include | ||
lib | ||
src | ||
.editorconfig | ||
.gitignore | ||
Domito.sln | ||
Domito.sln.DotSettings | ||
LICENSE | ||
README.md |
Domito
Windows kernel driver utilities library.
Work in progress, use with care 🔥
About
Static library containing some unconventional and undocumented kernel space goodies for the adventurous kernel hacker 🙂 Although I aim for stable code, I can not recommend it for production use; but it's mighty helpful in a lab environment to say the least! You've been warned!
Most of the logic you find here has been discovered and provided by the fine folks listed in the credits section below, I merely touched it up and molded into an utilities library for easy consumption in your own kernel driver project.
Conventions
Custom types are prefixed with an all upper case DOMITO_
and functions are prefixed with a Pascal case Domito
to avoid conflicts with any system-provided names. The word "domito" is latin for "to tame".
Environment
Built for and tested on Windows 10 version 1507 (or newer) x64/ARM64. 32-Bit might work too but who cares about that 😆
Goals
- Stick to C-compatible exports and consumable types only.
- I do not want to force any consumer of the library to drag C++ paradigms into their project. I do expect the user to utilize a modern compiler though, so the library sources themselves may have some 'C++-ish touches' here and there, for my own convenience 😉
- Compatibility with every Windows 10 version.
- APIs not available on older builds will give you a
STATUS_NOT_IMPLEMENTED
instead of hard-linking and therefore making your driver fail to load 🤞
- APIs not available on older builds will give you a
- No conflicts with WDF or DMF
- The consuming driver may (but doesn't have to) utilize Microsoft WDF or DMF in addition without having to fear any incompatibilities 💪
- Reliable SAL annotations.
- I made sure to enrich the majority of the code with correct, tested annotations for Code Analysis to help you spot potential accidental API misuse 😎
How to use
- Add the
include
directory to your project's headers search path.- To make your life easier I recommend setting an environment variable named
DOMITO_INC_PATH
to...\Domito\include
absolute path and... - ...in your project add
$(DOMITO_INC_PATH);
to "Additional Include Directories".
- To make your life easier I recommend setting an environment variable named
- Add includes (preferably in the provided order):
#include <ntddk.h> #include <ntimage.h> #include <bcrypt.h> #include <Domito.h>
- Call
DomitoInit()
in yourDriverEntry
once to bootstrap internals. - Link against the resulting
Domito.lib
file for your desired architecture.- To make your life easier I recommend setting an environment variable named
DOMITO_LIB_PATH
to...\Domito\lib
absolute path and... - ...in your project add
$(DOMITO_LIB_PATH)\$(DDKPlatform)\$(Configuration)\Domito.lib;$(DOMITO_LIB_PATH)\$(DDKPlatform)\ci.lib;
to "Additional Dependencies".
- To make your life easier I recommend setting an environment variable named
- Link against the provided
ci.lib
for the Code Integrity convenience functions. - Link against
cng.lib
for the CNG BCrypt APIs. - Done!
Sources & 3rd party credits
This library benefits from these awesome projects ❤ (appearance in no special order):
- GetProcAddress implementation - for the Kernel
- Implementation of GetProcAddress and GetModuleHandle for Windows NT3.51/NT4/2000/XP/2003/Vista/7/8 kernel mode, both 32 and 64 bit platforms
- Use ci.dll API for validating Authenticode signature of files
- Helper functions for calculating the authenticode digest for a portable executable file
- Custom memory allocator exposure inspired by SDL
- Authenticode (I): Understanding Windows Authenticode – RME-DisCo Research Group (reversea.me)
- Verifying Windows binaries, without Windows
- Authenticode certificates and checks from a KM driver