ex)
madConfigDrv DemoDriver32.sys HookProcessCreationDemoDriver HookProcessCreation32.dll -unsafeStopAllowed
madConfigDrv DemoDriver64.sys HookProcessCreationDemoDriver HookProcessCreation32.dll HookProcessCreation64.dll -unsafeStopAllowed
When created a Hooking Driver with reference to the above example,
The CheckSum value of IMAGE_OPTIONAL_HEADER in PE structure of sys file contained an invalid value.
If digitally signed the hooking driver by signtool.exe in Windows 10, driver wasn't loaded due to a checksum problem.
(In Windows 8.1 and earlier versions, it puts correct CheckSums after digitally signing.)
I am currently using madCodeHook 3.1.10.
Is it possible to check the problem and patch for the problem above?
madConfigDrv creates wrong checksum
Re: madConfigDrv creates wrong checksum
The signtool used to correct the checksum. It has to, because it changes the contents of the file. Does it no longer do that? I wonder how that could possibly work! If madConfigDrv writes the correct checksum into the header, after signtool added the signatures, the checksum will not longer be valid!
Re: madConfigDrv creates wrong checksum
First, thank you for your a quick answer.
In windows 10, To correct the checksum of digital signed drivers, original driver's checksum must be correct.
The test results, it was confirmed that the checksum of DemoDriver64.sys is same before and after performing the following command.
madConfigDrv DemoDriver64.sys HookProcessCreationDemoDriver HookProcessCreation32.dll HookProcessCreation64.dll -unsafeStopAllowed
Is it right?
If so, I think that madConfigDrv must change cheksum value of the driver since madConfigDrv changed the contents of the driver.
Ultimately, I wonder whether this part will be reflected in the next patch.
In windows 10, To correct the checksum of digital signed drivers, original driver's checksum must be correct.
The test results, it was confirmed that the checksum of DemoDriver64.sys is same before and after performing the following command.
madConfigDrv DemoDriver64.sys HookProcessCreationDemoDriver HookProcessCreation32.dll HookProcessCreation64.dll -unsafeStopAllowed
Is it right?
If so, I think that madConfigDrv must change cheksum value of the driver since madConfigDrv changed the contents of the driver.
Ultimately, I wonder whether this part will be reflected in the next patch.
Re: madConfigDrv creates wrong checksum
Sorry for the late reply. I just wanted to implement this, but the functionality is already there (although undocumented). Simply add "-fixCheckSum" parameter to the madConfigDrv command line. I'll automatically do this for the next build.
Re: madConfigDrv creates wrong checksum
I'm so glad to hear that the problem was fixed in 3.1.11 patch.
Thank you for your support.
Thank you for your support.