|
#1
|
||||
|
||||
Disable PatchGuard & Driver Signing
Hello,
This patch is for Windows 7 X64 RTM & Windows 7 SP1. It directly modifies ntoskrnl.exe & winload.exe to remove Microsoft's "PatchGuard" and requirement of driver signing. This is accomplished by patching 6 bytes inside ntoskrnl.exe and four bytes inside of winload.exe ... it is file patch version of my existing bootkit I originally made this for myself... wanting to again be able to hook inside of ntoskrnl like with X86 Windows. Hope that someone find this useful, -Fyyre p.s. attachment updated for SP1 -- new attachment added on 8 March, 2011 Last edited by Fyyre; 05-15-2024 at 11:34. Reason: fixed dead link to POC bootkit. |
The Following 6 Users Gave Reputation+1 to Fyyre For This Useful Post: | ||
ahmadmansoor (01-27-2010), backdoor_b (02-19-2010), bball0002 (01-22-2010), cyberbob (01-23-2010), metr0 (01-23-2010), trtty (02-16-2010) |
The Following User Says Thank You to Fyyre For This Useful Post: | ||
Artic (06-22-2015) |
#2
|
|||
|
|||
Tested on my Win x64. Works perfectly.
|
#3
|
|||
|
|||
Seems like I got not enough permission to access the file, probably due to my different user group. Just some minor setting in the board panel I guess.
Thanks anyway, I guess I already read about it on your page. |
#4
|
|||
|
|||
metr0:
You should be able to download the attachment to Fyyre's post. Your usergroup has permission to download from this forum. Regards,
__________________
JMI |
#5
|
|||
|
|||
Same here actually JMI.. I also get a permission denied.
|
#6
|
||||
|
||||
@quosego & metr0 : I have fix the problem .pls try it now .
Thanks for replay
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
#7
|
|||
|
|||
Thanks JMI and ahmadmansoor for the fix, it works fine now. Time to boot into 7 x64!
|
#8
|
|||
|
|||
I can't seem to download this attachment either. Is there a certain amount of posts I'm supposed to have before I can download attachments?
|
#9
|
|||
|
|||
Promotion is a manual process and does not get done on a set schedule. However, your post count qualifies you for promotion to "Trial Member", and they have upload and download privileges.
Please give it a try again. Regards,
__________________
JMI |
#10
|
|||
|
|||
This is exactly what I've been looking for! Thanks for this Fyyre!
|
#11
|
|||
|
|||
JMI: Works now. Thanks a bunch.
|
#12
|
||||
|
||||
@Fyyre : my friend could we see some useful tut in win x64 if that possible ??!!
if u have some time ..of course . Thanks in adv
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
#13
|
||||
|
||||
Hi Ahmadmansoor,
A tutorial to disable the PatchGuard and Driver Signing? Or did you have something else in mind? -Fyyre |
#14
|
|||
|
|||
hi fyyre
I am new to win7 and 64bit os this is first time I installed it now I tried with ur tool but as I see some of the commands were not successful and I am not able to install unsigned drivers I am attaching rar file which contains the error pls chk and tell me if I am doing something wrong, or I need something else |
#15
|
|||
|
|||
The one command which shows an error is not important. Everything else looks ok. Was there some error with the patch? Did you reboot?
Does your event log contain several "Service Control Manager Event-ID 7000" entries or how did you notice that the driver couldn't be loaded? Does the driver work in testsigning mode? |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Universal PatchGuard and Driver Signature Enforcement Disable | Fyyre | x64 OS | 5 | 06-20-2022 14:12 |
Driver Signing on x64 Windows | _MAX_ | x64 OS | 7 | 10-22-2012 15:47 |
Defeating patchguard and 64bit kernel-mode protections | chaboyd | General Discussion | 1 | 02-05-2006 07:36 |