Idov31
commented
2 years ago Hi, Thank you for opening the issue, I'll look into it.
Closed scareing closed 2 years ago
Idov31
commented
2 years ago Hi, Thank you for opening the issue, I'll look into it.
C4n3xp
commented
2 years ago RemoveProcessLinks can not bypass PatchGuard
Idov31
commented
2 years ago As @C4n3xp said, Nidhogg is not (at least not yet) designed to bypass PatchGuard. Since Nidhogg is an unsigned driver, PatchGuard won't allow it to register the process and file routines and can cause KERNEL_SECURITY_CHECK_FAILURE on call. To test and load the driver without getting BSOD from PatchGuard you need to either follow the instructions I mentioned to setup & test the driver or use a known PatchGuard bypass.
scareing
commented
2 years ago No, no, no, I used the leaked NVIDIA signature The case of BSOD still exists
Idov31
commented
2 years ago I've rechecked and verified that having a signature has nothing to do with the BSOD.
As @C4n3xp said before, PatchGuard does not allow kernel structures modification, when using the HideProcess functionality it modifies the linked list and PatchGuard identify it and causing BSOD.
You can use projects to bypass / disable PatchGuard (for example: EfiGuard or Shark ).
WIN10 Microsoft Windows [version 10.0.18363.418]
When I use PChunter to detect its stealth effect,The system immediately blue screen
Originally posted by @scareing in https://github.com/Idov31/Nidhogg/issues/3#issuecomment-1148919201