GitHub - asdlei99/CFB: Canadian Furious Beaver is a tool for monitoring IRP handler in Windows drivers, and facilitating the process of analyzing, replaying and fuzzing Windows drivers for vulnerabilities

What is it?

Canadian Furious Beaver is a distributed tool for capturing IRPs sent to any Windows driver. It operates in 2 parts:

the "Broker" combines both a user-land agent and a self-extractable driver (IrpMonitor.sys) that will install itself on the targeted system. After installing the driver, the broker will expose a TCP port listening (by default, on TCP/1337) and start collecting IRP from hooked drivers. The communication protocol was made to be simple by design (i.e. not secure) allowing any 3rd party tool to dump the driver IRPs from the same Broker easily (via simple JSON messages).
the clients can connect to the broker, and will receive IRPs as a JSON message making it easy to view, or convert to another format.

Because I had no idea for the name of this tool, so it was graciously generated by a script of mine.

Name		Name	Last commit message	Last commit date
Latest commit History 479 Commits
.github		.github
Assets		Assets
Broker		Broker
Common		Common
Docs		Docs
Driver		Driver
GUI		GUI
cmake		cmake
.clang-format		.clang-format
.clang-tidy		.clang-tidy
.editorconfig		.editorconfig
.gitattributes		.gitattributes
.gitignore		.gitignore
CMakeLists.txt		CMakeLists.txt
README.md		README.md