Reverse Engineering and Bug Hunting on KMDF Drivers
44CON Information Security Conference via YouTube
Overview
Syllabus
Reverse Engineering & Bug Hunting on KMDF Drivers
Different Driver Models
Driver and Device Objects
Creating the Device
IRP Major Function Codes
Basic WDM Driver
Talking to the Driver
Interrupt Request Packets
Stack Locations
Buffer Access Methods (1/3)
IOCTL Code
KMDF Overview
A basic KMDF driver (3/3)
Using Device Interfaces
KMDF and Buffer Access
Control Device Objects (1/2)
Type of Issues • Unsanitized data
Kernel Pointers Leakage • Synaptics Touchpad Win64 Driver
Finding KMDF drivers
Check your drivers!
Conclusions (2/2)
Taught by
44CON Information Security Conference