Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/eclypsium/screwed-drivers

"Screwed Drivers" centralized information source for code references, links, etc.
https://github.com/eclypsium/screwed-drivers

Last synced: about 2 months ago
JSON representation

"Screwed Drivers" centralized information source for code references, links, etc.

Host: GitHub
URL: https://github.com/eclypsium/screwed-drivers
Owner: eclypsium
License: gpl-3.0
Created: 2019-07-25T21:35:11.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2020-03-19T23:34:43.000Z (almost 5 years ago)
Last Synced: 2024-08-04T23:10:56.793Z (5 months ago)
Language: PowerShell
Homepage:
Size: 69.9 MB
Stars: 331
Watchers: 21
Forks: 50
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-security-collection - **57**星

README

ScrewedDrivers
======

### General information
We have created this repository as a centralized source of knowledge which contains a list of drivers determined to be vulnerable as well as example code for how to use this kind of functionality.

***
### DRIVERS.md
This file contains a list of drivers, hashes, and who they are signed by. In some cases, links to advisories and other research we found discussing these drivers will be included as well.

### ADVISORIES.md
Vendor advisories will be published here once they are made public.

# Code samples:
### C#
#### LoadDriverAsService:
This is an example of an application to automate the loading of a driver as a service in Windows, if run as user it will prompt a UAC. We used this to help us load various drivers for experimentation.
#### exampleApplication:
An example of how to use an ASrock driver to read an MSR, including all the relevant imports from Windows.

### Powershell
#### ASRock_readmsr.ps1:
Based on FuzzySec's excellent writeup and example, this code does the same as the C# "exampleApplication", except written in PowerShell.

#### ASRock_readcr.ps1:
Example of reading Control Registers from PowerShell

#### ASRock_writecr.ps1:
Example of writing Control Registers from PowerShell

#### ASRock_kaslr.ps1:
Example of reading LSTAR MSR and CR3 to find Windows kernel syscall entry point and kernel page table base, defeating KASLR

#### ASRock_check_smep.ps1:
Checks if SMEP is enabled on each CPU from PowerShell

#### ASRock_disable_smep.ps1:
Disables SMEP temporarily from PowerShell

#### ASRock_disable_kern_wp.ps1:
Disables CR0 Write Protect bit temporarily from PowerShell

# Detection
## wormhole.py
This is a script written using the angr dynamic analysis framework to detect this kind of vulnerability in drivers.

## x86_spotter.py
This file contains gymrat spotter functions to address limitations in the pyvex framework angr depends on.