Exetools - Disable PatchGuard & Driver Signing

Exetools (https://forum.exetools.com/index.php)

- x64 OS (https://forum.exetools.com/forumdisplay.php?f=44)

- - Disable PatchGuard & Driver Signing (https://forum.exetools.com/showthread.php?t=12628)

Quote:

Originally Posted by Tachyon (Post 75211)

I'd also be interested to know what tools your using to reverse in x64.

Thanks !

IDA :)

-Fyyre

Hi Fyyre : I'm sorry for this lately question .
I have run file (2) but the patcher couldn't find osloader.exe or the other file ,even it is exist when i search for both file.
so any suggestion !!!
Thanks ,bs : I have disable UAC ,and I have windows 7 Ultimate SP 1 x64 .
note : I have try ur file from ur site (no_pg_ds_v3) same result !
htxp://fyyre.ivory-tower.de/

Hi,

Someone else will have to create support for Windows 8. I stop using new Microsoft products.

Thanks,

-Fyyre

So you can't bypass the NEW patchguard? Too hard this time? Hoepfuly someone else can do it.

What Fyyre said was that Fyyre is no longer using "new" Microsoft products, so there is no method for Fyyre to develop the product for use on Windows 8.

Someone using Windows 8 will have to develop it for the group.

Regards,

Quote:

Originally Posted by Pansemuckl (Post 81227)

So you can't bypass the NEW patchguard? Too hard this time? Hoepfuly someone else can do it.

Be more kind here mate.
Watch your language.
This kind of attitude will get you nowhere.

Quote:

Originally Posted by Pansemuckl (Post 81227)

So you can't bypass the NEW patchguard? Too hard this time? Hoepfuly someone else can do it.

Already I did this, during RC0 of Windows 8.

Today mostly I working with Linux. My own personal need and interest is no longer, making this a project now for someone else.

-Fyyre

sorry for small offtopic, but...

Quote:

Today mostly I working with Linux

which one?

Quote:

Originally Posted by Av0id (Post 81271)

sorry for small offtopic, but...

which one?

CentOS, this one is hands down my favorite.

Quote:

Originally Posted by Fyyre (Post 81254)

Already I did this, during RC0 of Windows 8.

Today mostly I working with Linux. My own personal need and interest is no longer, making this a project now for someone else.

-Fyyre

What a pity!

I change my mind; if someone can provide me with a link to Windows 8 x64 ntoskrnl.exe -- I will add support of Win 8 to Disable PG/DS, when free time permits.

-Fyyre

Here is the latest version of the Windows 8 x64 ntoskrnl.exe:

Code:

http://rghost.net/42719504

Thank you for your efforts, Fyyre. ;)

How patch winload.efi instead winload.exe from Win7 SP1 ?

Edited
=====
OK, I make second mk_bcdentry_UEFI.cmd script for UEFI:

Code:

ECHO OFF



ECHO.

ECHO Copy of required files...

ECHO.



set PATCHTEMP=%CD%

cd %PATCHTEMP%

echo y | copy %WINDIR%\SYSTEM32\winload.efi %PATCHTEMP%\osloader.efi

echo y | copy %WINDIR%\SYSTEM32\ntoskrnl.exe %PATCHTEMP%\ntkrnlmp.exe



set OLD_GUID={46595952-454E-4F50-4747-554944FFFFFF}

set ENTRY_GUID={46595952-454E-4F50-4747-554944FEEEEE}



ECHO.

ECHO Delete BCD Entries, if existing...

bcdedit -delete %ENTRY_GUID%

bcdedit -delete %OLD_GUID%

ECHO.



ECHO.

ECHO Creating BCD Entry...

ECHO.



bcdedit -create %ENTRY_GUID% -d "PatchGuard Disabled v3" -application OSLOADER

bcdedit -set %ENTRY_GUID% device partition=%SYSTEMDRIVE%

bcdedit -set %ENTRY_GUID% osdevice partition=%SYSTEMDRIVE%

bcdedit -set %ENTRY_GUID% systemroot \Windows

bcdedit -set %ENTRY_GUID% path \Windows\system32\osloader.efi

bcdedit -set %ENTRY_GUID% kernel ntkrnlmp.exe

bcdedit -set %ENTRY_GUID% recoveryenabled 0

bcdedit -set %ENTRY_GUID% nx OptIn

bcdedit -set %ENTRY_GUID% nointegritychecks 1

bcdedit -set %ENTRY_GUID% inherit {bootloadersettings}



bcdedit -displayorder %ENTRY_GUID% -addlast

bcdedit -timeout 10



ECHO.

ECHO Setting PEAUTH service to manual... (avoid BSOD at login screen)

ECHO.

sc config peauth start= demand



ECHO.

ECHO Calling patcher!  Please press "Patch", next "Exit" before continue here...

ECHO.

%PATCHTEMP%\no_ds_pg.exe

ECHO.

ECHO.



ECHO.

ECHO Copy of required files...

ECHO.

echo y | copy %PATCHTEMP%\osloader.efi %WINDIR%\SYSTEM32\osloader.efi

echo y | copy %PATCHTEMP%\ntkrnlmp.exe %WINDIR%\SYSTEM32\ntkrnlmp.exe

ECHO.



ECHO.

ECHO Process complete.  Upon reboot system and select "PatchGuard Disabled v3".

ECHO.



pause

You need select file osloader.efi to patch manually. Tested on Win7 SP1 17514

Hi Gelip!

Did this work for you? If so -- wonderful! =)

I will note:

hFiref0x and I created UPGDSED based on my "disable PG/DS" idea and research.

I'm not sure if you tried using it... it should still work fine, although the project is no longer updated.

Perhaps someone released a more modern way to disable DSE and PatchGuard? However I am unfamiliar with what alternatives are.

Be well!
-Fyyre

Quote:

Originally Posted by Gelip (Post 130940)

How patch winload.efi instead winload.exe from Win7 SP1 ?

Edited
=====
OK, I make second mk_bcdentry_UEFI.cmd script for UEFI:

Code:

ECHO OFF



ECHO.

ECHO Copy of required files...

ECHO.



set PATCHTEMP=%CD%

cd %PATCHTEMP%

echo y | copy %WINDIR%\SYSTEM32\winload.efi %PATCHTEMP%\osloader.efi

echo y | copy %WINDIR%\SYSTEM32\ntoskrnl.exe %PATCHTEMP%\ntkrnlmp.exe



set OLD_GUID={46595952-454E-4F50-4747-554944FFFFFF}

set ENTRY_GUID={46595952-454E-4F50-4747-554944FEEEEE}



ECHO.

ECHO Delete BCD Entries, if existing...

bcdedit -delete %ENTRY_GUID%

bcdedit -delete %OLD_GUID%

ECHO.



ECHO.

ECHO Creating BCD Entry...

ECHO.



bcdedit -create %ENTRY_GUID% -d "PatchGuard Disabled v3" -application OSLOADER

bcdedit -set %ENTRY_GUID% device partition=%SYSTEMDRIVE%

bcdedit -set %ENTRY_GUID% osdevice partition=%SYSTEMDRIVE%

bcdedit -set %ENTRY_GUID% systemroot \Windows

bcdedit -set %ENTRY_GUID% path \Windows\system32\osloader.efi

bcdedit -set %ENTRY_GUID% kernel ntkrnlmp.exe

bcdedit -set %ENTRY_GUID% recoveryenabled 0

bcdedit -set %ENTRY_GUID% nx OptIn

bcdedit -set %ENTRY_GUID% nointegritychecks 1

bcdedit -set %ENTRY_GUID% inherit {bootloadersettings}



bcdedit -displayorder %ENTRY_GUID% -addlast

bcdedit -timeout 10



ECHO.

ECHO Setting PEAUTH service to manual... (avoid BSOD at login screen)

ECHO.

sc config peauth start= demand



ECHO.

ECHO Calling patcher!  Please press "Patch", next "Exit" before continue here...

ECHO.

%PATCHTEMP%\no_ds_pg.exe

ECHO.

ECHO.



ECHO.

ECHO Copy of required files...

ECHO.

echo y | copy %PATCHTEMP%\osloader.efi %WINDIR%\SYSTEM32\osloader.efi

echo y | copy %PATCHTEMP%\ntkrnlmp.exe %WINDIR%\SYSTEM32\ntkrnlmp.exe

ECHO.



ECHO.

ECHO Process complete.  Upon reboot system and select "PatchGuard Disabled v3".

ECHO.



pause

You need select file osloader.efi to patch manually. Tested on Win7 SP1 17514

Quote:

Originally Posted by Fyyre (Post 130947)

Hi Gelip!
Did this work for you? If so -- wonderful! =)

Yes, but Win7 must be activate or work only 30 day from fresh install OS. I test driver signing BeepXP:

Normal boot - digital signature error (service beepxp not running)
https://i.ibb.co/YpYgg7z/normal-boot.png
PatchGuard Disabled v3 - service beepxp running, driver works :):
https://i.ibb.co/XtvmbdG/patch-works.png
https://i.ibb.co/6Dj1vSz/UEFI.png

How test PatchGuard?

Quote:

Originally Posted by Gelip (Post 130948)

Do something Microsoft doesn't like such as modify the SSDT or Shadow SSDT. Better yet, I can send you some ancient source for a x64 process hider I made, that also does the trick.

Quote:

Originally Posted by Fyyre (Post 131078)

Do something Microsoft doesn't like such as modify the SSDT or Shadow SSDT. Better yet, I can send you some ancient source for a x64 process hider I made, that also does the trick.

Maybe u can share it with all of us :D
Thanks

Quote:

Originally Posted by ahmadmansoor (Post 131085)

Maybe u can share it with all of us :D
Thanks

Certainly, I will :) let me clean it up and see that it still loads

Quote:

Originally Posted by Fyyre (Post 131078)

Do something Microsoft doesn't like such as modify the SSDT or Shadow SSDT. Better yet, I can send you some ancient source for a x64 process hider I made, that also does the trick.

Yes, please.

https://learn.microsoft.com/en-us/windows-hardware/drivers/install/cross-certificates-for-kernel-mode-code-signing

Quote:

Originally Posted by Fyyre (Post 130947)

Hi Gelip!

Did this work for you? If so -- wonderful! =)

-Fyyre

Hi. Fyyre. Please help patch same for 32-bit winload.efi 5472.5
https://www.mediafire.com/file/us8erkvjbka1jrr/5472.zip/file
https://msfn.org/board/topic/186779-how-disbale-check-signature-enforcement/

Thx. :)