search

hfiref0x / KDU

Kernel Driver Utility
MIT License
1.95k stars 421 forks source link

Unable to unload vulnerable driver, NTSTATUS (0xC0000010) #49

Closed hern0s-dev closed 1 year ago

hern0s-dev commented 1 year ago

I get this error when I try kdu.exe -dse 6

[#] Kernel Driver Utility v1.2.8 (build 2212) started, (c)2020 - 2022 KDU Project
[#] Build at Fri Dec  9 07:44:47 2022, header checksum 0x4FDEE
[#] Supported x64 OS : Windows 7 and above
[*] CPU vendor string: AuthenticAMD
[*] Windows version: 10.0 build 22621
[*] SecureBoot is disabled on this machine
[+] MSFT Driver block list is disabled
[+] Drivers database "drv64.dll" loaded at 0x00007FF8A1280000
[+] Firmware type (FirmwareTypeUefi)
[+] Provider: "CVE-2015-2291", Name "NalDrv"
[!] Vulnerable driver is already loaded
[+] Driver device "NalDrv" has successfully opened
[+] Executing post-open callback for given provider
[+] Driver device security descriptor set successfully
[+] Module "CI.dll" loaded for pattern search
[!] Could not query DSE state, GetLastError 5
[!] Unable to unload vulnerable driver, NTSTATUS (0xC0000010)
[+] Return value: 0. Bye-bye!

I already tried kdu.exe -prv 0 1 2 3 and others I changed provider but still same. Here is -diag result


> [#] Kernel Driver Utility v1.2.8 (build 2212) started, (c)2020 - 2022 KDU Project
> [#] Build at Fri Dec  9 07:44:47 2022, header checksum 0x4FDEE
> [#] Supported x64 OS : Windows 7 and above
> [*] CPU vendor string: AuthenticAMD
> [*] Windows version: 10.0 build 22621
> [*] SecureBoot is disabled on this machine
> [+] MSFT Driver block list is disabled
> [+] Running system diagnostics
> > System range start FFFF800000000000
> > Speculation mitigation state flags
>         >> SystemKernelVaShadowInformation
>                 KvaShadowEnabled ←[37mFALSE
> ←[37m           KvaShadowUserGlobal ←[37mFALSE
> ←[37m           KvaShadowPcid ←[37mFALSE
> ←[37m           KvaShadowInvpcid ←[37mFALSE
> ←[37m           KvaShadowRequired ←[37mFALSE
> ←[37m           KvaShadowRequiredAvailable ←[32mTRUE
> ←[37m   InvalidPteBit 0
>                 L1DataCacheFlushSupported ←[37mFALSE
> ←[37m           L1TerminalFaultMitigationPresent ←[32mTRUE
> ←[37m   >> SystemSpeculationControlInformation
>                 BpbEnabled ←[32mTRUE
> ←[37m           BpbDisabledSystemPolicy ←[37mFALSE
> ←[37m           BpbDisabledNoHardwareSupport ←[37mFALSE
> ←[37m           SpecCtrlEnumerated ←[32mTRUE
> ←[37m           SpecCmdEnumerated ←[32mTRUE
> ←[37m           IbrsPresent ←[32mTRUE
> ←[37m           StibpPresent ←[32mTRUE
> ←[37m           SmepPresent ←[32mTRUE
> ←[37m           SpeculativeStoreBypassDisableAvailable ←[32mTRUE
> ←[37m           SpeculativeStoreBypassDisableSupported ←[32mTRUE
> ←[37m           SpeculativeStoreBypassDisabledSystemWide ←[37mFALSE
> ←[37m           SpeculativeStoreBypassDisabledKernel ←[37mFALSE
> ←[37m           SpeculativeStoreBypassDisableRequired ←[32mTRUE
> ←[37m           BpbDisabledKernelToUser ←[37mFALSE
> ←[37m           SpecCtrlRetpolineEnabled ←[32mTRUE
> ←[37m           SpecCtrlImportOptimizationEnabled ←[32mTRUE
> ←[37m           EnhancedIbrs ←[37mFALSE
> ←[37m           HvL1tfStatusAvailable ←[37mFALSE
> ←[37m           HvL1tfProcessorNotAffected ←[37mFALSE
> ←[37m           HvL1tfMigitationEnabled ←[37mFALSE
> ←[37m           HvL1tfMigitationNotEnabled_Hardware ←[37mFALSE
> ←[37m           HvL1tfMigitationNotEnabled_LoadOption ←[37mFALSE
> ←[37m           HvL1tfMigitationNotEnabled_CoreScheduler ←[37mFALSE
> ←[37m           EnhancedIbrsReported ←[32mTRUE
> ←[37m           MdsHardwareProtected ←[37mFALSE
> ←[37m           MbClearEnabled ←[37mFALSE
> ←[37m           MbClearReported ←[32mTRUE
> ←[37m           TsxCtrlStatus 3
>                 TsxCtrlReported ←[32mTRUE
> ←[37m           TaaHardwareImmune ←[32mTRUE
> ←[37m   >> SystemSpeculationControlInformation v2
>                 SbdrSsdpHardwareProtected ←[37mFALSE
> ←[37m           FbsdpHardwareProtected ←[37mFALSE
> ←[37m           PsdpHardwareProtected ←[37mFALSE
> ←[37m           FbClearEnabled ←[37mFALSE
> ←[37m           FbClearReported ←[32mTRUE
> ←[37m> List of loaded drivers
>         [#] [ImageBase] [ImageSize] [FileName]
>         0 FFFFF80114400000 17068032 \SystemRoot\system32\ntoskrnl.exe
>         1 FFFFF801115C0000 24576 \SystemRoot\system32\hal.dll
>         2 FFFFF801115D0000 45056 \SystemRoot\system32\kd.dll
>         3 FFFFF80111580000 217088 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
>         4 FFFFF80116A30000 450560 \SystemRoot\System32\drivers\CLFS.SYS
>         5 FFFFF80116A00000 167936 \SystemRoot\System32\drivers\tm.sys
>         6 FFFFF801115E0000 110592 \SystemRoot\system32\PSHED.dll
>         7 FFFFF80116AA0000 53248 \SystemRoot\system32\BOOTVID.dll
>         8 FFFFF80116BD0000 483328 \SystemRoot\System32\drivers\FLTMGR.SYS
>         9 FFFFF80116C80000 397312 \SystemRoot\System32\drivers\msrpc.sys
>         10 FFFFF80116C50000 180224 \SystemRoot\System32\drivers\ksecdd.sys
>         11 FFFFF80116AB0000 1130496 \SystemRoot\System32\drivers\clipsp.sys
>         12 FFFFF80116CF0000 61440 \SystemRoot\System32\drivers\cmimcext.sys
>         13 FFFFF80116D00000 90112 \SystemRoot\System32\drivers\werkernel.sys
>         14 FFFFF80116D20000 49152 \SystemRoot\System32\drivers\ntosext.sys
>         15 FFFFF80116D30000 991232 \SystemRoot\system32\CI.dll
>         16 FFFFF80116E30000 774144 \SystemRoot\System32\drivers\cng.sys
>         17 FFFFF80116EF0000 815104 \SystemRoot\system32\drivers\Wdf01000.sys
>         18 FFFFF80116FE0000 77824 \SystemRoot\system32\drivers\WppRecorder.sys
>         19 FFFFF80116FC0000 94208 \SystemRoot\system32\drivers\WDFLDR.SYS
>         20 FFFFF80117000000 57344 \SystemRoot\System32\DriverStore\FileRepository\prm.inf_amd64_de435dc5c75d64a5\PRM.sys
>         21 FFFFF80117010000 159744 \SystemRoot\System32\Drivers\acpiex.sys
>         22 FFFFF80117040000 114688 \SystemRoot\system32\drivers\SgrmAgent.sys
>         23 FFFFF80117060000 753664 \SystemRoot\System32\drivers\ACPI.sys
>         24 FFFFF80117120000 49152 \SystemRoot\System32\drivers\WMILIB.SYS
>         25 FFFFF80117130000 45056 \SystemRoot\System32\drivers\msisadrv.sys
>         26 FFFFF80117140000 565248 \SystemRoot\System32\drivers\pci.sys
>         27 FFFFF801171D0000 356352 \SystemRoot\System32\drivers\tpm.sys
>         28 FFFFF80117260000 483328 \SystemRoot\System32\drivers\intelpep.sys
>         29 FFFFF801172E0000 98304 \SystemRoot\system32\drivers\WindowsTrustedRT.sys
>         30 FFFFF80117300000 77824 \SystemRoot\System32\drivers\IntelPMT.sys
>         31 FFFFF80117320000 45056 \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
>         32 FFFFF80117330000 90112 \SystemRoot\System32\drivers\pcw.sys
>         33 FFFFF80117350000 372736 \SystemRoot\System32\Drivers\klupd_klif_arkmon.sys
>         34 FFFFF801173B0000 114688 \SystemRoot\System32\drivers\vdrvroot.sys
>         35 FFFFF801173D0000 245760 \SystemRoot\system32\DRIVERS\cm_km.sys
>         36 FFFFF80117410000 200704 \SystemRoot\system32\drivers\pdc.sys
>         37 FFFFF80117450000 98304 \SystemRoot\system32\drivers\CEA.sys
>         38 FFFFF80117470000 208896 \SystemRoot\System32\drivers\partmgr.sys
>         39 FFFFF801174B0000 921600 \SystemRoot\System32\drivers\spaceport.sys
>         40 FFFFF801175A0000 114688 \SystemRoot\System32\drivers\volmgr.sys
>         41 FFFFF801175C0000 409600 \SystemRoot\System32\drivers\volmgrx.sys
>         42 FFFFF80117630000 126976 \SystemRoot\System32\drivers\mountmgr.sys
>         43 FFFFF80117650000 204800 \SystemRoot\System32\drivers\storahci.sys
>         44 FFFFF80117690000 1159168 \SystemRoot\System32\drivers\storport.sys
>         45 FFFFF801177B0000 241664 \SystemRoot\System32\drivers\stornvme.sys
>         46 FFFFF801177F0000 147456 \SystemRoot\System32\drivers\EhStorClass.sys
>         47 FFFFF80117820000 114688 \SystemRoot\System32\drivers\fileinfo.sys
>         48 FFFFF80117840000 290816 \SystemRoot\System32\Drivers\Wof.sys
>         49 FFFFF80117890000 487424 \SystemRoot\system32\drivers\wd\WdFilter.sys
>         50 FFFFF80117910000 3366912 \SystemRoot\System32\Drivers\Ntfs.sys
>         51 FFFFF80117C50000 61440 \SystemRoot\System32\Drivers\Fs_Rec.sys
>         52 FFFFF80117C60000 1630208 \SystemRoot\system32\drivers\ndis.sys
>         53 FFFFF80117DF0000 647168 \SystemRoot\system32\drivers\NETIO.SYS
>         54 FFFFF80117E90000 217088 \SystemRoot\System32\Drivers\ksecpkg.sys
>         55 FFFFF80117ED0000 53248 \SystemRoot\System32\drivers\amdpsp.sys
>         56 FFFFF80117EE0000 3338240 \SystemRoot\System32\drivers\tcpip.sys
>         57 FFFFF80118210000 536576 \SystemRoot\System32\drivers\fwpkclnt.sys
>         58 FFFFF801182A0000 200704 \SystemRoot\System32\drivers\wfplwfs.sys
>         59 FFFFF801182E0000 868352 \SystemRoot\System32\DRIVERS\fvevol.sys
>         60 FFFFF801183C0000 45056 \SystemRoot\System32\drivers\volume.sys
>         61 FFFFF801183D0000 458752 \SystemRoot\System32\drivers\volsnap.sys
>         62 FFFFF80118450000 331776 \SystemRoot\System32\drivers\rdyboost.sys
>         63 FFFFF801184B0000 159744 \SystemRoot\System32\Drivers\mup.sys
>         64 FFFFF801184E0000 172032 \SystemRoot\System32\Drivers\klupd_klif_klbg.sys
>         65 FFFFF80118510000 77824 \SystemRoot\system32\drivers\iorate.sys
>         66 FFFFF80118550000 131072 \SystemRoot\System32\drivers\disk.sys
>         67 FFFFF80118580000 479232 \SystemRoot\System32\drivers\CLASSPNP.SYS
>         68 FFFFF801232D0000 163840 \SystemRoot\System32\Drivers\crashdmp.sys
>         69 FFFFF80123000000 102400 \SystemRoot\system32\DRIVERS\klbackupdisk.sys
>         70 FFFFF80123020000 204800 \SystemRoot\System32\drivers\cdrom.sys
>         71 FFFFF80123060000 581632 \SystemRoot\system32\DRIVERS\klflt.sys
>         72 FFFFF801230F0000 204800 \SystemRoot\system32\DRIVERS\klbackupflt.sys
>         73 FFFFF80123130000 90112 \SystemRoot\system32\drivers\filecrypt.sys
>         74 FFFFF80123150000 65536 \SystemRoot\system32\drivers\tbs.sys
>         75 FFFFF80123170000 1064960 \SystemRoot\system32\DRIVERS\klif.sys
>         76 FFFFF80124BE0000 544768 \SystemRoot\system32\DRIVERS\ks.sys
>         77 FFFFF80124200000 1871872 \SystemRoot\system32\DRIVERS\klhk.sys
>         78 FFFFF801243D0000 720896 \SystemRoot\system32\DRIVERS\klgse.sys
>         79 FFFFF80124490000 77824 \SystemRoot\system32\DRIVERS\klpd.sys
>         80 FFFFF801244B0000 118784 \SystemRoot\system32\DRIVERS\kldisk.sys
>         81 FFFFF801244D0000 45056 \SystemRoot\System32\Drivers\Null.SYS
>         82 FFFFF801244E0000 40960 \SystemRoot\System32\Drivers\Beep.SYS
>         83 FFFFF801244F0000 4689920 \SystemRoot\System32\drivers\dxgkrnl.sys
>         84 FFFFF80124970000 139264 \SystemRoot\System32\drivers\watchdog.sys
>         85 FFFFF801249A0000 94208 \SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_02da009b3d736cc1\BasicDisplay.sys
>         86 FFFFF801249C0000 73728 \SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_amd64_f7df692e0f5ee07f\BasicRender.sys
>         87 FFFFF801249E0000 114688 \SystemRoot\System32\Drivers\Npfs.SYS
>         88 FFFFF80124A00000 73728 \SystemRoot\System32\Drivers\Msfs.SYS
>         89 FFFFF80124A20000 163840 \SystemRoot\System32\Drivers\CimFS.SYS
>         90 FFFFF80124A50000 147456 \SystemRoot\system32\DRIVERS\klwfp.sys
>         91 FFFFF80124A80000 147456 \SystemRoot\system32\DRIVERS\tdx.sys
>         92 FFFFF80124AB0000 69632 \SystemRoot\system32\DRIVERS\TDI.SYS
>         93 FFFFF80124AD0000 331776 \SystemRoot\System32\DRIVERS\netbt.sys
>         94 FFFFF80124B30000 81920 \SystemRoot\system32\drivers\afunix.sys
>         95 FFFFF80124C70000 688128 \SystemRoot\system32\drivers\afd.sys
>         96 FFFFF80124D20000 315392 \SystemRoot\system32\DRIVERS\klwtp.sys
>         97 FFFFF80124D70000 90112 \SystemRoot\system32\DRIVERS\klim6.sys
>         98 FFFFF80124D90000 110592 \SystemRoot\System32\drivers\vwififlt.sys
>         99 FFFFF80124DB0000 176128 \SystemRoot\System32\drivers\pacer.sys
>         100 FFFFF80124DE0000 86016 \SystemRoot\System32\drivers\ndiscap.sys
>         101 FFFFF80124B50000 86016 \SystemRoot\system32\drivers\netbios.sys
>         102 FFFFF80126480000 819200 \SystemRoot\System32\drivers\Vid.sys
>         103 FFFFF80126550000 163840 \SystemRoot\System32\drivers\winhvr.sys
>         104 FFFFF80126580000 86016 \SystemRoot\system32\DRIVERS\klpnpflt.sys
>         105 FFFFF80126000000 512000 \SystemRoot\system32\DRIVERS\rdbss.sys
>         106 FFFFF80126080000 262144 \SystemRoot\System32\drivers\ViGEmBus.sys
>         107 FFFFF801260D0000 77824 \SystemRoot\system32\drivers\nsiproxy.sys
>         108 FFFFF801260F0000 65536 \SystemRoot\System32\drivers\npsvctrig.sys
>         109 FFFFF80126110000 69632 \SystemRoot\System32\drivers\mssmbios.sys
>         110 FFFFF80126130000 299008 \SystemRoot\system32\DRIVERS\kneps.sys
>         111 FFFFF80126180000 229376 \??\C:\ProgramData\Kaspersky Lab\AVP21.3\Bases\klids.sys
>         112 FFFFF801261C0000 184320 \SystemRoot\System32\Drivers\dfsc.sys
>         113 FFFFF80126230000 450560 \SystemRoot\System32\Drivers\fastfat.SYS
>         114 FFFFF801262A0000 106496 \SystemRoot\system32\drivers\bam.sys
>         115 FFFFF801262C0000 376832 \SystemRoot\system32\DRIVERS\ahcache.sys
>         116 FFFFF80126320000 61440 \SystemRoot\System32\drivers\amdxe.sys
>         117 FFFFF80126330000 176128 \SystemRoot\System32\drivers\amdfendr.sys
>         118 FFFFF80126360000 81920 \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_2e50c98177d80a40\CompositeBus.sys
>         119 FFFFF80126380000 61440 \SystemRoot\System32\drivers\kdnic.sys
>         120 FFFFF80126390000 114688 \SystemRoot\System32\DriverStore\FileRepository\amdsafd.inf_amd64_1a1a381a2c0e293c\amdsafd.sys
>         121 FFFFF801263B0000 471040 \SystemRoot\System32\drivers\portcls.sys
>         122 FFFFF80126430000 143360 \SystemRoot\System32\drivers\drmk.sys
>         123 FFFFF80126460000 65536 \SystemRoot\system32\drivers\ksthunk.sys
>         124 FFFFF801265A0000 94208 \SystemRoot\System32\DriverStore\FileRepository\umbus.inf_amd64_8ee833e5ca48d1de\umbus.sys
>         125 FFFFF801270D0000 667648 \SystemRoot\System32\drivers\USBXHCI.SYS
>         126 FFFFF80127180000 286720 \SystemRoot\system32\drivers\ucx01000.sys
>         127 FFFFF80126600000 712704 \SystemRoot\System32\DriverStore\FileRepository\rt25cx21x64.inf_amd64_affac63db0770a78\rt25cx21x64.sys
>         128 FFFFF801266B0000 389120 \SystemRoot\system32\drivers\NetAdapterCx.sys
>         129 FFFFF801388D0000 94785536 \SystemRoot\System32\DriverStore\FileRepository\u0386458.inf_amd64_e0283e9e7966f704\B386218\amdkmdag.sys
>         130 FFFFF8013E340000 192512 \SystemRoot\System32\drivers\HDAudBus.sys
>         131 FFFFF8013E370000 45056 \SystemRoot\System32\drivers\AMDPCIDev.sys
>         132 FFFFF8013E380000 53248 \SystemRoot\System32\drivers\amdgpio2.sys
>         133 FFFFF8013E390000 208896 \SystemRoot\System32\Drivers\msgpioclx.sys
>         134 FFFFF8013E3D0000 53248 \SystemRoot\System32\drivers\wmiacpi.sys
>         135 FFFFF80138600000 282624 \SystemRoot\System32\drivers\amdppm.sys
>         136 FFFFF80138650000 45056 \SystemRoot\System32\drivers\amdgpio3.sys
>         137 FFFFF80138660000 69632 \SystemRoot\System32\DriverStore\FileRepository\uefi.inf_amd64_3abb917fc03c6fa8\UEFI.sys
>         138 FFFFF801386E0000 40960 \SystemRoot\System32\drivers\amdfendrmgr.sys
>         139 FFFFF801386F0000 61440 \SystemRoot\System32\drivers\dtliteusbbus.sys
>         140 FFFFF80138700000 57344 \SystemRoot\System32\drivers\NdisVirtualBus.sys
>         141 FFFFF80138710000 49152 \SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_d84a235075a8ff73\swenum.sys
>         142 FFFFF80138720000 45056 \SystemRoot\System32\drivers\AWCCDriver.sys
>         143 FFFFF80138730000 69632 \SystemRoot\System32\drivers\HidHide.sys
>         144 FFFFF80138750000 45056 \SystemRoot\System32\drivers\dtlitescsibus.sys
>         145 FFFFF80138760000 65536 \SystemRoot\System32\drivers\rdpbus.sys
>         146 FFFFF80138780000 712704 \SystemRoot\System32\drivers\UsbHub3.sys
>         147 FFFFF80138830000 61440 \SystemRoot\System32\drivers\USBD.SYS
>         148 FFFFF80138840000 253952 \SystemRoot\system32\drivers\AtihdWT6.sys
>         149 FFFFF80126710000 528384 \SystemRoot\System32\drivers\HdAudio.sys
>         150 FFFFF80138880000 77824 \SystemRoot\System32\drivers\hidusb.sys
>         151 FFFFF80138680000 278528 \SystemRoot\System32\drivers\HIDCLASS.SYS
>         152 FFFFF801388A0000 90112 \SystemRoot\System32\drivers\HIDPARSE.SYS
>         153 FFFFF8013E3E0000 69632 \SystemRoot\System32\drivers\mouhid.sys
>         154 FFFFF801267A0000 106496 \SystemRoot\system32\DRIVERS\klmouflt.sys
>         155 FFFFF801267C0000 86016 \SystemRoot\System32\drivers\mouclass.sys
>         156 FFFFF801267E0000 73728 \SystemRoot\System32\drivers\kbdhid.sys
>         157 FFFFF80126800000 102400 \SystemRoot\system32\DRIVERS\klkbdflt.sys
>         158 FFFFF80126820000 86016 \SystemRoot\System32\drivers\kbdclass.sys
>         159 FFFFF80126840000 163840 \SystemRoot\System32\drivers\USBSTOR.SYS
>         160 FFFFF80126870000 221184 \SystemRoot\System32\drivers\usbccgp.sys
>         161 FFFFFD379FB50000 696320 \SystemRoot\System32\win32k.sys
>         162 FFFFF801386D0000 49152 \SystemRoot\System32\WIN32KSGD.SYS
>         163 FFFFFD379F600000 3604480 \SystemRoot\System32\win32kbase.sys
>         164 FFFFFD37A06A0000 3837952 \SystemRoot\System32\win32kfull.sys
>         165 FFFFF801268D0000 69632 \SystemRoot\System32\Drivers\dump_dumpstorport.sys
>         166 FFFFF80126930000 241664 \SystemRoot\System32\drivers\dump_stornvme.sys
>         167 FFFFF80126990000 122880 \SystemRoot\System32\Drivers\dump_dumpfve.sys
>         168 FFFFF801269B0000 1138688 \SystemRoot\System32\drivers\dxgmms2.sys
>         169 FFFFF80126AD0000 122880 \SystemRoot\System32\drivers\monitor.sys
>         170 FFFFFD37A0A50000 286720 \SystemRoot\System32\cdd.dll
>         171 FFFFF80126AF0000 356352 \SystemRoot\System32\drivers\WUDFRd.sys
>         172 FFFFF80126B50000 81920 \SystemRoot\system32\drivers\bfs.sys
>         173 FFFFF80126B70000 172032 \SystemRoot\system32\drivers\luafv.sys
>         174 FFFFF80126BA0000 241664 \SystemRoot\system32\drivers\wcifs.sys
>         175 FFFFF80126BE0000 196608 \SystemRoot\System32\drivers\rdpdr.sys
>         176 FFFFF801388C0000 61440 \SystemRoot\System32\drivers\WpdUpFltr.sys
>         177 FFFFF80126C20000 573440 \SystemRoot\system32\drivers\cldflt.sys
>         178 FFFFF80126CB0000 110592 \SystemRoot\system32\drivers\storqosflt.sys
>         179 FFFFF80126CD0000 163840 \SystemRoot\system32\drivers\bindflt.sys
>         180 FFFFF80126D00000 155648 \SystemRoot\system32\DRIVERS\bowser.sys
>         181 FFFFF80126D30000 434176 \SystemRoot\system32\drivers\msquic.sys
>         182 FFFFF80126DA0000 655360 \SystemRoot\system32\DRIVERS\mrxsmb.sys
>         183 FFFFF80126E50000 323584 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
>         184 FFFFF80126EA0000 102400 \SystemRoot\system32\drivers\lltdio.sys
>         185 FFFFF80126EC0000 102400 \SystemRoot\system32\drivers\mslldp.sys
>         186 FFFFF80126EE0000 118784 \SystemRoot\system32\drivers\rspndr.sys
>         187 FFFFF80126F00000 126976 \SystemRoot\System32\DRIVERS\wanarp.sys
>         188 FFFFF80126F20000 757760 \SystemRoot\system32\DRIVERS\nwifi.sys
>         189 FFFFF80126FE0000 102400 \SystemRoot\system32\drivers\ndisuio.sys
>         190 FFFFF80127000000 110592 \SystemRoot\System32\drivers\mpsdrv.sys
>         191 FFFFF80127020000 90112 \SystemRoot\system32\drivers\mmcss.sys
>         192 FFFFF80127040000 53248 \??\C:\Windows\system32\AMDRyzenMasterDriver.sys
>         193 FFFFF80127050000 372736 \SystemRoot\System32\DRIVERS\srvnet.sys
>         194 FFFFF80123300000 856064 \SystemRoot\system32\drivers\peauth.sys
>         195 FFFFF801574B0000 872448 \SystemRoot\System32\DRIVERS\srv2.sys
>         196 FFFFF80157590000 77824 \SystemRoot\System32\drivers\condrv.sys
>         197 FFFFF801575B0000 266240 \SystemRoot\System32\Drivers\klupd_klif_mark.sys
>         198 FFFFF80156600000 6111232 \??\C:\Users\hiper\OneDrive\Masa³st³\KDmapper\NalDrv.sys
>         199 FFFFF80156BE0000 1777664 \SystemRoot\system32\drivers\HTTP.sys
>         200 FFFFF80156DA0000 352256 \SystemRoot\System32\Drivers\klupd_klif_klark.sys
> > List of device and driver objects in the common locations
>         \ -> clfs
>         \ -> FatCdrom
>         \ -> Fat
>         \ -> Ntfs
>         \Device -> 0000006a
>         \Device -> 00000058
>         \Device -> GPIO_1
>         \Device -> 00000044
>         \Device -> NTPNP_PCI0030
>         \Device -> NTPNP_PCI0002
>         \Device -> 00000030
>         \Device -> Nal
>         \Device -> 00000068
>         \Device -> USBPDO-9
>         \Device -> 00000054
>         \Device -> GPIO_2
>         \Device -> AmdLog
>         \Device -> KLIM6_DUMMYklim6
>         \Device -> NTPNP_PCI0031
>         \Device -> NTPNP_PCI0003
>         \Device -> 00000064
>         \Device -> USBPDO-5
>         \Device -> 00000050
>         \Device -> MSGpioClassExt0
>         \Device -> NTPNP_PCI0032
>         \Device -> NTPNP_PCI0004
>         \Device -> MSSGRMAGENTSYS
>         \Device -> 0000000f
>         \Device -> MMCSS
>         \Device -> lltdio
>         \Device -> 00000074
>         \Device -> 00000060
>         \Device -> USBPDO-1
>         \Device -> Bam
>         \Device -> Psched
>         \Device -> Tcp6
>         \Device -> NTPNP_PCI0033
>         \Device -> NTPNP_PCI0005
>         \Device -> 0000001f
>         \Device -> 0000000b
>         \Device -> Ndisuio
>         \Device -> 00000070
>         \Device -> FakeVid10
>         \Device -> RaidPort0
>         \Device -> NTPNP_PCI0034
>         \Device -> NTPNP_PCI0006
>         \Device -> 0000002f
>         \Device -> 0000001b
>         \Device -> 00000009
>         \Device -> SrvAdmin
>         \Device -> FakeVid11
>         \Device -> FakeVid8
>         \Device -> KlDiskCtl
>         \Device -> RaidPort1
>         \Device -> 0000003f
>         \Device -> NTPNP_PCI0035
>         \Device -> NTPNP_PCI0007
>         \Device -> 0000002b
>         \Device -> 00000019
>         \Device -> 00000005
>         \Device -> FakeVid12
>         \Device -> FakeVid4
>         \Device -> 0000004f
>         \Device -> ahcache
>         \Device -> NTPNP_PCI0036
>         \Device -> 0000003b
>         \Device -> NTPNP_PCI0008
>         \Device -> 00000029
>         \Device -> 00000015
>         \Device -> 00000001
>         \Device -> FakeVid13
>         \Device -> FakeVid0
>         \Device -> 0000005f
>         \Device -> _HID00000001
>         \Device -> 0000004b
>         \Device -> IPSECDOSP
>         \Device -> NTPNP_PCI0037
>         \Device -> 00000039
>         \Device -> NTPNP_PCI0009
>         \Device -> 00000025
>         \Device -> 00000011
>         \Device -> klnkd_061303_KLIF
>         \Device -> PEAuth
>         \Device -> FakeVid14
>         \Device -> 0000005b
>         \Device -> 00000049
>         \Device -> NTPNP_PCI0038
>         \Device -> 00000035
>         \Device -> 00000021
>         \Device -> WMIDataDevice
>         \Device -> MPS
>         \Device -> FakeVid15
>         \Device -> 0000006b
>         \Device -> 00000059
>         \Device -> 00000045
>         \Device -> Spaceport
>         \Device -> NTPNP_PCI0039
>         \Device -> 00000031
>         \Device -> LanmanDatagramReceiver
>         \Device -> 00000069
>         \Device -> 00000055
>         \Device -> vwififlt
>         \Device -> WFPL2DPConfig
>         \Device -> ConDrv
>         \Device -> RdpDrPort
>         \Device -> UMDFCtrlDev-38762bd4-7e0f-11ed-8c4e-806e6f6e6963
>         \Device -> 00000065
>         \Device -> USBPDO-6
>         \Device -> 00000051
>         \Device -> Tcp
>         \Device -> DxgKrnl
>         \Device -> NTPNP_PCI0010
>         \Device -> 00000075
>         \Device -> 00000061
>         \Device -> RealTekCard{C71C7B73-2EA3-4E74-A704-ECD4A71B8E26}
>         \Device -> USBPDO-2
>         \Device -> USBFDO-0
>         \Device -> Null
>         \Device -> NTPNP_PCI0011
>         \Device -> 0000000c
>         \Device -> WANARP
>         \Device -> 00000071
>         \Device -> Udp6
>         \Device -> NamedPipe
>         \Device -> NTPNP_PCI0012
>         \Device -> 0000001c
>         \Device -> LLDPCTRL
>         \Device -> RdpDrDvMgr
>         \Device -> FakeVid9
>         \Device -> Video0
>         \Device -> Kneps
>         \Device -> NTPNP_PCI0013
>         \Device -> 0000002c
>         \Device -> 00000006
>         \Device -> FakeVid5
>         \Device -> Video1
>         \Device -> NXTIPSEC
>         \Device -> KsecDD
>         \Device -> 0000003c
>         \Device -> NTPNP_PCI0014
>         \Device -> 00000016
>         \Device -> 00000002
>         \Device -> DeviceApi
>         \Device -> FakeVid1
>         \Device -> Video2
>         \Device -> _HID00000002
>         \Device -> 0000004c
>         \Device -> WFPL2
>         \Device -> MountPointManager
>         \Device -> NTPNP_PCI0015
>         \Device -> 00000026
>         \Device -> CNG
>         \Device -> 00000012
>         \Device -> SrvNet
>         \Device -> Video3
>         \Device -> 0000005c
>         \Device -> lwm
>         \Device -> 00000036
>         \Device -> NTPNP_PCI0016
>         \Device -> 00000022
>         \Device -> KMDF0
>         \Device -> 0000006c
>         \Device -> Video4
>         \Device -> HidHide
>         \Device -> 00000046
>         \Device -> NTPNP_PCI0017
>         \Device -> 00000032
>         \Device -> Video5
>         \Device -> 00000056
>         \Device -> KLWTP_DUMMY
>         \Device -> 00000042
>         \Device -> NTPNP_PCI0018
>         \Device -> UMDFCtrlDev-38762bd0-7e0f-11ed-8c4e-806e6f6e6963
>         \Device -> Video6
>         \Device -> 00000066
>         \Device -> USBPDO-7
>         \Device -> 00000052
>         \Device -> netadaptercx0
>         \Device -> WFP
>         \Device -> NTPNP_PCI0019
>         \Device -> 00000076
>         \Device -> Video7
>         \Device -> 00000062
>         \Device -> USBPDO-3
>         \Device -> USBFDO-1
>         \Device -> amdpsp
>         \Device -> 0000000d
>         \Device -> WwanProt
>         \Device -> 00000072
>         \Device -> DrDynVc
>         \Device -> Mailslot
>         \Device -> HarddiskVolume1
>         \Device -> RawCdRom
>         \Device -> 0000001d
>         \Device -> WANARPV6
>         \Device -> kneps_DUMMY
>         \Device -> RawIp6
>         \Device -> RawIp
>         \Device -> Tdx
>         \Device -> HarddiskVolumeShadowCopy1
>         \Device -> HarddiskVolume2
>         \Device -> VolMgrControl
>         \Device -> 0000002d
>         \Device -> 00000007
>         \Device -> FakeVid6
>         \Device -> PointerClass0
>         \Device -> Nsi
>         \Device -> FsWrap
>         \Device -> HarddiskVolume3
>         \Device -> Mup
>         \Device -> kl_cm.{EE198DD8-F4ED-4799-A748-5A130DE3050E}
>         \Device -> 0000003d
>         \Device -> NTPNP_PCI0020
>         \Device -> WindowsTrustedRT
>         \Device -> 00000017
>         \Device -> 00000003
>         \Device -> FakeVid2
>         \Device -> PointerClass1
>         \Device -> _HID00000003
>         \Device -> 0000004d
>         \Device -> Udp
>         \Device -> HarddiskVolume4
>         \Device -> RawTape
>         \Device -> NTPNP_PCI0021
>         \Device -> 00000027
>         \Device -> 00000013
>         \Device -> klark_041403_KLIF
>         \Device -> Bfs
>         \Device -> 0000005d
>         \Device -> RdpBus
>         \Device -> KLWTP
>         \Device -> HarddiskVolume5
>         \Device -> 00000037
>         \Device -> NTPNP_PCI0022
>         \Device -> 00000023
>         \Device -> 0000006d
>         \Device -> 00000047
>         \Device -> HarddiskVolume6
>         \Device -> NTPNP_PCI0023
>         \Device -> 00000033
>         \Device -> rspndr
>         \Device -> UMDFCtrlDev-38762bfc-7e0f-11ed-8c4e-c5ba839355fb
>         \Device -> UMDFCtrlDev-38762bf3-7e0f-11ed-8c4e-c5ba839355fb
>         \Device -> 00000057
>         \Device -> NetBt_Wins_Export
>         \Device -> 00000043
>         \Device -> HarddiskVolume7
>         \Device -> FileInfo
>         \Device -> NTPNP_PCI0024
>         \Device -> 00000067
>         \Device -> HarddiskVolume8
>         \Device -> USBPDO-8
>         \Device -> 00000053
>         \Device -> klbg_111403_KLIF
>         \Device -> arkmon_021304_KLIF
>         \Device -> NTPNP_PCI0025
>         \Device -> RESOURCE_HUB
>         \Device -> 00000063
>         \Device -> HarddiskVolume9
>         \Device -> KeyboardClass0
>         \Device -> USBPDO-4
>         \Device -> KLIM6klim6
>         \Device -> WfpAle
>         \Device -> Ndis
>         \Device -> NTPNP_PCI0026
>         \Device -> 0000000e
>         \Device -> 00000073
>         \Device -> KeyboardClass1
>         \Device -> USBPDO-0
>         \Device -> DfsClient
>         \Device -> PartmgrControl
>         \Device -> PcwDrv
>         \Device -> NTPNP_PCI0027
>         \Device -> 0000001e
>         \Device -> 0000000a
>         \Device -> KeyboardClass2
>         \Device -> UCX0
>         \Device -> KLWFP_DUMMY
>         \Device -> RdyBoost
>         \Device -> NTPNP_PCI0028
>         \Device -> PciControl
>         \Device -> 0000002e
>         \Device -> 0000001a
>         \Device -> 00000008
>         \Device -> Srv2
>         \Device -> AMDRyzenMasterDriverV19
>         \Device -> FakeVid7
>         \Device -> KeyboardClass3
>         \Device -> Netbios
>         \Device -> Beep
>         \Device -> eQoS
>         \Device -> 0000003e
>         \Device -> RawDisk
>         \Device -> NTPNP_PCI0029
>         \Device -> 0000002a
>         \Device -> 00000018
>         \Device -> 00000004
>         \Device -> FakeVid3
>         \Device -> KeyboardClass4
>         \Device -> _HID00000004
>         \Device -> 0000004e
>         \Device -> NetBT_Tcpip_{C71C7B73-2EA3-4E74-A704-ECD4A71B8E26}
>         \Device -> VRegDriver
>         \Device -> Afd
>         \Device -> 0000003a
>         \Device -> 00000028
>         \Device -> 00000014
>         \Device -> KeyboardClass5
>         \Device -> 0000005e
>         \Device -> _HID00000000
>         \Device -> AWCCDevice
>         \Device -> 0000004a
>         \Device -> NameResTrk
>         \Device -> BitLocker
>         \Device -> 00000038
>         \Device -> NTPNP_PCI0000
>         \Device -> 00000024
>         \Device -> 00000010
>         \Device -> 0000006e
>         \Device -> 0000005a
>         \Device -> 00000048
>         \Device -> 00000034
>         \Device -> NTPNP_PCI0001
>         \Device -> 00000020
>         \Driver -> klkbdflt
>         \Driver -> amdgpio2
>         \Driver -> fvevol
>         \Driver -> vdrvroot
>         \Driver -> NetBT
>         \Driver -> acpiex
>         \Driver -> Wdf01000
>         \Driver -> mpsdrv
>         \Driver -> storahci
>         \Driver -> MMCSS
>         \Driver -> lltdio
>         \Driver -> bam
>         \Driver -> Psched
>         \Driver -> BasicRender
>         \Driver -> disk
>         \Driver -> HTTP
>         \Driver -> NalDrv
>         \Driver -> Ndisuio
>         \Driver -> stornvme
>         \Driver -> klupd_klif_arkmon
>         \Driver -> WscVReg
>         \Driver -> monitor
>         \Driver -> ahcache
>         \Driver -> iorate
>         \Driver -> pcw
>         \Driver -> klupd_klif_klark
>         \Driver -> AmdPPM
>         \Driver -> rt25cx21
>         \Driver -> Ucx01000
>         \Driver -> USBXHCI
>         \Driver -> partmgr
>         \Driver -> PEAUTH
>         \Driver -> MsLldp
>         \Driver -> klmouflt
>         \Driver -> AWCCDriver
>         \Driver -> Vid
>         \Driver -> klim6
>         \Driver -> ACPI_HAL
>         \Driver -> amdgpio3
>         \Driver -> spaceport
>         \Driver -> USBSTOR
>         \Driver -> HidUsb
>         \Driver -> vwififlt
>         \Driver -> condrv
>         \Driver -> DXGKrnl
>         \Driver -> PnpManager
>         \Driver -> RDPDR
>         \Driver -> Null
>         \Driver -> intelpep
>         \Driver -> PRM
>         \Driver -> wanarp
>         \Driver -> SoftwareDevice
>         \Driver -> kneps
>         \Driver -> klflt
>         \Driver -> CLFS
>         \Driver -> WindowsTrustedRTProxy
>         \Driver -> AMDXE
>         \Driver -> NdisCap
>         \Driver -> KSecDD
>         \Driver -> volmgr
>         \Driver -> DeviceApi
>         \Driver -> umbus
>         \Driver -> klpnpflt
>         \Driver -> klbackupdisk
>         \Driver -> CNG
>         \Driver -> Win32k
>         \Driver -> amdfendrmgr
>         \Driver -> npsvctrig
>         \Driver -> volume
>         \Driver -> KSecPkg
>         \Driver -> TPM
>         \Driver -> mouclass
>         \Driver -> HidHide
>         \Driver -> NativeWifiP
>         \Driver -> msisadrv
>         \Driver -> IntelPMT
>         \Driver -> kbdclass
>         \Driver -> dtliteusbbus
>         \Driver -> AMDPCIDev
>         \Driver -> mouhid
>         \Driver -> dtlitescsibus
>         \Driver -> AMDSAFD
>         \Driver -> volsnap
>         \Driver -> amdpsp
>         \Driver -> GPIOClx0101
>         \Driver -> nsiproxy
>         \Driver -> WMIxWDM
>         \Driver -> MsQuic
>         \Driver -> tdx
>         \Driver -> WindowsTrustedRT
>         \Driver -> HDAudBus
>         \Driver -> BasicDisplay
>         \Driver -> rdpbus
>         \Driver -> klwtp
>         \Driver -> klhk
>         \Driver -> kbdhid
>         \Driver -> AtiHDAudioService
>         \Driver -> UEFI
>         \Driver -> pdc
>         \Driver -> rspndr
>         \Driver -> WpdUpFltr
>         \Driver -> WmiAcpi
>         \Driver -> klupd_klif_klbg
>         \Driver -> HdAudAddService
>         \Driver -> NetAdapterCx
>         \Driver -> mssmbios
>         \Driver -> klwfp
>         \Driver -> volmgrx
>         \Driver -> pci
>         \Driver -> NdisVirtualBus
>         \Driver -> kdnic
>         \Driver -> cdrom
>         \Driver -> NDIS
>         \Driver -> cm_km
>         \Driver -> swenum
>         \Driver -> amdfendr
>         \Driver -> klids
>         \Driver -> rdyboost
>         \Driver -> WFPLWFS
>         \Driver -> Tcpip
>         \Driver -> SgrmAgent
>         \Driver -> klupd_klif_mark
>         \Driver -> AMDRyzenMasterDriverV19
>         \Driver -> USBHUB3
>         \Driver -> Beep
>         \Driver -> kldisk
>         \Driver -> usbccgp
>         \Driver -> amdwddmg
>         \Driver -> AFD
>         \Driver -> mountmgr
>         \Driver -> ksthunk
>         \Driver -> ViGEmBus
>         \Driver -> afunix
>         \Driver -> WudfRd
>         \Driver -> CompositeBus
>         \Driver -> EhStorClass
>         \Driver -> ACPI
> > Process (self) handle trace
>         >> 0xFFFFF80114ACCFD7, \SystemRoot\system32\ntoskrnl.exe, base 0xFFFFF80114400000
>         >> 0xFFFFF80114ACD423, \SystemRoot\system32\ntoskrnl.exe, base 0xFFFFF80114400000
>         >> 0xFFFFF8011483D4E8, \SystemRoot\system32\ntoskrnl.exe, base 0xFFFFF80114400000
>         >> 0x00007FF8B60EF2C4, ntdll.dll, base 0x00007FF8B6050000
>         >> 0x00007FF63FC0F928, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC0FD5C, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC0FFEB, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC09F3D, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC0A829, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC0AA0E, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC10820, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF8B44C26BD, KERNEL32.DLL, base 0x00007FF8B44B0000
>         >> 0x00007FF8B60ADFB8, ntdll.dll, base 0x00007FF8B6050000
> > Thread handle trace
>         >> 0xFFFFF80114BB1522, \SystemRoot\system32\ntoskrnl.exe, base 0xFFFFF80114400000
>         >> 0xFFFFF80114BB1303, \SystemRoot\system32\ntoskrnl.exe, base 0xFFFFF80114400000
>         >> 0xFFFFF8011483D4E8, \SystemRoot\system32\ntoskrnl.exe, base 0xFFFFF80114400000
>         >> 0x00007FF8B60F14D4, ntdll.dll, base 0x00007FF8B6050000
>         >> 0x00007FF63FC0F997, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC0FD5C, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC0FFEB, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC09F3D, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC0A829, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC0AA0E, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC10820, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF8B44C26BD, KERNEL32.DLL, base 0x00007FF8B44B0000
>         >> 0x00007FF8B60ADFB8, ntdll.dll, base 0x00007FF8B6050000
> > Process (1188) handle trace
> Cannot open process, NTSTATUS (0xC0000022)
> > Section handle trace
>         >> 0xFFFFF80114ACF260, \SystemRoot\system32\ntoskrnl.exe, base 0xFFFFF80114400000
>         >> 0xFFFFF80114ACF3CC, \SystemRoot\system32\ntoskrnl.exe, base 0xFFFFF80114400000
>         >> 0xFFFFF8011483D4E8, \SystemRoot\system32\ntoskrnl.exe, base 0xFFFFF80114400000
>         >> 0x00007FF8B60EF744, ntdll.dll, base 0x00007FF8B6050000
>         >> 0x00007FF63FC0FABB, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC0FE06, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC0FFEB, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC09F3D, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC0A829, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC0AA0E, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF63FC10820, kdu.exe, base 0x00007FF63FC00000
>         >> 0x00007FF8B44C26BD, KERNEL32.DLL, base 0x00007FF8B44B0000
>         >> 0x00007FF8B60ADFB8, ntdll.dll, base 0x00007FF8B6050000
> > Analyzing process working set
>         >> ThreadId [10820] Pc 00007FF8B60EF184 (ntdll.dll) : Va 00007FF8B60EF185 (ntdll.dll)
>         >> ThreadId [10820] Pc 00007FF8B60EF184 (ntdll.dll) : Va 000000000014CE09 (Unknown)
>         >> ThreadId [10820] Pc 00007FF63FC0F4AF (kdu.exe) : Va 00007FF63FC0F4AF (kdu.exe)
>         >> ThreadId [10820] Pc 00007FF63FC0F4C2 (kdu.exe) : Va 000000000014CE31 (Unknown)
>         >> ThreadId [10820] Pc 00007FF63FC0F4D3 (kdu.exe) : Va 00007FF63FC2A609 (kdu.exe)
>         >> ThreadId [10820] Pc 00007FF8B60EF118 (ntdll.dll) : Va 000000007FFE0309 (Unknown)
> > List of registered minifilters
>         >> bindflt
>         >> WdFilter
>         >> KLIF
>         >> storqosflt
>         >> wcifs
>         >> CldFlt
>         >> bfs
>         >> FileCrypt
>         >> luafv
>         >> klbackupflt
>         >> npsvctrig
>         >> Wof
>         >> FileInfo
> > Physical memory layout
> ResourceList Count 1
> pDesc[0].PartialResourceList.Count 7
> #0 Flags 0x0000 0x0000000000001000::0x00000000000A0000 (length 0x000000000009F000, 0 Mb)
> #1 Flags 0x0000 0x0000000000100000::0x0000000009E02000 (length 0x0000000009D02000, 157 Mb)
> #2 Flags 0x0000 0x000000000A000000::0x000000000A200000 (length 0x0000000000200000, 2 Mb)
> #3 Flags 0x0000 0x000000000A20E000::0x000000000B000000 (length 0x0000000000DF2000, 13 Mb)
> #4 Flags 0x0000 0x000000000B020000::0x00000000CB147000 (length 0x00000000C0127000, 3073 Mb)
> #5 Flags 0x0000 0x00000000CDBFF000::0x00000000CF000000 (length 0x0000000001401000, 20 Mb)
> #6 Flags 0x0200 0x0000000100000000::0x000000042F380000 (length 0x000000032F380000, 13043 Mb)
> [+] Return value: 1. Bye-bye!
hfiref0x commented 1 year ago

[!] Vulnerable driver is already loaded

198 FFFFF80156600000 6111232 \??\C:\Users\hiper\OneDrive\Masa³st³\KDmapper\NalDrv.sys

c0000010 - STATUS_INVALID_DEVICE_REQUEST, you have different version of NalDrv loaded, get rid of it.

[!] Could not query DSE state, GetLastError 5 (ERROR_ACCESS_DENIED).

Loaded NalDrv is a different version of what KDU use, get rid of it.

Run kdu -prv 1 -dse 0 and post result.

Additionally you are running bunch of Kaspersky drivers that may interfere, get rid of it.