Can I detect or prevent tampering with a distributed dll or sys file?

[lanopk]

Feature request can skip this form. Bug report must complete it. Check List must be 100% match or it will be automatically closed without further discussion. Please remove this line.

Environment

• Windows version:
• Processor architecture:
• Dokany version:
• Library type (Dokany/FUSE):

Check List

• [X] I checked my issue doesn't exist yet
• [ ] My issue is valid with mirror default sample and not specific to my user-mode driver implementation
• [ ] I can always reproduce the issue with the provided description below.
• [ ] I have updated Dokany to the latest version and have reboot my computer after.
• [ ] I tested one of the last snapshot from appveyor CI

Description

I wonder if there is a way to detect these files if someone modified them after I installed the donan2.dll, dokannp2.dll and donan2.sys files. Or is there a way to prevent these file changes? I would appreciate it if you could suggest a way to do this.

Logs

Please attach in separate files: mirror output, library logs and kernel logs. In case of BSOD, please attach minidump or dump analyze output.

[Liryna]

Hi @lanopk ,

What the reason to do that ?

[lanopk]

I am worried that someone will modify the dll of Dokan and steal my IO data and abuse it. Since Dokan is open-source, I am worried that there will be a security risk when someone modifies the source and replaces the dll.

[Liryna]

To change the library and the driver, the person will need the admin rights which means the environment is compromised. Which means whatever you will try to do to secure your app can be bypassed. You could do a checksum at start of the files but how can you trust it if the env is compromised ?

FYI inspecting and manipulating the IO between apps and filesystem is in Windows design through filter drivers. A compromised environment could have a malicious one.

[Liryna]

Let me know if you need further information