| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Changed gEfiGuardDriverProtocolGuid, EFIGUARD_BACKDOOR_VARIABLE_NAME and ↵testmy | Toni Uhlig | 2025-05-21 |
| | | | | | | | | | EFIGUARD_BACKDOOR_COOKIE_VALUE * added some measurements that will get used later Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Added partial PatchGuard disable at compile time with `-D EAC_COMPAT_MODE=1`. | Toni Uhlig | 2025-04-23 |
| | | | | | | | | | * runtime DSE disabling still possible * compatible with EasyAntiCheat * no bsod so far Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Disable PatchGuard at compile time with `-D DO_NOT_DISABLE_PATCHGUARD=1`. | Toni Uhlig | 2025-04-23 |
| | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Changed EfiGaurd title to something more "neutral" ;) | Toni Uhlig | 2025-04-23 |
| | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | ||
| * | Add VeraCrypt support (#136) | worldwidefuckfest | 2025-02-24 |
| | | |||
| * | Fix build with current EDK2 master | Matthijs Lavrijsen | 2025-01-17 |
| | | | | | | | | | Override the unwanted /GS flag addition (MSVC) and -fno-stack-protector removal (GCC) introduced in https://github.com/tianocore/edk2/commit/f53f029122d4493e9db95e2424dd8f067f247661 Additionally remove some other (less harmful but still unwanted) build flags that have been made the default in MSVC in the .vcxproj/.props files as well. Fixes #134 | ||
| * | Misc. minor warning fixes | Matthijs Lavrijsen | 2025-01-17 |
| | | |||
| * | Use case-insensitive string comparison when checking file names | Matthijs Lavrijsen | 2024-01-21 |
| | | |||
| * | Pedantic assert fix in SetVariable hook | Matthijs Lavrijsen | 2024-01-20 |
| | | |||
| * | KiSwInterrupt patch: reuse INIT section as PG context | Matthijs Lavrijsen | 2023-10-15 |
| | | | | | INIT is already discardable (and exists in all NT kernels), no need to obtain INITDATA separately. | ||
| * | Fix build with GCC toolchain | Matthijs Lavrijsen | 2023-10-14 |
| | | |||
| * | Always use CopyWpMem in SetVariable hook | Matthijs Lavrijsen | 2023-10-14 |
| | | |||
| * | Check CR4_CET.SH_STK_EN before adjusting shadow stack | Matthijs Lavrijsen | 2023-10-14 |
| | | |||
| * | Use EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL if available | Matthijs Lavrijsen | 2023-10-12 |
| | | |||
| * | Fix KiVerifyScopesExecute signature for LA57 kernel | Matthijs Lavrijsen | 2023-10-03 |
| | | | | | ntkrla57.exe uses AND with r/m32 here rather than r/m64, which the signature was needlessly specific about by including a REX prefix | ||
| * | Add updated decode search for OslFwpKernelSetupPhase1 | Matthijs Lavrijsen | 2023-10-03 |
| | | |||
| * | KiSwInterrupt patch: change the PG context address instead if possible | Matthijs Lavrijsen | 2023-10-01 |
| | | | | | Reference: #101 | ||
| * | Disable CET when clearing CR0.WP | Matthijs Lavrijsen | 2023-09-27 |
| | | |||
| * | EfiGuardDxe: delay driver unload when a non-Windows OS is booted | Matthijs Lavrijsen | 2023-09-26 |
| | | | | | Fixes #91 | ||
| * | Fix build with current EDK2 master | Matthijs Lavrijsen | 2023-06-22 |
| | | | | | Rename RUNTIME_FUNCTION to resolve a conflict with edk2's incomplete redefinition added in https://github.com/tianocore/edk2/commit/ff52068d9261b9391d75b83a2a4e40e040f3b6eb | ||
| * | Handle 5-level paging when checking canonical address bits | Matthijs Lavrijsen | 2023-04-26 |
| | | |||
| * | EfiGuardDxe: distinguish between winload and kernel build numbers | Matthijs Lavrijsen | 2023-04-03 |
| | | |||
| * | Clean up linker optionsv1.3 | Matthijs Lavrijsen | 2023-03-26 |
| | | |||
| * | RtlSleep: wait for a timer event instead of stalling | Matthijs Lavrijsen | 2023-03-26 |
| | | |||
| * | EfiGuardDxe: clear and restore CR0.WP when copying | Matthijs Lavrijsen | 2023-03-26 |
| | | | | | This is intended to deal with the UEFI memory protection protocol (EFI_MEMORY_ATTRIBUTE_PROTOCOL) introduced in the UEFI 2.10 specification. | ||
| * | Add CopyWpMem and SetWpMem routines | Matthijs Lavrijsen | 2023-03-26 |
| | | | | | Additionally make SetServicePointer also clear and restore CR0.WP if needed | ||
| * | Update Zydis to v4 | Matthijs Lavrijsen | 2023-03-26 |
| | | |||
| * | EfiGuardDxe: disable VBS for the current boot | Matthijs Lavrijsen | 2023-03-16 |
| | | | | | | | | This prevents a bugcheck on Windows 10 and later when VBS is enabled, which was made the default setting in Windows 11. Additionally, EfiDSEFix will not proceed if it detects that VBS is still unexpectedly running (meaning either EfiGuardDxe was never loaded, or it failed to disable VBS). Fixes #59 | ||
| * | Misc. warning fixes | Matthijs Lavrijsen | 2023-03-13 |
| | | |||
| * | Macro sanitization | Matthijs Lavrijsen | 2023-02-27 |
| | | |||
| * | Add StrniCmp implementation | Matthijs Lavrijsen | 2022-08-24 |
| | | |||
| * | Misc. warning fixes | Matthijs Lavrijsen | 2022-08-17 |
| | | |||
| * | DXE driver: store the full kernel build number in global context | Matthijs Lavrijsen | 2022-08-17 |
| | | |||
| * | EfiGuardDxe: add VisualUefi support for recent versions of edk2 | Matthijs Lavrijsen | 2022-08-17 |
| | | |||
| * | Fix warnings when compiling with GCC | Matthijs Lavrijsen | 2022-04-21 |
| | | |||
| * | Update arc.hv1.2 | Matthijs Lavrijsen | 2021-05-12 |
| | | |||
| * | Fix Resharper warnings | Matthijs Lavrijsen | 2021-05-12 |
| | | |||
| * | Use PE runtime function tables for finding function start addressesv1.1.1 | Matthijs Lavrijsen | 2021-01-30 |
| | | |||
| * | Update Zydis submodule | Matthijs Lavrijsen | 2021-01-30 |
| | | |||
| * | Patch nt!KiMcaDeferredRecoveryService on Windows >= 8.1 | Mattiwatti | 2020-05-07 |
| | | |||
| * | Patch nt!KiVerifyScopesExecute on Windows >= 8.1 | Mattiwatti | 2020-05-07 |
| | | |||
| * | Disable PatchGuard verification call in KiSwInterrupt | Mattiwatti | 2020-05-03 |
| | | | | | KiSwInterrupt is present since Windows 10 and is the interrupt handler for int 20h. This interrupt is a spurious interrupt on older versions of Windows, and does nothing useful on Windows 10. If int 20h is issued from kernel mode, the PatchGuard verification routine KiSwInterruptDispatch is called. This leads to a bugcheck if PatchGuard has not been initialized. | ||
| * | Update SeCodeIntegrityQueryInformation signature | Mattiwatti | 2019-12-04 |
| | | | | | This makes this optional pattern scan work on the current Windows 10 20H1 preview release | ||
| * | Compile as UTF-8 | Mattiwatti | 2019-12-04 |
| | | |||
| * | Update Zydis submodulev1.0.2 | Mattiwatti | 2019-10-07 |
| | | |||
| * | Disable Spectre mitigation crap | Mattiwatti | 2019-10-07 |
| | | |||
| * | Call driver unload if a non-Windows OS is being booted | Mattiwatti | 2019-05-06 |
| | | |||
| * | Update arc.h | Mattiwatti | 2019-05-06 |
| | | |||
| * | Minor fixes | Mattiwatti | 2019-05-06 |
| | | |||
| * | Fix two dumb mistakes that were cancelling each other out | Mattiwatti | 2019-05-06 |
| | | | | | PE section names must be null terminated because they are not guaranteed to be. However they must be null terminated at 8 characters, not at the length of the string that happens to be relevant for whatever reason. This would have led to false positives when finding sections, were it not for the off-by-one error that was keeping an additional character in the buffer | ||