|
#1
|
|||
|
|||
Windows Drivers (.sys) packing/protection
Hello everybody.
I wonder why there are no popular (public?) packers/protectors for windows drivers (.sys files)? Maybe this is not possible for all types of drivers (but I don't think so)? Maybe this is not useful (again I disagree)? First approach seems to be straight: packing/ciphering code/data, import table (!), creating small loader which allocs paged and non-paged memory (since drivers can be swapped out) and unpacks code/data there, setup import, and then run driver as usual (call DriverEntry). For small drivers it is possible to mark all sections as non-paged and pack/cipher them in file, DriverEntry will unpack pages in place. Maybe there are some other ways to protect drivers? AFAIK, StarForce3 drivers are protected, ExeCrypt can protect WDM drivers (when registered), etc., so this is possible, and packer/protector can exist or can be written. Any links to other existing drivers packers/protectors? Your ideas? |
The Following User Says Thank You to pp2 For This Useful Post: | ||
Indigo (07-19-2019) |
#2
|
|||
|
|||
High Effort and low Request!?
I mean, you wont find many Drivers that need Protection. (Except the Drivers of Protection Software, but they are mostly custom protected) |
The Following User Says Thank You to Cobi For This Useful Post: | ||
Indigo (07-19-2019) |
#3
|
|||
|
|||
I agree with Cobi on this one. Generally most drivers are created for redistrobution. If you want your device to work most of the time you don't want to invest the money in stopping other people from decompiling it.
For the hardware that really needs the protection, then generally I'd think you wouldn't be able to normally get your hands on it. Also, whybother care if people decompiles it? Most of the time people optimize the drivers and leave it opensource. The dev goes and steals the code. It's helping them in the end. |
#4
|
|||
|
|||
dermatolog (author of vmprotect) asked me to write this:
VmProtect can handle .sys files, it also updates the checksum in PE header. So, feel free to use it to protect your drivers. One commercial application already uses it. |
The Following User Says Thank You to s0cpy For This Useful Post: | ||
Indigo (07-19-2019) |
#5
|
|||
|
|||
Why not play tricks yourself?
Remember that you're in ring0. So far as I know,XPR has smc in it's driver.It's not done by protectors,I think... |
#6
|
|||
|
|||
Interesting VMprotect....
Still no english version? I have tried the russian version but I dont even manage to protect a file. I think I have touched all menus with no success (well, I'm blind in a russian user interface even with no russian fonts installed ) |
The Following User Says Thank You to peleon For This Useful Post: | ||
Indigo (07-19-2019) |
#7
|
|||
|
|||
In the request section you will find a link to the english version, but i still dont understand anything about vmprotect even not in english.
Im probebly 2 dumb |
#8
|
|||
|
|||
Quote:
Quote:
1) open file (.exe/.dll/.sys/.whatever) 2) project->new procedure. enter start address of the proc. 3) project->compilation have fun |
The Following User Says Thank You to s0cpy For This Useful Post: | ||
Indigo (07-19-2019) |
#9
|
|||
|
|||
I think this is the main page of this software:
http://www.polytech.ural.ru/ Regards, Android. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
FSFilter drivers in Windows 10 | biorpg | x64 OS | 8 | 06-25-2020 18:33 |