YoVDO

Reverse Engineering and Bug Hunting on KMDF Drivers

Offered By: 44CON Information Security Conference via YouTube

Tags

44CON Courses Reverse Engineering Courses Malware Analysis Courses Bug Hunting Courses

Course Description

Overview

Explore reverse engineering and bug hunting techniques for Kernel Mode Driver Framework (KMDF) drivers in this 45-minute conference talk from 44CON 2018. Begin with a quick recap of Windows Driver Model (WDM) drivers, their common structures, and entry point identification. Dive into KMDF, examining relevant functions for reverse engineering through case studies. Learn to interact with KMDF device objects using SetupDI API and analyze IO queue dispatch routines. Investigate whether the framework enhances security by examining major vendor implementation problems. Gain practical knowledge to conduct bug hunting sessions on KMDF drivers, covering topics such as driver models, device objects, IRP major function codes, buffer access methods, and IOCTL codes. Discover techniques for finding KMDF drivers and identifying potential security issues like unsanitized data and kernel pointer leakage.

Syllabus

Reverse Engineering & Bug Hunting on KMDF Drivers
Different Driver Models
Driver and Device Objects
Creating the Device
IRP Major Function Codes
Basic WDM Driver
Talking to the Driver
Interrupt Request Packets
Stack Locations
Buffer Access Methods (1/3)
IOCTL Code
KMDF Overview
A basic KMDF driver (3/3)
Using Device Interfaces
KMDF and Buffer Access
Control Device Objects (1/2)
Type of Issues • Unsanitized data
Kernel Pointers Leakage • Synaptics Touchpad Win64 Driver
Finding KMDF drivers
Check your drivers!
Conclusions (2/2)


Taught by

44CON Information Security Conference

Related Courses

Supply Chain Unchained - How To Be A Bad SaaS
44CON Information Security Conference via YouTube
Aviation Security 101
44CON Information Security Conference via YouTube
The Anti-Checklist Manifesto
44CON Information Security Conference via YouTube
Why Are We Still Doing Authentication Wrong?
44CON Information Security Conference via YouTube
What Do Hackers See When They Look at the Clouds
44CON Information Security Conference via YouTube