EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 03-31-2005, 23:20
pp2 pp2 is offline
Friend
 
Join Date: Jan 2002
Posts: 48
Rept. Given: 1
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 0
Thanks Rcvd at 4 Times in 3 Posts
pp2 Reputation: 1
Question Windows Drivers (.sys) packing/protection

Hello everybody.
I wonder why there are no popular (public?) packers/protectors for windows drivers (.sys files)? Maybe this is not possible for all types of drivers (but I don't think so)? Maybe this is not useful (again I disagree)?

First approach seems to be straight: packing/ciphering code/data, import table (!), creating small loader which allocs paged and non-paged memory (since drivers can be swapped out) and unpacks code/data there, setup import, and then run driver as usual (call DriverEntry).
For small drivers it is possible to mark all sections as non-paged and pack/cipher them in file, DriverEntry will unpack pages in place. Maybe there are some other ways to protect drivers?

AFAIK, StarForce3 drivers are protected, ExeCrypt can protect WDM drivers (when registered), etc., so this is possible, and packer/protector can exist or can be written. Any links to other existing drivers packers/protectors?

Your ideas?
Reply With Quote
  #2  
Old 03-31-2005, 23:56
Cobi Cobi is offline
Friend
 
Join Date: Sep 2004
Location: Germany
Posts: 55
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
Cobi Reputation: 0
High Effort and low Request!?
I mean, you wont find many Drivers that need Protection.
(Except the Drivers of Protection Software, but they are mostly custom protected)
Reply With Quote
  #3  
Old 04-02-2005, 17:16
Eskimobob
 
Posts: n/a
I agree with Cobi on this one. Generally most drivers are created for redistrobution. If you want your device to work most of the time you don't want to invest the money in stopping other people from decompiling it.
For the hardware that really needs the protection, then generally I'd think you wouldn't be able to normally get your hands on it. Also, whybother care if people decompiles it? Most of the time people optimize the drivers and leave it opensource. The dev goes and steals the code. It's helping them in the end.
Reply With Quote
  #4  
Old 04-11-2005, 15:55
s0cpy s0cpy is offline
Friend
 
Join Date: Jul 2004
Posts: 30
Rept. Given: 10
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
s0cpy Reputation: 0
dermatolog (author of vmprotect) asked me to write this:
VmProtect can handle .sys files, it also updates the checksum in PE header.
So, feel free to use it to protect your drivers. One commercial application already uses it.
Reply With Quote
  #5  
Old 04-14-2005, 09:02
firstrose
 
Posts: n/a
Why not play tricks yourself?

Remember that you're in ring0.

So far as I know,XPR has smc in it's driver.It's not done by protectors,I think...
Reply With Quote
  #6  
Old 04-14-2005, 14:15
peleon peleon is offline
Friend
 
Join Date: Sep 2003
Posts: 174
Rept. Given: 0
Rept. Rcvd 7 Times in 1 Post
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
peleon Reputation: 7
Interesting VMprotect....

Still no english version? I have tried the russian version but I dont even manage to protect a file. I think I have touched all menus with no success (well, I'm blind in a russian user interface even with no russian fonts installed )
Reply With Quote
  #7  
Old 04-14-2005, 14:44
spokey
 
Posts: n/a
In the request section you will find a link to the english version, but i still dont understand anything about vmprotect even not in english.
Im probebly 2 dumb
Reply With Quote
  #8  
Old 04-14-2005, 16:13
s0cpy s0cpy is offline
Friend
 
Join Date: Jul 2004
Posts: 30
Rept. Given: 10
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
s0cpy Reputation: 0
Quote:
Originally Posted by peleon
Interesting VMprotect....
Still no english version?
just tried vmprotect 1.01 - english language is default.
Quote:
Originally Posted by spokey
but i still dont understand anything about vmprotect even not in english.
brief course:
1) open file (.exe/.dll/.sys/.whatever)
2) project->new procedure. enter start address of the proc.
3) project->compilation

have fun
Reply With Quote
  #9  
Old 04-15-2005, 11:49
Android
 
Posts: n/a
I think this is the main page of this software:

http://www.polytech.ural.ru/

Regards,
Android.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
FSFilter drivers in Windows 10 biorpg x64 OS 4 04-04-2019 18:57


All times are GMT +8. The time now is 20:30.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX