| View previous topic :: View next topic |
| Author |
Message |
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
 Posted: Sun Jun 02, 2013 8:50 pm Post subject: Possible prosecution? |
 |
|
I've just coded a new injector that uses kernel mode techniques to load a DLL into the address space of a target application. The purposes of the injector is none other than to provide to me the capability of injecting my game modifications into their respective games.
I'm afraid that once I finalize the drivers (for each operating system) and certify them, a malware user can potentially get their hands on my driver and initialize them to serve his own purposes. If that does happen, would I be held accountable and face possible consequences? That would most likely be the case wouldn't it because its my certified driver that has my signature.
What can I do to prevent the chances of such a scenario but still be able to use my drivers? |
|
| Back to top |
|
 |
hyphen
Advanced Cheater
 Reputation: 0
Joined: 12 Sep 2008
Posts: 84
Location: Not Having Fun
|
| Posted: Mon Jun 03, 2013 4:53 am Post subject: |
|
|
It seems highly unlikely that a malware developer would be interested in your driver, for the following reasons:
1. They'd probably want a specialized driver, which means they'd have to code it themselves
2. Relying on your driver would probably make their malware too easy to identify/detect
3. Being able to inject dll's in kernelmode is not the most useful thing for a malware program. The only processes they will face that might actually be somewhat protected from usermode injection are AV programs. And even then there will probably be some working method of usermode injection - and if there isn't, it generally won't be too hard to simply avoid detection by the AV.
4. There are exploits for loading unsigned drivers
5. Professional malware developers can most certainly get valid driver signatures on their own
6. There are without a doubt other signed drivers out there with dll injection capability. And chances are some of them are better coded/documented than yours
./random rambling no offense intended but I really wouldn't be too worried about a real malware developer becoming interested in your driver. You might be better off worrying about other gamehackers stealing your driver and using it for their own purposes/profit. But what do I know, maybe someone who actually knows what they're talking about will come by and shed some light on this.. |
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25824
Location: The netherlands
|
| Posted: Mon Jun 03, 2013 1:50 pm Post subject: |
|
|
It depends on the situation
Most likely your signature will get blacklisted by microsoft so it won't load anymore, just like that one company who released a driver to load other drivers (i can't remember their name)
What I did with ce's driver is only let it load external files and dll's if they come accompanied with a .sig file that contains a hash of the file and signed with my own private key
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
