl.exe, base 0xFFFFF80114400000
>         >> 0xFFFFF80114BB1303, \SystemRoot\system32\ntoskrnl.exe, base 0xFFFFF80114400000
>         >> 0xFFFFF8011483D4E8, \SystemRoot\system32\ntoskrnl.exe, base 0xFFFFF80114400000
>         >> 0x00007FF8B60F14D4, ntdll.dll, base 0x00007FF8B6050000
>         >> 0x00007FF63FC0F997, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC0FD5C, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC0FFEB, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC09F3D, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC0A829, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC0AA0E, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC10820, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF8B44C26BD, KERNEL32.DLL, base 0x00007FF8B44B0000
>         >> 0x00007FF8B60ADFB8, ntdll.dll, base 0x00007FF8B6050000
> > Process (1188) handle trace
> Cannot open process, NTSTATUS (0xC0000022)
> > Section handle trace
>         >> 0xFFFFF80114ACF260, \SystemRoot\system32\ntoskrnl.exe, base 0xFFFFF80114400000
>         >> 0xFFFFF80114ACF3CC, \SystemRoot\system32\ntoskrnl.exe, base 0xFFFFF80114400000
>         >> 0xFFFFF8011483D4E8, \SystemRoot\system32\ntoskrnl.exe, base 0xFFFFF80114400000
>         >> 0x00007FF8B60EF744, ntdll.dll, base 0x00007FF8B6050000
>         >> 0x00007FF63FC0FABB, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC0FE06, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC0FFEB, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC09F3D, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC0A829, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC0AA0E, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC10820, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF8B44C26BD, KERNEL32.DLL, base 0x00007FF8B44B0000
>         >> 0x00007FF8B60ADFB8, ntdll.dll, base 0x00007FF8B6050000
> > Analyzing process working set
>         >> ThreadId [10820] Pc 00007FF8B60EF184 (ntdll.dll) : Va 00007FF8B60EF185 (ntdll.dll)
>         >> ThreadId [10820] Pc 00007FF8B60EF184 (ntdll.dll) : Va 000000000014CE09 (Unknown)
>         >> ThreadId [10820] Pc 00007FF63FC0F4AF (kdu.exe) : Va 00007FF63FC0F4AF (kdu.exe)
>         >> ThreadId [10820] Pc 00007FF63FC0F4C2 (kdu.exe) : Va 000000000014CE31 (Unknown)
>         >> ThreadId [10820] Pc 00007FF63FC0F4D3 (kdu.exe) : Va 00007FF63FC2A609 (kdu.exe)
>         >> ThreadId [10820] Pc 00007FF8B60EF118 (ntdll.dll) : Va 000000007FFE0309 (Unknown)
> > List of registered minifilters
>         >> bindflt
>         >> WdFilter
>         >> KLIF
>         >> storqosflt
>         >> wcifs
>         >> CldFlt
>         >> bfs
>         >> FileCrypt
>         >> luafv
>         >> klbackupflt
>         >> npsvctrig
>         >> Wof
>         >> FileInfo
> > Physical memory layout
> ResourceList Count 1
> pDesc[0].PartialResourceList.Count 7
> #0 Flags 0x0000 0x0000000000001000::0x00000000000A0000 (length 0x000000000009F000, 0 Mb)
> #1 Flags 0x0000 0x0000000000100000::0x0000000009E02000 (length 0x0000000009D02000, 157 Mb)
> #2 Flags 0x0000 0x000000000A000000::0x000000000A200000 (length 0x0000000000200000, 2 Mb)
> #3 Flags 0x0000 0x000000000A20E000::0x000000000B000000 (length 0x0000000000DF2000, 13 Mb)
> #4 Flags 0x0000 0x000000000B020000::0x00000000CB147000 (length 0x00000000C0127000, 3073 Mb)
> #5 Flags 0x0000 0x00000000CDBFF000::0x00000000CF000000 (length 0x0000000001401000, 20 Mb)
> #6 Flags 0x0200 0x0000000100000000::0x000000042F380000 (length 0x000000032F380000, 13043 Mb)
> [+] Return value: 1. Bye-bye!
@hfiref0x
Copy link
Owner

hfiref0x commented Dec 18, 2022
edited
Loading

[!] Vulnerable driver is already loaded

198 FFFFF80156600000 6111232 ??\C:\Users\hiper\OneDrive\Masa³st³\KDmapper\NalDrv.sys

c0000010 - STATUS_INVALID_DEVICE_REQUEST, you have different version of NalDrv loaded, get rid of it.

[!] Could not query DSE state, GetLastError 5 (ERROR_ACCESS_DENIED).

Loaded NalDrv is a different version of what KDU use, get rid of it.

Run kdu -prv 1 -dse 0 and post result.

Additionally you are running bunch of Kaspersky drivers that may interfere, get rid of it.

@hfiref0x hfiref0x closed this as completed Feb 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
no feedback available
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hfiref0x @hern0s-dev