Offensive Driver Development
Learn how to develop a Windows driver with a variety of abuse primitives.
Learn how to set up a development testing environment for writing Windows kernel-mode drivers using Hyper-V, WinDbg, and Visual Studio. Cover the basic anatomy of a driver from loading and unloading, I/O control codes, interaction from userland, and kernel debugging. Implement various abuse primitives including removing process protection, disabling kernel callback routines and driver signature enforcement.
What is a Driver?
FREE PREVIEWThe Risks with Drivers
FREE PREVIEWKernel Patch Protection
FREE PREVIEWConfigure your Development Environment
FREE PREVIEWDriver Entry
Printing Debug Messages
Loading and Running the Driver
Driver Unload
Dispatch Routines
Client-Side Code
IRP_MJ_DEVICE_CONTROL
Sending Data to the Driver
Returning Data from the Driver
Kernel Debugging
FirstDriver Solution
Introduction
Unprotecting (Protected) Processes
Protecting (Unprotected) Processes
Windows Version Checking
Introduction
nt!_TOKEN
PsReferencePrimaryToken
Introduction
PsSetCreateProcessNotifyRoutine
PspCreateProcessNotifyRoutine
QueryModuleInformation
Putting It Together
CreateThreadNotify & LoadImageNotify
Removing a Callback Routine
Introduction
CI!CiInitialize
Finding CiOptions from Userland
Toggle DSE from a Driver
Testing DSE
Final Driver Solution
Credits and Acknowledgements
FREE PREVIEW