Windows kernel driver utilities library.
Go to file
2023-07-03 22:57:30 +02:00
include Update Domito.h 2023-07-03 22:57:30 +02:00
lib Added ci.lib stubs 2023-07-01 20:44:56 +02:00
src Removed dynamic CI experiments that do not work, possibly due to Patch Guard 2023-07-03 20:44:12 +02:00
.editorconfig Added .editorconfig 2023-07-01 04:23:11 +02:00
.gitignore Initial commit 2023-07-01 03:52:18 +02:00
Domito.sln Added .editorconfig 2023-07-01 04:23:11 +02:00
Domito.sln.DotSettings Reworked CI code to resolve during runtime 2023-07-02 19:35:01 +02:00
LICENSE Update LICENSE 2023-07-01 07:10:18 +02:00
README.md Update README.md 2023-07-03 20:45:30 +02:00

Domito

Windows kernel driver utilities library.

Work in progress, use with care 🔥

About

Static library containing some unconventional and undocumented kernel space goodies for the adventurous kernel hacker 🙂 Although I aim for stable code, I can not recommend it for production use; but it's mighty helpful in a lab environment to say the least! You've been warned!

Most of the logic you find here has been discovered and provided by the fine folks listed in the credits section below, I merely touched it up and molded into an utilities library for easy consumption in your own kernel driver project.

Conventions

Custom types are prefixed with an all upper case DOMITO_ and functions are prefixed with a Pascal case Domito to avoid conflicts with any system-provided names. The word "domito" is latin for "to tame".

Environment

Built for and tested on Windows 10 version 1507 (or newer) x64/ARM64. 32-Bit might work too but who cares about that 😆

Goals

  • Stick to C-compatible exports and consumable types only.
    • I do not want to force any consumer of the library to drag C++ paradigms into their project. I do expect the user to utilize a modern compiler though, so the library sources themselves may have some 'C++-ish touches' here and there, for my own convenience 😉
  • Compatibility with every Windows 10 version.
    • APIs not available on older builds will give you a STATUS_NOT_IMPLEMENTED instead of hard-linking and therefore making your driver fail to load 🤞
  • No conflicts with WDF or DMF
    • The consuming driver may (but doesn't have to) utilize Microsoft WDF or DMF in addition without having to fear any incompatibilities 💪
  • Reliable SAL annotations.
    • I made sure to enrich the majority of the code with correct, tested annotations for Code Analysis to help you spot potential accidental API misuse 😎

How to use

  • Add the include directory to your project's headers search path.
  • Add includes (preferably in the provided order):
    #include <ntddk.h>
    #include <ntimage.h>
    #include <bcrypt.h>
    #include <Domito.h>
    
  • Call DomitoInit() in your DriverEntry once to bootstrap internals.
  • Link against the resulting Domito.lib file for your desired architecture.
  • Link against the provided ci.lib for the Code Integrity convenience functions.
  • Link against cng.lib for the CNG BCrypt APIs.
  • Done!

Sources & 3rd party credits

This library benefits from these awesome projects ❤ (appearance in no special order):