原始創建者https://github.com/z175
由https://github.com/thecruz更新和改進
MDL分配由https://github.com/tygol編寫
由https://github.com/herooyyy/撰寫的獨立頁面分配
從Windows 10 1607到Windows 11 26100.1882測試
更新主要針對Unknowncheats論壇https://www.unknowncheats.me/forum/members/1117395.html
KDMAPPER是一個簡單的工具,它可以利用IQVW64E.SYS Intel驅動程序在內存中手動映射未簽名的驅動程序
注意:添加定義disable_output以刪除所有控制台輸出
注意:可以像過去一樣推薦像Helloworld示例中的自定義入口點,以減少二進制中的生成代碼
Works with /GS- compiled drivers
Hooks NtAddAtom which exists everywhere and is rarely called
Clears MmUnloadedDrivers
Clears PiDDBCacheTable
Clears g_KernelHashBucketList
Clears Wdfilter RuntimeDriverList RuntimeDriverCount and RuntimeDriverArry
Use NtLoadDriver and NtUnloadDriver for less traces
Prevent load if DeviceNal exists (Prevents BSOD)
Header section skipped while copying driver to kernel
Added param --free to automatically unmap the allocated memory
Added param --mdl to map in mdl memory
Added param --indPages to map in allocated independent pages
Added param --PassAllocationPtr to pass allocation ptr as first param
Added the possibility to modify params before call driver entry
Now you can pass directly bytes to mapdriver function
Return from driver entry fastest as you can to prevent unexpected calls or patch guard, don't ever create a infinite while loop in the driver entry, create a thread or any other procedure to keep code running (if you can't close kdmapper you are doing it wrong)
Disable vulnerable driver list if enabled https://support.microsoft.com/en-au/topic/kb5020779-the-vulnerable-driver-blocklist-after-the-october-2022-preview-release-3fcbe13a-6013-4118-b584-fcfbc6a09936
就像提醒一下一樣,在驅動程序條目中,驅動程序對象和註冊路徑是無效的,除非您指定任何內容!這是手動映射驅動程序,而不是正常的加載過程
很多人問我有關加載脆弱驅動程序的錯誤,這兩者都是由Faceit AC引起的
證書已被阻止為弱勢攻擊,映射器將返回status_image_cert_revoked的狀態。 Microsoft的更多信息
如果要禁用您的脆弱驅動程序列表,則必須打開regedit.exe,請轉到hkey_local_machine system currentControlset contrantrolset control control ci config config,並設置為“ volvernabledriverblocklistenable”作為dording的dording dorge 0
玩得開心!!
如果有人有興趣創建拉動請求
自我清潔自我執行?
通用加載錯誤的消息?
