32 bit Driver signature

c++ / delphi package - dll injection and api hooking
Post Reply
serg.mizun
Posts: 4
Joined: Fri Feb 04, 2011 9:46 pm

32 bit Driver signature

Post by serg.mizun »

Hello!
I need hook only for 32-bit Windows. I have MadCodeHook 3 version. Must I my "driver.sys" sign off?
LoadInjectionDriver have 2 Parameter, but I have only 32 bit sys file:

LoadInjectionDriver(L"EtermDriver", L"eterm32.sys", L"eterm32.sys")

Can I use madCodeHook with32 bit Windows without digital signature?

WBR
Serg
iconic
Site Admin
Posts: 1065
Joined: Wed Jun 08, 2005 5:08 am

Re: 32 bit Driver signature

Post by iconic »

Hi Serg,

I don't have madCodeHook 3.x so this is just speculation on my part however I am under the impression that despite a 32-bit Windows OS not enforcing the digital signing of drivers MCH 3.x does in fact enforce this in order to add an additional layer of security/protection. Signing a driver also makes things less likely to be flagged as malware or marked as suspicious so it's always in your best interest to sign. So, to answer your inquiry
Can I use madCodeHook with32 bit Windows without digital signature?
No.

Edit: refer to Madshi's online documentation http://help.madshi.net/DllInjecting.htm
When using madCodeHook 3.0, this driver is available as an external file (or rather 2 files, one for 32bit OSs and one for 64bit OSs). You need to configure this driver and sign it afterwards, otherwise it won't work. After you've done that, your program needs to activate the driver by using the following APIs, all of which need admin rights:
--Iconic
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: 32 bit Driver signature

Post by madshi »

iconic is correct, of course (as always).

You can use a dummy driver file name/path for 64bit, if your software is never going to run on 64bit Windows.
serg.mizun
Posts: 4
Joined: Fri Feb 04, 2011 9:46 pm

Re: 32 bit Driver signature

Post by serg.mizun »

Thank you!
I renew my old certificate and now is all right.

Serg
Post Reply