Calculate File MD5 in kernel mode.

Discussion:

(too old to reply)

Senthil

2011-01-05 01:43:04 UTC

Is there an DDK API to calculate the MD5 of a given file? If not, is
there a sample that I can use in kernel mode? Thanks,
Sen

Burkhardt Braun

2011-01-05 17:18:21 UTC

Permalink

Hello Senthil,

Post by Senthil
Is there an DDK API to calculate the MD5 of a given file? If not, is

No.

Post by Senthil
there a sample that I can use in kernel mode? Thanks,

You can open a file with ZwOpenFile and process it then.
The porting of the MD5 algorithm is straightforward.
There are no resources needed than static memory and CPU-load.

Good luck
Burkhardt Braun

Post by Senthil
Sen

RossettoeCioccolato

2011-01-05 19:01:22 UTC

Permalink

On Windows Vista and later you can use BCrypt to generate a MD5 digest in
the kernel. Include bcrypt.h and link to Ksecdd.lib. On earlier versions
of Windows you will have to reverse fips.sys. The FIPS API is partially
documented at
http://www.microsoft.com/technet/archive/security/topics/issues/fipsdrsp.mspx?pf=true.
But you will still have to reverse some details on your own. The FIPS API
is not particularly well designed.

2 Replies
60 Views
Permalink to this page
Disable enhanced parsing

Thread Navigation

Senthil 2011-01-05 01:43:04 UTC

Burkhardt Braun 2011-01-05 17:18:21 UTC

RossettoeCioccolato 2011-01-05 19:01:22 UTC

about - legalese