Closed link89 closed 10 months ago
You can take the original nvlddmkm.sys and compare it byte by byte with the patched one.
As you will see only some bytes were replaced by FF
Such a replacement cannot contain malicious code
set "NewPatternP=\x07\x1B\x07\x00\x87\x1B\x07\x00\xC7\x1B\x07\x00\x07\x1C\x07\x00\x09\x1C\x07"
set "NewPatchP=\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07"
set "PatternCmp=\x09\x1E\x07\x00\x49\x1E\x07\x00\xBC\x1E\x07\x00\xFC\x1E\x07\x00\x0B\x1F\x07\x00\x81\x20\x07\x00\x82\x20\x07\x00\x83\x20\x07\x00\xC2\x20\x07\x00\x89\x21\x07\x00\x0D\x22\x07\x00\x4D\x22\x07\x00\x8A\x24\x07"
set "PatchCmp=\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07"
The report show that the following file contain trojan? Is it safe to use this patch?
https://www.virustotal.com/gui/file/9b10b58a01761837911d11ee5370d4b6cad693096cf19b42d2638a940b0d274d?nocache=1