|
There is nothing difficult to pack sys images. But there are a few rules: the result should have a valid OptionalHeader.Checksum (MapFileAndCheckSum), take a look for sections attributes (if the section is non paged, use NonPagedPool for avoid BSOD), kernelmode SEH's are work only if exception handler points to code section (if your packer will move original image somewhere), MmGetSystemRoutineAddress doesn't work with NDIS API's, etc.
|