驱动程序代理以避免在 Windows 上重复进行代码签名

发布于 2024-09-08 00:42:58 字数 264 浏览 7 评论 0原文

Windows 上的驱动程序应进行签名并提交给 Microsoft 进行代码签名,这是 64 位系统的要求。问题是,当你必须更新驱动程序时,你必须再次提交,每个版本一次。

是否可以构建某种代理或填充驱动程序,以便我只需签名并提交一次,然后将我的代码放在单独的模块中?

当然,我不能只移动 DLL 中的工作代码,因为动态加载的模块也必须进行签名才能在 64 位内核模式下执行。如果我将代码放入原始文件中,将其加载到内存中(在启用执行标志的情况下分配)然后执行它会怎样?还有其他想法吗?

Drivers on Windows should be signed and submitted to Microsoft for code signing and this is a requirement for 64 bit systems. The problem is that, when you have to update the driver, you have to submit it again, once for every release.

Is possible to build some kind of proxy or shim driver so that I have to sign and submit it only once, and then have my code in a separate module?

Of course I can't just move the working code in a DLL, as also dynamically loaded modules have to be signed in order to being executed in 64 bit kernel mode. What if I put my code in a raw file, load it in memory (allocated with execution flag enabled) and then execute it? Other ideas?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

岛徒 2024-09-15 00:42:58

您不必向 Microsoft 提交驱动程序。您必须使用交叉签名证书来签署您的驱动程序。这样你会得到一个导航屏幕,但这并不是禁止的!

为了做你想做的事,有过几次尝试。这些是“勉强”容忍的,但这些驱动程序可能随时被禁止。 (通过撤销您的签名)

该过程非常简单:

  1. 加载签名的驱动程序。
  2. 提供一个IoControl,用户模式程序可以在其中将内存发送到内核。
  3. 改变这块内存的执行位,就调用这块内存中的一个地址。

You don't have to submit a driver to Microsoft. You have to sign your driver with a cross-signing-certificate. You will get a nag screen this way, but this is not forbidden!

There were (are) several attempts to do just what you want to do. These are 'barely' tolerated, but these drivers may be banned at any time. (By revoking your signature)

The process is very easy :

  1. Load the signed driver.
  2. Provide a IoControl in which user mode programs can send memory to the kernel.
  3. Change the execute bit of this memory, and just call an address in this memory.
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文