Lets assume that we have buggy and dangerous driver (which "rely on many unexported functions and select them via pattern scans which are regularly revalidated against windows insider builds", he-he). Sure we want restrict access to it, for example like ProcessHacker do
Unfortunately the latter uses CNG and cannot work on xp/w2k3. So I made fork of libecc to use this library with WDK7. Test driver and client also includedHow to build user-mode part
I commited VS2017 project files for library, ec_utils and test client - they located in directory vs.
Next you must sign your client:
Generate you keys (constants BRAINPOOLP512R1, ECRDSA and SHA3_512 hardcoded in driver - sure you can use what you want):
ec_utils.exe gen_keys BRAINPOOLP512R1 ECRDSA mykeypairand sign your client
ec_utils.exe sign BRAINPOOLP512R1 ECRDSA SHA3_512 testclnt.exe mykeypair_private_key.bin testclnt.signow copy file mykeypair_public_key.h to directory drv
Also you need convert file testclnt.sig to 1.inc to driver source code - I am too lazy to read signatures from registry so they hardcoded in driver body
How to build driver
Launch right "Build Environment" from WDK7, Makefile for library located in directory src and Makefile for driver in directory drv. I hope you know what to do with them
Run
You will need admin privileges, at first install driver
testclnt.exe full_path2_ecdsadrv.sys
and just run
testclnt.exe
If you were careful enough with the signatures you can see something like:
IOCTL_TEST_IOCTL return 1This means that driver checked EC DSA of your testclnt.exe and now agree to work with it. Sure you can have several trusted clients - just change ALLOWED_CLIENTS in vrfy.c and init each client with right signature
And finally when you have enough playing you can uninstall driver:
testclnt.exe -u