Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   sys packer (https://forum.exetools.com/showthread.php?t=13986)

emptyHook 01-10-2012 02:17
sys packer
 
hi,

Looking for a drivers (sys-files) packer. Found nothing yet. Can anybody help with any links (theoretical material maybe)?

will be really appreciate for any help.

orfei 01-10-2012 03:13
VMProtect support .sys file packing.

emptyHook 01-10-2012 04:20
only VMProtect, nothing else?

Ember 01-11-2012 09:45
Code Virtualizer will VM them but no packing.

memcpy 01-11-2012 23:57
TDL malware .sys drivers are packed, but this packer is probably private.

SLV 03-24-2012 07:36
There is nothing difficult to pack sys images. But there are a few rules: the result should have a valid OptionalHeader.Checksum (MapFileAndCheckSum), take a look for sections attributes (if the section is non paged, use NonPagedPool for avoid BSOD), kernelmode SEH's are work only if exception handler points to code section (if your packer will move original image somewhere), MmGetSystemRoutineAddress doesn't work with NDIS API's, etc.

OHPen 07-24-2012 19:46
I also recommend code virtualizer. its doing a quite nice job.


All times are GMT +8. The time now is 11:43.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX