09 Feb 2015

Writing good drivers is really hard, part 2

Mr. eXoDia was very quick in fixing the bug I described few days ago.. That's a great work! smile

This is part of his new code:

There are 2 bugs hiding in this short snippet, can you spot them?

Hints

Bug #1 is old and breaks the functionality of SetContextThread. It's much easier to spot it in disassembly than in source code.
Bug #2 makes it easy to bypass TitanHide. It was introduced in this commit.

Let the analysis begin! I'm waiting for your comments.. smile

One thought on “Writing good drivers is really hard, part 2

  1. Avatar

    Being really curious what the second bug is to bypass TitanHide... The first probably has something to do with CONTEXT_DEBUG_REGISTERS, which also removes the CONTEXT_AMD64 flag, which should break things (but somehow doesn't in the real world)...

Leave a Reply to Mr. eXoDia Cancel reply

  • Be nice to me and everyone else.
  • If you are reporting a problem in my tool, please upload the file which causes the problem.
    I can`t help you without seeing the file.
  • Links in comments are visible only to me. Other visitors cannot see them.

Your email address will not be published.

two  +   =  9