Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTFSD

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Block loading of drivers

KernelStrangerKernelStranger Member Posts: 1
edited April 2022 in NTFSD

I am trying to code a driver that blocks signed Vulnerable drivers. I have done some reading and found out that you can block the driver load somehow with SeRegisterImageVerificationCallback.
My biggest problem is that it's undocumented and there are only a few sites that have written about it but not enough. I've already managed to log the drivers that are loaded.

But now I'm wondering how I can block the load with it. I simply have no more ideas.

· Share on Facebook

Comments

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 9,077

    Hmmm... this is your first post here?

    This callback, and the others related to it, are part of the ELAM system. IIRC, there's documentation for that, it's just not available publicly.

    Now, having said that... doesn't the callback get a PBDCB_IMAGE_INFORMATION? And isn't one of the fields in that structure the BDCB_CLASSIFICATION? Are you saying setting the BDCB_CLASSIFICATION properly on return doesn't work, or that you don't know how to set it?

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

    · Share on Facebook
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Sign In Register
Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Internals & Software Drivers 19-23 June 2023 Live, Online
Writing WDF Drivers 10-14 July 2023 Live, Online
Kernel Debugging 16-20 October 2023 Live, Online
Developing Minifilters 13-17 November 2023 Live, Online

Categories