Results 1 to 5 of 5
  1. #1
    a4123278
    a4123278 is offline
    Member-in-training
    Join Date
    2010 Apr
    Posts
    68
    Thanks Thanks Given 
    2
    Thanks Thanks Received 
    15
    Thanked in
    1 Post
    Rep Power
    0

    Disabling PatchGuard-Driver Signing Bypass for X64 Windows 7

    This is a simple method to successfully disable the driver signature enforcement and
    kernel patch protection on X64 version of Windows 7

    This instruction assumes you run Windows with administrator account, no UAC, etc...

    How to use:
    Download attached disable_pg_ds.rar
    Place files to desktop, execute in order:
    1. cmd
    2. exe
    3. cmd


    after execute all three, is safe to delete the files and directory %userprofile%\desktop\patch_temp
    upon reboot menu will present boot option "PatchGuard Disabled" ... which allows for loading
    of unsigned X64 bit drivers, and hooking inside ntoskrnl.

    newly created registry service key entries, delete REG_DWORD WOW64

    How to uninstall:
    open cmd.exe and input:
    bcdedit /delete {46595952-454E-4F50-4747-554944FFFFFF}
    now from \windows\system32 delete: ntkrnlmp.exe & osload.exe

    After disabling PatchGuard and driver signature enforcement you can now also hide and unhide processes on X64 Windows 7 using ,for example, hidecon utility.

    The utility has two parts: console program, and driver. The driver works by locating PsActiveProcessHead and use of some linked-list macros to hide/unhide processes.
    Fyyre


    Virustotal result: 2% for hide.rar
    Virustotal result: 56% for disable_pg_ds.rar
    Such high results are obviously because of illegal nature what those patches are made to do to your system files

    Please register or login to download attachments.


  2. #2
    schizoph7
    schizoph7 is offline
    Guest
    Join Date
    2012 Aug
    Posts
    2
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0

    Question

    Is this method available/suitable for Vista x64 nor Win7 x64 (Service pack 1) ?

    --edit-tested--

    Nice work, but doesn't(can't) work for win7 x64 SP1.
    After boot error: "osload.exe" checksum does not match with machine headers... Please insert to your win installation disc.

    So microsoft getting smartier day by day bros.

    "sorry for my bad english"
    Last edited by schizoph7; 2012-08-24 at 05:13 PM. Reason: tested

  3. #3
    fyyre
    fyyre is offline
    New member fyyre's Avatar
    Join Date
    2011 Apr
    Location
    0xfe
    Posts
    21
    Thanks Thanks Given 
    7
    Thanks Thanks Received 
    2
    Thanked in
    2 Posts
    Rep Power
    0
    Use the updated version from my website, should work fine..

    http://fyyre.ivory-tower.de/projects/no_pg_ds_v3.rar


    Quote Originally Posted by schizoph7 View Post
    Is this method available/suitable for Vista x64 nor Win7 x64 (Service pack 1) ?

    --edit-tested--

    Nice work, but doesn't(can't) work for win7 x64 SP1.
    After boot error: "osload.exe" checksum does not match with machine headers... Please insert to your win installation disc.

    So microsoft getting smartier day by day bros.

    "sorry for my bad english"

  4. #4
    schizoph7
    schizoph7 is offline
    Guest
    Join Date
    2012 Aug
    Posts
    2
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0
    hi again fyyre, i tried the last version and windows loaded(no booting problem any more) successfully but, io driver cannot be loaded. because patchguard still running. After -ld command an information window from windows appears: This driver is unsigned etc.. etc...

    In my opinion patching kernel files fixed in build 7601 nor SP 1

    My protuct details:

    BuildLab: 7601.win7sp1_gdr.120503-2030
    BuildLabEx: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
    CSDBuildNumber: 1130
    CSDVersion: Service Pack 1
    CurrentBuild: 7601

    Now i am dowloading winXP to setup multi-boot for hiding processes... Thx for reply and patch.
    I hope version details helps to other people

  5. #5
    bigi
    bigi is offline
    Guest
    Join Date
    2013 Feb
    Posts
    1
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0

    issues with build 7601.17944?

    Hi Fayyre

    I've been a user of your excellent patchguard disable tool for a number of years, but i'm running into a problem recently with the latest win7 SP1 build - 17944. Even though the tool seems to run through successfully, as soon as i try to install an unsigned dll, the Program compatibility assistant kicks in and won't let me load the driver! tried it a few times, but no success.

    Can you help at all?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •