#1
|
||||
|
||||
Disable PatchGuard & Driver Signing
Hello,
This patch is for Windows 7 X64 RTM & Windows 7 SP1. It directly modifies ntoskrnl.exe & winload.exe to remove Microsoft's "PatchGuard" and requirement of driver signing. This is accomplished by patching 6 bytes inside ntoskrnl.exe and four bytes inside of winload.exe ... it is file patch version of my existing bootkit I originally made this for myself... wanting to again be able to hook inside of ntoskrnl like with X86 Windows. Hope that someone find this useful, -Fyyre p.s. attachment updated for SP1 -- new attachment added on 8 March, 2011 Last edited by Fyyre; 05-15-2024 at 11:34. Reason: fixed dead link to POC bootkit. |
The Following 6 Users Gave Reputation+1 to Fyyre For This Useful Post: | ||
ahmadmansoor (01-27-2010), backdoor_b (02-19-2010), bball0002 (01-22-2010), cyberbob (01-23-2010), metr0 (01-23-2010), trtty (02-16-2010) |
The Following User Says Thank You to Fyyre For This Useful Post: | ||
Artic (06-22-2015) |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Universal PatchGuard and Driver Signature Enforcement Disable | Fyyre | x64 OS | 5 | 06-20-2022 14:12 |
Driver Signing on x64 Windows | _MAX_ | x64 OS | 7 | 10-22-2012 15:47 |
Defeating patchguard and 64bit kernel-mode protections | chaboyd | General Discussion | 1 | 02-05-2006 07:36 |