Exetools  

Go Back   Exetools > General > x64 OS

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-22-2010, 05:38
Fyyre's Avatar
Fyyre Fyyre is offline
Fyyre
 
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 259
Rept. Given: 75
Rept. Rcvd 85 Times in 38 Posts
Thanks Given: 141
Thanks Rcvd at 335 Times in 113 Posts
Fyyre Reputation: 85
Disable PatchGuard & Driver Signing

Hello,

This patch is for Windows 7 X64 RTM & Windows 7 SP1. It directly modifies ntoskrnl.exe & winload.exe to remove Microsoft's "PatchGuard" and requirement of driver signing.

This is accomplished by patching 6 bytes inside ntoskrnl.exe and four bytes inside of winload.exe ... it is file patch version of my existing bootkit

I originally made this for myself... wanting to again be able to hook inside of ntoskrnl like with X86 Windows.

Hope that someone find this useful,

-Fyyre

p.s. attachment updated for SP1 -- new attachment added on 8 March, 2011
Attached Files
File Type: rar disable_pg_ds.rar (75.8 KB, 140 views)

Last edited by Fyyre; 03-08-2011 at 08:05.
Reply With Quote
The Following 6 Users Gave Reputation+1 to Fyyre For This Useful Post:
ahmadmansoor (01-27-2010), backdoor_b (02-19-2010), bball0002 (01-22-2010), cyberbob (01-23-2010), metr0 (01-23-2010), trtty (02-16-2010)
The Following User Says Thank You to Fyyre For This Useful Post:
Artic (06-22-2015)
  #2  
Old 01-23-2010, 03:11
Pansemuckl Pansemuckl is offline
Friend
 
Join Date: Nov 2005
Posts: 39
Rept. Given: 6
Rept. Rcvd 4 Times in 2 Posts
Thanks Given: 17
Thanks Rcvd at 44 Times in 15 Posts
Pansemuckl Reputation: 4
Tested on my Win x64. Works perfectly.
Reply With Quote
  #3  
Old 01-23-2010, 06:47
metr0 metr0 is offline
Friend
 
Join Date: Apr 2009
Posts: 65
Rept. Given: 19
Rept. Rcvd 11 Times in 5 Posts
Thanks Given: 2
Thanks Rcvd at 2 Times in 2 Posts
metr0 Reputation: 11
Seems like I got not enough permission to access the file, probably due to my different user group. Just some minor setting in the board panel I guess.

Thanks anyway, I guess I already read about it on your page.
Reply With Quote
  #4  
Old 01-23-2010, 11:24
JMI JMI is offline
Leader
 
Join Date: Jan 2002
Posts: 1,627
Rept. Given: 5
Rept. Rcvd 199 Times in 99 Posts
Thanks Given: 0
Thanks Rcvd at 96 Times in 94 Posts
JMI Reputation: 100-199 JMI Reputation: 100-199
metr0:

You should be able to download the attachment to Fyyre's post. Your usergroup has permission to download from this forum.

Regards,
__________________
JMI
Reply With Quote
  #5  
Old 01-23-2010, 17:30
quosego quosego is offline
Family
 
Join Date: Feb 2009
Posts: 104
Rept. Given: 8
Rept. Rcvd 39 Times in 13 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
quosego Reputation: 39
Same here actually JMI.. I also get a permission denied.
Reply With Quote
  #6  
Old 01-23-2010, 18:08
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Coder
 
Join Date: Feb 2006
Location: Syria
Posts: 1,044
Rept. Given: 505
Rept. Rcvd 373 Times in 142 Posts
Thanks Given: 326
Thanks Rcvd at 406 Times in 119 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
@quosego & metr0 : I have fix the problem .pls try it now .
Thanks for replay
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
  #7  
Old 01-23-2010, 21:58
metr0 metr0 is offline
Friend
 
Join Date: Apr 2009
Posts: 65
Rept. Given: 19
Rept. Rcvd 11 Times in 5 Posts
Thanks Given: 2
Thanks Rcvd at 2 Times in 2 Posts
metr0 Reputation: 11
Thanks JMI and ahmadmansoor for the fix, it works fine now. Time to boot into 7 x64!
Reply With Quote
  #8  
Old 01-25-2010, 03:47
bball0002 bball0002 is offline
Friend
 
Join Date: Sep 2009
Posts: 28
Rept. Given: 3
Rept. Rcvd 6 Times in 4 Posts
Thanks Given: 1
Thanks Rcvd at 5 Times in 1 Post
bball0002 Reputation: 6
I can't seem to download this attachment either. Is there a certain amount of posts I'm supposed to have before I can download attachments?
Reply With Quote
  #9  
Old 01-25-2010, 04:15
JMI JMI is offline
Leader
 
Join Date: Jan 2002
Posts: 1,627
Rept. Given: 5
Rept. Rcvd 199 Times in 99 Posts
Thanks Given: 0
Thanks Rcvd at 96 Times in 94 Posts
JMI Reputation: 100-199 JMI Reputation: 100-199
Promotion is a manual process and does not get done on a set schedule. However, your post count qualifies you for promotion to "Trial Member", and they have upload and download privileges.

Please give it a try again.

Regards,
__________________
JMI
Reply With Quote
  #10  
Old 01-26-2010, 16:53
nulli nulli is offline
VIP
 
Join Date: Nov 2003
Posts: 172
Rept. Given: 41
Rept. Rcvd 22 Times in 12 Posts
Thanks Given: 53
Thanks Rcvd at 73 Times in 53 Posts
nulli Reputation: 22
This is exactly what I've been looking for! Thanks for this Fyyre!
Reply With Quote
  #11  
Old 01-28-2010, 07:30
bball0002 bball0002 is offline
Friend
 
Join Date: Sep 2009
Posts: 28
Rept. Given: 3
Rept. Rcvd 6 Times in 4 Posts
Thanks Given: 1
Thanks Rcvd at 5 Times in 1 Post
bball0002 Reputation: 6
JMI: Works now. Thanks a bunch.
Reply With Quote
  #12  
Old 01-30-2010, 20:02
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Coder
 
Join Date: Feb 2006
Location: Syria
Posts: 1,044
Rept. Given: 505
Rept. Rcvd 373 Times in 142 Posts
Thanks Given: 326
Thanks Rcvd at 406 Times in 119 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
@Fyyre : my friend could we see some useful tut in win x64 if that possible ??!!
if u have some time ..of course .
Thanks in adv
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
  #13  
Old 02-04-2010, 03:43
Fyyre's Avatar
Fyyre Fyyre is offline
Fyyre
 
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 259
Rept. Given: 75
Rept. Rcvd 85 Times in 38 Posts
Thanks Given: 141
Thanks Rcvd at 335 Times in 113 Posts
Fyyre Reputation: 85
Hi Ahmadmansoor,

A tutorial to disable the PatchGuard and Driver Signing? Or did you have something else in mind?

-Fyyre

Quote:
Originally Posted by ahmadmansoor View Post
@Fyyre : my friend could we see some useful tut in win x64 if that possible ??!!
if u have some time ..of course .
Thanks in adv
Reply With Quote
  #14  
Old 02-04-2010, 16:32
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Coder
 
Join Date: Feb 2006
Location: Syria
Posts: 1,044
Rept. Given: 505
Rept. Rcvd 373 Times in 142 Posts
Thanks Given: 326
Thanks Rcvd at 406 Times in 119 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
as u know some of guys now begin work on win 64 ...
and we still have many weakness points in dealing with win x64 .
so any new inf or any new tuts r very welcome at this time ,even if it is for beginners .
specially in reversing or debugging or Analyzing (PE)
so if u can write some useful tuts for us about win x64 that will be very welcome and thankful, and I promise u that I will make a special sticky post at the top of this section just for ur tuts .
Thanks in adv for ur nice work ....we will wait ur great work .
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
  #15  
Old 02-04-2010, 22:32
Fyyre's Avatar
Fyyre Fyyre is offline
Fyyre
 
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 259
Rept. Given: 75
Rept. Rcvd 85 Times in 38 Posts
Thanks Given: 141
Thanks Rcvd at 335 Times in 113 Posts
Fyyre Reputation: 85
Hi ahmadmansoor,

Certainly I can make some tutorials for X64 =)

-Fyyre
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Universal PatchGuard and Driver Signature Enforcement Disable Fyyre x64 OS 5 06-20-2022 14:12
Driver Signing on x64 Windows _MAX_ x64 OS 7 10-22-2012 15:47
Defeating patchguard and 64bit kernel-mode protections chaboyd General Discussion 1 02-05-2006 07:36


All times are GMT +8. The time now is 12:54.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )