diff options
| author | Mattiwatti <mattiwatti@gmail.com> | 2019-12-04 08:16:19 +0100 |
|---|---|---|
| committer | Mattiwatti <mattiwatti@gmail.com> | 2019-12-04 08:16:19 +0100 |
| commit | 77e1862430aa9499f7943e1d772d978c80542353 (patch) | |
| tree | 7b03fbb35c651e2eed1fc69bda0d9bc6d81f2e8f | |
| parent | 00159446daf90997b1c9c73eb0e2508339d929c9 (diff) | |
Update SeCodeIntegrityQueryInformation signature
This makes this optional pattern scan work on the current Windows 10 20H1 preview release
| -rw-r--r-- | EfiGuardDxe/PatchNtoskrnl.c | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/EfiGuardDxe/PatchNtoskrnl.c b/EfiGuardDxe/PatchNtoskrnl.c index c11d460..e37658a 100644 --- a/EfiGuardDxe/PatchNtoskrnl.c +++ b/EfiGuardDxe/PatchNtoskrnl.c @@ -35,12 +35,7 @@ STATIC CONST UINT8 SigSeCodeIntegrityQueryInformation[] = { 0xCC, 0x48, 0x83, 0x3D, 0xCC, 0xCC, 0xCC, 0xCC, 0x00, // cmp cs:qword_14035E638, 0 0x4D, 0x8B, 0xC8, // mov r9, r8 0x4C, 0x8B, 0xD1, // mov r10, rcx - 0x74, 0xCC, // jz XX - 0x8A, 0x05, 0xCC, 0xCC, 0xCC, 0xCC, // mov al, cs:SeILSigningPolicy - 0x0F, 0xB6, 0xC8, // movzx ecx, al - 0x84, 0xC0, // test al, al - 0x75, 0xCC, // jnz XX - 0x0F, 0xB6, 0x0D, 0xCC, 0xCC, 0xCC, 0xCC // movzx ecx, cs:SeILSigningPolicyRuntime + 0x74, 0xCC // jz XX }; // Patched SeCodeIntegrityQueryInformation which reports that DSE is enabled |