1. IOCTL-Proxy

    This is a POC of IOCTL fuzzer. It gave surprisingly good results.

    IOCTL-Proxy works by hooking NtDeviceIoControlFile, manipulating its' parameters and feeding them to the real function.

    Load the driver and simply click around in application you want to test.

    You will get a lot of BSODS, be careful.

    PreviousMode==KernelMode is ignored, since we are only interested in calls from UserMode to KernelMode, not Kernel->Kernel.

    Get it here:
  2. Command line version of OSR's DeviceTree

    Get it here: http://orange-bat.com/code/device.tree.cmd.rar

    Sample output:

    Unloading ObjInfo driver
    Loading driver: D:\tools\devicetree\i386\OBJINFO.SYS
    No service, creating...
    Service not running, starting...
    Service started.
    Driver object: 0x89c98a08
    Service name: nvata
    Device name: \Device\00000138, type: 0x00000007
    Device name: \Device\NvAta2, type: 0x00000001
    Device name: \Device\NvAta1, type: 0x00000001
    Device name: \Device\NvAta0, type: 0x00000001
    Driver object: 0x89c8a8d0
    Service name: NDIS
    Device name: \Device\Ndis, type: 0x00000012
    Driver object: 0x89cdad28
    Service name: KSecDD
    Device name: \Device\KsecDD, type: 0x00000039
    Driver object: 0x8897b218
    Service name: Beep
    Device name: \Device\Beep, type: 0x00000001
    Driver object: 0x899e7418
    Service name: Raspti
    Device name: \Device\{AA56C973-4F1C-4D19-8BAC-4FA6F14D80CB}, type: 0x00000017
    Driver object: 0x89aab928
    Service name: Mouclass
    Device name: \Device\PointerClass1, type: 0x0000000f
    Device name: \Device\PointerClass0, type: 0x00000000
    It's useful when coding IOCTL fuzzer for example