PE Strings from KDU: Kernel Driver Utility

Strings extracted from EXE file produced when you compile the new project https://github.com/hfiref0x/KDU (Kernel Driver Utility) using VS2019.

This info is useful in case someone wants to find out the prevalence/rarity of certain strings, or identify the origin of a particular one that is listed here.

Note: KDU is dangerous software, usable for kernel hacking, and suitable for use by cheat developers/hackers/game cheaters.
Features include:

Protected Processes Hijacking via Process object modification;
Driver loader for bypassing Driver Signature Enforcement (similar to TDL/Stryker);
Support of various vulnerable drivers use as functionality "providers".

https://github.com/hfiref0x/KDU

!This program cannot be run in DOS mode.
USVWATAUAVAWH
UVWATAUAVAWH
USVWATAUAVAWH
UVWATAUAVAWL
WATAUAVAWH
ATAVAWH
UVWAVAWH
WATAUAVAWH
x ATAVAWH
x ATAVAWH
WATAUAVAWH
WATAUAVAWH
WATAUAVAWH
L$ SUVWAVH
x ATAVAWH
x ATAVAWL
VWATAVAWH
USVWAVH
K SUVWAVAWH
UVWAVAWH
t$ UWAVH
UVWATAUAVAWH
WATAUAVAWH
WATAUAVAWH
tkD9l$0tdH
WATAUAVAWH
WATAUAVAWH
@USVWATAVAWH
@USVWATAVAWH
<htl<jt\<lt4<tt$<wt
<htl<jt\<lt4<tt$<wt
t$ WAVAWH
<g~{<itd<ntY<ot7<pt
t$ WAVAWH
<g~{<itd<ntY<ot7<pt
t$ WATAUAVAWH
WAVAWH
WAVAWH
WAVAWH
x ATAVAWH
x ATAVAWH
UVWAVAWH
WAVAWH
t$ WAVAWH
WAVAWH
x AUAVAWH
VWATAVAWH
WATAUAVAWH
L$ VWAVH
WATAUAVAWH
gfffffffH
UVWATAUAVAWH
WATAUAVAWH
\$ UVWATAUAVAWH
UVWATAUAVAWH
UVWATAUAVAWH
xWI96tRI
@UATAUAVAWH
\$ VWATAUAVH
WAVAWH
UVWATAUAVAWH
VWATAVAW
WATAUAVAWH
\$ UVWATAUAVAWH
WATAUAVAWH
SUVWATAVAWH
@USVWATAUAVAWH
ATAUAVH
@UATAUAVAWH
UAVAWH
WATAUAVAWH
UVWAVAWH
ffffff
fffffff
@USVWATAUAVAWH
USVWAVH
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
operator co_await
operator<=>
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
`anonymous namespace'
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
xpxxxx
xwpwpp
CorExitProcess
AreFileApisANSI
CompareStringEx
LCMapStringEx
LocaleNameToLCID
AppPolicyGetProcessTerminationMethod
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
UUUUUU
UUUUUU
?UUUUUU
[!] Error data checksum mismatch!
[!] Error decompressing resource, GetLastError %lu
[>] Entering %s
[<] Leaving %s
KDUStorePayload
[!] Error while loading input driver file, NTSTATUS (0x%lX)
[+] Input driver file loaded at 0x%p
[!] Error, invalid NT header
[+] Resolving kernel import for input driver
[!] Error, %s address not found
KDUSetupShellCode
[!] Cannot query ntoskrnl loaded base, abort
[+] Loaded ntoskrnl base 0x%llX
[!] Error while loading ntoskrnl.exe, NTSTATUS (0x%lX)
[+] Ntoskrnl.exe mapped at 0x%llX
[!] Cannot write payload to the registry, abort
ExAllocatePool
ExFreePool
PsCreateSystemThread
IofCompleteRequest
ZwClose
ZwOpenKey
ZwQueryValueKey
DbgPrint
[+] Bootstrap code size = 0x%lX
[!] Bootstrap code size exceeds limit, abort
KDUMapDriver
[+] Victim driver map attempt %lu of %lu
[+] Victim driver loaded, handle %p
[!] Could not load victim driver, GetLastError %lu
[+] Reading FILE_OBJECT at 0x%llX
[!] Could not read FILE_OBJECT at 0x%llX
[+] Reading DEVICE_OBJECT at 0x%p
[!] Could not read DEVICE_OBJECT at 0x%p
[+] Reading DRIVER_OBJECT at 0x%p
[!] Could not read DRIVER_OBJECT at 0x%p
[!] Physical address is not within same/next page, reload victim driver
[!] Too many reloads, abort
[+] Victim IRP_MJ_DEVICE_CONTROL 0x%llX
[+] Victim DriverUnload 0x%p
[!] Error writing shellcode to the target driver, abort
[+] Driver IRP_MJ_DEVICE_CONTROL handler code modified
[+] Run shellcode
[!] Error while building shellcode, abort
[!] Error preloading victim driver, abort
[+] Victim driver unloaded
KDUProcessCommandLine
[!] Input file not found
[?] No parameters specified or command not recognized, see Usage for help
[?] Usage: kdu Mode [Provider][Command]
Parameters:
kdu -prv id       - optional parameter, provider id, default 0
kdu -ps pid       - disable ProtectedProcess for given pid
kdu -map filename - map driver to the kernel and execute it entry point
kdu -list         - list available providers
KDUMain
[!] Another instance running, close it before
[!] Unsupported WinNT version
[*] Windows version: %u.%u build %u
enabled
disabled
[*] SecureBoot is %s on this machine
[*] Windows HVCI mode detected
[+] Kernel Driver Utility v1.0.0 started, (c) 2020 KDU Project
[+] Supported x64 OS: Windows 7 and above
[!] Unhandled exception 0x%lx
KDUProvList
Provider # %lu
%ws, DriverName "%ws", DeviceName "%ws"
HVCI support: %s
WHQL signature: %s
Maximum Windows build undefined, no restrictions
Maximum supported Windows build: 0x%lX
[!] Vulnerable driver already loaded
[!] Driver resource id not found %lu
[+] Extracting vulnerable driver as "%ws"
[!] Unable to extract vulnerable driver, NTSTATUS (0x%lX)
[+] Vulnerable driver "%ws" loaded
[!] Unable to load vulnerable driver, NTSTATUS (0x%lX)
[!] Unable to open vulnerable driver, NTSTATUS (0x%lX)
[+] Vulnerable driver opened
[!] Unable to unload vulnerable driver, NTSTATUS (0x%lX)
[+] Vulnerable driver unloaded
[+] Vulnerable driver file removed
KDUProviderCreate
[+] Provider: Desciption %ws, Name "%ws"
[!] Abort: selected provider does not support HVCI
[!] Abort: selected provider does not support this Windows NT build
[!] Abort: selected provider does not support arbitrary kernel read/write or
KDU interface is not implemented for these methods
[!] Abort: SeDebugPrivilege is not assigned! NTSTATUS (0x%lX)
[!] Abort: SeLoadDriverPrivilege is not assigned! NTSTATUS (0x%lX)
[!] Coult not register driver, GetLastError %lu
PsProtectedTypeNone
PsProtectedTypeProtectedLight
PsProtectedTypeProtected
Unknown Type
PsProtectedSignerNone
PsProtectedSignerAuthenticode
PsProtectedSignerCodeGen
PsProtectedSignerAntimalware
PsProtectedSignerLsa
PsProtectedSignerWindows
PsProtectedSignerWinTcb
PsProtectedSignerWinSystem
PsProtectedSignerApp
Unknown Value
KDUControlProcess
[+] Process with PID %llu opened (PROCESS_QUERY_LIMITED_INFORMATION)
[+] Process object (EPROCESS) found, 0x%llX
[!] Unsupported WinNT version
[+] EPROCESS->PS_PROTECTION, 0x%llX
[+] Kernel memory read succeeded
PsProtection->Type: %lu (%s)
PsProtection->Audit: %lu
PsProtection->Signer: %lu (%s)
[+] Process object modified
New PsProtection->Type: %lu (%s)
New PsProtection->Signer: %lu (%s)
New PsProtection->Audit: %lu
[!] Cannot modify process object
[!] Cannot read kernel memory
[!] Cannot query process object
[!] Cannot open target process, NTSTATUS (0x%lX)
[!] Victim driver already loaded, force reload
[!] Attempt to unload %ws
[!] Could not force unload victim, NTSTATUS(0x%lX) abort
[+] Previous instance of victim driver unloaded
[+] Extracting victim driver "%ws" as "%ws"
[!] Could not extract victim driver, NTSTATUS(0x%lX) abort
GetLastError
VirtualFree
VirtualAlloc
SetLastError
VirtualUnlock
VirtualLock
HeapSetInformation
GetModuleHandleW
DeleteFileW
GetCommandLineW
GetSystemInfo
GetCurrentProcessId
GetFirmwareEnvironmentVariableW
KERNEL32.dll
RegOpenKeyW
RegCloseKey
RegSetKeyValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
ADVAPI32.dll
RtlInitUnicodeString
LdrLoadDll
RtlImageNtHeader
NtClose
NtDeviceIoControlFile
RtlNtStatusToDosError
RtlGetVersion
RtlDoesFileExists_U
NtOpenProcess
NtAdjustPrivilegesToken
NtOpenProcessToken
LdrGetProcedureAddress
RtlAllocateHeap
NtQuerySystemInformation
NtWriteFile
NtUnloadDriver
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
LdrFindResource_U
NtFlushBuffersFile
NtOpenDirectoryObject
RtlExpandEnvironmentStrings
NtQueryDirectoryObject
RtlFreeHeap
RtlInitString
NtCreateFile
RtlSetLastWin32Error
NtLoadDriver
LdrAccessResource
ntdll.dll
ApplyDeltaB
DeltaFree
msdelta.dll
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
GetCommandLineA
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
CloseHandle
CreateFileW
WriteConsoleW
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
[RRRR[[[[w|w
@@@@AI@@@@LB@@@@@@@@ODS@@@DWC\@`@@@@@@@@@@@@@@dfnk@@jF@@DF@@[D@@
r8FgCo=k
`Gova'rB?Q
TVTBgR'
dAOZUN
Gy2gKlG
AYdW0cwtV
XVSK^M{mC%
nwE!zub9E
ZeGJlb]
qFjKOQ
KHR<%e|LA
tndwtH*
vJwKzU
HHHHHy
BBBBBv
AAAAACy
gccccccc
YXYYXXYV
VSSSSSWs
NLLLNL
IIIIIKx
FHHHHb
BBBBBBq
AAAAAAu
FFFFFFF5C4FFFFFFFFFF-@"
=,A8FFFFFF
%FFFFFF
:FFFFFF
?FFFFFF
E2FFFFF
6FFFFFF
FFFFFFFFFF
FFFFFFF
WUKlKL
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='requireAdministrator' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>