Unsigned Kernel Mode Driver that does memory modifications
- get process id
- get base address of an image
- change protection of a memory region
- allocate memory region
- free memory
- read/write from address
- read/write from address with offset
- read from memory to buffer
- write to memory from buffer
- simulate mouse events
- simulate keyboard events
- pattern scan
- manual map x64
- sendCursorPos
Compiling unsigned driver with Visual Studio
Install Windows Driver Kit
Create Kernel Mode Drive, Empty (KMDF) project with the following configuration properties:
| General | C/C++ | Linker | Driver Settings | Inf2Cat | Driver Signing |
|---|---|---|---|---|---|
| Configuration Type: Driver | Additional Include Directories: PATH_TO_WINDOW_KITS_FOLDER ex: C:\Program Files %28x86%29\Windows Kits\10\Include\10.0.19041.0\um |
Entry Point: Driver Entry | Target OS Version: Windows 10 or higher | Run Inf2Cat: No | Sign Mode: Off |
| Platform Toolset: WidnowsKernelModeDriver10.0 | Security Check: Disable Security Check | Target Platform: Universal | |||
| Spectre Mitigation: Disabled | Type of driver: KMDF | ||||
| Teat Warnings as Errors: No |
Once you've built the driver, Load .sys file with KDMapper.
To see logs from the driver itself, download DebugView from microsoft.