Go Back   Exetools > General > General Discussion


Thread Tools Display Modes
Prev Previous Post   Next Post Next
Old 03-31-2005, 23:20
pp2 pp2 is offline
Join Date: Jan 2002
Posts: 59
Rept. Given: 1
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 1
Thanks Rcvd at 16 Times in 12 Posts
pp2 Reputation: 2
Question Windows Drivers (.sys) packing/protection

Hello everybody.
I wonder why there are no popular (public?) packers/protectors for windows drivers (.sys files)? Maybe this is not possible for all types of drivers (but I don't think so)? Maybe this is not useful (again I disagree)?

First approach seems to be straight: packing/ciphering code/data, import table (!), creating small loader which allocs paged and non-paged memory (since drivers can be swapped out) and unpacks code/data there, setup import, and then run driver as usual (call DriverEntry).
For small drivers it is possible to mark all sections as non-paged and pack/cipher them in file, DriverEntry will unpack pages in place. Maybe there are some other ways to protect drivers?

AFAIK, StarForce3 drivers are protected, ExeCrypt can protect WDM drivers (when registered), etc., so this is possible, and packer/protector can exist or can be written. Any links to other existing drivers packers/protectors?

Your ideas?
Reply With Quote
The Following User Says Thank You to pp2 For This Useful Post:
Indigo (07-19-2019)

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
FSFilter drivers in Windows 10 biorpg x64 OS 8 06-25-2020 18:33

All times are GMT +8. The time now is 16:56.

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )