Looking for
Looking for someone familiar with disable of PatchGuard without reboot of system.
I have method for loading unsigned x64 driver, without any reboot/bootkit/etc. The two would make for a good match. -Fyyre |
try this two
|
@Fyyre:
If you found a bug like that, please keep it either to yourself or - even better - report it in private to Microsoft and the perpetrator, so they can fix it. Nobody wants "driver hell" coming back to production systems. I know PatchGuard and Driver Signing Enforcement made RCE work a bit harder, but they also made our systems much more stable. @Cyber_Coder: I don't think Fyyre needs to be reminded of documents he wrote by himself many years ago and which he is currently hosting on his own website. |
There's no public way to bypass it, so I doubt anyone is going to just give it away.
http://vrt-blog.snort.org/2014/08/th...rotection.html - "Patchguard v8 - Internal architecture" is the most recent, but not very helpful. AFAIK it can be somewhat bypassed with virtualization by spoofing the LSTAR MSR(syscall) or intercepting IDT events. There's still the cost of performance. |
@Kerlingen i was not know that hi write that paper :eek:
|
All times are GMT +8. The time now is 19:24. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX