Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Patching in your own kernel signing certificate
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #7  
Old 09-26-2024, 01:42
chants chants is offline
VIP
  
Join Date: Jul 2016
Posts: 826
Rept. Given: 47
Rept. Rcvd 50 Times in 31 Posts
Thanks Given: 737
Thanks Rcvd at 1,140 Times in 529 Posts
chants Reputation: 51
So this is implying the certificate manager API is useless in context of AuthentiCode certs? I assumed that as long as the TRCA has it and Trusted Publishers, you would be good, but i think this changed some years back.

So presumably Microsoft maintains TRCA, Trusted Publishers, revocations for Authenticide on kernel drivers in some hard coded way in the loader or near it at least. The question of where exactly is definetly an interesting one, though with memory integrity and signature checks on load, it won't be easy to patch the OS kernel. Doesn't look like an elegant solution exists beyond using test certificates in test signing mode.
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Signing a Windows Kernel driver without using Microsoft Stingered General Discussion 21 02-17-2023 22:09
Hades:Windows kernel driver lets reverse engineers monitor user and kernel mode code sh3dow Source Code 0 05-12-2016 03:15


All times are GMT +8. The time now is 12:07.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )