0xDbgMan

0xDbgMan / DrvEye

Public

Static analysis & exploitation-triage toolkit for Windows kernel drivers. Discover IOCTLs, Symbolic Links, and check cert , and Downlaods BYOVD

89
14
100% credibility
Found Apr 29, 2026 at 89 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

DrvEye is a security toolkit that inspects Windows kernel drivers to determine load compatibility across configurations and identify IOCTL commands with potential exploit risks.

How It Works

1
🔍 Spot a mystery driver

You find a .sys file from an unknown source and wonder if it's safe to use on your Windows computer.

2
💻 Grab the safety checker

Download DrvEye, a free tool that inspects drivers, and set it up quickly on your machine.

3
📁 Pick your driver file

Tell the tool which driver file to examine so it can start looking inside.

4
🔬 Watch the deep check happen

The tool scans the driver to see if it loads safely and uncovers any hidden dangers or commands it responds to.

5
📋 Read the clear report

Get a simple summary showing if the driver works on your Windows setup, what it does, and any weak spots.

Make smart choices

Now you know the risks and have test files ready to safely poke the driver without surprises.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 89 to 89 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is DrvEye?

DrvEye is a Python-based static code analysis toolkit for triaging Windows kernel drivers (.sys files). Point it at a binary, and it delivers a load verdict across Win10/11 configs (Authenticode, WDAC, HVCI), uncovers IOCTL handlers via dispatch walks and emulation, classifies bugs and primitives like arbitrary RW or token theft, plus generates C PoCs, fuzzers, tracers, and IDA scripts. Solves the pain of manual driver RE by automating BYOVD analysis in seconds.

Why is it gaining traction?

Stands out with a per-config load matrix (not just yes/no), multi-strategy IOCTL discovery (tables, hashes, brute-force), and artifact generation like compilable exploits or PowerShell check scripts—no other static analysis tools bundle this for kernel drivers. Syncs live Microsoft blocklists and LOLDrivers intel via CLI flags, keeping verdicts fresh without stale snapshots. Developers dig the JSON exports and IDAPython annotations that accelerate workflows.

Who should use this?

Kernel reverse engineers auditing vendor drivers for vulns, red-teamers hunting BYOVD payloads, blue-team analysts blocking risky .sys files, or security researchers prepping CTFs with real exploits. Ideal for anyone doing static analysis techniques on Windows binaries who wants PoC-ready output over raw disassembly.

Verdict

Grab it for driver triage—89 stars and solid README make it usable now, despite 1.0% credibility signaling early maturity (expect rough edges, light tests). Run `--live-check --save-pocs driver.sys` to test; pairs well with IDA for deeper dives.

(187 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.