Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Windows Drivers (.sys) packing/protection (https://forum.exetools.com/showthread.php?t=7254)

pp2 03-31-2005 23:20

Windows Drivers (.sys) packing/protection
Hello everybody.
I wonder why there are no popular (public?) packers/protectors for windows drivers (.sys files)? Maybe this is not possible for all types of drivers (but I don't think so)? Maybe this is not useful (again I disagree)?

First approach seems to be straight: packing/ciphering code/data, import table (!), creating small loader which allocs paged and non-paged memory (since drivers can be swapped out) and unpacks code/data there, setup import, and then run driver as usual (call DriverEntry).
For small drivers it is possible to mark all sections as non-paged and pack/cipher them in file, DriverEntry will unpack pages in place. Maybe there are some other ways to protect drivers?

AFAIK, StarForce3 drivers are protected, ExeCrypt can protect WDM drivers (when registered), etc., so this is possible, and packer/protector can exist or can be written. Any links to other existing drivers packers/protectors?

Your ideas?

Cobi 03-31-2005 23:56

High Effort and low Request!?
I mean, you wont find many Drivers that need Protection.
(Except the Drivers of Protection Software, but they are mostly custom protected)

Eskimobob 04-02-2005 17:16

I agree with Cobi on this one. Generally most drivers are created for redistrobution. If you want your device to work most of the time you don't want to invest the money in stopping other people from decompiling it.
For the hardware that really needs the protection, then generally I'd think you wouldn't be able to normally get your hands on it. Also, whybother care if people decompiles it? Most of the time people optimize the drivers and leave it opensource. The dev goes and steals the code. It's helping them in the end.

s0cpy 04-11-2005 15:55

dermatolog (author of vmprotect) asked me to write this:
VmProtect can handle .sys files, it also updates the checksum in PE header.
So, feel free to use it to protect your drivers. One commercial application already uses it.

firstrose 04-14-2005 09:02

Why not play tricks yourself?

Remember that you're in ring0.

So far as I know,XPR has smc in it's driver.It's not done by protectors,I think...

peleon 04-14-2005 14:15

Interesting VMprotect....

Still no english version? I have tried the russian version but I dont even manage to protect a file. I think I have touched all menus with no success (well, I'm blind in a russian user interface even with no russian fonts installed :))

spokey 04-14-2005 14:44

In the request section you will find a link to the english version, but i still dont understand anything about vmprotect even not in english.
Im probebly 2 dumb :)

s0cpy 04-14-2005 16:13


Originally Posted by peleon
Interesting VMprotect....
Still no english version?

just tried vmprotect 1.01 - english language is default.

Originally Posted by spokey
but i still dont understand anything about vmprotect even not in english.

brief course:
1) open file (.exe/.dll/.sys/.whatever)
2) project->new procedure. enter start address of the proc.
3) project->compilation

have fun

Android 04-15-2005 11:49

I think this is the main page of this software:



All times are GMT +8. The time now is 09:32.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2021, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX