How to verify signatures of a PE in kernel mode?

  • Thread starter Thread starter fighterphilip
  • Start date Start date
F

fighterphilip

Guest
I am writing a mini-filter driver and I need to check the signature of a PE file in it. I know how to do it in user mode and it works fine. Now I need to do the same in my driver, I can not use the headers like "wintrust.h" in my driver so I am clueless. Any suggestions on how to verify PE signatures in kernel mode?

Thanks in advance. Can you provide any solution.

Continue reading...
 
Back
Top