Writing a Kernel Driver in an hour

Presented at REcon 2023, June 10, 2023, 1 p.m. (60 minutes)

Can we write a kernel driver in one hour that does something useful? We'll fire up Visual Studio, talk about the required theory, and then write a somewhat useful kernel driver. For example, a driver that can read the memory of any process. These are the installation requirements for participants to get the most out of the workshop: 1. Windows 10 or 11 with Visual Studio 2022 (the free community edition is just fine). The "C++ Desktop development" workload must be checked when installing. 2. The Windows Driver Kit (WDK 11, even if installing on Windows 10). At the end of installation, it will add an extension that integrates with VS 2022. 3. A virtual machine (any virtualization technology is fine) with Windows 10 or 11 installed. 4. Some PDF reader.

Presenters:

• Pavel Yosifovich
  Pavel is a developer, trainer, and author, specializing in Windows and low-level software development. He's a co-author of "Windows Internals, 7th ed. part 1", and the author of "Windows Kernel Programming" and "Windows 10 System Programming". He's also a Pluralsight author and has written several open-source tools that provide insight into Windows. He can be reached via https://scorpiosoftware.net

Links:

• https://cfp.recon.cx/2023/talk/KHNVMA/
• https://cfp.recon.cx/2023/talk/MSKZF7/

Similar Presentations:

• REcon 2015 / Reverse Engineering Windows AFD.sys: Uncovering the Intricacies of the Ancillary Function Driver
• Black Hat Europe 2020 Virtual / Discovering 20 Year Old Vulnerabilities in Modern Windows Kernel
• ToorCon San Diego TwentyOne (2019) / Using drivers for kernel operations during a Red Team operation