A quick insight into the Driver Signature Enforcement

I have recently had some fun playing around with driver signing on Windows x64, and so I like to share some matters that have came into my head ;) Therefore, let me briefly describe some internal mechanisms lying behind well known Driver Signature Enforcement, a significant part of the Code Integrity feature introduced by Microsoft in Windows Vista and Windows 7. Understanding the underlying system behavior would let us think of possible attack vectors against the protection, as well as better apprehend the existing techniques, such as the ones developed by Joanna Rutkowska or Alex Ionescu. Let the fun begin!

Read more