Home

Awesome

Driver DLL Injector

Driver DLL Injector Description

Driver DLL Injector is a powerful tool that allows users to load drivers of their choice using their preferred mapper. By leveraging the capabilities of an unsigned driver loader, such as KDmapper, this injector was built and tested on Windows 10 2004 x64 processes

Driver Portion:

The driver hooks a patch guard safe function known as xKdEnumerateDebuggingDevices for communication with our usermode process. This method is highly detected on popular anti-cheats, so we go a step further and trap a usermode thread in kernel to communicate restoring the original functions address therefore bypassing function integrity checks.

The driver does the following for hiding traces left behind:

Usermode Portion:

The usermode process utilizes Discord's overlay to call our DLL main's function.

The usermode process does the following:

To use the Driver DLL Injector, follow these steps:

1. Choose and install a compatible mapper, such as KDmapper.
2. Compile or build the Driver DLL Injector project.
3. Load the driver using the selected mapper
4. Launch test application (with discord overlay enabled)
5. Launch usermode application and wait for Hello World message box.

Detection Vectors

Issues Encountered

When making this project, there were several blocks along the way. Some of the following were:

Credits

ModMap - for showing VAD manipulation

SkCrypt - for the encrpytion

Stealthy Kernel Mode Injector - for the driver base

Poseidon - for trapping um thread in kernel land

FACE INJECTOR - for the shellcode