DriverBuddyReloaded icon indicating copy to clipboard operation
DriverBuddyReloaded copied to clipboard

Published 20 hours ago verified publisher icon VoidSec

[BUG] WDF/KMDF detection

Open VoidSec opened this issue 2 years ago • 1 comments
trafficstars

Describe the bug WDF detection library correctly detect a KmdfLibrary but the driver is marked as WSF anyway

To Reproduce

[WDF]: Found KmdfLibrary string at 0x14000f388
[WDF]: Creating struct for KmdfLibrary Functions version 1.11
[WDF]: doStruct (size=0xdb0) at 0x140010430
[WDF]: Success
[+] Driver type detected: WDF

Expected behavior [+] Driver type detected: KMDF

VoidSec avatar Mar 03 '23 14:03 VoidSec

Possible solution: If there's any import from WDFLDR.sys they are KMDF drivers

VoidSec avatar Mar 06 '23 10:03 VoidSec