Skip to content

Management tool for facilitating driver service (un)installation.

License

Notifications You must be signed in to change notification settings

SpecialKO/SKIFdrv

Repository files navigation

SKIFdrv

Management tool for facilitating driver service (un)installation.

Special K can make use of the common WinRing0_1_2_0 kernel driver to enable advanced CPU hardware monitoring capabilities in its CPU widget. This tool allows end-users to easily install/uninstall the driver and the necessary components, and is redistributed as a separate installer from the main Special K package. The tool creates a driver service on the system called SK_WinRing0 that autostarts the driver alongside the system boot as this is required to allow unelevated games to make use of it.

The tool also supports uninstalling the legacy driver service WinRing0_1_2_0 to allow users to migrate over.

Security concerns

The package exposes the system to CVE-2020-14979 (details), a Local Privilege Escalation vulnerability that can be exploited by malicious third-party code running locally to elevate their privileges to that of a local administrator.

This is a consequence of the intended purpose of allowing advanced CPU hardware monitoring capabilities in regular games that typically run unelevated (not as an admin), and our dependency on the WinRing0_1_2_0 kernel driver. While Special K's custom user-mode driver is cut-down significantly and only implements the relevant CPU sensor code, the kernel driver itself includes more advanced hardware capabilities beyond that, meaning third-party apps/tools that make use of their own user-mode driver can also make use of those capabilities as a result.

This is sadly nothing we can solve as it is outside of our financial capabilities to create a cut-down custom kernel driver implementing only the CPU sensor capabilities.

If you are a corporate/business user or IT administrator on a corporate device, do not under any circumstances install this driver!

For regular end-users, whether this is a concern for you or not is ultimately up to you. To be able to exploit the vulnerability, any malicious code would need to be executed locally and go undetected by the anti-virus suite of the system, and at that point most malware can already perform similar local privilege escalations easily through alternate methods, such as through e.g. a simple UAC auto-elevation bypass.

Command line arguments

Argument    What it does
<empty> Will throw an error message with information about supported command line arguments.
Install Performs an install of the driver and service.
Uninstall Performs an uninstall of the driver and service.
Migrate Uninstalls the obsolete kernel driver WinRing0_1_2_0. Used to move over to the new SK_WinRing0 name.
Silent Executes silently with no popups.

Notes

The NT Device name is hardcoded as \\.\WinRing0_1_2_0 and might conflict with other driver services as a result as only one can be running simultaneously using the same NT Device name. This should technically not be an issue because different apps can still interface with it.

Third-party code

About

Management tool for facilitating driver service (un)installation.

Topics

Resources

License

Stars

Watchers

Forks