WinDBG Plugin for Windows Kernel Exploitation.

This WinDBG Plugin traps and log the IOCTLs on real-time from the target driver/module, sets a breakpoint into IRP_MJ_DEVICE_CONTROL to break or pass, and once you trigger the IOCTL from the user-mode targeted app, it shows you the corresponding values of the IOCTL, method, access type, buffer in/out and the content of the buffer among other things.

What is WinDBG?

WinDbg (Windows Debugger) is a powerful debugger from Microsoft that allows users to debug live user-mode and kernel-mode applications and drivers, analyze crash dumps, and examine CPU registers and memory on Windows systems. It includes features like a modern user interface, scripting, a data model for complex analysis, and Time Travel Debugging (TTD) for advanced troubleshooting of crashes and system hangs

Download WinDBG from Microsoft site: Download WinDBG

In the following screenshot you can see the plugin in action, were an IOCTL has been captured in real-time, displaying and logging all the critical values for building an exploit:

Quite a handy tool to have in your arsenal while writing kernel exploits ;-)

This tool is available to all Exploit Pack users.