|
|
#1
01-22-2010, 05:38
|
||||
|
||||
|
Disable PatchGuard & Driver Signing
Hello,
This patch is for Windows 7 X64 RTM & Windows 7 SP1. It directly modifies ntoskrnl.exe & winload.exe to remove Microsoft's "PatchGuard" and requirement of driver signing. This is accomplished by patching 6 bytes inside ntoskrnl.exe and four bytes inside of winload.exe ... it is file patch version of my existing bootkit I originally made this for myself... wanting to again be able to hook inside of ntoskrnl like with X86 Windows. Hope that someone find this useful, -Fyyre p.s. attachment updated for SP1 -- new attachment added on 8 March, 2011 Last edited by Fyyre; 05-15-2024 at 11:34. Reason: fixed dead link to POC bootkit. 
|
| The Following 6 Users Gave Reputation+1 to Fyyre For This Useful Post: | ||
ahmadmansoor (01-27-2010), backdoor_b (02-19-2010), bball0002 (01-22-2010), cyberbob (01-23-2010), metr0 (01-23-2010), trtty (02-16-2010) | ||
| The Following User Says Thank You to Fyyre For This Useful Post: | ||
Artic (06-22-2015) | ||
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Signing a Windows Kernel driver without using Microsoft | Stingered | General Discussion | 21 | 02-17-2023 22:09 |
| Universal PatchGuard and Driver Signature Enforcement Disable | Fyyre | x64 OS | 5 | 06-20-2022 14:12 |
| Driver Signing on x64 Windows | _MAX_ | x64 OS | 7 | 10-22-2012 15:47 |
| Defeating patchguard and 64bit kernel-mode protections | chaboyd | General Discussion | 1 | 02-05-2006 07:36 |
Threaded Mode