aboutsummaryrefslogtreecommitdiff
path: root/EfiGuardDxe/PatchNtoskrnl.c
Commit message (Collapse)AuthorAge
* Added partial PatchGuard disable at compile time with `-D EAC_COMPAT_MODE=1`.Toni Uhlig2025-04-23
| | | | | | | | * runtime DSE disabling still possible * compatible with EasyAntiCheat * no bsod so far Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Disable PatchGuard at compile time with `-D DO_NOT_DISABLE_PATCHGUARD=1`.Toni Uhlig2025-04-23
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Misc. minor warning fixesMatthijs Lavrijsen2025-01-17
|
* KiSwInterrupt patch: reuse INIT section as PG contextMatthijs Lavrijsen2023-10-15
| | | | INIT is already discardable (and exists in all NT kernels), no need to obtain INITDATA separately.
* Fix KiVerifyScopesExecute signature for LA57 kernelMatthijs Lavrijsen2023-10-03
| | | | ntkrla57.exe uses AND with r/m32 here rather than r/m64, which the signature was needlessly specific about by including a REX prefix
* KiSwInterrupt patch: change the PG context address instead if possibleMatthijs Lavrijsen2023-10-01
| | | | Reference: #101
* EfiGuardDxe: distinguish between winload and kernel build numbersMatthijs Lavrijsen2023-04-03
|
* EfiGuardDxe: clear and restore CR0.WP when copyingMatthijs Lavrijsen2023-03-26
| | | | This is intended to deal with the UEFI memory protection protocol (EFI_MEMORY_ATTRIBUTE_PROTOCOL) introduced in the UEFI 2.10 specification.
* Update Zydis to v4Matthijs Lavrijsen2023-03-26
|
* Misc. warning fixesMatthijs Lavrijsen2023-03-13
|
* Fix warnings when compiling with GCCMatthijs Lavrijsen2022-04-21
|
* Fix Resharper warningsMatthijs Lavrijsen2021-05-12
|
* Use PE runtime function tables for finding function start addressesv1.1.1Matthijs Lavrijsen2021-01-30
|
* Patch nt!KiMcaDeferredRecoveryService on Windows >= 8.1Mattiwatti2020-05-07
|
* Patch nt!KiVerifyScopesExecute on Windows >= 8.1Mattiwatti2020-05-07
|
* Disable PatchGuard verification call in KiSwInterruptMattiwatti2020-05-03
| | | | KiSwInterrupt is present since Windows 10 and is the interrupt handler for int 20h. This interrupt is a spurious interrupt on older versions of Windows, and does nothing useful on Windows 10. If int 20h is issued from kernel mode, the PatchGuard verification routine KiSwInterruptDispatch is called. This leads to a bugcheck if PatchGuard has not been initialized.
* Update SeCodeIntegrityQueryInformation signatureMattiwatti2019-12-04
| | | | This makes this optional pattern scan work on the current Windows 10 20H1 preview release
* Fix two dumb mistakes that were cancelling each other outMattiwatti2019-05-06
| | | | PE section names must be null terminated because they are not guaranteed to be. However they must be null terminated at 8 characters, not at the length of the string that happens to be relevant for whatever reason. This would have led to false positives when finding sections, were it not for the off-by-one error that was keeping an additional character in the buffer
* Minor fixesMattiwatti2019-03-28
|
* Initial commitv1.0Mattiwatti2019-03-25
Powered by cgit, Themed by Ted Yin.