|
I don't understand why device drivers are very hard to break...
I think that it's very hard to unpack "some" device drivers.Only that.
For example:
Any device driver (NT) is a SYS file. If you have the SYS file unpacked, then you can reverse (using IDA or other) when you reboot your SO in safe mode.
You can modify all the protection in the sys file (debugger detection, CRC,etc...). When you disable debugger detection, you can use your ring 0 debug. I know it's a hard job but I think it's not very very hard.
Regards
|