Re: [Algorithms] Timing problems
Brought to you by:
vexxed72
Menu
▾
▴
Re: [Algorithms] Timing problems
|
From: Robert W. <fo...@ro...> - 2013-03-23 01:22:09
|
Hi Jan, Sorry hope you don't mind me posting again before you reply. The thing is, I've just had a go at installing it - I found your install_aken.bat. Got this message: "To install the driver, please first enable test mode: C:\Users\Robert\AppData\Local\0AD~1.ALP\binaries\system\INSTAL~1.BAT enabletest (This is necessary because Vista/Win7 x64 require signing with a Microsoft "cross certificate". The Fraunhofer code signing certificate is not enough, even though its chain of trust is impeccable. Going the WHQL route, perhaps as an "unclassified" driver, might work. see http://www.freeotfe.org/docs/Main/impact_of_kernel_driver_signing.htm ) Then reboot (!) and install the driver: C:\Users\Robert\AppData\Local\0AD~1.ALP\binaries\system\INSTAL~1.BAT install ["p ath_to_directory_containing_aken*.sys"] (If no path is given, we will use the directory of this batch file) To remove the driver and disable test mode, execute the following: C:\Users\Robert\AppData\Local\0AD~1.ALP\binaries\system\INSTAL~1.BAT remove C:\Users\Robert\AppData\Local\0AD~1.ALP\binaries\system\INSTAL~1.BAT disabletest Press any key to continue . . ." So - it rather looks as if my code signing certificate is no good for this, as I thought might be a possibility. I expect it is necessary to use a Verisign certificate. I was told by someone at Microsoft support that it costs $99 per year for one of those, so that's the same cost as the certificate I already use - but I've already bought my certificate for the next year. Still I could consider it if it solves the problem and if there is no other solution. ALSO HAD AN IDEA ABOUT AN EASY WAY TO MAKE THE DRIVER READ ONLY. The idea is - there is no need to remove huge chunks of the driver - I can well understand it might take thought to do that without introducing new bugs. You could instead just #ifdef out the routines that write to the mapped hardware resources. I get the impression from your desciprion that probably, that would involve very few actual lines of code. I imagine would be things like #ifdefs to remove the lines __writemsr(..) and in ZwOpenSection to replace OPEN_ALL_ACCESS by SECTION_MAP_READ that sort of thing. So - then the driver has all your other code for writing as before, but if some malware tries to use it to write to memory, it just "goes through the motions" but doesn't actually do anything. In the documentation you make clear that the driver is only to be used for read operations. Then from your other remarks, presumably if the driver doesn't call any actual routines that write to hardware resources, then it mightn't need signing at all at that point? Is that true? Just a thought, Robert |
