VoidSec
commented
2 years ago @harelon / @eranzim do you think you could give it a try and try to understand and fix that?
Closed VoidSec closed 2 years ago
VoidSec
commented
2 years ago @harelon / @eranzim do you think you could give it a try and try to understand and fix that?
harelon
commented
2 years ago Working on it
VoidSec
commented
2 years ago @harelon thank you! I've seen your pull request; I'll test it this weekend and merge it consequently :D
VoidSec
commented
2 years ago
In commit https://github.com/VoidSec/DriverBuddyReloaded/commit/43eba17ae4eaa9fca8fbaab42a8e3c273676bdf0 I've finished updating IDA's APIs and fixing breaking code changes.
Unfortunately, despite the script is not breaking anymore, it seems that it still fails this condition at: https://github.com/VoidSec/DriverBuddyReloaded/blob/43eba17ae4eaa9fca8fbaab42a8e3c273676bdf0/DriverBuddyReloaded/wdf.py#L770
for a reason that, at the moment, is unknown. The logic behind https://github.com/VoidSec/DriverBuddyReloaded/blob/main/DriverBuddyReloaded/wdf.py is pretty "hacky" and somewhat "obscure". In addition to that, I'm not sure that the logic detecting the WDF version at https://github.com/VoidSec/DriverBuddyReloaded/blob/43eba17ae4eaa9fca8fbaab42a8e3c273676bdf0/DriverBuddyReloaded/wdf.py#L759 makes complete sense.
We should also update the WDF structures in order to include updated ones and keep them updated as I'm pretty sure the latest WDF version is >= 1.13.