• Search by Module
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• win_driver_plugin-master
  • win_driver_plugin.py
  • LICENSE.md
  • win_driver_plugin
    • create_tab_table.py
    • device_finder.py
    • dump_pool_tags.py
    • angr_analysis.py
    • ioctl_decoder.py
    • __init__.py
    • driverlib.py
    • device_type.py
  • README.md
  • screenshots
    • decode_ioctl_summary_table.PNG
    • decode_ioctl_mark_invalid_only_delete_define.PNG
    • find_device_random_avg_driver.PNG
    • decode_ioctl_display_all_defines.PNG
    • define_tab_right_click.PNG
    • find_device_name_capcom.PNG
    • decode_ioctl_capcom_decoded.PNG
    • decode_all_ioctls_fail.PNG
    • dump_pool_tags.PNG
    • define_tab.PNG
    • find_dispatch_different_avg_driver_fail.PNG
    • find_dispatch_random_avg_driver.PNG
  • .gitignore

import idautils
import idaapi
#Originally written by/modified from NCC Group's DriverBuddy https://github.com/nccgroup/DriverBuddy/tree/master/DriverBuddy

names = set()

def cb(ea, name, ord):
    names.add(name)
    return True
    
#NDIS, Legacy printer?, Win USB, User Mode?
def driver_type():

    implist = idaapi.get_import_module_qty()

    for i in range(0, implist):
        name = idaapi.get_import_module_name(i)
        idaapi.enum_import_names(i, cb)
    for name in names:
        if name == "FltRegisterFilter":
            return "Mini-Filter"
        elif name == "WdfVersionBind":
            return "WDF"
        elif name == "StreamClassRegisterMinidriver":
            return "Stream Minidriver"
        elif name == "KsCreateFilterFactory":
            return "AVStream"
        elif name == "PcRegisterSubdevice":
            return "PortCls"
    return "WDM"

def is_driver():
    exports = set(x[3] for x in idautils.Entries())
    return 'DriverEntry' in exports