OHPen
January 7th, 2006, 11:47
Hoi,
actually im messing aroung with themdia. As most of you guys know Themida is using oreans.sys or oreans32.sys as device driver to hook some API's and doing some antidebug stuff, etc.
I'm interested in recode this *.sys completly.
Actually im reading "THE FUCK A LOT" in windows driver development kit docu.
First i will try to determine what kind of driver i need.
As written in ddk docu:
There are three kinds of WDM drivers:
Bus drivers, which drive an I/O bus and provide per-slot functionality that is device-independent.
Function drivers, which drive an individual device.
Filter drivers, which filter I/O requests for a device, a class of devices, or a bus.
These three driver types are seperated.
If i follow myself i would swear i have to code a function driver, but im not sure atm. Can someone cover my assumption ?
Thanks for your help,
OHPen aka PAPiLLiON
actually im messing aroung with themdia. As most of you guys know Themida is using oreans.sys or oreans32.sys as device driver to hook some API's and doing some antidebug stuff, etc.
I'm interested in recode this *.sys completly.
Actually im reading "THE FUCK A LOT" in windows driver development kit docu.
First i will try to determine what kind of driver i need.
As written in ddk docu:
There are three kinds of WDM drivers:
Bus drivers, which drive an I/O bus and provide per-slot functionality that is device-independent.
Function drivers, which drive an individual device.
Filter drivers, which filter I/O requests for a device, a class of devices, or a bus.
These three driver types are seperated.
If i follow myself i would swear i have to code a function driver, but im not sure atm. Can someone cover my assumption ?
Thanks for your help,
OHPen aka PAPiLLiON