Fail to load Madshi drivers in Windows 10 anniversary

c++ / delphi package - dll injection and api hooking

Re: Fail to load Madshi drivers in Windows 10 anniversary

Postby madshi » Thu Jan 04, 2018 3:01 pm

There were 2 changes I made in the latest driver version:

1) The Import section of the driver's PE file originally was READ/WRITE/EXECUTE. HLK doesn't like that, for security reasons (to avoid malware attacks). So I've now changed that to READ/WRITE, only.

2) NonPagedPool allocations in the driver are by default read/write/executable, which again is bad for security. My driver never allocated any NonPagedPool at all, so it wasn't really a problem. However, HLK was still not happy because my driver didn't have the "IMAGE_DLLCHARACTERISTICS_NX_COMPAT" flag set in the PE header. So I've added this flag now.
madshi
Site Admin
 
Posts: 9546
Joined: Sun Mar 21, 2004 5:25 pm

Previous

Return to madCodeHook

Who is online

Users browsing this forum: Google [Bot] and 6 guests