Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTFSD

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Block loading of drivers

KernelStrangerKernelStranger Member Posts: 1
edited April 7 in NTFSD

I am trying to code a driver that blocks signed Vulnerable drivers. I have done some reading and found out that you can block the driver load somehow with SeRegisterImageVerificationCallback.
My biggest problem is that it's undocumented and there are only a few sites that have written about it but not enough. I've already managed to log the drivers that are loaded.

But now I'm wondering how I can block the load with it. I simply have no more ideas.

Comments

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 8,963

    Hmmm... this is your first post here?

    This callback, and the others related to it, are part of the ELAM system. IIRC, there's documentation for that, it's just not available publicly.

    Now, having said that... doesn't the callback get a PBDCB_IMAGE_INFORMATION? And isn't one of the fields in that structure the BDCB_CLASSIFICATION? Are you saying setting the BDCB_CLASSIFICATION properly on return doesn't work, or that you don't know how to set it?

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Internals & Software Drivers 7 February 2022 Live, Online
Kernel Debugging 21 March 2022 Live, Online
Developing Minifilters 23 May 2022 Live, Online
Writing WDF Drivers 12 September 2022 Live, Online