voidsec2022-01-14T08:55:49+01:00As part of my continuous security research journey, during this year I’ve spent a good amount of time reverse-engineering Windows drivers and exploiting kernel-mode related vulnerabilities.
While in the past there were (as far as I know), at least two good IDA plugins aiding in the reverse engineering process:
DriverBuddy of NCC Group.
win_driver_plugin of F-Secure.
unfortunately, nowadays, they are both rusty, out of date and broken on the latest version of IDA. They relied on external dependencies, were lacking documentation and...