Category: Rootkits

All about rootkits!

Rootkits

Windows Drivers

WDK- Windows Driver Kit Windows Driver Kit gives you the tools you need to develop, build, package, deploy, test, and debug drivers. You can run many basic certification tests in the integrated environment. The Windows Driver Kit (WDK) includes templates for several technologies and driver models, including Windows Driver Frameworks (WDF), Universal Serial Bus (USB), …

Rootkits

A Hello World driver for Windows 8.1

Simple Windows 8.1 WDM Hello World driver > Create a Windows 8.1 virtual machine. (I prefer vmware) > Run a command line with administrator permissions inside vm and execute: bcdedit.exe -set loadoptions DISABLE_INTEGRITY_CHECKSbcdedit.exe -set loadoptions DISABLE_INTEGRITY_CHECKS bcdedit.exe -set TESTSIGNING ONbcdedit.exe -set TESTSIGNING ON > Restart vm. > Install Visual Studio 2013 and WDK 8.1 (host …

Kernel, Rootkits

Load – Unload drivers during development

The easiest way to load your driver into the kernel, for testing, during kernel development is by creating a system service to load the driver for you. This method, of course, is not suggested for release due to forensics issues.   Windows API functions used in service installer: > OpenSCManager establishes a connection to the …

Kernel, Rootkits

Bad file name for catalogfile from [Version] section

Inf2Cat, signability test failed. Bad file name for catalogfile from [Version] section in \mydriver.inf The above errors occur while you are trying to build a Windows 7/Windows 8 or Windows 8.1 driver in Visual Studio 2013 with WDK 8 and you haven’t specify any Catalog filename in project’s settings. > Goto project properties page. > …

Debugging, Kernel, Rootkits

Faster Windows Kernel debugging with Virtual Machines

VirtualKD is a tool that improves your kernel debugging performance with VMWare and VirtualBox. It seamlessly integrates with WinDbg and dramatically reduces debugging latency. Compatible with Windows 10 and VirtualBox 5.x. Features Significantly improves kernel debugging performance with VMWare and VirtualBox. Supports Windows XP to Windows 10, 32-bit and 64-bit. Fixes truncated Driver Verifier load …

Kernel, Rootkits

Windows Kernel Debugging

Windows Kernel Debugging using VMware Workstation 12+Windows 7 for the target system and Windows 8.1 for the host machine. > Setup a virtual machine with Windows 7. After Windows installation shut it down. > Enable virtual printers in VMware Workstation. Goto Edit->Preferences->Devices->Enable virtual printers. > Download WDK 10 from here and install it on the …