Closed ByteWhite1x1 closed 6 months ago
flobernd
commented
7 months ago Hi,
I'm sorry, but I don't see how this could potentially be caused by just adding the Zydis include. This error code indicates that your driver signature is invalid or the driver is not properly signed at all.
ByteWhite1x1
commented
6 months ago Hi.
Sorry for the late reply.
In VS2022:
Driver Signing->General->Sign Mode: Test Sign Driver Signing->Command Line: /fdws
Fixed the issue. Test signing should be on by default but there are changes in the latest versions. I had previously no issues at all when using an older Windows 10/11 SDK.
And thanks. ZydisWinKernel is exactly what I need in my anti-malware project.
flobernd
commented
6 months ago Thanks for posting a workaround! This might be useful for other users 🙂
Hi.
I pulled today the latest Zydis and compiled the kernel version. I do have enabled test signing mode and any other unsigned driver loads just fine with the NtLoadDriver (C#).
What's the cause? As soon as I add "#include "Zydis/Zydis.h" in the driver that loads fine. The result:
[-] The kernel driver could not be loaded: 0xC0000428 STATUS_INVALID_IMAGE_HASH (DSE)
I am on Windows 10 Pro 22H2 Build 19045.3208 (Hyper-V VM). Thanks.