Driver Signing on x64 Windows
 

Hi,

im looking a way to Bypass diriver signing without need to restart the machine, i have read many things about Self-Signed Drivers ... but all of them need restart to Test-Mode!!
is there anyway to use other dirvers cert for our own usage to load our unsigned driver :D

thank you

No, you can't (unless you find a kernel mode exploit that allows you to overwrite arbitrary kernel memory - then you could switch it off, like Joanna Rutkowska did in 2006).

If you haven't installed KB2709715, then you can make use of this: hxxp://repret.wordpress.com/2012/08/25/windows-kernel-intel-x64-sysret-vulnerability-code-signing-bypass-bonus/

It works correctly on a *64bit* windows *XP*... ;)

Git

you could patch the certs in the kernel. If you`r lucky, the dbg files will give you an exact location.
Question is, ofc, whether this is worth the trouble...

Can you please explain more ?

thank you all for your nice reply

There are two (yes, two, no more no less) official ways to disable the driver signing enforcement on Windows Vista/7 x64.

1. When booting, press "F8", then select to boot the OS with driver signing disabled. This will only work for the current session, at the next reboot driver signing enforcement is turned on again. Using this allows you to load any driver, no matter if it's signed or not or if the signature is invalid.
2. Run a command prompt with admin rights and execute "bcdedit /set testsigning on". This will enable TESTSIGNING mode every time you boot. In this mode you will be able to load any signed driver, but the signature doesn't need to be trusted by Microsoft, so you can sign the driver with any certificate, even self-signed ones. In Vista BETA there was one testsigning certificate included with the SDK for this, but release versions of Vista will load all signed drivers, not just the ones with this special certificate. You will get a message that you're running in testsigning mode on your destop. There are some patchers available which remove this message.

Any other hack/patch/exploit is just that: a hack, patch or exploit and will be fixed by Microsoft very soon or just stop working since Microsoft fixes something else and the patch offsets/data change.

Most of the patches I have seen put Windows in "setup mode", in which Windows disables not just the driver signing enforcement, but also Kernel Patch Protection. One additional problem is that applications asking for the installed Windows type will not get "workstation" or "server" any more, but "setup". So you can't install or run most system software (anti-virus, firewalls, defragmentation, backup, ...) any more, since they expect to be installed on a Windows type they are licensed for.

And of course any way of disabling the driver signing enforcement will create major security risks on your computer.

how to Driver Signing on x64 Windows? free?