Thread: Disable PatchGuard & Driver Signing
View Single Post
  #1  
Old 01-22-2010, 05:38
Fyyre's Avatar
Fyyre Fyyre is offline
Fyyre
  
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 295
Rept. Given: 106
Rept. Rcvd 93 Times in 44 Posts
Thanks Given: 203
Thanks Rcvd at 397 Times in 130 Posts
Fyyre Reputation: 93
Disable PatchGuard & Driver Signing
Hello,

This patch is for Windows 7 X64 RTM & Windows 7 SP1. It directly modifies ntoskrnl.exe & winload.exe to remove Microsoft's "PatchGuard" and requirement of driver signing.

This is accomplished by patching 6 bytes inside ntoskrnl.exe and four bytes inside of winload.exe ... it is file patch version of my existing bootkit

I originally made this for myself... wanting to again be able to hook inside of ntoskrnl like with X86 Windows.

Hope that someone find this useful,

-Fyyre

p.s. attachment updated for SP1 -- new attachment added on 8 March, 2011
Attached Files
File Type: rar disable_pg_ds.rar (75.8 KB, 143 views)
Last edited by Fyyre; 05-15-2024 at 11:34. Reason: fixed dead link to POC bootkit.
Reply With Quote
The Following 6 Users Gave Reputation+1 to Fyyre For This Useful Post:
ahmadmansoor (01-27-2010), backdoor_b (02-19-2010), bball0002 (01-22-2010), cyberbob (01-23-2010), metr0 (01-23-2010), trtty (02-16-2010)
The Following User Says Thank You to Fyyre For This Useful Post:
Artic (06-22-2015)