!This program cannot be run in DOS mode.
.textbss
`.rdata
@.data
.pdata
@.idata
@.msvcjmc
.00cfg
@.rsrc
@.reloc
H;E(~1H
H;E(~1H
H+E(H;
H9E(sgH
D$(EtwBH
u:HcELH
EDHcEDE3
EDHcEDE3
H+E(H;
H+E(H;
H+E(H;
9E$uiH
u]HcE$
u.HcE$
uvHcE$
uGHcE$
-u&HcE$
H9H s[H
H;E(~1H
EHHiEH
EHH9E(
EHH9E(
UUUUUUU
UUUUUUU
UUUUUUU
H+E(H;E
H9E(sCH
H9D$Xw
H9D$8}
H9D$8s
H9D$(v
D$ 9D$4
H9D$(v
D$(H9D$8
H9D$(v
D$49D$
H9D$(v
D$8H9D$(
H9D$@v
D$89D$P
D$X9D$4~
H9D$@v
D$HH9D$h
D$pH9D$@~
D$(H9D$ t@H
D$(H9D$ t'H
D$(H9D$ tDH
D$(H9D$ t*H
D$(H9D$ t>H
D$(H9D$ t$H
D$(H9D$ tDH
D$(H9D$ t*H
D$0H9D$(~
D$0H9D$(v
D$0H9D$(}
D$0H9D$(s
|$ Wu*D
D$P9D$ w
D$89D$0w
D$pHc@
D$8HcD$ H
D$H9D$ s"
H9D$Hr
H9D$Hs
$Hc@<H
D$ H9D$(u
H;D$@v
5Genu
5Auth
@UVWAVH
VATAUAWH
(A_A]A\^
@SUWATAUAVAWH
A_A^A]A\_][
H3D$0H
H9D$ u
D$ Hc@<H
D$PfA9
fD9TDPt
USVWATAUAVH
te+}o;>r^
A^A]A\_^[]
!This program cannot be run in DOS mode.
h.rdata
H.data
.pdata
|$ uG3
D$L/vf
l$Ht$H
l$Ht&f
D$(tEH
Nal Windows Driver Unload: IoDeleteDevice NOT called: NULL DeviceObject
Nal Windows Driver Unload: Leaving...
Nal Windows Driver Unload: Starting
Nal Windows DriverAddDevice: done
Nal Windows DriverIoCreateSymbolicLink failed. Status = 0x%x
Nal Windows DriverIoCreateDevice failed. Status = 0x%0x
Nal Windows DriverAddDevice: entered
Nal Windows DriverCreate: Leaving
Nal Windows DriverCreate: Starting
Nal Windows DriverClose: Leaving
Nal Windows DriverClose: Starting
NalDeviceControl: InputBuffer was NULL
Nal Windows DriverDeviceControl: Invalid IOCTL code 0x%0x
NAL_ENABLE_DEBUG_PRINT_FUNCID: FunctionData is NULL
NAL_KKMEMCPY_FUNCID: One of the buffers was NULL
NAL_KUMEMCPY_FUNCID: One of the buffers was NULL
NAL_KMEMSET_FUNCID: One of the buffers was NULL
Kernel:
_NalWinGetUserAddress: Unable to allocate MDL
_NalWinGetUserAddress: Address To Free = 0x%p
_NalWinGetUserAddress: MmMapLockedPages failed. Freeing MDL
_NalWinGetUserAddress: KernelLevelAddress = 0x%p
PAGE_SIZE * (65535 - sizeof(MDL)) / sizeof(ULONG_PTR) = %d
_NalWinGetUserAddress: Using memory map table slot %d - Length %d
NalUnmapAddress: Unmapping non-usermode mapped address 0x%p, Length %d
NalUnmapAddressEx: Address not found in table - not unmapping 0x%p, Length %d
NalUnmapAddressEx: Global_WinMemoryMapTable[i].AddressToFree = %p
NalUnmapAddressEx: Unmapping OriginalMemoryMapped
NalUnmapAddressEx: Skipped MmUnmapLockedPages - AddressToFree or Mdl was NULL
NalUnmapAddressEx: Calling MmUnmapLockedPages
NalUnmapAddressEx: Slot %d matched
NalUnmapAddressEx: Global_WinMemoryMapTable[%d].MappedAddress = 0x%p == 0x%p
NalUnmapAddressEx: Looking to unmap 0x%p, Length %d, ProcessId %d
_NalAllocateMemoryNonPaged - MmAllocateContiguousMemory failed
_NalAllocateMemoryNonPaged - VirtualAddress = 0x%p
_NalAllocateMemoryNonPaged - MmMapLockedPages failed. Freeing MDL
_NalFreeMemoryNonPagedEx: Memory entry 0x%p is not entered into the table. Not freeing anything.
NalMmapAddressEx: *VirtualAddress = 0x%p (mapped to user)
NalMmapAddressEx: *VirtualAddress = 0x%p (not mapped to user)
NalMmapAddressEx: Vaddress = 0x%p
Translated
Looking for match for %d/%d/%d
_NalReadPciDeviceCount found %d devices (%d)
c:\users\cloudbuild\337244\sdk\nal\src\winnt_wdm\driver\windriverpci_i.c
FillKernelContext: VirtualAddress: %p
_NalHasInterruptOccurred returning %s
NalResolveOsSpecificIoctl: FuctionId = %d
NalResolveOsSpecificIoctl: NAL_WIN_IS_ADAPTER_IN_USE_FUNCID FunctionData is NULL
NalResolveOsSpecificIoctl: NAL_WIN_ADAPTER_IN_USE_FUNCID FunctionData is NULL
NalResolveOsSpecificIoctl: NAL_WIN_DRIVER_GET_REF_COUNT_FUNCID FunctionData is NULL
NalResolveOsSpecificIoctl: NAL_WIN_OS_DEVICE_FUNCID FunctionData is NULL
NalResolveOsSpecificIoctl: NAL_WIN_FREE_DEV_CONTEXT_FUNCID FunctionData is NULL
NalResolveOsSpecificIoctl: NAL_WIN_ALLOC_DEV_CONTEXT_FUNCID FunctionData is NULL
NalResolveOsSpecificIoctl: NAL_WIN_GET_SYMBOLIC_NAME_FUNCID FunctionData is NULL
NalResolveOsSpecificIoctl: NAL_WIN_GET_PDO_POINTER_FUNCID FunctionData is NULL
NalOsSpecificIoctl: FunctionId = %d
c:\users\cloudbuild\337244\sdk\nal\src\winnt_wdm\driver\objfre_wnet_AMD64\amd64\iqvw64e.pdb
Nal Windows Driver DriverEntry: Completed
Nov 14 2013
Nal Windows Driver Loaded -- Compiled %s %s
07:22:40
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
ExAllocatePoolWithTag
ExFreePoolWithTag
MmGetPhysicalAddress
DbgPrint
strncpy
vsprintf
IoFreeMdl
MmMapLockedPagesSpecifyCache
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmUnmapIoSpace
MmUnmapLockedPages
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmMapIoSpace
ObfDereferenceObject
KeWaitForSingleObject
IofCallDriver
IoBuildSynchronousFsdRequest
KeInitializeEvent
ZwClose
RtlFreeAnsiString
strstr
RtlUnicodeStringToAnsiString
ZwEnumerateValueKey
ZwOpenKey
wcsncpy
IoGetDeviceObjectPointer
IoGetDeviceInterfaces
ObReferenceObjectByPointer
KeBugCheckEx
ntoskrnl.exe
KeStallExecutionProcessor
KeQueryPerformanceCounter
HAL.dll
Western Cape1
Durbanville1
Thawte1
Thawte Certification1 0
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
120517000000Z
150530235959Z0
Oregon1
Hillsboro1
Intel Corporation1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
LAN Access Division1
Intel Corporation0
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
image/gif0!0 0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
131114152322Z0#
Dt-^fW
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
_Alloc_max
_Masked
_New_capacity
_Proxy
_Fancyptr
_New_capacity
_Proxy
_Fancyptr
_Alloc_max
_Masked
cacheDeleteCount
localentry
RipOffset
sectionData
headers
sectionSize
sectionSize
wdname
search_path
wsNameLen
wsNamePtr
wsName
RuntimeDriversArray
ReadListEntry
Unicode_String
ImageName
emptyval
NextEntry
PrevEntry
current
driver_path
driver_path
file_ofstream
copy_memory_buffer
bytes_returned
fill_memory_buffer
bytes_returned
get_phys_address_buffer
bytes_returned
map_io_space_buffer
bytes_returned
unmap_io_space_buffer
bytes_returned
physical_address
allocated_pages
result
set_prot_status
allocated_pool
allocated_pages
starting_address
status
result
result
dos_header
nt_headers
current_function_name
buffer_size
current_system_handle
device_object
driver_object
driver_section
us_driver_base_dll_name
unloadedName
kernel_injected_jmp
original_kernel_function
_Count_s
_Available
_Fileposition
kernel_injected_jmp
original_kernel_function
kernel_injected_jmp
original_kernel_function
kernel_injected_jmp
original_kernel_function
kernel_injected_jmp
original_kernel_function
kernel_injected_jmp
original_kernel_function
kernel_injected_jmp
original_kernel_function
kernel_injected_jmp
original_kernel_function
kernel_injected_jmp
original_kernel_function
kernel_injected_jmp
original_kernel_function
kernel_injected_jmp
original_kernel_function
kernel_injected_jmp
original_kernel_function
kernel_injected_jmp
original_kernel_function
kernel_injected_jmp
original_kernel_function
_Psave
_Psave_guard
_Proxy
_New_capacity
_New_ptr
_Proxy
_New_capacity
_New_ptr
_Psave
_Psave_guard
_New_capacity
_New_ptr
_Proxy
_New_capacity
_New_ptr
_Guard
Unknown exception
bad array new length
invalid argument
C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.39.33519\include\xmemory
ITERATOR LIST CORRUPTED!
string too long
bad cast
ntoskrnl.exe
[!] Failed to ClearWdFilterDriverList
WdFilter.sys
[+] WdFilter.sys not loaded, clear skipped
xxx????xx
[!] Failed to find WdFilter RuntimeDriversList
xx????xxx
[!] Failed to find WdFilter RuntimeDriversCount
xxx?x?xx???????????x
xxx?xx?x???????????x
[!] Failed to find WdFilter MpFreeDriverInfoEx
[+] Found WdFilter MpFreeDriverInfoEx with second pattern
[!] Failed to remove from RuntimeDriversArray
[!] DriverInfo Magic is invalid, new wdfilter version?, driver info will not be released to prevent bsod
[+] WdFilterDriverList Cleaned:
x????xxxxxxxx????xxxxxxxxx????xxxxxxxx
PAGELK
xxxxxxxxx????xxxxxxx
xx????x???x?x????xxxxxxx????x
MmAllocatePagesForMdl
MmMapLockedPagesSpecifyCache
MmProtectMdlSystemAddress
MmUnmapLockedPages
MmFreePagesFromMdl
ExAllocatePoolWithTag
ExFreePool
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
xxxxxx????xxxxx????xxx????xxxxx????x????xx?x
xxxxxx
xxx????xxxxx????xxx????x????x
[+] PiDDBLock Ptr 0x
[+] PiDDBCacheTable Ptr 0x
[+] Found Table Entry = 0x
ci.dll
xxx????x?xxxxxxx
C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.39.33519\include\xstring
front() called on empty string
null pointer cannot point to a block of non-zero size
invalid string position
You cannot concatenate the same moved string to itself. See N4950 [res.on.arguments]/1.3: If a function argument is bound to an rvalue reference parameter, the implementation may assume that this parameter is a unique reference to this argument, except that the argument passed to a move-assignment operator may be a reference to *this ([lib.types.movedfrom]).
ntdll.dll
NtAddAtom
string iterators in range are from different containers
string iterator range transposed
_InitData
_Mbst1
_Mbst2
_UFirst
_UFirst
_Output
__$ArrayPad
_Result
_Path1_str
_Path2_str
_Output
__$ArrayPad
_Result
_Result
_Stats
explorerPid
driver_path
raw_image
exitCode
_Proxy
_Guard
_Proxy
_New_capacity
_New_ptr
_New_capacity
_New_ptr
_Proxy
_New_capacity
_New_ptr
_New_capacity
_New_ptr
_New_capacity
_New_ptr
_As_view
_UFirst
_ULast
_Backout
_As_view
generic
system
unknown error
C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.39.33519\include\xlocale
C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.39.33519\include\xlocnum
non-zero size null string_view
exists
[+] Callback example called
:AM:am:PM:pm
vector too long
C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.39.33519\include\xutility
transposed pointer range
mdlptr
status
LowAddress
HighAddress
byteCount
kernel_injected_jmp
original_kernel_function
wasn't found
[-] Dependency
[-] Failed to resolve import
relocs
reloc_info
imports
import_info
import_function_data
_New_capacity
_New_ptr
_Newcapacity
_Newcapacity
_Newcapacity
_Backout
_Backout
_Backout
_Proxy
_Guard
_Backout
driver_name
servicesPath
dservice
SeLoadDriverWasEnabled
wdriver_reg_path
serviceStr
wdriver_reg_path
serviceStr
driver_service
servicesPath
[-] Can't create service key
[-] Can't create 'ImagePath' registry value
[-] Can't create 'Type' registry value
RtlAdjustPrivilege
NtLoadDriver
Fatal error: failed to acquire SE_LOAD_DRIVER_PRIVILEGE. Make sure you are running as administrator.
[+] NtLoadDriver Status 0x
[-] Your vulnerable driver list is enabled and have blocked the driver loading, you must disable vulnerable driver list to use kdmapper with intel driver
[-] Registry path to disable vulnerable driver list: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Config
[-] Set 'VulnerableDriverBlocklistEnable' as dword to 0
NtUnloadDriver
[+] NtUnloadDriver Status 0x
[-] Driver Unload Failed!!
temp_directory
file_ifstream
file_ofstream
buffer_size
current_module_name
_UFirst
_ULast
_Newcapacity
_Backout
istreambuf_iterator is not incrementable
C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.39.33519\include\iterator
istreambuf_iterator is not dereferenceable
D:\a\_work\1\s\src\vctools\crt\github\stl\src\locale0.cpp
D:\a\_work\1\s\src\vctools\crt\github\stl\src\filesystem.cpp
GetTempPath2W
bad allocation
Stack around the variable '
' was corrupted.
The variable '
' is being used without being initialized.
The value of ESP was not properly saved across a function call. This is usually a result of calling a function declared with one calling convention with a function pointer declared with a different calling convention.
A cast to a smaller data type has caused a loss of data. If this was intentional, you should mask the source of the cast with the appropriate bitmask. For example:
char c = (i & 0xFF);
Changing the code in this way will not affect the quality of the resulting optimized code.
Stack memory was corrupted
A local variable was used before it was initialized
Stack memory around _alloca was corrupted
Unknown Runtime Check Error
Unknown Filename
Unknown Module Name
Run-Time Check Failure #%d - %s
Stack corrupted near unknown variable
Stack area around _alloca memory reserved by this function is corrupted
Data: <
Allocation number within this function:
Size:
Address: 0x
Stack area around _alloca memory reserved by this function is corrupted
%s%s%p%s%zd%s%d%s%s%s%s%s
A variable is being used without being initialized.
Stack pointer corruption
Cast to smaller type causing loss of data
Stack memory corruption
Local variable used before initialization
Stack around _alloca corrupted
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
PDBOpenValidate5
RSDSyI
C:\Users\zuhao\OneDrive\Desktop\kdmapper-master\x64\Debug\kdmapper_Debug.pdb
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVbad_alloc@std@@
.?AVbad_cast@std@@
.?AVruntime_error@std@@
.?AVsystem_error@std@@
.?AV_System_error@std@@
.?AVfilesystem_error@filesystem@std@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ofstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AVerror_category@std@@
.?AV_Generic_error_category@std@@
.?AV_System_error_category@std@@
.?AV?$basic_ifstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@
.?AVtype_info@@
CreateFileW
CloseHandle
DeviceIoControl
GetCurrentProcessId
GetCurrentThreadId
VirtualAlloc
VirtualFree
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetTempPathW
KERNEL32.dll
GetShellWindow
GetWindowThreadProcessId
USER32.dll
RegCloseKey
RegCreateKeyW
RegOpenKeyW
RegSetKeyValueW
RegDeleteTreeW
ADVAPI32.dll
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??7ios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?setf@ios_base@std@@QEAAHHH@Z
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
_Mbrtowc
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getdays@_Locinfo@std@@QEBAPEBDXZ
?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
MSVCP140D.dll
NtQuerySystemInformation
RtlInitUnicodeString
ntdll.dll
memcpy
memmove
memset
wcsstr
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler4
memcmp
__C_specific_handler
__C_specific_handler_noexcept
__std_type_info_destroy_list
__current_exception
__current_exception_context
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
VCRUNTIME140D.dll
VCRUNTIME140_1D.dll
_invalid_parameter
wcslen
_stricmp
strlen
_CrtDbgReport
_wremove
_get_stream_buffer_pointers
fclose
fflush
fgetpos
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
_lock_file
_unlock_file
_time64
_wcsicmp
_calloc_dbg
_free_dbg
_malloc_dbg
___lc_codepage_func
_callnewh
malloc
_CrtDbgReportW
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
_set_fmode
__p___argc
__p___wargv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
strcpy_s
strcat_s
__stdio_common_vsprintf_s
terminate
_wmakepath_s
_wsplitpath_s
wcscpy_s
ucrtbased.dll
LocalFree
FormatMessageA
GetLocaleInfoEx
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetFullPathNameW
SetFileAttributesW
SetFileInformationByHandle
SetFileTime
AreFileApisANSI
GetLastError
GetModuleHandleW
CreateDirectoryExW
CopyFileW
MoveFileExW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
MultiByteToWideChar
WideCharToMultiByte
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='requireAdministrator' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
\??\Nal
\DosDevices\Nal
\Device\Nal
\REGISTRY\MACHINE\HARDWARE\RESOURCEMAP\PnP Manager\PnpManager
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Intel Corporation
FileDescription
Intel(R) Network Adapter Diagnostic Driver
FileVersion
1.03.0.7 built by: WinDDK
InternalName
iQVW64.SYS
LegalCopyright
Copyright (C) 2002-2013 Intel Corporation All Rights Reserved.
OriginalFilename
iQVW64.SYS
ProductName
Intel(R) iQVW64.SYS
ProductVersion
1.03.0.7
VarFileInfo
Translation
:..\drivers\Win64e\iqvw64e.SY
C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.39.33519\include\xmemory
"invalid argument"
"ITERATOR LIST CORRUPTED!"
\\.\Nal
[-] \Device\Nal is already in use.
[<] Loading vulnerable driver, Name:
[-] Can't find TEMP folder
[-] Failed to create vulnerable driver file
[-] Failed to register and start service for the vulnerable driver
[-] Failed to load driver iqvw64e.sys
[-] Failed to get ntoskrnl.exe
[-] Failed to ClearPiDDBCacheTable
[-] Failed to ClearKernelHashBucketList
[!] Failed to ClearMmUnloadedDrivers
[<] Unloading vulnerable driver
[!] Error dumping shit inside the disk
[+] Vul driver data destroyed before unlink
[-] Failed to translate virtual address 0x
[-] Failed to map IO space of 0x
[!] Failed to unmap IO space of physical address 0x
[!] Failed to find MmAllocateIndependentPagesEx
[!] Failed to find MmFreeIndependentPages
[!] Invalid address passed to MmSetPageProtection
[!] Failed to find MmSetPageProtection
[!] Failed to find MmAlocatePagesForMdl
[!] Failed to find MmMapLockedPagesSpecifyCache
[!] Failed to find MmProtectMdlSystemAddress
[!] Failed to find MmUnmapLockedPages
[!] Failed to find MmFreePagesFromMdl
[!] Failed to find ExAllocatePool
[!] Failed to find device_object
[!] Failed to find driver_object
[!] Failed to find driver_section
[!] Failed to find driver name
[!] Failed to read driver name
[!] Failed to write driver name length
[+] MmUnloadedDrivers Cleaned:
[!] Failed to find ExAcquireResourceExclusiveLite
[!] Failed to find ExReleaseResourceLite
[!] Failed to find RtlDeleteElementGenericTableAvl
[!] Failed to find RtlLookupElementGenericTableAvl
[-] Warning PiDDBLock not found
[+] PiDDBLock found with second pattern
[-] Warning PiDDBCacheTable not found
[-] Can't lock PiDDBCacheTable
[+] PiDDBLock Locked
[-] Not found in cache
[-] Can't get prev entry
[-] Can't get next entry
[-] Can't set next entry
[-] Can't set prev entry
[-] Can't delete from PiDDBCacheTable
[+] PiDDBCacheTable Cleaned
[-] No module address to find pattern
[-] Can't find pattern, Too big section
[-] Read failed in FindPatternAtKernel
[-] Can't find pattern
[-] Can't read module headers
[-] Can't find section
[-] Can't Find ci.dll module address
[-] Can't Find g_KernelHashBucketList
[-] Can't Find g_HashCacheLock
[-] Can't Find g_HashCache relative address
[+] g_KernelHashBucketList Found 0x
[-] Can't lock g_HashCacheLock
[+] g_HashCacheLock Locked
[-] Failed to read first g_KernelHashBucketList entry!
[-] Failed to release g_KernelHashBucketList lock!
[!] g_KernelHashBucketList looks empty!
[-] Failed to read g_KernelHashBucketList entry text len!
[-] Failed to read g_KernelHashBucketList entry text ptr!
[-] Failed to read g_KernelHashBucketList entry text!
[+] Found In g_KernelHashBucketList:
[-] Failed to read g_KernelHashBucketList next entry ptr!
[-] Failed to write g_KernelHashBucketList prev entry ptr!
[-] Failed to clear g_KernelHashBucketList entry pool!
[+] g_KernelHashBucketList Cleaned
[-] Failed to read g_KernelHashBucketList next entry!
C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.39.33519\include\xstring
"front() called on empty string"
"null pointer cannot point to a block of non-zero size"
"You cannot concatenate the same moved string to itself. See N4950 [res.on.arguments]/1.3: " "If a function argument is bound to an rvalue reference parameter, the implementation may assume that " "this parameter is a unique reference to this argument, except that the argument passed to " "a move-assignment operator may be a reference to *this ([lib.types.movedfrom])."
[-] Failed to load ntdll.dll
[-] Failed to get export ntdll.NtAddAtom
[-] Failed to get export ntoskrnl.NtAddAtom
[-] FAILED!: The code was already hooked!! another instance of kdmapper running?!
"string iterators in range are from different containers"
"string iterator range transposed"
"non-zero size null string_view"
by 0x
[!!] Crash at addr 0x
[!!] Crash
[!] Incorrect Usage!
[+] Usage: kdmapper.exe [--free][--mdl][--PassAllocationPtr] driver
[+] Pausing to allow for debugging
[+] Press enter to close
indPages
PassAllocationPtr
[+] Free pool memory after usage enabled
[+] Mdl memory usage enabled
[+] Allocate Independent Pages mode enabled
[+] Pass Allocation Ptr as first param enabled
doesn't exist
[-] File
[-] Failed to read image to memory
[-] Too many allocation modes
[-] Failed to map
[-] Warning failed to fully unload vulnerable driver
[+] success
:AM:am:PM:pm
C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.39.33519\include\xutility
"transposed pointer range"
[-] Can't allocate pages for mdl
[-] Can't read the _MDL : byteCount
[-] Couldn't allocate enough memory, cleaning up
[-] Can't set mdl pages cache, cleaning up.
[-] Can't change protection for mdl pages, cleaning up
[+] Allocated pages for mdl
[-] Error allocating independent pages
[-] Failed to change page protections
[-] Invalid format of PE image
[-] Image is not 64 bit
[-] Failed to allocate remote image in kernel
[+] Image base has been allocated at 0x
bytes of PE Header
[+] Skipped 0x
[-] Failed to fix cookie
[-] Failed to resolve imports
[-] Failed to write local image to remote image
[<] Calling DriverEntry 0x
[-] Callback returns false, failed!
[-] Failed to call driver entry
[+] DriverEntry returned 0x
[+] Freeing memory
[+] Memory has been released
[-] WARNING: Failed to free memory!
[+] Load config directory wasn't found, probably StackCookie not defined, fix cookie skipped
[+] StackCookie not defined, fix cookie skipped
[-] StackCookie already fixed!? this probably wrong
[+] Fixing stack cookie
SYSTEM\CurrentControlSet\Services\
ImagePath
\Registry\Machine\System\CurrentControlSet\Services\
[-] Failed to get temp path
C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.39.33519\include\iterator
"istreambuf_iterator is not incrementable"
"istreambuf_iterator is not dereferenceable"
!x-sys-default-locale
\\?\GLOBALROOT
kernel32.dll
Runtime Check Error.
Unable to display RTC Message.
Run-Time Check Failure #%d - %s
bin\amd64\MSPDB140.DLL
VCRUNTIME140D.dll
api-ms-win-core-registry-l1-1-0.dll
advapi32.dll
SOFTWARE\Wow6432Node\Microsoft\VisualStudio\14.0\Setup\VC
ProductDir
MSPDB140
MSPDB140