How to unload driver - Githubissues

eddeeh / kdmapper

driver manual mapper (outdated/for educational purposes)

MIT License

92 stars 36 forks source link

How to unload driver #3

Open Grazyyt opened 4 years ago

Grazyyt commented 4 years ago

how do I unload the driver ?

ghost commented 4 years ago

cringe alert, zero the driver and change the return address on the stack to go back to usermode.

this can be done by calculating the stack size and "deallocating" an entire stack frame so to speak. Keep in mind this only zeros the driver, doesn't "free the driver". need a 2 hop rop for that.

stinker.

BerkanYildiz commented 4 years ago

ExFreePool ftw

ghost commented 4 years ago

yep. but if you can zero the memory first and then rop back to ExFreePool(WtihTag).

BigCatGit commented 1 year ago

BSOD appears after setting DriverUnload Router