Skip to content

msmania/hk

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
controller
controller
 
 
driver
driver
 
 
probe
probe
 
 
shared
shared
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

Hk

Hk is a DLL injection tookit via kernel driver. Currently this uses IAT hooking as an injection technique.

If you're interested in user-mode DLL injection, please check out https://github.com/msmania/procjack.

Software requirements to build

Don't worry, all free 😉.

How to build

1. Prepare a codesign certificate to sign a driver

In the current Windows, drivers need to be signed with a codesign certificate. So you need to create a self-signed or CA-signed certificate.

Makefile in the repo already has a step to sign a driver file. What you need to do is:

  1. Prepare a certificate having 'codeSigning' (1.3.6.1.5.5.7.3.3) in the extended key usage section. OpenSSL is always your friend. If you prefer Microsoft'ish way, this would be useful.

  2. On your build machine, install your certificate to the 'My' Certificate store:
    certutil -add My <path_to_pfx>

  3. Update CODESIGN_SHA1 in ./Makefile with SHA1 hash of your certificate.

  4. On you test machine to run the driver on, enable testsigning mode or kernel debugging.

2. Build

Launch "x64 Native Tools Command Prompt for VS" and run NMAKE on the root of this repo. Binaries will be generated under the subdirectory "bin/amd64". The current code supports x64 only.

Depending on WDK version you have, you may need to update WDKINCPATH and WDKLIBPATH in ./Makefile, too.

How to set up

  1. Copy hk.sys, hkc.exe, and probe.dll to a test machine. I usually copy them into C:\hk.

  2. Configure hk.sys as a kernel service and start it.

> sc create hk binpath= C:\hk\hk.sys type= kernel
> net start hk

How to play

With hkc.exe, you can control:

For example, if you want to inject probe.dll into notepad.exe when a process is created, run the following commands.

> C:\hk\hkc.exe --cp notepad.exe
> C:\hk\hkc.exe --inject C:\hk\probe.dll

Here are the other options of hkc.exe:

> C:\hk\hkc.exe
USAGE: hkc [COMMAND]

  --info
  --inject <injectee>
  --[trace|li|cp|ct] <target>

Footnotes

  1. An injectee must export a function with Ordinal 0n100, otherwise a target process fails to start.

About

Injector with kernel power

Resources

Readme

License

MIT license
Activity

Stars

15 stars

Watchers

4 watching

Forks

10 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages