diff options
Diffstat (limited to 'EfiGuardDxe/PatchNtoskrnl.c')
| -rw-r--r-- | EfiGuardDxe/PatchNtoskrnl.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/EfiGuardDxe/PatchNtoskrnl.c b/EfiGuardDxe/PatchNtoskrnl.c index 49a3ba3..bd2ce29 100644 --- a/EfiGuardDxe/PatchNtoskrnl.c +++ b/EfiGuardDxe/PatchNtoskrnl.c @@ -27,6 +27,7 @@ STATIC CONST UINT8 SigKeInitAmd64SpecificState[] = { 0x41, 0xF7, 0xF8 // idiv r8d }; +#ifndef DO_NOT_DISABLE_PATCHGUARD // Signature for nt!KiVerifyScopesExecute // This function is present since Windows 8.1 and is responsible for executing all functions in the KiVerifyXcptRoutines array. // One of these functions, KiVerifyXcpt15, will indirectly initialize a PatchGuard context from its exception handler. @@ -56,6 +57,7 @@ STATIC CONST UINT8 SigKiSwInterrupt[] = { 0xE8, 0xCC, 0xCC, 0xCC, 0xCC, // call KiSwInterruptDispatch 0xFA // cli }; +#endif // Signature for nt!SeCodeIntegrityQueryInformation, called through NtQuerySystemInformation(SystemCodeIntegrityInformation). // This function has actually existed since Vista in various forms, sometimes (8/8.1/early 10) inlined in ExpQuerySystemInformation. @@ -77,6 +79,7 @@ STATIC CONST UINT8 SeCodeIntegrityQueryInformationPatch[] = { }; +#ifndef DO_NOT_DISABLE_PATCHGUARD // // Defuses PatchGuard initialization routines before execution is transferred to the kernel. // All code accessed here is located in the INIT and .text sections. @@ -427,6 +430,7 @@ DisablePatchGuard( return EFI_SUCCESS; } +#endif // // Disables DSE for the duration of the boot by preventing it from initializing. @@ -810,6 +814,7 @@ PatchNtoskrnl( ASSERT(TextSection != NULL); ASSERT(PageSection != NULL); +#ifndef DO_NOT_DISABLE_PATCHGUARD // Patch INIT and .text sections to disable PatchGuard PRINT_KERNEL_PATCH_MSG(L"[PatchNtoskrnl] Disabling PatchGuard... [INIT RVA: 0x%X - 0x%X]\r\n", InitSection->VirtualAddress, InitSection->VirtualAddress + InitSection->SizeOfRawData); @@ -822,6 +827,9 @@ PatchNtoskrnl( return Status; PRINT_KERNEL_PATCH_MSG(L"\r\n[PatchNtoskrnl] Successfully disabled PatchGuard.\r\n"); +#else + PRINT_KERNEL_PATCH_MSG(L"\r\n*** Not disabling PatchGuard ***\r\n"); +#endif if (gDriverConfig.DseBypassMethod == DSE_DISABLE_AT_BOOT || (BuildNumber < 9200 && gDriverConfig.DseBypassMethod != DSE_DISABLE_NONE)) |