Skip to content

Binary Ninja plugin to perform automated analysis of Windows drivers

License

Notifications You must be signed in to change notification settings

shareef12/driveranalyzer

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Windows Driver Analyzer (v1.0.0)

Author: shareef12 Find IRP dispatch routines and valid IOCTLs in a Windows kernel driver

Description:

This plugin will try to find and label IRP dispatch routines initialized in the DriverEntry routine. Additionally, this plugin will attempt to identify valid IOCTL control codes that the driver supports. Handler code for detected IOCTLs will be labeled, and CTL_CODE macros will be generated.

Demo Video

Installation Instructions

This plugin requires angr to be installed and available on sys.path.

Windows

The Windows distribution of Binary Ninja bundles a copy of python2.7. In order to install angr, you must install python2.7 on your system or in a virtualenv and make it available on sys.path. Note that attempting to install angr in the bundled python error will likely run into errors. On Windows systems, this plugin will automatically add "C:\Python27\Lib\site-packages" to sys.path.

  1. Install Python2.7 to "C:\Python27".

  2. From an Administrator command prompt, install angr.

    C:\Python27\python.exe -m pip install angr
    
  3. Copy this plugin to the Binary Ninja plugins folder at "%appdata%\Binary Ninja\plugins".

Linux

  1. Install angr.

    pip install angr
    
  2. Copy this plugin to the Binary Ninja plugins folder at "~/.binaryninja/plugins/".

Minimum Version

This plugin requires the following minimum version of Binary Ninja:

  • 1689

Required Dependencies

The following dependencies are required for this plugin:

  • pip - angr

License

This plugin is released under a MIT license.

Metadata Version

2

About

Binary Ninja plugin to perform automated analysis of Windows drivers

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages