Hello,
I have a driver built with WDK 8.1 which I’m trying to run on Windows 10 with the Verifier enabled with most checks(all except low resource simulation).
I receive the following BSOD when the driver is started:
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000002003, Code Integrity Issue: The image contains an executable and writable section.
Arg2: ffffe001c9e8a888, The image file name (Unicode string).
Arg3: fffff800be5e02b0, The address of the section header.
Arg4: ffffd001c9a6f5d0, The section name (UTF-8 encoded string).
0: kd> da ffffd001c9a6f5d0
ffffd001`c9a6f5d0 “INIT”
So, I placed the driver in a disassembler and I saw that the INIT section was RWX and this is not good for the Verifier.
I tried modifying the linker settings and tried the following options(one at a time, not all at once): /SECTION:“INIT,RW”, /SECTION:“INIT,RE”, /SECTION:“INIT,!E”, /SECTION:“INIT,!W”
I also tried writing in the source code #pragma section(“INIT”, read, write) or #pragma section("INIT, read, execute)
There was no effect to any of my efforts, each time I would look in the disassembler and see the section as RWX.
I tried compiling the driver using WDK 10.0 version. It worked without any problems (I didn’t have to modify the linker options or add any pragma’s).
My question is this: is there any way to ensure the INIT section will be either writable or executable but not BOTH using WDK 8.1?
If not, is there any way to build a driver which will pass all the checks made by the Windows 10 verifier using WDK 8.1?