I am writing a mini-filter driver and I need to check the signature of a PE file in it. I know how to do it in user mode and it works fine. Now I need to do the same in my driver, I am clueless. Any suggestions on how to verify PE signatures in kernel mode?
Thanks in advance. Can you provide any solution.
It looks like you're new here. If you want to get involved, click one of these buttons!
|Upcoming OSR Seminars|
|Developing Minifilters||29 July 2019||OSR Seminar Space|
|Writing WDF Drivers||23 Sept 2019||OSR Seminar Space|
|Kernel Debugging||21 Oct 2019||OSR Seminar Space|
|Internals & Software Drivers||18 Nov 2019||Dulles, VA|