[BUG] IDA will automatically identifies the driver entry as "GsDriverEntry".

[ycdxsb]

In IDA Pro 8.2, IDA automatically identifies the driver entry as "GsDriverEntry". However, this can cause a bug as DriverBuddyReloaded might mistakenly determine it is not a driver. To resolve this issue, we need to patch the is_driver function in utils.py.

def is_driver():
    """
    Determine if the loaded file is actually a Windows driver, checking if `DriverEntry` is in the exports section.
    :return: address of `DriverEntry` if found in exports, False otherwise
    """

    for segment_address in idautils.Segments():
        for func_addr in idautils.Functions(idc.get_segm_start(segment_address), idc.get_segm_end(segment_address)):
            func_name = idc.get_func_name(func_addr)
            if func_name == "DriverEntry":
                return func_addr
            elif func_name == "DriverEntry_0":
                return func_addr
            elif func_name == "GsDriverEntry":
                return func_addr
    return False