About
Articles
Book Store
Distributed RCE
Downloads
Event Calendar
Forums
Live Discussion
Reference Library
RSS Feeds
Search
Users
What's New
Customize Theme
bluegrey
blackgreen
metal
simple
Flag:
Tornado!
Hurricane!
Login:
Password:
Remember Me
Register
Blogs
>>
AlexIonescu
's Blog
Created: Friday, August 4 2006 18:26.29 CDT
Printer Friendly ...
Defeating driver signing...
Author:
AlexIonescu
# Views:
1701
I got sick on the eve of my flight to Vegas, so I missed BH, but I've heard that the 64-bit driver signing hack relies on forcing the kernel to pageout some code, then editing the pagefile.sys and letting the kernel page the code back in later.
I must say I'm extremly disappointed and I'm echoing Myria from pagetable.com
I'd also like to add that this first perfectly with my first post on this blog. The one about testing your exploit/code on SMP, various service packs, settings etc.
While I don't want to go into all the ways this can possibly break and seriously damage your data on SMP machines, I'm going to point out something even simpler. (Yes, I know it works on SMP, but a race condition can happen only 0.001% of the time).
I personally run Windows with a semi-hidden registry flag which disables paging of the kernel and loads it in memory. It's for machines with > 512MB, but it's a pretty good speed optimization since the kernel never gets paged out. So, how exactly will this hack work on my system? Oh, that's right, it won't.
And let's not talk about people that don't use pagefiles at all, or that are running in Live/Network mode without access to the disk.
So, kudos for the work, but I doubt this will be used by anything else then rootkits (which I guess was the point).
I really hope FOSS driver developers won't go anywhere this method in order to avoid driver signing. If you want to avoid driver signing, please use test sign mode.
Add New Comment
Comment:
There are
31,314
total registered users.
Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
hi!
Jul/01
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06
Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n
Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM
oleavr
Oct/24
Anatomy of a code tracer
hasherezade
Sep/24
IAT Patcher - new tool for ...
oleavr
Aug/27
CryptoShark: code tracer ba...
oleavr
Jun/25
Build a debugger in 5 minutes
More ...
Recent Blog Comments
nieo
on:
Mar/22
IAT Patcher - new tool for ...
djnemo
on:
Nov/17
Kernel debugger vs user mod...
acel
on:
Nov/14
Kernel debugger vs user mod...
pedram
on:
Dec/21
frida.github.io: scriptable...
capadleman
on:
Jun/19
Using NtCreateThreadEx for ...
More ...
Imagery
SoySauce Blueprint
Jun 6, 2008
[+] expand
View Gallery
(11) /
Submit
Printer Friendly ...
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}