Allow unsigned/unverified/unprotected processes to use the read only funtinality of the new driver

winsiderss / systeminformer

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com

https://systeminformer.sourceforge.io

MIT License

11.01k stars 1.4k forks source link

Allow unsigned/unverified/unprotected processes to use the read only funtinality of the new driver #1536

Closed DavidXanatos closed 1 year ago

DavidXanatos commented 1 year ago

Description of the feature, modification, idea or suggestion

It would be great when the new driver would allow self compiled SystemInformer binaries and 3rd party applications to use a limited sub set of its functionality. Basically everything that is not justifiably objectionable. The driver can retrieve a lot of unproblematic yet helpful information, as it is currently implemented however it seams only signed SystemInformer binaries can use it.

Proposed implementation details (optional)

No response

dmex commented 1 year ago

allow self compiled SystemInformer binaries

This is only permitted when the system was booted with kernel debug enabled, secure boot disabled and a kernel debugger is both enabled and connected.

allow 3rd party applications to use a limited sub set of its functionality

This subverts the Windows security model since developers would be able to use our driver and code signing to query kernel functionality that otherwise currently requires their own code signing and their own kernel driver.