#1
|
||||
|
||||
Disable PatchGuard & Driver Signing
Hello,
This patch is for Windows 7 X64 RTM & Windows 7 SP1. It directly modifies ntoskrnl.exe & winload.exe to remove Microsoft's "PatchGuard" and requirement of driver signing. This is accomplished by patching 6 bytes inside ntoskrnl.exe and four bytes inside of winload.exe ... it is file patch version of my existing bootkit I originally made this for myself... wanting to again be able to hook inside of ntoskrnl like with X86 Windows. Hope that someone find this useful, -Fyyre p.s. attachment updated for SP1 -- new attachment added on 8 March, 2011 Last edited by Fyyre; 05-15-2024 at 11:34. Reason: fixed dead link to POC bootkit. |
The Following 6 Users Gave Reputation+1 to Fyyre For This Useful Post: | ||
ahmadmansoor (01-27-2010), backdoor_b (02-19-2010), bball0002 (01-22-2010), cyberbob (01-23-2010), metr0 (01-23-2010), trtty (02-16-2010) |
The Following User Says Thank You to Fyyre For This Useful Post: | ||
Artic (06-22-2015) |
#2
|
|||
|
|||
Tested on my Win x64. Works perfectly.
|
#3
|
|||
|
|||
Seems like I got not enough permission to access the file, probably due to my different user group. Just some minor setting in the board panel I guess.
Thanks anyway, I guess I already read about it on your page. |
#4
|
|||
|
|||
metr0:
You should be able to download the attachment to Fyyre's post. Your usergroup has permission to download from this forum. Regards,
__________________
JMI |
#5
|
|||
|
|||
Same here actually JMI.. I also get a permission denied.
|
#6
|
||||
|
||||
@quosego & metr0 : I have fix the problem .pls try it now .
Thanks for replay
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
#7
|
|||
|
|||
Thanks JMI and ahmadmansoor for the fix, it works fine now. Time to boot into 7 x64!
|
#8
|
|||
|
|||
I can't seem to download this attachment either. Is there a certain amount of posts I'm supposed to have before I can download attachments?
|
#9
|
|||
|
|||
Promotion is a manual process and does not get done on a set schedule. However, your post count qualifies you for promotion to "Trial Member", and they have upload and download privileges.
Please give it a try again. Regards,
__________________
JMI |
#10
|
|||
|
|||
This is exactly what I've been looking for! Thanks for this Fyyre!
|
#11
|
|||
|
|||
JMI: Works now. Thanks a bunch.
|
#12
|
||||
|
||||
@Fyyre : my friend could we see some useful tut in win x64 if that possible ??!!
if u have some time ..of course . Thanks in adv
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
#13
|
||||
|
||||
Hi Ahmadmansoor,
A tutorial to disable the PatchGuard and Driver Signing? Or did you have something else in mind? -Fyyre |
#14
|
||||
|
||||
as u know some of guys now begin work on win 64 ...
and we still have many weakness points in dealing with win x64 . so any new inf or any new tuts r very welcome at this time ,even if it is for beginners . specially in reversing or debugging or Analyzing (PE) so if u can write some useful tuts for us about win x64 that will be very welcome and thankful, and I promise u that I will make a special sticky post at the top of this section just for ur tuts . Thanks in adv for ur nice work ....we will wait ur great work .
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
#15
|
||||
|
||||
Hi ahmadmansoor,
Certainly I can make some tutorials for X64 =) -Fyyre |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Universal PatchGuard and Driver Signature Enforcement Disable | Fyyre | x64 OS | 5 | 06-20-2022 14:12 |
Driver Signing on x64 Windows | _MAX_ | x64 OS | 7 | 10-22-2012 15:47 |
Defeating patchguard and 64bit kernel-mode protections | chaboyd | General Discussion | 1 | 02-05-2006 07:36 |