diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2023-08-17 22:12:13 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2023-08-17 22:12:13 +0200 |
| commit | 3b8c893d9084a92588cfd6a0b7a9bd1f66692d40 (patch) | |
| tree | 79306b84a57a30bcb25115049da5ca1546336777 /EfiGuardDxe | |
| parent | 927c08ad51e85b4d6be3c4426516e81ccb66a523 (diff) | |
Disable PatchGuard at compile time with `-D DO_NOT_DISABLE_PATCHGUARD=1`.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'EfiGuardDxe')
| -rw-r--r-- | EfiGuardDxe/PatchNtoskrnl.c | 8 | ||||
| -rw-r--r-- | EfiGuardDxe/util.c | 1 | ||||
| -rw-r--r-- | EfiGuardDxe/util.h | 1 |
3 files changed, 10 insertions, 0 deletions
diff --git a/EfiGuardDxe/PatchNtoskrnl.c b/EfiGuardDxe/PatchNtoskrnl.c index 49a3ba3..bd2ce29 100644 --- a/EfiGuardDxe/PatchNtoskrnl.c +++ b/EfiGuardDxe/PatchNtoskrnl.c @@ -27,6 +27,7 @@ STATIC CONST UINT8 SigKeInitAmd64SpecificState[] = { 0x41, 0xF7, 0xF8 // idiv r8d }; +#ifndef DO_NOT_DISABLE_PATCHGUARD // Signature for nt!KiVerifyScopesExecute // This function is present since Windows 8.1 and is responsible for executing all functions in the KiVerifyXcptRoutines array. // One of these functions, KiVerifyXcpt15, will indirectly initialize a PatchGuard context from its exception handler. @@ -56,6 +57,7 @@ STATIC CONST UINT8 SigKiSwInterrupt[] = { 0xE8, 0xCC, 0xCC, 0xCC, 0xCC, // call KiSwInterruptDispatch 0xFA // cli }; +#endif // Signature for nt!SeCodeIntegrityQueryInformation, called through NtQuerySystemInformation(SystemCodeIntegrityInformation). // This function has actually existed since Vista in various forms, sometimes (8/8.1/early 10) inlined in ExpQuerySystemInformation. @@ -77,6 +79,7 @@ STATIC CONST UINT8 SeCodeIntegrityQueryInformationPatch[] = { }; +#ifndef DO_NOT_DISABLE_PATCHGUARD // // Defuses PatchGuard initialization routines before execution is transferred to the kernel. // All code accessed here is located in the INIT and .text sections. @@ -427,6 +430,7 @@ DisablePatchGuard( return EFI_SUCCESS; } +#endif // // Disables DSE for the duration of the boot by preventing it from initializing. @@ -810,6 +814,7 @@ PatchNtoskrnl( ASSERT(TextSection != NULL); ASSERT(PageSection != NULL); +#ifndef DO_NOT_DISABLE_PATCHGUARD // Patch INIT and .text sections to disable PatchGuard PRINT_KERNEL_PATCH_MSG(L"[PatchNtoskrnl] Disabling PatchGuard... [INIT RVA: 0x%X - 0x%X]\r\n", InitSection->VirtualAddress, InitSection->VirtualAddress + InitSection->SizeOfRawData); @@ -822,6 +827,9 @@ PatchNtoskrnl( return Status; PRINT_KERNEL_PATCH_MSG(L"\r\n[PatchNtoskrnl] Successfully disabled PatchGuard.\r\n"); +#else + PRINT_KERNEL_PATCH_MSG(L"\r\n*** Not disabling PatchGuard ***\r\n"); +#endif if (gDriverConfig.DseBypassMethod == DSE_DISABLE_AT_BOOT || (BuildNumber < 9200 && gDriverConfig.DseBypassMethod != DSE_DISABLE_NONE)) diff --git a/EfiGuardDxe/util.c b/EfiGuardDxe/util.c index c15b7da..17686ef 100644 --- a/EfiGuardDxe/util.c +++ b/EfiGuardDxe/util.c @@ -16,6 +16,7 @@ STATIC ZydisFormatterFunc DefaultInstructionFormatter; EFI_STATUS +EFIAPI RtlSleep( IN UINTN Milliseconds ) diff --git a/EfiGuardDxe/util.h b/EfiGuardDxe/util.h index b36692e..00294df 100644 --- a/EfiGuardDxe/util.h +++ b/EfiGuardDxe/util.h @@ -28,6 +28,7 @@ RtlSleep( // Stalls CPU for N milliseconds. // EFI_STATUS +EFIAPI RtlStall( IN UINTN Milliseconds ); |