Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page sys packer
Register Forum Rules FAQ Calendar

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-10-2012, 02:17
emptyHook
 
Posts: n/a
sys packer
hi,

Looking for a drivers (sys-files) packer. Found nothing yet. Can anybody help with any links (theoretical material maybe)?

will be really appreciate for any help.
Reply With Quote
  #2  
Old 01-10-2012, 03:13
orfei orfei is offline
Family
  
Join Date: Aug 2010
Posts: 138
Rept. Given: 33
Rept. Rcvd 77 Times in 48 Posts
Thanks Given: 15
Thanks Rcvd at 117 Times in 53 Posts
orfei Reputation: 77
VMProtect support .sys file packing.
Reply With Quote
  #3  
Old 01-10-2012, 04:20
emptyHook
 
Posts: n/a
only VMProtect, nothing else?
Reply With Quote
  #4  
Old 01-11-2012, 09:45
Ember Ember is offline
Friend
  
Join Date: Feb 2009
Posts: 84
Rept. Given: 68
Rept. Rcvd 25 Times in 15 Posts
Thanks Given: 36
Thanks Rcvd at 78 Times in 33 Posts
Ember Reputation: 25
Code Virtualizer will VM them but no packing.
Reply With Quote
  #5  
Old 01-11-2012, 23:57
memcpy memcpy is offline
Friend
  
Join Date: Nov 2011
Posts: 22
Rept. Given: 6
Rept. Rcvd 10 Times in 8 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
memcpy Reputation: 10
TDL malware .sys drivers are packed, but this packer is probably private.
Reply With Quote
  #6  
Old 03-24-2012, 07:36
SLV SLV is offline
Friend
  
Join Date: May 2005
Posts: 62
Rept. Given: 3
Rept. Rcvd 4 Times in 3 Posts
Thanks Given: 5
Thanks Rcvd at 2 Times in 2 Posts
SLV Reputation: 4
There is nothing difficult to pack sys images. But there are a few rules: the result should have a valid OptionalHeader.Checksum (MapFileAndCheckSum), take a look for sections attributes (if the section is non paged, use NonPagedPool for avoid BSOD), kernelmode SEH's are work only if exception handler points to code section (if your packer will move original image somewhere), MmGetSystemRoutineAddress doesn't work with NDIS API's, etc.
Reply With Quote
The Following 2 Users Gave Reputation+1 to SLV For This Useful Post:
Ember (03-31-2012)
  #7  
Old 07-24-2012, 19:46
OHPen's Avatar
OHPen OHPen is offline
Friend
  
Join Date: Aug 2003
Location: lost in code...
Posts: 92
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
OHPen Reputation: 0
I also recommend code virtualizer. its doing a quite nice job.
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
New Packer Kyrios General Discussion 3 11-11-2005 16:00
Another .NET packer SystemeD General Discussion 5 09-19-2005 22:04
First .NET packer? SystemeD General Discussion 16 06-05-2005 15:15
What packer would you use Fade General Discussion 35 04-03-2004 12:01


All times are GMT +8. The time now is 20:20.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )