Compiled at WDK version 10.0.26100.0 and ported to arm64

ARM64/Win8.1Release/KdExploitMe.inf

@@ -0,0 +1,32 @@
+;
+; KdExploitMe.inf
+;
+
+[Version]
+Signature="$WINDOWS NT$"
+Class=
+ClassGuid=
+Provider=
+DriverVer = 12/28/2025,11.25.39.263
+CatalogFile=
+
+[DestinationDirs]
+DefaultDestDir = 12
+
+
+[SourceDisksNames]
+1 = %DiskName%,,,""
+
+[SourceDisksFiles]
+
+
+[Manufacturer]
+%ManufacturerName%=Standard,NTARM64
+
+[Standard.NTARM64]
+
+
+[Strings]
+ManufacturerName=""
+ClassName=""
+DiskName="KdExploitMe Source Disk"

ExploitDemos/ARM64/Debug/ExploitDemos.Build.CppClean.log

@@ -0,0 +1,8 @@
+c:\users\ayush\source\repos\kdexploitme\exploitdemos\arm64\debug\vc143.pdb
+c:\users\ayush\source\repos\kdexploitme\exploitdemos\arm64\debug\stdafx.obj
+c:\users\ayush\source\repos\kdexploitme\exploitdemos\arm64\debug\pooloverflow.obj
+c:\users\ayush\source\repos\kdexploitme\exploitdemos\arm64\debug\helpers.obj
+c:\users\ayush\source\repos\kdexploitme\exploitdemos\arm64\debug\genericattacks.obj
+c:\users\ayush\source\repos\kdexploitme\exploitdemos\arm64\debug\exploitdemos.tlog\cl.command.1.tlog
+c:\users\ayush\source\repos\kdexploitme\exploitdemos\arm64\debug\exploitdemos.tlog\cl.read.1.tlog
+c:\users\ayush\source\repos\kdexploitme\exploitdemos\arm64\debug\exploitdemos.tlog\cl.write.1.tlog

ExploitDemos/ARM64/Debug/ExploitDemos.exe.recipe

@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project>
+  <ProjectOutputs>
+    <ProjectOutput>
+      <FullPath>C:\Users\ayush\Source\Repos\KdExploitMe\ARM64\Debug\ExploitDemos.exe</FullPath>
+    </ProjectOutput>
+  </ProjectOutputs>
+  <ContentFiles />
+  <SatelliteDlls />
+  <NonRecipeFileRefs />
+</Project>

ExploitDemos/ARM64/Debug/ExploitDemos.log

@@ -0,0 +1,16 @@
+  KernelAddressLeak.cpp
+C:\Users\ayush\Source\Repos\KdExploitMe\ExploitDemos\KernelAddressLeak.cpp(90,9): warning C4477: 'printf' : format string '%i' requires an argument of type 'int', but variadic argument 1 has type 'ULONG_PTR'
+      C:\Users\ayush\Source\Repos\KdExploitMe\ExploitDemos\KernelAddressLeak.cpp(90,9):
+      consider using '%lli' in the format string
+      C:\Users\ayush\Source\Repos\KdExploitMe\ExploitDemos\KernelAddressLeak.cpp(90,9):
+      consider using '%Ii' in the format string
+      C:\Users\ayush\Source\Repos\KdExploitMe\ExploitDemos\KernelAddressLeak.cpp(90,9):
+      consider using '%I64i' in the format string
+
+C:\Users\ayush\Source\Repos\KdExploitMe\ExploitDemos\KernelAddressLeak.cpp(141,40): warning C4312: 'type cast': conversion from 'DWORD' to 'HANDLE' of greater size
+C:\Users\ayush\Source\Repos\KdExploitMe\ExploitDemos\KernelAddressLeak.cpp(159,9): warning C4477: 'printf' : format string '%i' requires an argument of type 'int', but variadic argument 1 has type 'size_t'
+      C:\Users\ayush\Source\Repos\KdExploitMe\ExploitDemos\KernelAddressLeak.cpp(159,9):
+      consider using '%zi' in the format string
+
+C:\Users\ayush\Source\Repos\KdExploitMe\ExploitDemos\KernelAddressLeak.cpp(245,39): warning C4312: 'type cast': conversion from 'DWORD' to 'HANDLE' of greater size
+  ExploitDemos.vcxproj -> C:\Users\ayush\Source\Repos\KdExploitMe\ARM64\Debug\ExploitDemos.exe

ExploitDemos/ARM64/Debug/ExploitDemos.tlog/Cl.items.tlog

@@ -0,0 +1,6 @@
+C:\Users\ayush\Source\Repos\KdExploitMe\ExploitDemos\GenericAttacks.cpp;C:\Users\ayush\Source\Repos\KdExploitMe\ExploitDemos\ARM64\Debug\GenericAttacks.obj
+C:\Users\ayush\Source\Repos\KdExploitMe\ExploitDemos\ExploitDemos.cpp;C:\Users\ayush\Source\Repos\KdExploitMe\ExploitDemos\ARM64\Debug\ExploitDemos.obj
+C:\Users\ayush\Source\Repos\KdExploitMe\ExploitDemos\Helpers.cpp;C:\Users\ayush\Source\Repos\KdExploitMe\ExploitDemos\ARM64\Debug\Helpers.obj
+C:\Users\ayush\Source\Repos\KdExploitMe\ExploitDemos\KernelAddressLeak.cpp;C:\Users\ayush\Source\Repos\KdExploitMe\ExploitDemos\ARM64\Debug\KernelAddressLeak.obj
+C:\Users\ayush\Source\Repos\KdExploitMe\ExploitDemos\PoolOverflow.cpp;C:\Users\ayush\Source\Repos\KdExploitMe\ExploitDemos\ARM64\Debug\PoolOverflow.obj
+C:\Users\ayush\Source\Repos\KdExploitMe\ExploitDemos\stdafx.cpp;C:\Users\ayush\Source\Repos\KdExploitMe\ExploitDemos\ARM64\Debug\stdafx.obj

ExploitDemos/ARM64/Debug/ExploitDemos.tlog/ExploitDemos.lastbuildstate

@@ -0,0 +1,2 @@
+PlatformToolSet=v143:VCToolArchitecture=Native32Bit:VCToolsVersion=14.44.35207:TargetPlatformVersion=10.0.26100.0:
+Debug|ARM64|C:\Users\ayush\Source\Repos\KdExploitMe\|

ExploitDemos/ARM64/Debug/ExploitDemos.tlog/link.secondary.1.tlog

@@ -0,0 +1,2 @@
+^C:\USERS\AYUSH\SOURCE\REPOS\KDEXPLOITME\EXPLOITDEMOS\ARM64\DEBUG\EXPLOITDEMOS.OBJ|C:\USERS\AYUSH\SOURCE\REPOS\KDEXPLOITME\EXPLOITDEMOS\ARM64\DEBUG\GENERICATTACKS.OBJ|C:\USERS\AYUSH\SOURCE\REPOS\KDEXPLOITME\EXPLOITDEMOS\ARM64\DEBUG\HELPERS.OBJ|C:\USERS\AYUSH\SOURCE\REPOS\KDEXPLOITME\EXPLOITDEMOS\ARM64\DEBUG\KERNELADDRESSLEAK.OBJ|C:\USERS\AYUSH\SOURCE\REPOS\KDEXPLOITME\EXPLOITDEMOS\ARM64\DEBUG\POOLOVERFLOW.OBJ|C:\USERS\AYUSH\SOURCE\REPOS\KDEXPLOITME\EXPLOITDEMOS\ARM64\DEBUG\STDAFX.OBJ
+C:\Users\ayush\Source\Repos\KdExploitMe\ARM64\Debug\ExploitDemos.ILK

ExploitDemos/ExploitDemos.cpp

@@ -1,87 +1,88 @@
-#pragma once
-
-#include "stdafx.h"
-#include "GenericAttacks.h"
-#include "PoolOverflow.h"
-#include "KernelAddressLeak.h"
-#include <string>
-
-using namespace std;
-
-void PrintHelpMenu()
-{
-	printf("ExploitDemos Help:\n");
-	printf("Demonstrates exploiting the KdExploitMe driver.\n");
-	printf("--------------\n");
-	printf("ExploitDemos.exe -ExploitNumber\n");
-	printf("    -01 : Demo METHOD_WRITEWHATWHERE - NULL EPROCESS ACL.\n");
-	printf("    -02 : Demo METHOD_DECADDRESS - Modify token privileges.\n");
-	printf("    -03 : Demo METHOD_OVERFLOWPOOL - 0xbad0b0b0, Non-Paged Pool, 64bit only.\n");
-}
-
-int _tmain(int argc, _TCHAR* argv[])
-{
-	string dummy = NULL;
-	if (argc != 2)
-	{
-		PrintHelpMenu();
-		return -1;
-	}
-
-	printf("Press any key and hit enter to continue...\n");
-	cin >> dummy;
-
-	HANDLE hDevice;
-	DWORD errNum;
-
-
-	UNREFERENCED_PARAMETER(argc);
-	UNREFERENCED_PARAMETER(argv);
-
-	//
-	// open the device
-	//
-
-	if ((hDevice = CreateFile(L"\\\\.\\KdExploitMe",
-		GENERIC_READ | GENERIC_WRITE,
-		0,
-		NULL,
-		CREATE_ALWAYS,
-		FILE_ATTRIBUTE_NORMAL,
-		NULL)) == INVALID_HANDLE_VALUE) {
-
-		errNum = GetLastError();
-
-		printf("- CreateFile failed!  Error code = 0x%x\n", errNum);
-
-		return 0;
-	}
-
-
-	int exploitNumber = stoi(argv[1]+1);
-	switch (exploitNumber)
-	{
-	case 1:
-		AttackWriteWhatWhere(hDevice);
-		break;
-	case 2:
-		AttackDecAddress(hDevice);
-		break;
-	case 3:
-		AttackPO_BAD0B0B0(hDevice);
-		break;
-	default:
-		PrintHelpMenu();
-		break;
-	}
-
-
-	//
-	// close the handle to the device.
-	//
-	CloseHandle(hDevice);
-}
-
-
-
-
+#pragma once
+
+#include "stdafx.h"
+#include "GenericAttacks.h"
+#include "PoolOverflow.h"
+#include "KernelAddressLeak.h"
+#include <string>
+
+using namespace std;
+
+void PrintHelpMenu()
+{
+	printf("ExploitDemos Help:\n");
+	printf("Demonstrates exploiting the KdExploitMe driver.\n");
+	printf("--------------\n");
+	printf("ExploitDemos.exe -ExploitNumber\n");
+	printf("    -01 : Demo METHOD_WRITEWHATWHERE - NULL EPROCESS ACL.\n");
+	printf("    -02 : Demo METHOD_DECADDRESS - Modify token privileges.\n");
+	printf("    -03 : Demo METHOD_OVERFLOWPOOL - 0xbad0b0b0, Non-Paged Pool, 64bit only.\n");
+}
+
+int _tmain(int argc, _TCHAR* argv[])
+{
+	string dummy = NULL;
+	if (argc != 2)
+	{
+		PrintHelpMenu();
+		return -1;
+	}
+
+	printf("Press any key and hit enter to continue...\n");
+	cin >> dummy;
+
+	HANDLE hDevice;
+	DWORD errNum;
+
+
+	UNREFERENCED_PARAMETER(argc);
+	UNREFERENCED_PARAMETER(argv);
+
+	//
+	// open the device
+	//
+
+	if ((hDevice = CreateFileA("\\\\.\\KdExploitMe",
+		GENERIC_READ | GENERIC_WRITE,
+		0,
+		NULL,
+		CREATE_ALWAYS,
+		FILE_ATTRIBUTE_NORMAL,
+		NULL)) == INVALID_HANDLE_VALUE) {
+
+		errNum = GetLastError();
+
+		printf("- CreateFile failed!  Error code = 0x%x\n", errNum);
+
+		return 0;
+	}
+
+
+	int exploitNumber = stoi(argv[1]+1);
+	switch (exploitNumber)
+	{
+	case 1:
+		AttackWriteWhatWhere(hDevice);
+		break;
+	case 2:
+		AttackDecAddress(hDevice);
+		break;
+	case 3:
+		AttackPO_BAD0B0B0(hDevice);
+		break;
+	default:
+		PrintHelpMenu();
+		break;
+	}
+
+
+	//
+	// close the handle to the device.
+	//
+	CloseHandle(hDevice);
+}
+
+
+
+
+