|
#1
|
||||
|
||||
Looking for
Looking for someone familiar with disable of PatchGuard without reboot of system.
I have method for loading unsigned x64 driver, without any reboot/bootkit/etc. The two would make for a good match. -Fyyre |
The Following User Says Thank You to Fyyre For This Useful Post: | ||
Indigo (07-19-2019) |
#2
|
|||
|
|||
try this two
|
#3
|
|||
|
|||
@Fyyre:
If you found a bug like that, please keep it either to yourself or - even better - report it in private to Microsoft and the perpetrator, so they can fix it. Nobody wants "driver hell" coming back to production systems. I know PatchGuard and Driver Signing Enforcement made RCE work a bit harder, but they also made our systems much more stable. @Cyber_Coder: I don't think Fyyre needs to be reminded of documents he wrote by himself many years ago and which he is currently hosting on his own website. |
The Following User Says Thank You to Kerlingen For This Useful Post: | ||
Indigo (07-19-2019) |
#4
|
|||
|
|||
There's no public way to bypass it, so I doubt anyone is going to just give it away.
http://vrt-blog.snort.org/2014/08/th...rotection.html - "Patchguard v8 - Internal architecture" is the most recent, but not very helpful. AFAIK it can be somewhat bypassed with virtualization by spoofing the LSTAR MSR(syscall) or intercepting IDT events. There's still the cost of performance. |
The Following User Gave Reputation+1 to Nukem For This Useful Post: | ||
bolzano_1989 (08-26-2014) |
The Following User Says Thank You to Nukem For This Useful Post: | ||
Indigo (07-19-2019) |
#5
|
|||
|
|||
@Kerlingen i was not know that hi write that paper
|
Thread Tools | |
Display Modes | |
|
|