3.1 KiB
Domito
Windows kernel driver utilities library.
Work in progress, use with care 🔥
About
Static library containing some unconventional and undocumented kernel space goodies for the adventurous kernel hacker 🙂 Although I aim for stable code, I can not recommend it for production use; but it's mighty helpful in a lab environment to say the least! You've been warned!
Most of the logic you find here has been discovered and provided by the fine folks listed in the credits section below, I merely touched it up and molded into an utilities library for easy consumption in your own kernel driver project.
Conventions
Custom types are prefixed with an all upper case DOMITO_
and functions are prefixed with a Pascal case Domito
to avoid conflicts with any system-provided names. The word "domito" is latin for "to tame".
Environment
Built for and tested on Windows 10 version 1507 (or newer) x64/ARM64. 32-Bit might work too but who cares about that 😆
Goals
- Stick to C-compatible exports and consumable types only.
- I do not want to force any consumer of the library to drag C++ paradigms into their project. I do expect the user to utilize a modern compiler though, so the library sources themselves may have some 'C++-ish touches' here and there, for my own convenience 😉
- Compatibility with every Windows 10 version.
- APIs not available on older builds will give you a
STATUS_NOT_IMPLEMENTED
instead of hard-linking and therefore making your driver fail to load 🤞
- APIs not available on older builds will give you a
- No conflicts with WDF or DMF
- The consuming driver may (but doesn't have to) utilize Microsoft WDF or DMF in addition without having to fear any incompatibilities 💪
- Reliable SAL annotations.
- I made sure to enrich the majority of the code with correct, tested annotations for Code Analysis to help you spot potential accidental API misuse 😎
How to use
- Add the
include
directory to your project's headers search path. #include <Domito.h>
wherever required.- Link against the resulting
Domito.lib
file for your desired architecture. - Link against the provided
ci.lib
for the Code Integrity convenience functions. - Done!
Sources & 3rd party credits
This library benefits from these awesome projects ❤ (appearance in no special order):
- GetProcAddress implementation - for the Kernel
- Implementation of GetProcAddress and GetModuleHandle for Windows NT3.51/NT4/2000/XP/2003/Vista/7/8 kernel mode, both 32 and 64 bit platforms
- Use ci.dll API for validating Authenticode signature of files
- Helper functions for calculating the authenticode digest for a portable executable file
- Custom memory allocator exposure inspired by SDL