NeO
August 17th, 2005, 21:32
Is there any way to protect or crypt *.sys files with any tool??So it would run like normal driver ,when windows load it..just that wouldNt be able to disasmble...
thx NeO
thx NeO
View Full Version : *.sys FIleS
Admiral
August 18th, 2005, 09:56
BS Warning Edit: Apparently this post is nonsense. So, err... proceed with caution.
Just from poking around my \system32 folder with a hex editor & disassembler, it seems that .sys drivers are PE binaries just like any other .exe or .dll. They have an entry point (although I couldn't find it by EP in the Dependency Walker), which I presume is executed just as DllMain would be. So I guess they can be packed in much the same way as any old DLL.
I can't say I've ever seen it done, but without having looked too hard (and I really haven't) I don't see why it couldn't be.
Get hold of a generic packer or two (perhaps something like UPX). See first if you can get the file compressed. If that works then you should be able to use something a bit more anticrack based such as Armadillo or Execryptor. You'll probably need to do a little 'customisation' on the headers to make your packer think it's a file it knows how to deal with, though, as I haven't seen a binary crypter that supports driver files.
Good luck
Admiral
Just from poking around my \system32 folder with a hex editor & disassembler, it seems that .sys drivers are PE binaries just like any other .exe or .dll. They have an entry point (although I couldn't find it by EP in the Dependency Walker), which I presume is executed just as DllMain would be. So I guess they can be packed in much the same way as any old DLL.
I can't say I've ever seen it done, but without having looked too hard (and I really haven't) I don't see why it couldn't be.
Get hold of a generic packer or two (perhaps something like UPX). See first if you can get the file compressed. If that works then you should be able to use something a bit more anticrack based such as Armadillo or Execryptor. You'll probably need to do a little 'customisation' on the headers to make your packer think it's a file it knows how to deal with, though, as I haven't seen a binary crypter that supports driver files.
Good luck
Admiral
dELTA
August 18th, 2005, 10:32
No, you cannot normally pack sys-files with normal ring 3 application packers. Sys-files are normally drivers, and hence, quite different code is needed for the unpacking stub than in normal ring 3 application executables.
There does indeed exist driver packers though, so yes, it is very much possible, you just need specialized code for it.
There does indeed exist driver packers though, so yes, it is very much possible, you just need specialized code for it.
NeO
August 18th, 2005, 13:37
Delta do you maybe know driver packers name?? Looks like Pe but its not the same way of protecting it
dELTA
August 18th, 2005, 17:34
Hmm, I don't know any product or company names right off the top of my head, but I've seen at least two different ones personally, and I'm quite sure at least one of them have been mentioned here on the board too.
NeO
August 19th, 2005, 04:00
More or less i am looking for app since i was googling for long time and i gave up on since i didnt find anything that would do a job or be usefull to me....
SO if you can remember app name or like from here would be appreciated.. thx
bye NeO
SO if you can remember app name or like from here would be appreciated.. thx
bye NeO
dELTA
August 20th, 2005, 07:54
I cannot seem to find these or any other either (very high noise-level on searches for this subject, at least with all the search queries I could think of for the moment 
), anyone else?
), anyone else?Webring
August 29th, 2005, 13:59
execryptor *does crypt .vxds(9x drivers) and .sys(nt+ driver) files 
also anyone looked at new version of execryptor? i been trying to crack it for awhile, like a maze of shit
also anyone looked at new version of execryptor? i been trying to crack it for awhile, like a maze of shitsouz
September 20th, 2005, 05:22
VmProtect an be used to protect any sys file.
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.