v 1.4.1

Added ASRock APPShop driver as provider 49

README.md

@@ -158,6 +158,7 @@ Note: Provider with Id 0 assumed as default if no -prv command is specified.
 | 46     | Wincor Nixdorf | wnBios64  | WinBios Driver     | 1.2.0 and below              |                      |
 | 47     | EVGA  | EleetX1| EVGA ELEET X1     | 1.0.16.0 and below              |                      |
 | 48     | ASRock         | AxtuDrv  | AsRock Extreme Tuner     | Undefined              |                      |
+| 49     | ASRock         | AppShopDrv103  | ASRock APP Shop    | 1.0.58 and below       |                      |
 
 MSFT blacklist types:
 * Cert - by certificate used to sign the driver which makes it possible to ban huge number of files at one time.
@@ -216,7 +217,7 @@ MSFT blacklist types:
 |46|WINIO||**File(SHA1):** AEC96520E85330594D3165C86CB92EAC34C1E095<br>**Authenticode(SHA1):** A7179D7CF5EE58276C3C42A16195A0B733F31B53<br>**Page(SHA1):** AF7FED1C68BB2D459F7778EC6D20459618CF3D26<br>**Page(SHA256):** 490B1FFC374F9CDEC57BBCE9DAD93251516DE93C7A7F3475D8AC55A6DCBB958E|
 |47|Original||**File(SHA1):** DA66B66DCA5EA8689DB903EC23E98F2C881DE6F8<br>**Authenticode(SHA1):** A8D16FED8999033126D60C656A3BA359DFAA559F<br>**Page(SHA1):** 082FBFF03465F78276D5A2066398A9D3C73DB9AB<br>**Page(SHA256):** F677A9447400EAEE6E12A88F59AAADCF6DDF8F16EC8F7612BF50AB378A9B9012|
 |48|RWEverything||**File(SHA1):** 3F6A997B04D2299BA0E9F505803E8D60D0755F44<br>**Authenticode(SHA1):** E7FAC017B371A43276E03BF5F71D437E8D377930<br>**Page(SHA1):** EE9A5A98C257F2D50030B7F3AB6D7DA805FCC150<br>**Page(SHA256):** D159D969E05C83F27F446BCC5F171A0043CC3DF0B518962CEE7ACBE30BCC02F8|
-
+|49|RWEverything||**File(SHA1):** 6074C2360F5DC74738873A525DFBD67EB6625986<br>**Authenticode(SHA1):** 03C523F31603C460076AD549F985DD9533734E95<br>**Page(SHA1):** 85B6FC43E943C9EB9B3DE1FF82A56870620CC1CF<br>**Page(SHA256):** A3AF7747FAC60B814FA6717B174F1199B9D163081B55AE40CEDD9983B6D033F5|
 
 ###### *At commit time, data maybe inaccurate.
 
@@ -301,4 +302,4 @@ They are used in multiple products from hardware vendors mostly in unmodified st
 
 # Authors
 
-(c) 2020 - 2023 KDU Project
+(c) 2020 - 2024 KDU Project

Source/Hamakaze/KDU.vcxproj.user

@@ -5,7 +5,7 @@
     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <LocalDebuggerCommandArguments>-prv 48 -map c:\install\dummy.sys</LocalDebuggerCommandArguments>
+    <LocalDebuggerCommandArguments>-prv 49 -map c:\install\dummy.sys</LocalDebuggerCommandArguments>
     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
   </PropertyGroup>
 </Project>

Source/Hamakaze/kduplist.h

@@ -6,7 +6,7 @@
 *
 *  VERSION:     1.41
 *
-*  DATE:        16 Dec 2023
+*  DATE:        17 Dec 2023
 *
 *  Providers global list.
 *
@@ -1362,6 +1362,32 @@ static KDU_PROVIDER g_KDUProviders[] =
 
         (provValidatePrerequisites)NULL,
 
+        (provOpenProcess)NULL
+    },
+
+    {
+        NULL,
+
+        (provStartVulnerableDriver)KDUProvStartVulnerableDriver,
+        (provStopVulnerableDriver)KDUProvStopVulnerableDriver,
+
+        (provRegisterDriver)NULL,
+        (provUnregisterDriver)NULL,
+        (provPreOpenDriver)NULL,
+        (provPostOpenDriver)KDUProviderPostOpen,
+        (provMapDriver)KDUMapDriver,
+        (provControlDSE)KDUControlDSE2,
+
+        (provReadKernelVM)NULL,
+        (provWriteKernelVM)NULL,
+
+        (provVirtualToPhysical)NULL,
+        (provQueryPML4)NULL,
+        (provReadPhysicalMemory)AsrReadPhysicalMemory,
+        (provWritePhysicalMemory)AsrWritePhysicalMemory,
+
+        (provValidatePrerequisites)NULL,
+
         (provOpenProcess)NULL
     }
 

Source/Shared/consts.h

@@ -6,7 +6,7 @@
 *
 *  VERSION:     1.41
 *
-*  DATE:        10 Dec 2023
+*  DATE:        11 Dec 2023
 *
 *  Global consts.
 *
@@ -30,7 +30,7 @@
 
 #define IPC_GET_HANDLE          0x1337
 
-#define KDU_SYNC_MUTANT         0x2311
+#define KDU_SYNC_MUTANT         0x2312
 
 #define NT_REG_PREP             L"\\Registry\\Machine"
 #define DRIVER_REGKEY           L"%wS\\System\\CurrentControlSet\\Services\\%wS"
@@ -151,6 +151,7 @@
 #define IDR_WNBIOS64                    148
 #define IDR_EVGA_ELEETX1                149
 #define IDR_ASROCKDRV2                  150
+#define IDR_ASROCKAPPSHOP103            151
 
 //
 // Vulnerable drivers providers id
@@ -204,6 +205,7 @@
 #define KDU_PROVIDER_WINCOR             46
 #define KDU_PROVIDER_EVGA_ELEETX1       47
 #define KDU_PROVIDER_ASROCK2            48
+#define KDU_PROVIDER_ASROCK3            49
 
 #define KDU_PROVIDER_DEFAULT KDU_PROVIDER_INTEL_NAL
 

Source/Tanikaze/Tanikaze.vcxproj

@@ -188,6 +188,7 @@
     <None Include="drv\AMDRyzenMasterDriver.bin" />
     <None Include="drv\amsdk.bin" />
     <None Include="drv\AODDriver215.bin" />
+    <None Include="drv\AppShopDrv103.bin" />
     <None Include="drv\asio2.bin" />
     <None Include="drv\AsIO3.bin" />
     <None Include="drv\AsrDrv106.bin" />

Source/Tanikaze/Tanikaze.vcxproj.filters

@@ -208,6 +208,9 @@
     <None Include="drv\AxtuDrv.bin">
       <Filter>Resource Files</Filter>
     </None>
+    <None Include="drv\AppShopDrv103.bin">
+      <Filter>Resource Files</Filter>
+    </None>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="main.cpp">

Source/Tanikaze/data/KMUSIG.bin

@@ -1,2 +1,2 @@
-���7��D&,��z��,]�qq�>Vf[��&S�>��o��ְ��kFzQ���y,�-ҷ}e�I8��q^g�0��^���r*�(��a�7p}�?�4FjB\0K$1g^퉄���b���V`ʹ��%뇱�7�*��֯>��wi
�
+���7��j��z��,]�qq�>Vf[��&S�>��o��ְ��kFzQ���y,�-ҷ}e�I8��q^g�0��^���r*�(��a�7p}�?�4FjB\0K$1g^퉄���b���V`ʹ��%뇱�7�*��֯>��wi
�
 mV?�SH��/�0�8��H�]��

Source/Tanikaze/resource.h

@@ -50,6 +50,7 @@
 #define IDR_WNBIOS64                    148
 #define IDR_EVGA_ELEETX1                149
 #define IDR_ASROCKDRV2                  150
+#define IDR_ASROCKAPPSHOP103            151
 #define IDR_DATA_DBUTILCAT              1000
 #define IDR_DATA_DBUTILINF              1001
 #define IDR_DATA_KMUEXE                 1002
@@ -62,7 +63,7 @@
 // 
 #ifdef APSTUDIO_INVOKED
 #ifndef APSTUDIO_READONLY_SYMBOLS
-#define _APS_NEXT_RESOURCE_VALUE        151
+#define _APS_NEXT_RESOURCE_VALUE        152
 #define _APS_NEXT_COMMAND_VALUE         40001
 #define _APS_NEXT_CONTROL_VALUE         1007
 #define _APS_NEXT_SYMED_VALUE           101

Source/Tanikaze/resource.rc

@@ -160,6 +160,8 @@ IDR_EVGA_ELEETX1        RCDATA                  "drv\\eleetx1.bin"
 
 IDR_ASROCKDRV2          RCDATA                  "drv\\AxtuDrv.bin"
 
+IDR_ASROCKAPPSHOP103    RCDATA                  "drv\\AppShopDrv103.bin"
+
 
 /////////////////////////////////////////////////////////////////////////////
 //

Source/Tanikaze/tanikaze.h

@@ -6,7 +6,7 @@
 *
 *  VERSION:     1.19
 *
-*  DATE:        09 Dec 2023
+*  DATE:        10 Dec 2023
 *
 *  Tanikaze helper dll (part of KDU project).
 *
@@ -758,6 +758,21 @@ KDU_DB_ENTRY gProvEntry[] = {
         (LPWSTR)L"AxtuDrv",
         (LPWSTR)L"AxtuDrv",
         (LPWSTR)L"ASROCK Incorporation"
+     },
+
+     {
+        KDU_MIN_NTBUILDNUMBER,
+        KDU_MAX_NTBUILDNUMBER,
+        IDR_ASROCKAPPSHOP103,
+        KDU_PROVIDER_ASROCK3,
+        KDU_VICTIM_DEFAULT,
+        SourceBaseRWEverything,
+        KDUPROV_FLAGS_PHYSICAL_BRUTE_FORCE,
+        KDUPROV_SC_ALL_DEFAULT,
+        (LPWSTR)L"AppShopDrv103 Driver",
+        (LPWSTR)L"AppShopDrv103",
+        (LPWSTR)L"AppShopDrv103",
+        (LPWSTR)L"ASROCK Incorporation"
      }
 
 };