- Статус
- Оффлайн
- Регистрация
- 22 Сен 2020
- Сообщения
- 471
- Реакции
- 219
Today im sharing with you my KM driver which you can use to replace UM calls to read memory with KM via IOTCL, I'll leave the UM implementation to you since it shouldn't be that hard with the examples included in the README of the repository
Repository Link:
Features
- Process attachment with PID validation
- Memory reading with bounds checking and SEH protection
- Module base address resolution
- Process ID lookup by name
- Batch memory operations for performance
- Proper address validation (user space only, overflow protection)
- Clean IOCTL interface with buffered I/O
Technical Details
- Device: \Device\laithdriver / \DosDevices\laithdriver
- 5 IOCTL operations (attach, read, get_module, get_pid, batch_read)
- Uses MmCopyVirtualMemory for safe memory copying
- Includes usermode wrapper class for easy integration
- MIT licensed
Safety Features
- Address range validation (0x10000 - 0x7FFFFFFFFFFFF)
- Size limits (4KB single, 8KB batch per request)
- Integer overflow detection
- Exception handling with __try/__except
- Proper process reference management
Repository Link:
Пожалуйста, авторизуйтесь для просмотра ссылки.
Последнее редактирование: