Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mrexodia/driver_unpacking

Ghetto user mode emulation of Windows kernel drivers.
https://github.com/mrexodia/driver_unpacking

emulation kernel-drivers user-mode windows

Last synced: about 2 hours ago
JSON representation

Ghetto user mode emulation of Windows kernel drivers.

Host: GitHub
URL: https://github.com/mrexodia/driver_unpacking
Owner: mrexodia
Created: 2017-06-04T02:42:30.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2024-10-20T00:33:31.000Z (2 months ago)
Last Synced: 2024-12-15T15:14:16.462Z (7 days ago)
Topics: emulation, kernel-drivers, user-mode, windows
Language: C
Homepage:
Size: 465 KB
Stars: 126
Watchers: 10
Forks: 21
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # driver_unpacking

Ghetto user mode emulation of Windows kernel drivers. See the [Kernel driver unpacking](https://x64dbg.com/blog/2017/06/08/kernel-driver-unpacking.html) blog post for a practical application.

## Usage

You can use `MakeUsermode` to convert the driver to a user-mode program, it will then import the fake `ntoskrnl.exe` which acts as an emulator. It is meant as a way to conduct simple research and only a few APIs are implemented. A more comprehensive tool is [speakeasy](https://github.com/mandiant/speakeasy), but this allows you to debug drivers in [x64dbg](https://x64dbg.com).

Related utility: [SysShellHandler](https://github.com/mrexodia/FunUtils/blob/master/README.md#sysshellhandler).