dartraiden
commented
10 months ago You can take the original nvlddmkm.sys and compare it byte by byte with the patched one.
As you will see only some bytes were replaced by FF
Such a replacement cannot contain malicious code
set "NewPatternP=\x07\x1B\x07\x00\x87\x1B\x07\x00\xC7\x1B\x07\x00\x07\x1C\x07\x00\x09\x1C\x07"
set "NewPatchP=\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07"
set "PatternCmp=\x09\x1E\x07\x00\x49\x1E\x07\x00\xBC\x1E\x07\x00\xFC\x1E\x07\x00\x0B\x1F\x07\x00\x81\x20\x07\x00\x82\x20\x07\x00\x83\x20\x07\x00\xC2\x20\x07\x00\x89\x21\x07\x00\x0D\x22\x07\x00\x4D\x22\x07\x00\x8A\x24\x07"
set "PatchCmp=\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07\x00\xFF\xFF\x07"
The report show that the following file contain trojan? Is it safe to use this patch?
https://www.virustotal.com/gui/file/9b10b58a01761837911d11ee5370d4b6cad693096cf19b42d2638a940b0d274d?nocache=1