In IDA Pro 8.2, IDA automatically identifies the driver entry as "GsDriverEntry". However, this can cause a bug as DriverBuddyReloaded might mistakenly determine it is not a driver. To resolve this issue, we need to patch the is_driver function in utils.py.
def is_driver():
"""
Determine if the loaded file is actually a Windows driver, checking if `DriverEntry` is in the exports section.
:return: address of `DriverEntry` if found in exports, False otherwise
"""
for segment_address in idautils.Segments():
for func_addr in idautils.Functions(idc.get_segm_start(segment_address), idc.get_segm_end(segment_address)):
func_name = idc.get_func_name(func_addr)
if func_name == "DriverEntry":
return func_addr
elif func_name == "DriverEntry_0":
return func_addr
elif func_name == "GsDriverEntry":
return func_addr
return False
In IDA Pro 8.2, IDA automatically identifies the driver entry as "GsDriverEntry". However, this can cause a bug as DriverBuddyReloaded might mistakenly determine it is not a driver. To resolve this issue, we need to patch the
is_driverfunction inutils.py.