-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
9604df6
commit 0cb800c
Showing
23 changed files
with
1,520 additions
and
0 deletions.
There are no files selected for viewing
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| 1. Let's say you want to install the PSPLinkusb driver. First you want to generate your own root certificate for that driver with: | ||
|
|
||
| makecert -$ individual -r -pe -ss "Deadlands Drivers" -n CN="Deadlands Drivers" deadlands_signed.cer | ||
|
|
||
|
|
||
|
|
||
| 2. Then you install the certificate you just created to the trusted root directory: | ||
|
|
||
| certmgr /add deadlands_signed.cer /s /r localMachine root | ||
|
|
||
|
|
||
|
|
||
|
|
||
| 3. Finally, you sign EACH .sys file using the certificate: | ||
|
|
||
| signtool sign /v /s "Deadlands Drivers" /n "Deadlands Drivers" DEADLANDS.sys |
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,139 @@ | ||
| Windows Seven SP1 x64 | ||
| ====================== | ||
|
|
||
| lkd> dt nt!_EPROCESS | ||
| +0x000 Pcb : _KPROCESS | ||
| +0x160 ProcessLock : _EX_PUSH_LOCK | ||
| +0x168 CreateTime : _LARGE_INTEGER | ||
| +0x170 ExitTime : _LARGE_INTEGER | ||
| +0x178 RundownProtect : _EX_RUNDOWN_REF | ||
| +0x180 UniqueProcessId : Ptr64 Void | ||
| +0x188 ActiveProcessLinks : _LIST_ENTRY | ||
| +0x198 ProcessQuotaUsage : [2] Uint8B | ||
| +0x1a8 ProcessQuotaPeak : [2] Uint8B | ||
| +0x1b8 CommitCharge : Uint8B | ||
| +0x1c0 QuotaBlock : Ptr64 _EPROCESS_QUOTA_BLOCK | ||
| +0x1c8 CpuQuotaBlock : Ptr64 _PS_CPU_QUOTA_BLOCK | ||
| +0x1d0 PeakVirtualSize : Uint8B | ||
| +0x1d8 VirtualSize : Uint8B | ||
| +0x1e0 SessionProcessLinks : _LIST_ENTRY | ||
| +0x1f0 DebugPort : Ptr64 Void | ||
| +0x1f8 ExceptionPortData : Ptr64 Void | ||
| +0x1f8 ExceptionPortValue : Uint8B | ||
| +0x1f8 ExceptionPortState : Pos 0, 3 Bits | ||
| +0x200 ObjectTable : Ptr64 _HANDLE_TABLE | ||
| +0x208 Token : _EX_FAST_REF | ||
| +0x210 WorkingSetPage : Uint8B | ||
| +0x218 AddressCreationLock : _EX_PUSH_LOCK | ||
| +0x220 RotateInProgress : Ptr64 _ETHREAD | ||
| +0x228 ForkInProgress : Ptr64 _ETHREAD | ||
| +0x230 HardwareTrigger : Uint8B | ||
| +0x238 PhysicalVadRoot : Ptr64 _MM_AVL_TABLE | ||
| +0x240 CloneRoot : Ptr64 Void | ||
| +0x248 NumberOfPrivatePages : Uint8B | ||
| +0x250 NumberOfLockedPages : Uint8B | ||
| +0x258 Win32Process : Ptr64 Void | ||
| +0x260 Job : Ptr64 _EJOB | ||
| +0x268 SectionObject : Ptr64 Void | ||
| +0x270 SectionBaseAddress : Ptr64 Void | ||
| +0x278 Cookie : Uint4B | ||
| +0x27c UmsScheduledThreads : Uint4B | ||
| +0x280 WorkingSetWatch : Ptr64 _PAGEFAULT_HISTORY | ||
| +0x288 Win32WindowStation : Ptr64 Void | ||
| +0x290 InheritedFromUniqueProcessId : Ptr64 Void | ||
| +0x298 LdtInformation : Ptr64 Void | ||
| +0x2a0 Spare : Ptr64 Void | ||
| +0x2a8 ConsoleHostProcess : Uint8B | ||
| +0x2b0 DeviceMap : Ptr64 Void | ||
| +0x2b8 EtwDataSource : Ptr64 Void | ||
| +0x2c0 FreeTebHint : Ptr64 Void | ||
| +0x2c8 FreeUmsTebHint : Ptr64 Void | ||
| +0x2d0 PageDirectoryPte : _HARDWARE_PTE | ||
| +0x2d0 Filler : Uint8B | ||
| +0x2d8 Session : Ptr64 Void | ||
| +0x2e0 ImageFileName : [15] UChar | ||
| +0x2ef PriorityClass : UChar | ||
| +0x2f0 JobLinks : _LIST_ENTRY | ||
| +0x300 LockedPagesList : Ptr64 Void | ||
| +0x308 ThreadListHead : _LIST_ENTRY | ||
| +0x318 SecurityPort : Ptr64 Void | ||
| +0x320 Wow64Process : Ptr64 Void | ||
| +0x328 ActiveThreads : Uint4B | ||
| +0x32c ImagePathHash : Uint4B | ||
| +0x330 DefaultHardErrorProcessing : Uint4B | ||
| +0x334 LastThreadExitStatus : Int4B | ||
| +0x338 Peb : Ptr64 _PEB | ||
| +0x340 PrefetchTrace : _EX_FAST_REF | ||
| +0x348 ReadOperationCount : _LARGE_INTEGER | ||
| +0x350 WriteOperationCount : _LARGE_INTEGER | ||
| +0x358 OtherOperationCount : _LARGE_INTEGER | ||
| +0x360 ReadTransferCount : _LARGE_INTEGER | ||
| +0x368 WriteTransferCount : _LARGE_INTEGER | ||
| +0x370 OtherTransferCount : _LARGE_INTEGER | ||
| +0x378 CommitChargeLimit : Uint8B | ||
| +0x380 CommitChargePeak : Uint8B | ||
| +0x388 AweInfo : Ptr64 Void | ||
| +0x390 SeAuditProcessCreationInfo : _SE_AUDIT_PROCESS_CREATION_INFO | ||
| +0x398 Vm : _MMSUPPORT | ||
| +0x420 MmProcessLinks : _LIST_ENTRY | ||
| +0x430 HighestUserAddress : Ptr64 Void | ||
| +0x438 ModifiedPageCount : Uint4B | ||
| +0x43c Flags2 : Uint4B | ||
| +0x43c JobNotReallyActive : Pos 0, 1 Bit | ||
| +0x43c AccountingFolded : Pos 1, 1 Bit | ||
| +0x43c NewProcessReported : Pos 2, 1 Bit | ||
| +0x43c ExitProcessReported : Pos 3, 1 Bit | ||
| +0x43c ReportCommitChanges : Pos 4, 1 Bit | ||
| +0x43c LastReportMemory : Pos 5, 1 Bit | ||
| +0x43c ReportPhysicalPageChanges : Pos 6, 1 Bit | ||
| +0x43c HandleTableRundown : Pos 7, 1 Bit | ||
| +0x43c NeedsHandleRundown : Pos 8, 1 Bit | ||
| +0x43c RefTraceEnabled : Pos 9, 1 Bit | ||
| +0x43c NumaAware : Pos 10, 1 Bit | ||
| +0x43c ProtectedProcess : Pos 11, 1 Bit | ||
| +0x43c DefaultPagePriority : Pos 12, 3 Bits | ||
| +0x43c PrimaryTokenFrozen : Pos 15, 1 Bit | ||
| +0x43c ProcessVerifierTarget : Pos 16, 1 Bit | ||
| +0x43c StackRandomizationDisabled : Pos 17, 1 Bit | ||
| +0x43c AffinityPermanent : Pos 18, 1 Bit | ||
| +0x43c AffinityUpdateEnable : Pos 19, 1 Bit | ||
| +0x43c PropagateNode : Pos 20, 1 Bit | ||
| +0x43c ExplicitAffinity : Pos 21, 1 Bit | ||
| +0x440 Flags : Uint4B | ||
| +0x440 CreateReported : Pos 0, 1 Bit | ||
| +0x440 NoDebugInherit : Pos 1, 1 Bit | ||
| +0x440 ProcessExiting : Pos 2, 1 Bit | ||
| +0x440 ProcessDelete : Pos 3, 1 Bit | ||
| +0x440 Wow64SplitPages : Pos 4, 1 Bit | ||
| +0x440 VmDeleted : Pos 5, 1 Bit | ||
| +0x440 OutswapEnabled : Pos 6, 1 Bit | ||
| +0x440 Outswapped : Pos 7, 1 Bit | ||
| +0x440 ForkFailed : Pos 8, 1 Bit | ||
| +0x440 Wow64VaSpace4Gb : Pos 9, 1 Bit | ||
| +0x440 AddressSpaceInitialized : Pos 10, 2 Bits | ||
| +0x440 SetTimerResolution : Pos 12, 1 Bit | ||
| +0x440 BreakOnTermination : Pos 13, 1 Bit | ||
| +0x440 DeprioritizeViews : Pos 14, 1 Bit | ||
| +0x440 WriteWatch : Pos 15, 1 Bit | ||
| +0x440 ProcessInSession : Pos 16, 1 Bit | ||
| +0x440 OverrideAddressSpace : Pos 17, 1 Bit | ||
| +0x440 HasAddressSpace : Pos 18, 1 Bit | ||
| +0x440 LaunchPrefetched : Pos 19, 1 Bit | ||
| +0x440 InjectInpageErrors : Pos 20, 1 Bit | ||
| +0x440 VmTopDown : Pos 21, 1 Bit | ||
| +0x440 ImageNotifyDone : Pos 22, 1 Bit | ||
| +0x440 PdeUpdateNeeded : Pos 23, 1 Bit | ||
| +0x440 VdmAllowed : Pos 24, 1 Bit | ||
| +0x440 CrossSessionCreate : Pos 25, 1 Bit | ||
| +0x440 ProcessInserted : Pos 26, 1 Bit | ||
| +0x440 DefaultIoPriority : Pos 27, 3 Bits | ||
| +0x440 ProcessSelfDelete : Pos 30, 1 Bit | ||
| +0x440 SetTimerResolutionLink : Pos 31, 1 Bit | ||
| +0x444 ExitStatus : Int4B | ||
| +0x448 VadRoot : _MM_AVL_TABLE | ||
| +0x488 AlpcContext : _ALPC_PROCESS_CONTEXT | ||
| +0x4a8 TimerResolutionLink : _LIST_ENTRY | ||
| +0x4b8 RequestedTimerResolution : Uint4B | ||
| +0x4bc ActiveThreadsHighWatermark : Uint4B | ||
| +0x4c0 SmallestTimerResolution : Uint4B | ||
| +0x4c8 TimerResolutionStackRecord : Ptr64 _PO_DIAG_STACK_RECORD |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,138 @@ | ||
| Windows Seven SP1 x86 | ||
| ====================== | ||
|
|
||
| lkd> dt nt!_EPROCESS | ||
| +0x000 Pcb : _KPROCESS | ||
| +0x098 ProcessLock : _EX_PUSH_LOCK | ||
| +0x0a0 CreateTime : _LARGE_INTEGER | ||
| +0x0a8 ExitTime : _LARGE_INTEGER | ||
| +0x0b0 RundownProtect : _EX_RUNDOWN_REF | ||
| +0x0b4 UniqueProcessId : Ptr32 Void | ||
| +0x0b8 ActiveProcessLinks : _LIST_ENTRY | ||
| +0x0c0 ProcessQuotaUsage : [2] Uint4B | ||
| +0x0c8 ProcessQuotaPeak : [2] Uint4B | ||
| +0x0d0 CommitCharge : Uint4B | ||
| +0x0d4 QuotaBlock : Ptr32 _EPROCESS_QUOTA_BLOCK | ||
| +0x0d8 CpuQuotaBlock : Ptr32 _PS_CPU_QUOTA_BLOCK | ||
| +0x0dc PeakVirtualSize : Uint4B | ||
| +0x0e0 VirtualSize : Uint4B | ||
| +0x0e4 SessionProcessLinks : _LIST_ENTRY | ||
| +0x0ec DebugPort : Ptr32 Void | ||
| +0x0f0 ExceptionPortData : Ptr32 Void | ||
| +0x0f0 ExceptionPortValue : Uint4B | ||
| +0x0f0 ExceptionPortState : Pos 0, 3 Bits | ||
| +0x0f4 ObjectTable : Ptr32 _HANDLE_TABLE | ||
| +0x0f8 Token : _EX_FAST_REF | ||
| +0x0fc WorkingSetPage : Uint4B | ||
| +0x100 AddressCreationLock : _EX_PUSH_LOCK | ||
| +0x104 RotateInProgress : Ptr32 _ETHREAD | ||
| +0x108 ForkInProgress : Ptr32 _ETHREAD | ||
| +0x10c HardwareTrigger : Uint4B | ||
| +0x110 PhysicalVadRoot : Ptr32 _MM_AVL_TABLE | ||
| +0x114 CloneRoot : Ptr32 Void | ||
| +0x118 NumberOfPrivatePages : Uint4B | ||
| +0x11c NumberOfLockedPages : Uint4B | ||
| +0x120 Win32Process : Ptr32 Void | ||
| +0x124 Job : Ptr32 _EJOB | ||
| +0x128 SectionObject : Ptr32 Void | ||
| +0x12c SectionBaseAddress : Ptr32 Void | ||
| +0x130 Cookie : Uint4B | ||
| +0x134 Spare8 : Uint4B | ||
| +0x138 WorkingSetWatch : Ptr32 _PAGEFAULT_HISTORY | ||
| +0x13c Win32WindowStation : Ptr32 Void | ||
| +0x140 InheritedFromUniqueProcessId : Ptr32 Void | ||
| +0x144 LdtInformation : Ptr32 Void | ||
| +0x148 VdmObjects : Ptr32 Void | ||
| +0x14c ConsoleHostProcess : Uint4B | ||
| +0x150 DeviceMap : Ptr32 Void | ||
| +0x154 EtwDataSource : Ptr32 Void | ||
| +0x158 FreeTebHint : Ptr32 Void | ||
| +0x160 PageDirectoryPte : _HARDWARE_PTE | ||
| +0x160 Filler : Uint8B | ||
| +0x168 Session : Ptr32 Void | ||
| +0x16c ImageFileName : [15] UChar | ||
| +0x17b PriorityClass : UChar | ||
| +0x17c JobLinks : _LIST_ENTRY | ||
| +0x184 LockedPagesList : Ptr32 Void | ||
| +0x188 ThreadListHead : _LIST_ENTRY | ||
| +0x190 SecurityPort : Ptr32 Void | ||
| +0x194 PaeTop : Ptr32 Void | ||
| +0x198 ActiveThreads : Uint4B | ||
| +0x19c ImagePathHash : Uint4B | ||
| +0x1a0 DefaultHardErrorProcessing : Uint4B | ||
| +0x1a4 LastThreadExitStatus : Int4B | ||
| +0x1a8 Peb : Ptr32 _PEB | ||
| +0x1ac PrefetchTrace : _EX_FAST_REF | ||
| +0x1b0 ReadOperationCount : _LARGE_INTEGER | ||
| +0x1b8 WriteOperationCount : _LARGE_INTEGER | ||
| +0x1c0 OtherOperationCount : _LARGE_INTEGER | ||
| +0x1c8 ReadTransferCount : _LARGE_INTEGER | ||
| +0x1d0 WriteTransferCount : _LARGE_INTEGER | ||
| +0x1d8 OtherTransferCount : _LARGE_INTEGER | ||
| +0x1e0 CommitChargeLimit : Uint4B | ||
| +0x1e4 CommitChargePeak : Uint4B | ||
| +0x1e8 AweInfo : Ptr32 Void | ||
| +0x1ec SeAuditProcessCreationInfo : _SE_AUDIT_PROCESS_CREATION_INFO | ||
| +0x1f0 Vm : _MMSUPPORT | ||
| +0x25c MmProcessLinks : _LIST_ENTRY | ||
| +0x264 HighestUserAddress : Ptr32 Void | ||
| +0x268 ModifiedPageCount : Uint4B | ||
| +0x26c Flags2 : Uint4B | ||
| +0x26c JobNotReallyActive : Pos 0, 1 Bit | ||
| +0x26c AccountingFolded : Pos 1, 1 Bit | ||
| +0x26c NewProcessReported : Pos 2, 1 Bit | ||
| +0x26c ExitProcessReported : Pos 3, 1 Bit | ||
| +0x26c ReportCommitChanges : Pos 4, 1 Bit | ||
| +0x26c LastReportMemory : Pos 5, 1 Bit | ||
| +0x26c ReportPhysicalPageChanges : Pos 6, 1 Bit | ||
| +0x26c HandleTableRundown : Pos 7, 1 Bit | ||
| +0x26c NeedsHandleRundown : Pos 8, 1 Bit | ||
| +0x26c RefTraceEnabled : Pos 9, 1 Bit | ||
| +0x26c NumaAware : Pos 10, 1 Bit | ||
| +0x26c ProtectedProcess : Pos 11, 1 Bit | ||
| +0x26c DefaultPagePriority : Pos 12, 3 Bits | ||
| +0x26c PrimaryTokenFrozen : Pos 15, 1 Bit | ||
| +0x26c ProcessVerifierTarget : Pos 16, 1 Bit | ||
| +0x26c StackRandomizationDisabled : Pos 17, 1 Bit | ||
| +0x26c AffinityPermanent : Pos 18, 1 Bit | ||
| +0x26c AffinityUpdateEnable : Pos 19, 1 Bit | ||
| +0x26c PropagateNode : Pos 20, 1 Bit | ||
| +0x26c ExplicitAffinity : Pos 21, 1 Bit | ||
| +0x270 Flags : Uint4B | ||
| +0x270 CreateReported : Pos 0, 1 Bit | ||
| +0x270 NoDebugInherit : Pos 1, 1 Bit | ||
| +0x270 ProcessExiting : Pos 2, 1 Bit | ||
| +0x270 ProcessDelete : Pos 3, 1 Bit | ||
| +0x270 Wow64SplitPages : Pos 4, 1 Bit | ||
| +0x270 VmDeleted : Pos 5, 1 Bit | ||
| +0x270 OutswapEnabled : Pos 6, 1 Bit | ||
| +0x270 Outswapped : Pos 7, 1 Bit | ||
| +0x270 ForkFailed : Pos 8, 1 Bit | ||
| +0x270 Wow64VaSpace4Gb : Pos 9, 1 Bit | ||
| +0x270 AddressSpaceInitialized : Pos 10, 2 Bits | ||
| +0x270 SetTimerResolution : Pos 12, 1 Bit | ||
| +0x270 BreakOnTermination : Pos 13, 1 Bit | ||
| +0x270 DeprioritizeViews : Pos 14, 1 Bit | ||
| +0x270 WriteWatch : Pos 15, 1 Bit | ||
| +0x270 ProcessInSession : Pos 16, 1 Bit | ||
| +0x270 OverrideAddressSpace : Pos 17, 1 Bit | ||
| +0x270 HasAddressSpace : Pos 18, 1 Bit | ||
| +0x270 LaunchPrefetched : Pos 19, 1 Bit | ||
| +0x270 InjectInpageErrors : Pos 20, 1 Bit | ||
| +0x270 VmTopDown : Pos 21, 1 Bit | ||
| +0x270 ImageNotifyDone : Pos 22, 1 Bit | ||
| +0x270 PdeUpdateNeeded : Pos 23, 1 Bit | ||
| +0x270 VdmAllowed : Pos 24, 1 Bit | ||
| +0x270 CrossSessionCreate : Pos 25, 1 Bit | ||
| +0x270 ProcessInserted : Pos 26, 1 Bit | ||
| +0x270 DefaultIoPriority : Pos 27, 3 Bits | ||
| +0x270 ProcessSelfDelete : Pos 30, 1 Bit | ||
| +0x270 SetTimerResolutionLink : Pos 31, 1 Bit | ||
| +0x274 ExitStatus : Int4B | ||
| +0x278 VadRoot : _MM_AVL_TABLE | ||
| +0x298 AlpcContext : _ALPC_PROCESS_CONTEXT | ||
| +0x2a8 TimerResolutionLink : _LIST_ENTRY | ||
| +0x2b0 RequestedTimerResolution : Uint4B | ||
| +0x2b4 ActiveThreadsHighWatermark : Uint4B | ||
| +0x2b8 SmallestTimerResolution : Uint4B | ||
| +0x2bc TimerResolutionStackRecord : Ptr32 _PO_DIAG_STACK_RECORD |
Oops, something went wrong.