Quote:
|
Originally Posted by MarkusO
The PE-checksum will be your smallest problem if you plan to encrypt *.SYS files.
You must take care of what sections are loaded at which time, you must take care of the init callbacks, you will run into some big problems when trying to allocate memory and some other nasty problems. Just to name one, how do you plan to call LoadLibrary or GetProcAddres from Ring-0? KERNEL32 is not present and you can't use SEH to find the imports by trial and error.  |
I do not think make a PE checksum will encrypt the .sys file.
It only prevent some modifications.
Encrypt file can not be analyzed by static disassemble tool such as IDA pro.
And as we know, VMProtect can make protection on .sys file but not encrypt, even compress.