DioProcess SDK
C/C++Single-header C/C++ SDK for communicating with the DioProcess kernel driver. Build custom tools that leverage Ring 0 and Ring -1 capabilities.
Overview
The DioProcessSDK is a header-only library that provides a clean interface for communicating with the DioProcess kernel driver. It wraps all IOCTL codes, structures, and provides inline wrapper functions with proper error handling.
Documentation
Quick Example
#include "DioProcessSDK.h"
int main() {
DioProcessSDK sdk;
if (!sdk.Open()) {
return 1; // Driver not loaded or not admin
}
// Protect current process (PPL)
sdk.ProtectProcess(GetCurrentProcessId());
// Enable all privileges
sdk.EnableAllPrivileges(GetCurrentProcessId());
// Enumerate kernel callbacks
BYTE buffer[8192];
DWORD bytesReturned;
if (sdk.EnumProcessCallbacks(buffer, sizeof(buffer), &bytesReturned)) {
ULONG count = *(ULONG*)buffer;
// Process callback information...
}
sdk.Close();
return 0;
}Features
š”ļø Process Protection
Apply/remove PPL protection, enable all privileges
š Callback Enumeration
Process, thread, image, object, registry callbacks
š Kernel Injection
Ring 0 shellcode and DLL injection
š® Hypervisor Control
Start/stop HV, process hiding, EPT hooks
š Driver Enumeration
List loaded drivers, minifilters, PspCidTable
šµļø Hiding Features
Process, file, port, driver hiding via Ring -1
Requirements
- ā¢ Windows 10/11 ā x64 only
- ā¢ Visual Studio 2019+ or compatible C++17 compiler
- ā¢ Administrator privileges ā Required for driver communication
- ā¢ DioProcess driver loaded ā The kernel driver must be running
File Structure
sdk/
āāā DioProcessSDK.h # Single-header SDK (include this)
āāā examples/
āāā hello_world.cpp # Complete example program