KernelDriverDemo
No description available
Install / Use
/learn @moukayz/KernelDriverDemoREADME
KernelDriverDemo
This is a demo Windows driver, which used to learn the internals of Windows.
Current demos:
Enumerate:
- Enum APCs : Enum all APCs (kernel and user mode) of the all threads in any given process.
- Enum process/thread/image notify routine callbacks: Enum all callback routines which set by functions like
PsSetCreateProcessNotifyRoutine,PsSetCreateThreadNotifyRoutineandPsSetLoadImageNotifyRoutine. - Enum object callbacks: Enum Process/Thread object callbacks registered by
ObRegisterCallbacks( callbacks are used to monitor handle creatation/duplication ) - Get kernel base: Get image base address of
ntoskrnl.exe
Disable
- Disable notify routine callbacks: Disable all above three callbacks ( callbacks can be removed normally by functions like
PsRemoveCreateThreadNotifyRoutine) - Disable object callbacks: Disable above callbacks ( callbacks can be removed normally by
ObUnregisterCallbacks)
Inject
- Inject dll by APC: Inject the given dll to the given process by user-mode APC.
TODO:
To implement user-mode client to test demo driver ( no need to hardcode test code in driver itself )
ONLY TESTED ON WIN7!!
Related Skills
node-connect
351.2kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
110.6kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
351.2kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
351.2kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
