EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > x64 OS

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-01-2012, 00:13
_MAX_
 
Posts: n/a
Driver Signing on x64 Windows

Hi,

im looking a way to Bypass diriver signing without need to restart the machine, i have read many things about Self-Signed Drivers ... but all of them need restart to Test-Mode!!
is there anyway to use other dirvers cert for our own usage to load our unsigned driver

thank you
Reply With Quote
  #2  
Old 09-01-2012, 02:38
gigaman gigaman is offline
Friend
 
Join Date: Jun 2002
Posts: 84
Rept. Given: 0
Rept. Rcvd 3 Times in 2 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 6 Posts
gigaman Reputation: 4
No, you can't (unless you find a kernel mode exploit that allows you to overwrite arbitrary kernel memory - then you could switch it off, like Joanna Rutkowska did in 2006).
Reply With Quote
  #3  
Old 09-01-2012, 05:57
The Old Pirate The Old Pirate is offline
Family
 
Join Date: Sep 2005
Posts: 120
Rept. Given: 54
Rept. Rcvd 73 Times in 22 Posts
Thanks Given: 9
Thanks Rcvd at 13 Times in 6 Posts
The Old Pirate Reputation: 73
If you haven't installed KB2709715, then you can make use of this: hxxp://repret.wordpress.com/2012/08/25/windows-kernel-intel-x64-sysret-vulnerability-code-signing-bypass-bonus/
__________________

http://youtu.be/H0QfVDebLFg
Reply With Quote
The Following User Gave Reputation+1 to The Old Pirate For This Useful Post:
mak (09-03-2012)
  #4  
Old 09-01-2012, 23:05
Git's Avatar
Git Git is offline
Old Git
 
Join Date: Mar 2002
Location: Torino
Posts: 1,060
Rept. Given: 218
Rept. Rcvd 265 Times in 157 Posts
Thanks Given: 64
Thanks Rcvd at 108 Times in 46 Posts
Git Reputation: 200-299 Git Reputation: 200-299 Git Reputation: 200-299
It works correctly on a *64bit* windows *XP*...

Git
Reply With Quote
  #5  
Old 09-01-2012, 23:46
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Europe
Posts: 211
Rept. Given: 99
Rept. Rcvd 60 Times in 38 Posts
Thanks Given: 81
Thanks Rcvd at 65 Times in 30 Posts
deepzero Reputation: 60
you could patch the certs in the kernel. If you`r lucky, the dbg files will give you an exact location.
Question is, ofc, whether this is worth the trouble...
Reply With Quote
  #6  
Old 09-04-2012, 03:55
_MAX_
 
Posts: n/a
Quote:
Originally Posted by deepzero View Post
you could patch the certs in the kernel. If you`r lucky, the dbg files will give you an exact location.
Question is, ofc, whether this is worth the trouble...
Can you please explain more ?

thank you all for your nice reply
Reply With Quote
  #7  
Old 09-08-2012, 01:18
Kerlingen Kerlingen is offline
VIP
 
Join Date: Feb 2011
Posts: 295
Rept. Given: 0
Rept. Rcvd 274 Times in 97 Posts
Thanks Given: 0
Thanks Rcvd at 219 Times in 55 Posts
Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299
There are two (yes, two, no more no less) official ways to disable the driver signing enforcement on Windows Vista/7 x64.
  1. When booting, press "F8", then select to boot the OS with driver signing disabled. This will only work for the current session, at the next reboot driver signing enforcement is turned on again. Using this allows you to load any driver, no matter if it's signed or not or if the signature is invalid.
  2. Run a command prompt with admin rights and execute "bcdedit /set testsigning on". This will enable TESTSIGNING mode every time you boot. In this mode you will be able to load any signed driver, but the signature doesn't need to be trusted by Microsoft, so you can sign the driver with any certificate, even self-signed ones. In Vista BETA there was one testsigning certificate included with the SDK for this, but release versions of Vista will load all signed drivers, not just the ones with this special certificate. You will get a message that you're running in testsigning mode on your destop. There are some patchers available which remove this message.

Any other hack/patch/exploit is just that: a hack, patch or exploit and will be fixed by Microsoft very soon or just stop working since Microsoft fixes something else and the patch offsets/data change.

Most of the patches I have seen put Windows in "setup mode", in which Windows disables not just the driver signing enforcement, but also Kernel Patch Protection. One additional problem is that applications asking for the installed Windows type will not get "workstation" or "server" any more, but "setup". So you can't install or run most system software (anti-virus, firewalls, defragmentation, backup, ...) any more, since they expect to be installed on a Windows type they are licensed for.

And of course any way of disabling the driver signing enforcement will create major security risks on your computer.
Reply With Quote
The Following User Gave Reputation+1 to Kerlingen For This Useful Post:
oVERfLOW (09-10-2012)
  #8  
Old 10-22-2012, 15:47
shiyuna
 
Posts: n/a
how to Driver Signing on x64 Windows? free?
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Disable PatchGuard & Driver Signing Fyyre x64 OS 53 10-14-2013 01:30
WDF (Windows Driver Foundation) vodu General Discussion 2 06-29-2005 06:06
Help - Windows Device Driver Programming psychedelic_fur General Discussion 7 06-29-2004 22:27
Windows 2000 Device Driver Book + Inside Windows 2000 at FTP dynio General Discussion 16 09-19-2003 23:21


All times are GMT +8. The time now is 11:04.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX