I'm trying to build the example project from VS 2019:
Then I enabled testsigning
and try to load it in Windows 2008 R2, the Virtual Machine immediately crashed.
When I loaded MEMORY.DMP in WinDBG:
EXCEPTION_CODE: (NTSTATUS) 0x80000003 (2147483651) - {
FAULTING_IP:
test!__security_init_cookie+2d
fffff880`0d16d119 cc int 3
It's totally weird, the only call to security_init_cookie is from DriverEntry:
Does anyone know what's happening? I didn't attach a debugger, so there's shouldn't be any 0xCC inserted.
0xCC
or int 3
is the breakpoint instruction. Debuggers can dynamically insert 0xCC
, yes, but that does not mean every occurrence of 0xCC
is inserted by the debugger.
In this case, int 3
is indeed part of the code of _security_init_cookie
. It means that if you have a security bug and a debugger attached, you'll break into the debugger. If you don't, you have a crash, and for drivers that's an OS crash.
User contributions licensed under CC BY-SA 3.0