# Domito Windows kernel driver utilities library. Work in progress, use with care 🔥 ## About Static library containing some unconventional and undocumented kernel space goodies for the adventurous kernel hacker 🙂 Although I aim for stable code, I can not recommend it for production use; but it's mighty helpful in a lab environment to say the least! Most of the logic you find here has been discovered and provided by the fine folks listed in the credits section below, I merely touched it up and molded into an utilities library for easy consumption in your own kernel driver project. ## Conventions Custom types are prefixed with an all upper case `DOMITO_` and functions are prefixed with a Pascal case `Domito` to avoid conflicts with any system-provided names. The word "domito" is latin for "to tame". ## Environment Built for and tested on **Windows 10 version 1507 (or newer) x64/ARM64**. 32-Bit might work too but who cares about that 😆 ## Goals - Stick to C-compatible exports and consumable types only. - I do not want to force any consumer of the library to drag C++ paradigms into their project. I do expect the user to utilize a modern compiler though, so the library sources themselves may have some 'C++-ish touches' here and there, for my own convenience 😉 - Compatibility with every Windows 10 version. - APIs not available on older builds will give you a `STATUS_NOT_IMPLEMENTED` instead of hard-linking and therefore making your driver fail to load 🤞 ## How to use - Add the `include` directory to your project's headers search path. - `#include ` wherever required. - Link against the resulting `Domito.lib` file for your desired architecture. - Link against the provided `ci.lib` for the Code Integrity convenience functions. - Done! ## Sources & 3rd party credits This library benefits from these awesome projects ❤ (appearance in no special order): - [GetProcAddress implementation - for the Kernel](https://github.com/nefarius/WDF-Utils/blob/master/Snippets/WDM/GetProcAddress.md) - [Implementation of GetProcAddress and GetModuleHandle for Windows NT3.51/NT4/2000/XP/2003/Vista/7/8 kernel mode, both 32 and 64 bit platforms](http://alter.org.ua/en/docs/nt_kernel/procaddr/) - [Use ci.dll API for validating Authenticode signature of files](https://github.com/Ido-Moshe-Github/CiDllDemo) - [MiroKaku/CiDllDemo](https://github.com/MiroKaku/CiDllDemo) - [MiroKaku/Veil](https://github.com/MiroKaku/Veil) - [Helper functions for calculating the authenticode digest for a portable executable file](https://github.com/mihaly044/pedigest) - Custom memory allocator exposure inspired by SDL - [SDL_stdinc.h](https://github.com/libsdl-org/SDL/blob/main/include/SDL3/SDL_stdinc.h) - [SDL_malloc.c](https://github.com/libsdl-org/SDL/blob/main/src/stdlib/SDL_malloc.c)