# thecruz/kdmapper

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/thecruz-kdmapper).**

2,754 stars · 613 forks · C++ · mit

## Links

- GitHub: https://github.com/TheCruZ/kdmapper
- awesome-repositories: https://awesome-repositories.com/repository/thecruz-kdmapper.md

## Description

kdmapper is a kernel driver mapper and loader designed to deploy unsigned binaries into privileged kernel memory. It functions as a manual mapper that resolves imports and relocations to execute unsigned code in a privileged environment.

The tool bypasses driver signature enforcement by leveraging vulnerable signed drivers to gain write access to protected kernel memory regions. It includes a kernel offset resolver that parses debug symbol files to identify correct memory addresses across different operating system builds.

To maintain stealth, the project implements driver trace obfuscation by scrubbing kernel memory tables and removing entries from system driver lists. It manages the allocation of non-paged kernel memory and parses portable executable structures to determine memory requirements and entry point locations.

## Tags

### Operating Systems & Systems Programming

- [Manual Memory Mapping](https://awesome-repositories.com/f/operating-systems-systems-programming/manual-memory-mapping.md) — Provides manual mapping of driver binaries into kernel memory including import and relocation resolution.
- [Kernel Driver Mappers](https://awesome-repositories.com/f/operating-systems-systems-programming/hardware-interfacing-drivers/hardware-drivers/graphics-drivers/kernel-driver-injection/kernel-driver-mappers.md) — Maps unsigned binaries into kernel memory by leveraging vulnerable signed drivers to bypass signature enforcement.
- [BYOVD Exploitation](https://awesome-repositories.com/f/operating-systems-systems-programming/kernel-core-internals/kernel-development/kernel-driver-implementation/offensive-kernel-drivers/byovd-exploitation.md) — Leverages vulnerable signed drivers to gain write access to protected kernel memory regions.
- [Driver Trace Obfuscation](https://awesome-repositories.com/f/operating-systems-systems-programming/kernel-core-internals/kernel-development/kernel-driver-implementation/offensive-kernel-drivers/driver-trace-obfuscation.md) — Implements memory table scrubbing and driver list removal to hide the presence of manually loaded binaries.
- [Kernel Offset Resolvers](https://awesome-repositories.com/f/operating-systems-systems-programming/kernel-offset-resolvers.md) — Identifies correct memory addresses across different operating system builds by parsing debug symbol files.
- [Kernel Symbol Resolution](https://awesome-repositories.com/f/operating-systems-systems-programming/kernel-symbol-resolution.md) — Parses debug symbol files to identify the exact memory addresses of internal kernel functions.
- [Stealthy Driver Loaders](https://awesome-repositories.com/f/operating-systems-systems-programming/hardware-interfacing-drivers/hardware-drivers/graphics-drivers/kernel-driver-injection/kernel-extension-loaders/stealthy-driver-loaders.md) — Provides a low-level utility for deploying unsigned kernel-mode code while obfuscating the mapping process.
- [Non-Paged Memory Orchestration](https://awesome-repositories.com/f/operating-systems-systems-programming/memory-mapped-i-o/non-paged-memory-orchestration.md) — Manages the allocation and mapping of non-paged kernel memory required to execute unsigned binaries.

### Security & Cryptography

- [Unsigned Driver Mapping](https://awesome-repositories.com/f/security-cryptography/package-signing/signed-driver-loading/unsigned-driver-mapping.md) — Loads unsigned binaries into kernel memory by leveraging a vulnerable signed driver to bypass signature enforcement. ([source](https://github.com/TheCruZ/kdmapper#readme))
- [Unsigned Driver Loading](https://awesome-repositories.com/f/security-cryptography/package-signing/unsigned-driver-loading.md) — Loads unsigned drivers into the Windows kernel by bypassing driver signature enforcement via vulnerable signed binaries.
- [PE Header Parsing](https://awesome-repositories.com/f/security-cryptography/windows-pe-memory-analyzers/pe-header-parsing.md) — Analyzes Portable Executable structures to determine necessary memory size and entry point locations.