TheCruZ/kdmapper

Features

• Manual Memory Mapping - Provides manual mapping of driver binaries into kernel memory including import and relocation resolution.
• Kernel Driver Mappers - Maps unsigned binaries into kernel memory by leveraging vulnerable signed drivers to bypass signature enforcement.
• BYOVD Exploitation - Leverages vulnerable signed drivers to gain write access to protected kernel memory regions.
• Driver Trace Obfuscation - Implements memory table scrubbing and driver list removal to hide the presence of manually loaded binaries.
• Kernel Offset Resolvers - Identifies correct memory addresses across different operating system builds by parsing debug symbol files.
• Kernel Symbol Resolution - Parses debug symbol files to identify the exact memory addresses of internal kernel functions.
• Unsigned Driver Mapping - Loads unsigned binaries into kernel memory by leveraging a vulnerable signed driver to bypass signature enforcement.
• Unsigned Driver Loading - Loads unsigned drivers into the Windows kernel by bypassing driver signature enforcement via vulnerable signed binaries.
• Stealthy Driver Loaders - Provides a low-level utility for deploying unsigned kernel-mode code while obfuscating the mapping process.
• Non-Paged Memory Orchestration - Manages the allocation and mapping of non-paged kernel memory required to execute unsigned binaries.
• PE Header Parsing - Analyzes Portable Executable structures to determine necessary memory size and entry point locations.

Star history