Skip to content
/ kernel-driver-scanner Public

C++ Usermode Windows Driver Scanner To Enumerate Loaded Kernel Modules And Driver Objects, Flagging, Suspicious or manually mapped drivers.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kinobau/kernel-driver-scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
kmm.cpp
kmm.cpp
 
 

Repository files navigation

Kernel Driver Scanner

C++ Usermode Windows Driver Scanner To Enumerate Loaded Kernel Modules And Driver Objects, Flagging, Suspicious or manually mapped drivers.

Features

  • Enumerates drivers via PSAPI (EnumDeviceDrivers)
  • Enumerates drivers via NtQuerySystemInformation(SystemModuleInformation)
  • Enumerates /Driver directory objects via NtOpenDirectoryObject / NtQueryDirectoryObject
  • Highlights suspicious modules that do not appear in standard driver lists or have abnormal paths.

Limitations

  • Cannot reliably detect stealth manual-mapped drivers that leave no usermode artifacts.
  • Full detection of hidden drivers requires kernel access.

Build

Visual Studio, create Console App (C++) project, create or upload kmm.cpp and link against psapi.lib, build and run as admin.

Suspicious modules will be highlighted in the console if they do not match expected criteria.

About

C++ Usermode Windows Driver Scanner To Enumerate Loaded Kernel Modules And Driver Objects, Flagging, Suspicious or manually mapped drivers.

Topics

kernel driver windows-internals manualmap ntapi ntquerysysteminformation kerneldriver manualmapping driverscanner

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages