#1
|
|||
|
|||
Windows Drivers (.sys) packing/protection
Hello everybody.
I wonder why there are no popular (public?) packers/protectors for windows drivers (.sys files)? Maybe this is not possible for all types of drivers (but I don't think so)? Maybe this is not useful (again I disagree)? First approach seems to be straight: packing/ciphering code/data, import table (!), creating small loader which allocs paged and non-paged memory (since drivers can be swapped out) and unpacks code/data there, setup import, and then run driver as usual (call DriverEntry). For small drivers it is possible to mark all sections as non-paged and pack/cipher them in file, DriverEntry will unpack pages in place. Maybe there are some other ways to protect drivers? AFAIK, StarForce3 drivers are protected, ExeCrypt can protect WDM drivers (when registered), etc., so this is possible, and packer/protector can exist or can be written. Any links to other existing drivers packers/protectors? Your ideas? |
The Following User Says Thank You to pp2 For This Useful Post: | ||
Indigo (07-19-2019) |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
FSFilter drivers in Windows 10 | biorpg | x64 OS | 8 | 06-25-2020 18:33 |