vulnerable driver, CorMem.dll is the wrapper for the driver. you can load it into your local process and use the exported functions to communicate to the driver.
Name Address Ordinal
CorMemAllocBuffer 0000000180001430 1
CorMemAllocBuffer64Ex 0000000180001450 2
CorMemAllocBufferEx 0000000180001550 3
CorMemAllocBufferExEx 0000000180001560 4
CorMemAllocMsg 0000000180001660 5
CorMemAllocMsgEx 0000000180001680 6
CorMemAllocPhysMemory 0000000180001780 7
CorMemCreateMdlAndLockForVirtualBuffer 0000000180001940 8
CorMemFreeBuffer 0000000180001A30 9
CorMemFreeMsg 0000000180001AF0 10
CorMemFreePhysMemory 0000000180001B00 11
CorMemGetBuffer64MemStatus 0000000180001BB0 12
CorMemGetBufferMemStatus 0000000180001CC0 13
CorMemGetMessagingBoundaryUser 0000000180001DC0 14
CorMemGetMsgMemStatus 0000000180001E40 15
CorMemGetPhysMemory 0000000180001F40 16
CorMemGetPhysMemory_64 0000000180002030 17
CorMemGetPoolBlockCount 0000000180002120 18
CorMemLinearToPhys 00000001800023C0 19
CorMemLockSGBuffer 0000000180002460 20
CorMemMapBuffer 0000000180002570 21
CorMemMapBufferEx 0000000180002580 22
CorMemMapKernelToPhys 0000000180002680 23
CorMemMapKernelToUser 00000001800026E0 24
CorMemMapPhysMemory 0000000180002740 25
CorMemMapPhysToKernel 0000000180002810 26
CorMemMapPhysToUser 0000000180002870 27
CorMemMapPool 00000001800028D0 28
CorMemMapUserToKernel 00000001800029E0 29
CorMemMapUserToPhys 0000000180002A40 30
CorMemReadIo 0000000180002AA0 31
CorMemUnlockAllSGBuffer 0000000180002B90 32
CorMemUnlockSGBuffer 0000000180002C10 33
CorMemUnmapBuffer 0000000180002CB0 34
CorMemUnmapPhysMemory 0000000180002D50 35
CorMemWriteIo 0000000180002E10 36
DllEntryPoint 00000001800034DC [main entry]
