Driver Hooker Improves Data Capture Tool #shorts

The original tool has been improved with advor hooker allowing the user to capture the data. I'm going to give you a tool and that tool is going to go over ioctlus and I improve that tool by using a vber hooker. So what I did is using a I place a hook another driver in the kernel that is going to hook the dispatcher the the iOS the dispatcher of the of the driver and then it's going to of that specific driver not of every driver of the driver that you want is going to hook that and every time uh IOCTL is called it doesn't matter which one it's going to create a a new txt file and going to drop the the name of

the IOCTL and also it's going to drop the data of it. I'm not going to cover the code because otherwise you have no time. But this is the tools. The original tool has been improved with a driver hooker allowing the user to capture the data. But because the hook was in place, now I can go load config from the hook. I can go into where the hooks are. Driver hooks driver kernel driver. And as soon as I loaded, it got me the ioctl code. the decoded ioctl code. So I can also see uh the the file access the method that is using if they has a a device type and then the the function and you see that

this is the data that has been sent from the user mode application. So DC one zero and should be this one. And then I'm going to replay it and it's gone. And so we replay it the hook. Yeah. from the user more application.