Skip to content

mrexodia/driver_unpacking

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

driver_unpacking

Ghetto user mode emulation of Windows kernel drivers. See the Kernel driver unpacking blog post for a practical application.

Usage

You can use MakeUsermode to convert the driver to a user-mode program, it will then import the fake ntoskrnl.exe which acts as an emulator. It is meant as a way to conduct simple research and only a few APIs are implemented. A more comprehensive tool is speakeasy, but this allows you to debug drivers in x64dbg.

Related utility: SysShellHandler.