Comments on: Writing Drivers in Delphi

By: White Shadow

White Shadow — Mon, 09 Nov 2009 19:42:05 +0000

Over-eager antivirus software, likewise fail.

By: qqqq1

qqqq1 — Mon, 09 Nov 2009 19:40:52 +0000

Virus inside. FAIL.

By: avar

avar — Mon, 01 Jun 2009 08:04:34 +0000

it is safe, this kit is now actively used by many chinese programmers, just search http://www.baidu.com for DDDK004.zip, u can find many links on many forums.

By: White Shadow

White Shadow — Tue, 19 May 2009 10:34:46 +0000

I’d say it is safe.

By: dodo

dodo — Tue, 19 May 2009 08:18:44 +0000

what the conclusion?
it is safe or not?

By: Arghblarg

Arghblarg — Tue, 03 Mar 2009 05:50:08 +0000

OK guys, I think everyone can relax. I analyzed the ‘infected’ DCC32.exe, omf2d.exe and link.exe files in this archive.

It turns out they are compressed EXE files (a look with hex editor showed ‘UPack’ by Dwing was the packer used). I found a trial of a program called ‘PE Explorer’ (google it) which can unpack such EXE files; so I unpacked them and scanned the unpacked versions and Avira says they’re clean.

DCC32.exe (unpacked): v15.0, circa 2002 (what version of Delphi IDE? Who knows)

omf2d.exe (unpacked):
C:\Documents and Settings\asdf\Desktop\DDDK004\unpacked>.\omf2d.exe /?

OMF2D 1.02 converts 32bit OMF to Delphi linkable OMF
Copyright (C) 2003 Radim Picha, http://www.anticracking.sk/EliCZ
OMF2D: Cannot open input file!

.. I suppose the antivirus companies nowadays just flag *any* PE executable packed with Dwing UPack as malware since a lot of virus/trojan writers use the lib to keep their malware small. But it really doesn’t, in itself, constitute a danger. I’d say this is a legit package, but someone really needs to re-dist it without packed EXEs so people don’t freak out. I guess I’ll post it somewhere in a fixed form

Hope that helps,
-Arghblarg

By: Arghblarg

Arghblarg — Fri, 27 Feb 2009 19:45:35 +0000

The original DDDK004.zip is cached on the Internet Archive (Wayback Machine).. perhaps these ones don’t trip virus scanners.. I don’t know as I haven’t tested them yet. Use at own risk.

http://web.archive.org/web/*/http://hxdef.org/download/DDDK004.zip

By: memoz

memoz — Mon, 02 Feb 2009 18:12:16 +0000

please i want to make driver in by delphi7 , i’m try so mutch but no way
i want help
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

By: White Shadow

White Shadow — Mon, 02 Feb 2009 16:21:55 +0000

I don’t think I can, sorry. I haven’t dealt with this topic for ages.

By: memoz

memoz — Mon, 02 Feb 2009 16:13:01 +0000

but then compile.debug.bat didn’t make the .sys file
coul’d you help me !!!!!!!!!!!!!!!!!!