原始创建者https://github.com/z175
由https://github.com/thecruz更新和改进
MDL分配由https://github.com/tygol编写
由https://github.com/herooyyy/撰写的独立页面分配
从Windows 10 1607到Windows 11 26100.1882测试
更新主要针对Unknowncheats论坛https://www.unknowncheats.me/forum/members/1117395.html
KDMAPPER是一个简单的工具,它可以利用IQVW64E.SYS Intel驱动程序在内存中手动映射未签名的驱动程序
注意:添加定义disable_output以删除所有控制台输出
注意:可以像过去一样推荐像Helloworld示例中的自定义入口点,以减少二进制中的生成代码
Works with /GS- compiled drivers
Hooks NtAddAtom which exists everywhere and is rarely called
Clears MmUnloadedDrivers
Clears PiDDBCacheTable
Clears g_KernelHashBucketList
Clears Wdfilter RuntimeDriverList RuntimeDriverCount and RuntimeDriverArry
Use NtLoadDriver and NtUnloadDriver for less traces
Prevent load if DeviceNal exists (Prevents BSOD)
Header section skipped while copying driver to kernel
Added param --free to automatically unmap the allocated memory
Added param --mdl to map in mdl memory
Added param --indPages to map in allocated independent pages
Added param --PassAllocationPtr to pass allocation ptr as first param
Added the possibility to modify params before call driver entry
Now you can pass directly bytes to mapdriver function
Return from driver entry fastest as you can to prevent unexpected calls or patch guard, don't ever create a infinite while loop in the driver entry, create a thread or any other procedure to keep code running (if you can't close kdmapper you are doing it wrong)
Disable vulnerable driver list if enabled https://support.microsoft.com/en-au/topic/kb5020779-the-vulnerable-driver-blocklist-after-the-october-2022-preview-release-3fcbe13a-6013-4118-b584-fcfbc6a09936
就像提醒一下一样,在驱动程序条目中,驱动程序对象和注册路径是无效的,除非您指定任何内容!这是手动映射驱动程序,而不是正常的加载过程
很多人问我有关加载脆弱驱动程序的错误,这两者都是由Faceit AC引起的
证书已被阻止为弱势攻击,映射器将返回status_image_cert_revoked的状态。 Microsoft的更多信息
如果要禁用您的脆弱驱动程序列表,则必须打开regedit.exe,请转到hkey_local_machine system currentControlset contrantrolset control control ci config config,并设置为“ volvernabledriverblocklistenable”作为dording的dording dorge 0
玩得开心!!
如果有人有兴趣创建拉动请求
自我清洁自我执行?
通用加载错误的消息?
