Hi. After installing KB5003173 update for Windows 10, 21H1, 20H2 и 2004 when you launch efidsefix with -d flag (after successfull OS launch with efidse bootkit i get BSOD
BDOS caused by cng.sys
ATTEMPTED_WRITE_TO_READONLY_MEMORY (be)
An attempt was made to write to readonly memory. The guilty driver is on the
stack trace (and is typically the current instruction pointer).
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: fffff8054b74d12d, Virtual address for the attempted write.
Arg2: 090000000394d121, PTE contents.
Arg3: ffffe085ef83e530, (reserved)
Arg4: 000000000000000b, (reserved)
PROCESS_NAME: EfiDSEFix.exe
TRAP_FRAME: ffffe085ef83e530 -- (.trap 0xffffe085ef83e530)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=00f88b9000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8054d23a83f rsp=ffffe085ef83e6c0 rbp=ffffe085ef83e7b0
r8=ff00000000ffffff r9=fffff8054b74d12d r10=ffffe280a91a2c60
r11=ffffe085ef83ea48 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr ac po nc
fffff8054d23a83f 418911 mov dword ptr [r9],edx ds:fffff8054b74d12d=f88b9000
Resetting default scope
Hi. After installing KB5003173 update for Windows 10, 21H1, 20H2 и 2004 when you launch efidsefix with -d flag (after successfull OS launch with efidse bootkit i get BSOD
BDOS caused by cng.sys
ATTEMPTED_WRITE_TO_READONLY_MEMORY (be) An attempt was made to write to readonly memory. The guilty driver is on the stack trace (and is typically the current instruction pointer). When possible, the guilty driver's name (Unicode string) is printed on the bugcheck screen and saved in KiBugCheckDriver. Arguments: Arg1: fffff8054b74d12d, Virtual address for the attempted write. Arg2: 090000000394d121, PTE contents. Arg3: ffffe085ef83e530, (reserved) Arg4: 000000000000000b, (reserved)
PROCESS_NAME: EfiDSEFix.exe
TRAP_FRAME: ffffe085ef83e530 -- (.trap 0xffffe085ef83e530) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000000 rbx=0000000000000000 rcx=00f88b9000000000 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff8054d23a83f rsp=ffffe085ef83e6c0 rbp=ffffe085ef83e7b0 r8=ff00000000ffffff r9=fffff8054b74d12d r10=ffffe280a91a2c60 r11=ffffe085ef83ea48 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr ac po nc fffff805
4d23a83f 418911 mov dword ptr [r9],edx ds:fffff805
4b74d12d=f88b9000 Resetting default scopeSTACK_TEXT:
ffffe085
ef83e288 fffff805
4848dfb3 : 00000000000000be fffff805
4b74d12d 090000000394d121 ffffe085
ef83e530 : nt!KeBugCheckEx ffffe085ef83e290 fffff805
48328210 : 00000000004e004c 00000000
00000003 ffffe085ef83e5b0 00000000
00000000 : nt!MiSystemFault+0x147ef3 ffffe085ef83e390 fffff805
48404e5e : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : nt!MmAccessFault+0x400 ffffe085ef83e530 fffff805
4d23a83f : 0000000000000000 00000000
00000008 ffffb20cba75e080 fffff805
4829240a : nt!KiPageFault+0x35e ffffe085ef83e6c0 00000000
00000000 : 0000000000000008 ffffb20c
ba75e080 fffff8054829240a fffff9fc
00000000 : 0xfffff805`4d23a83fSYMBOL_NAME: nt!MiSystemFault+147ef3
MODULE_NAME: nt
STACK_COMMAND: .thread ; .cxr ; kb
IMAGE_NAME: memory_corruption
BUCKET_ID_FUNC_OFFSET: 147ef3
FAILURE_BUCKET_ID: 0xBE_nt!MiSystemFault
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {f42e95f2-ac01-9f1a-bba7-f215636b6297}
Followup: MachineOwner