DriverBuddy
DriverBuddy copied to clipboard
nccgroup
Crash
Shortcut Ctrl+Alt+I is used for two actions: @IDC:py_hotkeycb_0000000007EC6EE8 @IDC:py_hotkeycb_0000000007EC6DC8 "@IDC:py_hotkeycb_0000000007EC6DC8" will be deleted. [+] Welcome to Driver Buddy [+] Checking for DriverEntry... [+] DriverEntry found [+] Populating IDA functions.... [+] Searching for interesting C functions.... [+] interesting C functions detected [+] Found 0x00011aea xref to RtlCopyMemory [+] Found 0x00011b04 xref to RtlCopyMemory [+] Searching for interesting Windows functions.... [+] interesting winapi functions detected [+] Found 0x000110ae xref to ZwQuerySymbolicLinkObject [+] Found 0x00011197 xref to ZwQuerySymbolicLinkObject [+] Found 0x00011091 xref to ZwOpenSymbolicLinkObject [+] Found 0x0001117e xref to ZwOpenSymbolicLinkObject [+] Found 0x000112ca xref to ObReferenceObjectByPointer [+] Found 0x00012493 xref to PsCreateSystemThread [+] Found 0x000110c1 xref to ZwClose [+] Found 0x000111a6 xref to ZwClose [+] Found 0x000124ca xref to ZwClose [+] Found 0x00012639 xref to ZwClose [+] Found 0x000160d8 xref to ZwClose [+] Found 0x00012600 xref to ZwMakeTemporaryObject [+] Found 0x000124bd xref to ObReferenceObjectByHandle [+] Found 0x000112d5 xref to ObfDereferenceObject [+] Found 0x00016041 xref to ObfDereferenceObject [+] Found 0x000118c4 xref to IofCallDriver [+] Found 0x00011a24 xref to IofCallDriver [+] Found 0x000125eb xref to ZwCreateDirectoryObject [+] Searching for interesting driver functions.... [-] No interesting specific driver functions detected [+] Trying to determine driver type... [+] Found real DriverEntry address of ffffffffffffffff
