Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging

The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.

Check out The OSR Learning Library at:

Block loading of drivers

KernelStrangerKernelStranger Member Posts: 1
edited April 2022 in NTFSD

I am trying to code a driver that blocks signed Vulnerable drivers. I have done some reading and found out that you can block the driver load somehow with SeRegisterImageVerificationCallback.
My biggest problem is that it's undocumented and there are only a few sites that have written about it but not enough. I've already managed to log the drivers that are loaded.

But now I'm wondering how I can block the load with it. I simply have no more ideas.


  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 9,159

    Hmmm... this is your first post here?

    This callback, and the others related to it, are part of the ELAM system. IIRC, there's documentation for that, it's just not available publicly.

    Now, having said that... doesn't the callback get a PBDCB_IMAGE_INFORMATION? And isn't one of the fields in that structure the BDCB_CLASSIFICATION? Are you saying setting the BDCB_CLASSIFICATION properly on return doesn't work, or that you don't know how to set it?


    Peter Viscarola

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 13-17 May 2024 Live, Online
Developing Minifilters 1-5 Apr 2024 Live, Online
Internals & Software Drivers 11-15 Mar 2024 Live, Online
Writing WDF Drivers 20-24 May 2024 Live, Online