[help] path problem - driver not loaded

[valeita]

Hi, i'm trying to build a dkom following your guide and using your code.
I followed all step, but when i use the .exe, and error occurred.

I used Visual studio 2017, latest version of SDK (version 1809) and WDK (version 1809). The building in Visual Studio not give me problem and create the Rootkit.sys. Then, thinking that the problem is the path, i copy this in every position of my computer, and try to modify the path in loader.c many times, but the error is unresolved. I try to build it as 64bit or 32bit, but nothing has changed. I'm seeing the code in loader.c, and i think that the problem is the starting of service. Do you have any idea? What are blocking the createservice?
I'm trying it in VM windows 7, 64bit.
Thanks in advance.

[valeita]

i Forgot, sorry for the italian output, the error is: "Impossibile to find the path specified"

[yangsystem]

Same problem here. Any info on fixing it?

[valeita]

Hi man, a penetration tester said me that the problem is the virtual machine. It's impossible create a rootkit for a virtual machine because the disk are virtual and the Hypervisor of, in my case VMWare, can't emulate this type of istructions. I'm not sure about why, but i'm sure today that the problem is the virtual machine. I think that this issue can be closed.

[yangsystem]

i have tested on a real machine. my laptop and have same error messages. win 10Pe 25 mar. 2019 20:59, kalival <[email protected]> a scris:Hi man, a penetration tester said me that the problem is the virtual machine. It's impossible create a rootkit for a virtual machine because the disk are virtual and the Hypervisor of, in my case VMWare, can't emulate this type of istructions. I'm not sure about why, but i'm sure today that the problem is the virtual machine. I think that this issue can be closed. —You are receiving this because you commented.Reply to this email directly, view it on GitHub, or mute the thread.

[landhb]

I'm not sure what you mean by that. There aren't any specific instructions used that wouldn't be emulated by a hypervisor. I just tested this on the latest Windows 10 VM from Microsoft's Edge VM site. It still works fine as long as you set the path correctly when you build the loader, and place the .sys file in that location. Here's a gif I just made performing it on build 17763:

[valeita]

It's very interesting, so the problem isn't the virtual machine. I don't have idea what is the problem.
I followed all your instruction, i tried to enforce to disable the signature check of a driver and tried to disable PatchGuard, but the service doesn't start (i'm only sure that the problem is the creating of the service). Have u tried it on Windows7 VM?

[valeita]

Anywhere, now i tried again all procedure follow all your step. i think that i didn't launched 1 of the three command line instrunctions to disable check of driver signature. Thanks very much for the gif.

[valeita]

Nothing. No idea why my virtual OS don't start the driver service.
I tried also this solution https://github.com/hfiref0x/UPGDSED.
Actually Win7 x64 doesn't work. If someone have the solution, please answer to this post.