v 1.2.7

Added fresh PassMark driver as provider 27 (where "pass" must be here for "pass the MSFT block list")
Readme updated
Beta 3

KDU.sha256

@@ -39,8 +39,8 @@ ea0d8d42a5e7d7fb908c52351f99c69f2019c105d07a1f536756691ab2a74174 *Source\Hamakaz
 888a436b666b00592d29e8a2e82a9b5c7f0c1d4890aaab8cb2f623181ad07092 *Source\Hamakaze\ipcsvc.h
 361e85ad774ea783616b84925639008028fa0b8bdc28b16293e401b9dfdeca4b *Source\Hamakaze\KDU.vcxproj
 4e2bb33be311adf535dd563bb0ce27afe4ee33b3b137a02a3fc553204b859550 *Source\Hamakaze\KDU.vcxproj.filters
-68f418f7840813a076d21b82cc1212ad6531023ef5e466540eb8ddb5e145c3da *Source\Hamakaze\KDU.vcxproj.user
-842c1814376840d3b3872b4faf3249f550a28eb2e2e03d6c0a6a06c0347d16aa *Source\Hamakaze\kduplist.h
+571d17ec891e45d846c6f4d6507e0e53b6a78ad6175cea47bd3a5dabb8128c76 *Source\Hamakaze\KDU.vcxproj.user
+6544640291f40baf6db210d1ce29b385ba037dfbab97fc7bd8cbb0da06a91305 *Source\Hamakaze\kduplist.h
 25aa232e53603194868eb9b084a52288e57db5adbe2c9919ba9ca934a15def8a *Source\Hamakaze\kduprov.cpp
 d5a603fad08d1b8c6295b42e05ff5a7f09fa61b73e2f66e52d33fc15d76064ca *Source\Hamakaze\kduprov.h
 e0afea86e1b29b453374c5f18bee6378f60288c6f5e1f74b1d2b9e6ad7b7432f *Source\Hamakaze\main.cpp
@@ -70,7 +70,7 @@ b1350783a851e6345b880c8a5313e871d2249aa5524f41406c52fa62483f2229 *Source\Hamakaz
 24f81b4fdc1b924a36c981fb175b2dccebd7d029d6caed85fb731b74b22c7386 *Source\Hamakaze\idrv\dbk.h
 f438f20675618fe9babe9c10bf27b97987822d28fd4bbc300ef6119b3f1e906f *Source\Hamakaze\idrv\dbutil.cpp
 ad955406989b80564e7e4cc400721e62d6d5c193e22037b075e07dd616f3c845 *Source\Hamakaze\idrv\dbutil.h
-221647ebf885a79ca375668bffc0cf104785e21be6d5911ddf5bf1e437f38e7b *Source\Hamakaze\idrv\directio64.cpp
+791a4d40f3f5076d0e6ed47e7db972f448ccc78ca578c35f11db637962c868a5 *Source\Hamakaze\idrv\directio64.cpp
 73a97fa34df9c0733981536f2079d1eab89bfaf36b4c5d0003cb87d504764ec3 *Source\Hamakaze\idrv\directio64.h
 65c53a700fff2f766420a7e0612446aed7ef8f04fd44162ff73c0ba7e3581d77 *Source\Hamakaze\idrv\gmer.cpp
 89d1cfb34afec23dbda6f40030a95386e9bbbc395666e2c0a3d066dc2fa8b0b8 *Source\Hamakaze\idrv\gmer.h
@@ -102,10 +102,10 @@ d0e354d2f97e993e5e40fb6bb2b99b5bc753beb23f8213d44f99c0309210c1e8 *Source\Hamakaz
 8b885564589e5ec1713b3cc4ceed7f28579031a8b5e655b52f3e17027d13244d *Source\Hamakaze\idrv\zemana.cpp
 da1ea3c2ceebfdc6e5c338461dc214798870a0d6aa16f7f23c045123fa450f71 *Source\Hamakaze\idrv\zemana.h
 de7bdf0bd4acec31c963b916331399bce23c155e3002f0a8152a4a36af13faf8 *Source\Hamakaze\res\274.ico
-12a91b6889259d016d779dcd4ecd35118cf120c02dc9833a5851bd80894f2e4f *Source\Hamakaze\res\SB_SMBUS_SDK.bin
-2e9a1ec3558bd3995a553a5499eefb81b347f674cecafdf691af1f611ae6417f *Source\Hamakaze\res\Taigei32.bin
+95b1ac66c2032711f853c798cc9b0d794b881ad6a2efaf450aa2bcb7bf65e9f3 *Source\Hamakaze\res\SB_SMBUS_SDK.bin
+01f3bc7ff7e76284b7733cb029dbdb5314438adde12ba952e270ad5369005aee *Source\Hamakaze\res\Taigei32.bin
 1232f65b57bc8732ead29a730308f6c67bc53a2f9fafd47f8c7cc4b4f676a9e9 *Source\Hamakaze\utils\GenAsIo2Unlock.exe
-d432b0df78d541bb49526a7feb71b6a7f31ce460d4d3fe4b706c3fabf0a4d5cf *Source\Shared\consts.h
+60e18aeec8db4534ea91e86081b028611a0abc53ea78ef4a6ddf2c964548de7b *Source\Shared\consts.h
 f462f6cf81eaeafcce7a8b75ebbe693542caab56416fa9850758e76dc7a77fb4 *Source\Shared\kdubase.h
 e0ba365c8aa8e66fddd0f28bca4b827725911480fdcd968df2792c370f13ef42 *Source\Shared\ldr\ldr.cpp
 37003367e625e218bf7e4c22850ac7d2efe926a6a832d29bc20a9f8b19a479af *Source\Shared\ldr\ldr.h
@@ -148,44 +148,45 @@ d563bd3017a274175ca6b7e8f93333a3e3ec096d1f3034acfa4e17d8b2420c99 *Source\Taigei\
 c06a75b13f855a94d46616796e024c52b499f8f92cf00ccb571ddbc6ff574676 *Source\Taigei\Taigei.vcxproj.user
 9e82ce97464b666dad14ffde32e5450a0974d1194ca68cd10e9b2611599dfc28 *Source\Tanikaze\export.def
 5bbbcc6c275008ffdd765a3fa53ed3e4ae16ea51bf6ae66c2271f6f065ba0525 *Source\Tanikaze\main.cpp
-38897d00b977fa797c177b52d0c71fde6ff572137366de7d5d0bf3c05390e751 *Source\Tanikaze\resource.h
-85256eec2d3e618ed3c0265ed0a90cb1b86c9bdb743252808cc93631339f010d *Source\Tanikaze\resource.rc
-fad49140e474df8747e5856a80357e9dd602d10bb2c86c10c19362f398d8630d *Source\Tanikaze\tanikaze.h
-c4668eb3f1f0e737189dc84db9a47a1c406754be975dfd200085e65e719a38c4 *Source\Tanikaze\Tanikaze.vcxproj
-a940bc5e40baa48f9767459c422cb41cd3e77ad78b585bb6eaa3268b86a5629d *Source\Tanikaze\Tanikaze.vcxproj.filters
+e20e381e29fc5f9c6622741ff1b96b1d25bc2f7f9ea7990114aea86181cf13d2 *Source\Tanikaze\resource.h
+e9eae6c99182cfee69e57ac11c517eb1ec7500bab77b8a3c288fe705465ac985 *Source\Tanikaze\resource.rc
+967e07724fb8ff16716d686766530f09d31492f536af494ec1465f813301a252 *Source\Tanikaze\tanikaze.h
+ff446abbcb54b41d6e1d735b65899779a07cc49f8d47569c6c7defadf3a1fff5 *Source\Tanikaze\Tanikaze.vcxproj
+b185c987cf5a847ce4c4350387562bbc6cebbeca76b295e97ac790d178744bdc *Source\Tanikaze\Tanikaze.vcxproj.filters
 c06a75b13f855a94d46616796e024c52b499f8f92cf00ccb571ddbc6ff574676 *Source\Tanikaze\Tanikaze.vcxproj.user
-90d7565cfdac0347d529733f95105c4976a27b37db667a036035ead906a8cba9 *Source\Tanikaze\data\AsusCertService.bin
-38c79f407e017c77465e9676d1512d74084f1448d849fc1ec0f82a2d3d0a17bb *Source\Tanikaze\data\dbutilcat.bin
-8c2a42fa5fe43cf4a2e2b8fd5507548984265765b0f1c213eb5629ffd880e87f *Source\Tanikaze\data\dbutilinf.bin
-2f47f0729470d48677d2c30645bf6623868c775db8dc5b325697faa6272cbb3b *Source\Tanikaze\data\KMUEXE.bin
-7eca6b8f74114c13b270eb770aa9962ad7bcb33e2537986a27b3430613f0dba6 *Source\Tanikaze\data\KMUSIG.bin
-f78d20b4460b9bd5e587ffb793c1562de5a21915816411377bd39f10ce73ffa9 *Source\Tanikaze\drv\amsdk.bin
-0d5bc7082175bcbab22332a971bbcde4dc8115694b79f3b0a435cfbd2134b4f0 *Source\Tanikaze\drv\asio2.bin
-312ee1778781502b18f389c4933b950f2c4be9a4c3a7d3404d9f5cc578b426e5 *Source\Tanikaze\drv\AsIO3.bin
-9a5ca9e01400bf086f8c99470806ee9d96c601abe7d347bd0c4a4e687406490f *Source\Tanikaze\drv\ATSZIO64.bin
-dce285afd89a5ca0fd642086b18956170078839ac737316f43b35b907531e1d9 *Source\Tanikaze\drv\dbk64.bin
-0548653355d811b6b5291dcb74fb36c064f80750c4394e850e174bd426c54be4 *Source\Tanikaze\drv\DbUtil2_3.bin
-1e546bf3ee4d6d0654c0498415c854de173af0ba7193148b28b802c04866d2a2 *Source\Tanikaze\drv\dbutildrv2.bin
-29f5981fdf967b86fdb16ea29267c3e6ca2109c32a4ea2c9ed3b951ae7a480af *Source\Tanikaze\drv\DirectIo64.bin
-5ff9a389935eb51031e254af459cad254d5981a11a0b24a3c7eb4b86aa1e988b *Source\Tanikaze\drv\ene2.bin
-33b6ae40c4d6e838f80c1a902b73bf6cad3deac7e0de1ae666e752b8f2313528 *Source\Tanikaze\drv\EneIo64.bin
-f8f50593c717bf56b909bfafbcc490e77fd5f90719ac65ac81d00e776e5266fc *Source\Tanikaze\drv\EneTechIo64.bin
-e7274feaab78e869f1dc5222d939a43b0f4bc50070bd0136be15100db1a5539f *Source\Tanikaze\drv\gdrv.bin
-688190ccab2a85a051fb0f5ddf1fcd28ebf0f628f3d41127f02d2c6536303f5c *Source\Tanikaze\drv\GLCKIO2.bin
-ff77aad2c24f103d5b92e111f0d70343143fff5892e42a93db58c313ad81e2d4 *Source\Tanikaze\drv\gmerdrv.bin
-319f581af430356c051f65f9cd2dad0c2147dedb5e94105428b2ad641aa76617 *Source\Tanikaze\drv\HW64.bin
-dc38a0ef16a85ade2198313ad6a3fa0ae97f8baf27efc670cc71c567312642ef *Source\Tanikaze\drv\inpoutx64.bin
-ae40c54e9d724de7a5bdb78c0fb3319b44105bd5a5905797fcec075d8fe6ea02 *Source\Tanikaze\drv\iQVM64.bin
-082712cf3fe154b3651996d4c981423631b0704279a353845daa4afe46b8b247 *Source\Tanikaze\drv\kprocesshacker.bin
-fabd190f32391c55baf59dedaffe76d92b992c71391f0c3ff8beb500d179731d *Source\Tanikaze\drv\lha.bin
-04f50eb4934ae5274fc7c05c221626b82ca12e5582a58de228ab3147ecfae247 *Source\Tanikaze\drv\mimidrv.bin
-d62e75cdbbc917ac56c5a434749ff091b509e8f858fbd05ce2e18d44794585ed *Source\Tanikaze\drv\MsIo64.bin
-400f1e7acee3de39f3be22e1eefd0b65b20bdb171601a5c08dbeee88c69f0cc1 *Source\Tanikaze\drv\Phymemx64.bin
-fd177ef963cd6022dec290f280d211e6327f8fc15574b82aef0936c958e8c362 *Source\Tanikaze\drv\procexp.bin
-917dd8487c4455a00902b3eddc755a559521d13ffbe88a68037ffda2b21cd65a *Source\Tanikaze\drv\RTCore64.bin
-594468495f592b950ef086a3f705fc4afb21d287629e97b506815e47c571fe4a *Source\Tanikaze\drv\rtkio64.bin
-9fe23bf1e3dde3285f127e727e996adfdd27c60ceab99c6153442dc52c272e00 *Source\Tanikaze\drv\SysDrv3S.bin
-eb1dbd3423d8871ac13d84136967baeefec43fe7cb2b765c11c651d57fc91dd7 *Source\Tanikaze\drv\WinRing0x64.bin
+17ae5b8a22155777071dfba9a3c896daccedc559c557322d97f6d8a2a15e3a3f *Source\Tanikaze\data\AsusCertService.bin
+055f0c71760a78090364b7b65c82980d8d95891c86a577d01e85849a920e2a2d *Source\Tanikaze\data\dbutilcat.bin
+53dc778b89c9569d6a0cc2dd1bfcbd8d5b6a3454ff5a1980f4e3afbef2c8ce33 *Source\Tanikaze\data\dbutilinf.bin
+5f557d88d658889e39cf842db84a21d646bc88306409a504ed9d598a1c6f97cd *Source\Tanikaze\data\KMUEXE.bin
+bd0daa0e3bf88d8a67d5421bde4e50ccba3f85dbfef44db7b361d4e88feab6fb *Source\Tanikaze\data\KMUSIG.bin
+11bee1266962b5d374963988bae6795da9dbe3a5529e01eed74689e11aa2fc9c *Source\Tanikaze\drv\amsdk.bin
+909cbf91cf16a27bde51f628ec1a503159f10712fde15949d02b1be9fe56ed98 *Source\Tanikaze\drv\asio2.bin
+540c49b342604ba126439881d9f05a18d92879d78edf00daed004faa3b5f4fa1 *Source\Tanikaze\drv\AsIO3.bin
+847b0af3de65d247c0ee4e46cce0bfa561dc00c3b301b23165effa825e985c59 *Source\Tanikaze\drv\ATSZIO64.bin
+06ffa99259223a5f7f352144db48b318cc8eb3277fd0ac172285198792dd8c01 *Source\Tanikaze\drv\dbk64.bin
+cafc6a28a1df153e5296b0d2ebcc24b2b88a027dd451fe9015d39bc6b119061c *Source\Tanikaze\drv\DbUtil2_3.bin
+e645d80b8ad3de126801da2be7fc32a769371762e43e6f65f6dc1f784e751ae8 *Source\Tanikaze\drv\dbutildrv2.bin
+de92a2e76e05540f1e477cc06913c6770cf7fbb59719475a70034afcb7f7456f *Source\Tanikaze\drv\DirectIo64.bin
+dc35e5afe591dac82045af6fc978e8165bcf95470204b03aee24cbfbdd2583d0 *Source\Tanikaze\drv\DirectIo64_2.bin
+40da4ef8173e9deef05e26ae020021420bc09653f8332ba6bf19e46a97c90064 *Source\Tanikaze\drv\ene2.bin
+e475f500916b3cfcf987d239b9196075da65d7ca32e46168d7938ced0c1cac76 *Source\Tanikaze\drv\EneIo64.bin
+06b3c6f7a37920b529f63c583c09c0484e7722eb036ff4964d1c8f0de4d0f36c *Source\Tanikaze\drv\EneTechIo64.bin
+d4268c20a38d29763d5237a659a7b463f527d256e71b5031e9f3af136afbc2dd *Source\Tanikaze\drv\gdrv.bin
+6315cf36a62974855af3c44e2e958d7542067d366e5f27e5557b0f9cd03ef3e3 *Source\Tanikaze\drv\GLCKIO2.bin
+f05ed0a77aef26d5256c01e12adbac71292844015572de90b0304656409ddaec *Source\Tanikaze\drv\gmerdrv.bin
+79c1af945e5c45b3a03f4b4b2c2e3ff52b0d92c0590c9b8e6aae58b49f611902 *Source\Tanikaze\drv\HW64.bin
+452ecfaca2fd5217c4727cceeda39db8f90b658b6e6d3fe9cb776c2e3472fada *Source\Tanikaze\drv\inpoutx64.bin
+fefd4baba8806c3b0e1ed260ffd3c4504353aa7578e5d3384d1fc02f352f418f *Source\Tanikaze\drv\iQVM64.bin
+6d69bfe4970bffeb4f149f4b5f615759d73d304c1fee04f9247aaa92d6ec2ede *Source\Tanikaze\drv\kprocesshacker.bin
+6d169f4fe99b331534abedd80ca4d9ae0a8d65bf638106661ce41f7cc2e9d075 *Source\Tanikaze\drv\lha.bin
+7b3bdd5c8d50f1d2041f802f5c8f045a36b009978ef738f186e3806e20148043 *Source\Tanikaze\drv\mimidrv.bin
+9186e68396ad5f6bc00ac1310d0a7e6608eb8ca641e14f96a9507ff57c4d6fab *Source\Tanikaze\drv\MsIo64.bin
+bbb98acd149f76563c51bb08456f12a9efc7bf629e05187272f598f395747671 *Source\Tanikaze\drv\Phymemx64.bin
+5d438ee54f502e1cd93e0dc36f76e1438292d19ca59c700cca573d145edc87d4 *Source\Tanikaze\drv\procexp.bin
+a33951e38c8fb1442d558ef776ba73baf479fc67be549b55bff8e32d2a3a8ef7 *Source\Tanikaze\drv\RTCore64.bin
+07d8bfa5d9bd2b97d3d595610f5a737d5aa40207f48dd84555201993c7198783 *Source\Tanikaze\drv\rtkio64.bin
+97462612a9c565566d66474ab42f6044980f4acae276bce5f2b0897db5e3b249 *Source\Tanikaze\drv\SysDrv3S.bin
+1db76f35a6a84255f59e122ddae00b0f25bd6d11f788cc115c01a68c2aa0c774 *Source\Tanikaze\drv\WinRing0x64.bin
 bf86c929ee9ee2bb88187e1d82bcddfe83375c73e6787b83a7e414dff691e35b *Source\Utils\readme.txt
 c776bc97ee2fbe48d3e148bb37c887862e6de212d4391d6df9b5f149e40ed223 *Source\Utils\GenAsIo2Unlock\GenAsIo2Unlock.sln
 c4a28bc43a63a40ff2d8699fa261ee1ced6783d199043484ea7921e8d078ea08 *Source\Utils\GenAsIo2Unlock\GenAsIo2Unlock.vcxproj

README.md

@@ -128,6 +128,7 @@ You use it at your own risk. Some lazy AV may flag this tool as hacktool/malware
 | 24          | CODESYS        | SysDrv3S    | CODESYS SysDrv3S                   | MAPMEM            | 3.5.6 and below             |                      |
 | 25          | Zemana         | amsdk       | WatchDog/MalwareFox/Zemana AM      | Original          | 3.0.0 and below             |                      |
 | 26          | HiRes Ent.     | inpoutx64   | Various                            | WINIO             | 1.2.0 and below             |                      |
+| 27          | PassMark       | DirectIo64  | PassMark OSForensics               | Original          | Any                         |                      |
 
 ###### *At commit time, data maybe inaccurate.
 

Source/Hamakaze/KDU.vcxproj.user

@@ -1,12 +1,11 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <LocalDebuggerCommandArguments>-list</LocalDebuggerCommandArguments>
+    <LocalDebuggerCommandArguments>-test</LocalDebuggerCommandArguments>
     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <LocalDebuggerCommandArguments>
-    </LocalDebuggerCommandArguments>
+    <LocalDebuggerCommandArguments>-prv 27 -map c:\install\dummy.sys</LocalDebuggerCommandArguments>
     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
   </PropertyGroup>
 </Project>

Source/Hamakaze/idrv/directio64.cpp

@@ -4,9 +4,9 @@
 *
 *  TITLE:       DIRECTIO64.CPP
 *
-*  VERSION:     1.13
+*  VERSION:     1.27
 *
-*  DATE:        05 Feb 2022
+*  DATE:        12 Nov 2022
 *
 *  PassMark DIRECTIO driver routines.
 *

Source/Hamakaze/kduplist.h

@@ -6,7 +6,7 @@
 *
 *  VERSION:     1.27
 *
-*  DATE:        11 Nov 2022
+*  DATE:        12 Nov 2022
 *
 *  Providers global list.
 *
@@ -633,4 +633,27 @@ static KDU_PROVIDER g_KDUProviders[] =
         (provReadPhysicalMemory)WinIoReadPhysicalMemory,
         (provWritePhysicalMemory)WinIoWritePhysicalMemory
     },
+
+    {
+        NULL,
+
+        (provStartVulnerableDriver)KDUProvStartVulnerableDriver,
+        (provStopVulnerableDriver)KDUProvStopVulnerableDriver,
+
+        (provRegisterDriver)NULL,
+        (provUnregisterDriver)NULL,
+        (provPreOpenDriver)NULL,
+        (provPostOpenDriver)KDUProviderPostOpen,
+        (provMapDriver)KDUMapDriver,
+        (provControlDSE)KDUControlDSE,
+
+        (provReadKernelVM)DI64ReadKernelVirtualMemory,
+        (provWriteKernelVM)DI64WriteKernelVirtualMemory,
+
+        (provVirtualToPhysical)DI64VirtualToPhysical,
+        (provQueryPML4)DI64QueryPML4Value,
+        (provReadPhysicalMemory)DI64ReadPhysicalMemory,
+        (provWritePhysicalMemory)DI64WritePhysicalMemory
+    }
+
 };

Source/Shared/consts.h

@@ -6,7 +6,7 @@
 *
 *  VERSION:     1.27
 *
-*  DATE:        08 Nov 2022
+*  DATE:        12 Nov 2022
 *
 *  Global consts.
 *
@@ -94,7 +94,7 @@
 #define IDR_SYSDRV3S                    127
 #define IDR_ZEMANA                      128
 #define IDR_INPOUTX64                   129
-#define IDR_RESERVED2                   130
+#define IDR_PASSMARK_OSF                130
 
 //
 // Vulnerable drivers providers id
@@ -126,6 +126,7 @@
 #define KDU_PROVIDER_SYSDRV3S           24
 #define KDU_PROVIDER_ZEMANA             25
 #define KDU_PROVIDER_INPOUTX64          26
+#define KDU_PROVIDER_PASSMARK_OSF       27
 
 //
 // KDU provider flags

Source/Tanikaze/Tanikaze.vcxproj

@@ -112,7 +112,6 @@
     <ClCompile>
       <WarningLevel>Level3</WarningLevel>
       <FunctionLevelLinking>true</FunctionLevelLinking>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
       <SDLCheck>true</SDLCheck>
       <PreprocessorDefinitions>NDEBUG;TANIKAZE_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <ConformanceMode>true</ConformanceMode>
@@ -147,15 +146,13 @@
     <ClCompile>
       <WarningLevel>Level4</WarningLevel>
       <FunctionLevelLinking>true</FunctionLevelLinking>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
       <SDLCheck>false</SDLCheck>
       <PreprocessorDefinitions>NDEBUG;TANIKAZE_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <ConformanceMode>true</ConformanceMode>
       <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\Shared;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
-      <Optimization>MinSpace</Optimization>
-      <FavorSizeOrSpeed>Size</FavorSizeOrSpeed>
       <ExceptionHandling>false</ExceptionHandling>
+      <Optimization>MinSpace</Optimization>
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>
@@ -194,6 +191,7 @@
     <None Include="drv\DbUtil2_3.bin" />
     <None Include="drv\dbutildrv2.bin" />
     <None Include="drv\DirectIo64.bin" />
+    <None Include="drv\DirectIo64_2.bin" />
     <None Include="drv\ene2.bin" />
     <None Include="drv\eneio64.bin" />
     <None Include="drv\enetechio64.bin" />
@@ -206,6 +204,7 @@
     <None Include="drv\kprocesshacker.bin" />
     <None Include="drv\lha.bin" />
     <None Include="drv\mimidrv.bin" />
+    <None Include="drv\mktoolsx64.bin" />
     <None Include="drv\msio64.bin" />
     <None Include="drv\phymemx64.bin" />
     <None Include="drv\procexp.bin" />

Source/Tanikaze/Tanikaze.vcxproj.filters

@@ -130,6 +130,12 @@
     <None Include="drv\inpoutx64.bin">
       <Filter>Resource Files</Filter>
     </None>
+    <None Include="drv\mktoolsx64.bin">
+      <Filter>Resource Files</Filter>
+    </None>
+    <None Include="drv\DirectIo64_2.bin">
+      <Filter>Resource Files</Filter>
+    </None>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="main.cpp">

Source/Tanikaze/resource.h

@@ -29,6 +29,7 @@
 #define IDR_SYSDRV3S                    127
 #define IDR_ZEMANA                      128
 #define IDR_INPOUTX64                   129
+#define IDR_PASSMARK_OSF                130
 #define IDR_DATA_DBUTILCAT              1000
 #define IDR_DATA_DBUTILINF              1001
 #define IDR_DATA_KMUEXE                 1002

Source/Tanikaze/resource.rc

@@ -114,6 +114,8 @@ IDR_ZEMANA              RCDATA                  "drv\\amsdk.bin"
 
 IDR_INPOUTX64           RCDATA                  "drv\\inpoutx64.bin"
 
+IDR_PASSMARK_OSF        RCDATA                  "drv\\DirectIo64_2.bin"
+
 
 /////////////////////////////////////////////////////////////////////////////
 //

Source/Tanikaze/tanikaze.h

@@ -6,7 +6,7 @@
 *
 *  VERSION:     1.10
 *
-*  DATE:        08 Nov 2022
+*  DATE:        11 Nov 2022
 *
 *  Tanikaze helper dll (part of KDU project).
 *
@@ -403,6 +403,19 @@ KDU_DB_ENTRY gProvEntry[] = {
         (LPWSTR)L"Red Fox UK Limited",
      },
 
+     {
+        KDU_MIN_NTBUILDNUMBER,
+        KDU_MAX_NTBUILDNUMBER,
+        IDR_PASSMARK_OSF,
+        KDU_PROVIDER_PASSMARK_OSF,
+        SourceBaseNone,
+        KDUPROV_FLAGS_SIGNATURE_WHQL | KDUPROV_FLAGS_PML4_FROM_LOWSTUB,
+        KDUPROV_SC_ALL_DEFAULT,
+        (LPWSTR)L"PassMark OSForensics DirectIO",
+        (LPWSTR)L"DirectIo64",
+        (LPWSTR)L"DIRECTIO64",
+        (LPWSTR)L"PassMark Software Pty Ltd", 
+     }
 };
 
 #if defined(__cplusplus)