mrexodia/driver_unpacking

Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 30 Commits
MakeUsermode		MakeUsermode
ci		ci
cng		cng
faker		faker
fltmgr		fltmgr
hal		hal
ntdll		ntdll
ntoskrnl		ntoskrnl
utils		utils
wdfldr		wdfldr
.gitignore		.gitignore
README.md		README.md
fake.sln		fake.sln

Repository files navigation

driver_unpacking

Ghetto user mode emulation of Windows kernel drivers. See the Kernel driver unpacking blog post for a practical application.

Usage

You can use MakeUsermode to convert the driver to a user-mode program, it will then import the fake ntoskrnl.exe which acts as an emulator. It is meant as a way to conduct simple research and only a few APIs are implemented. A more comprehensive tool is speakeasy, but this allows you to debug drivers in x64dbg.

Related utility: SysShellHandler.

About

Ghetto user mode emulation of Windows kernel drivers.

Topics

windows emulation user-mode kernel-drivers

Resources

Readme

Activity

Releases 1

Blog post artifacts Latest

Jun 4, 2017

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

mrexodia/driver_unpacking

Folders and files

Latest commit

History

Repository files navigation

driver_unpacking

Usage

About

Topics

Resources

Uh oh!

Stars

Watchers

Forks

Releases 1

Uh oh!

Contributors

Uh oh!

Languages