|
||
---|---|---|
include | ||
lib | ||
src | ||
.editorconfig | ||
.gitignore | ||
Domito.sln | ||
Domito.sln.DotSettings | ||
LICENSE | ||
README.md |
Domito
Windows kernel driver utilities library.
Work in progress, use with care 🔥
About
Static library containing some unconventional and undocumented kernel space goodies for the adventurous kernel hacker 🙂 Although I aim for stable code, I can not recommend it for production use; but it's mighty helpful in a lab environment to say the least!
Most of the logic you find here has been discovered and provided by the fine folks listed in the credits section below, I merely touched it up and molded into an utilities library for easy consumption in your own kernel driver project.
Conventions
Custom types are prefixed with an all upper case DOMITO_
and functions are prefixed with a Pascal case Domito
to avoid conflicts with any system-provided names. The word "domito" is latin for "to tame".
Environment
Built for and tested on Windows 10 version 1507 x64/ARM64. 32-Bit might work too but who cares about that 😆
Goals
- Stick to C-compatible exports and consumable types only.
- I do not want to force any consumer of the library to drag C++ paradigms into their project. I do expect the user to utilize a modern compiler though, so the library sources themselves may have some 'C++-ish touches' here and there, for convenience 😉
- Compatibility with every Windows 10 version.
- APIs not available on older builds will give you a
STATUS_NOT_IMPLEMENTED
instead of hard-linking and therefore making your driver fail to load 🤞
- APIs not available on older builds will give you a
How to use
- Add the
include
directory to your project's headers search path. #include <Domito.h>
wherever required.- Link against the resulting
Domito.lib
file for your desired architecture. - Link against the provided
ci.lib
for the Code Integrity convenience functions. - Done!
Sources & 3rd party credits
This library benefits from these awesome projects ❤ (appearance in no special order):
- GetProcAddress implementation - for the Kernel
- Implementation of GetProcAddress and GetModuleHandle for Windows NT3.51/NT4/2000/XP/2003/Vista/7/8 kernel mode, both 32 and 64 bit platforms
- Use ci.dll API for validating Authenticode signature of files
- Helper functions for calculating the authenticode digest for a portable executable file
- Custom memory allocator exposure inspired by SDL