2023-07-01 03:52:18 +02:00
# Domito
2023-07-01 07:07:15 +02:00
Windows kernel driver utilities library.
2023-07-01 17:30:36 +02:00
Work in progress, use with care 🔥
## About
2023-07-02 18:24:44 +02:00
Static library containing some unconventional and undocumented kernel space goodies for the adventurous kernel hacker 🙂 Although I aim for stable code, I can not recommend it for production use; but it's mighty helpful in a lab environment to say the least! You've been warned!
2023-07-01 17:30:36 +02:00
Most of the logic you find here has been discovered and provided by the fine folks listed in the credits section below, I merely touched it up and molded into an utilities library for easy consumption in your own kernel driver project.
## Conventions
Custom types are prefixed with an all upper case `DOMITO_` and functions are prefixed with a Pascal case `Domito` to avoid conflicts with any system-provided names. The word "domito" is latin for "to tame".
2023-07-01 04:59:31 +02:00
2023-07-02 12:22:41 +02:00
## Environment
2023-07-02 12:24:28 +02:00
Built for and tested on **Windows 10 version 1507 (or newer) x64/ARM64** . 32-Bit might work too but who cares about that 😆
2023-07-02 12:22:41 +02:00
## Goals
- Stick to C-compatible exports and consumable types only.
2023-07-02 12:25:05 +02:00
- I do not want to force any consumer of the library to drag C++ paradigms into their project. I do expect the user to utilize a modern compiler though, so the library sources themselves may have some 'C++-ish touches' here and there, for my own convenience 😉
2023-07-02 12:22:41 +02:00
- Compatibility with every Windows 10 version.
- APIs not available on older builds will give you a `STATUS_NOT_IMPLEMENTED` instead of hard-linking and therefore making your driver fail to load 🤞
2023-07-02 12:29:15 +02:00
- No conflicts with WDF or DMF
- The consuming driver *may* (but doesn't have to) utilize Microsoft WDF or DMF in addition without having to fear any incompatibilities 💪
2023-07-02 18:20:57 +02:00
- Reliable SAL annotations.
- I made sure to enrich the majority of the code with correct, tested annotations for Code Analysis to help you spot potential accidental API misuse 😎
2023-07-02 12:22:41 +02:00
2023-07-01 17:35:48 +02:00
## How to use
2023-07-01 20:47:36 +02:00
- Add the `include` directory to your project's headers search path.
2023-07-03 00:24:31 +02:00
- Add includes (preferably in the provided order):
```c
#include < ntddk.h >
#include < ntimage.h >
#include < bcrypt.h >
#include < Domito.h >
```
2023-07-02 19:57:04 +02:00
- Call `DomitoInit()` in your `DriverEntry` once to bootstrap internals.
2023-07-01 20:47:36 +02:00
- Link against the resulting `Domito.lib` file for your desired architecture.
2023-07-02 19:55:23 +02:00
- Link against `cng.lib` for the CNG BCrypt APIs.
2023-07-01 20:47:36 +02:00
- Done!
2023-07-01 17:35:48 +02:00
2023-07-01 04:59:31 +02:00
## Sources & 3rd party credits
This library benefits from these awesome projects ❤ (appearance in no special order):
- [GetProcAddress implementation - for the Kernel ](https://github.com/nefarius/WDF-Utils/blob/master/Snippets/WDM/GetProcAddress.md )
- [Implementation of GetProcAddress and GetModuleHandle
for Windows NT3.51/NT4/2000/XP/2003/Vista/7/8 kernel mode,
both 32 and 64 bit platforms](http://alter.org.ua/en/docs/nt_kernel/procaddr/)
- [Use ci.dll API for validating Authenticode signature of files ](https://github.com/Ido-Moshe-Github/CiDllDemo )
2023-07-02 12:22:41 +02:00
- [MiroKaku/CiDllDemo ](https://github.com/MiroKaku/CiDllDemo )
- [MiroKaku/Veil ](https://github.com/MiroKaku/Veil )
2023-07-01 04:59:31 +02:00
- [Helper functions for calculating the authenticode digest for a portable executable file ](https://github.com/mihaly044/pedigest )
2023-07-01 16:34:20 +02:00
- Custom memory allocator exposure inspired by SDL
2023-07-01 16:33:13 +02:00
- [SDL_stdinc.h ](https://github.com/libsdl-org/SDL/blob/main/include/SDL3/SDL_stdinc.h )
- [SDL_malloc.c ](https://github.com/libsdl-org/SDL/blob/main/src/stdlib/SDL_malloc.c )