-
-
[分享]Disable PG
-
发表于: 2014-9-20 17:01
-
DisPG
This is proof-of-concept code to encourage security researchers to examine PatchGuard more by showing actual code that disables PatchGuard at runtime.
It does following things:
disarms PatchGuard on certain patch versions of XP SP2, Vista SP2, 7 SP1 and 8.1 at run-time.
disables Driver Signing Enforcement and allows you to install an arbitrary unsigned driver so that you can examine the x64 kernel using kernel patch techniques if you need.
hide processes whose names start with 'rk' to demonstrate that PatchGuard is being disarmed.
代码在下面的链接
https://github.com/tandasat/PgResarch/tree/master/DisPG
好久没有来论坛了,随便翻到了一些东西分享一下,具体效果我没有验证过,有需要的可以研究下
This is proof-of-concept code to encourage security researchers to examine PatchGuard more by showing actual code that disables PatchGuard at runtime.
It does following things:
disarms PatchGuard on certain patch versions of XP SP2, Vista SP2, 7 SP1 and 8.1 at run-time.
disables Driver Signing Enforcement and allows you to install an arbitrary unsigned driver so that you can examine the x64 kernel using kernel patch techniques if you need.
hide processes whose names start with 'rk' to demonstrate that PatchGuard is being disarmed.
代码在下面的链接
https://github.com/tandasat/PgResarch/tree/master/DisPG
好久没有来论坛了,随便翻到了一些东西分享一下,具体效果我没有验证过,有需要的可以研究下
[招生]科锐逆向工程师培训(2025年3月11日实地,远程教学同时开班, 第52期)!
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
