NeO
08-17-2005, 10:32 PM
Is there any way to protect or crypt *.sys files with any tool??So it would run like normal driver ,when windows load it..just that wouldNt be able to disasmble...
thx NeO
thx NeO
View Full Version : *.sys FIleS
Admiral
08-18-2005, 10:56 AM
BS Warning Edit: Apparently this post is nonsense. So, err... proceed with caution.
Just from poking around my \system32 folder with a hex editor & disassembler, it seems that .sys drivers are PE binaries just like any other .exe or .dll. They have an entry point (although I couldn't find it by EP in the Dependency Walker), which I presume is executed just as DllMain would be. So I guess they can be packed in much the same way as any old DLL.
I can't say I've ever seen it done, but without having looked too hard (and I really haven't) I don't see why it couldn't be.
Get hold of a generic packer or two (perhaps something like UPX). See first if you can get the file compressed. If that works then you should be able to use something a bit more anticrack based such as Armadillo or Execryptor. You'll probably need to do a little 'customisation' on the headers to make your packer think it's a file it knows how to deal with, though, as I haven't seen a binary crypter that supports driver files.
Good luck
Admiral
Just from poking around my \system32 folder with a hex editor & disassembler, it seems that .sys drivers are PE binaries just like any other .exe or .dll. They have an entry point (although I couldn't find it by EP in the Dependency Walker), which I presume is executed just as DllMain would be. So I guess they can be packed in much the same way as any old DLL.
I can't say I've ever seen it done, but without having looked too hard (and I really haven't) I don't see why it couldn't be.
Get hold of a generic packer or two (perhaps something like UPX). See first if you can get the file compressed. If that works then you should be able to use something a bit more anticrack based such as Armadillo or Execryptor. You'll probably need to do a little 'customisation' on the headers to make your packer think it's a file it knows how to deal with, though, as I haven't seen a binary crypter that supports driver files.
Good luck
Admiral
dELTA
08-18-2005, 11:32 AM
No, you cannot normally pack sys-files with normal ring 3 application packers. Sys-files are normally drivers, and hence, quite different code is needed for the unpacking stub than in normal ring 3 application executables.
There does indeed exist driver packers though, so yes, it is very much possible, you just need specialized code for it.
There does indeed exist driver packers though, so yes, it is very much possible, you just need specialized code for it.
NeO
08-18-2005, 02:37 PM
Delta do you maybe know driver packers name?? Looks like Pe but its not the same way of protecting it
dELTA
08-18-2005, 06:34 PM
Hmm, I don't know any product or company names right off the top of my head, but I've seen at least two different ones personally, and I'm quite sure at least one of them have been mentioned here on the board too.
NeO
08-19-2005, 05:00 AM
More or less i am looking for app since i was googling for long time and i gave up on since i didnt find anything that would do a job or be usefull to me....
SO if you can remember app name or like from here would be appreciated.. thx
bye NeO
SO if you can remember app name or like from here would be appreciated.. thx
bye NeO
dELTA
08-20-2005, 08:54 AM
I cannot seem to find these or any other either (very high noise-level on searches for this subject, at least with all the search queries I could think of for the moment 
), anyone else?
), anyone else?Webring
08-29-2005, 02:59 PM
execryptor *does crypt .vxds(9x drivers) and .sys(nt+ driver) files 
also anyone looked at new version of execryptor? i been trying to crack it for awhile, like a maze of shit
also anyone looked at new version of execryptor? i been trying to crack it for awhile, like a maze of shitsouz
09-20-2005, 06:22 AM
VmProtect an be used to protect any sys file.
vBulletin® v3.7.4, Copyright ©2000-2008, Jelsoft Enterprises Ltd.