ioctlpus can be used to make DeviceIoControl requests with arbitrary inputs (with functionality somewhat similar to Burp Repeater).
Here is an example of an information leak triggered in a sample vulnerable driver:
- Create handles using Device Interface GUIDs in addition to symbolic links. [GIF]
- Persist requests to SQLite databases.
- Apply filters to request history.
- Integrate Kaitai Struct to define and view buffer structures (inspired by).
- Develop an API to use the tool headlessly (e.g. for fuzzing).
- Design a cool logo.
