Mattiwatti
commented
3 years ago Thanks for the swift report. I've identified and fixed the issue in EfiDSEFix that this update caused.
I've released v1.2 with the updated EfiDSEFix binary.
Closed iOutSide closed 3 years ago
Mattiwatti
commented
3 years ago Thanks for the swift report. I've identified and fixed the issue in EfiDSEFix that this update caused.
I've released v1.2 with the updated EfiDSEFix binary.
Hi. After installing KB5003173 update for Windows 10, 21H1, 20H2 и 2004 when you launch efidsefix with -d flag (after successfull OS launch with efidse bootkit i get BSOD
BDOS caused by cng.sys
ATTEMPTED_WRITE_TO_READONLY_MEMORY (be) An attempt was made to write to readonly memory. The guilty driver is on the stack trace (and is typically the current instruction pointer). When possible, the guilty driver's name (Unicode string) is printed on the bugcheck screen and saved in KiBugCheckDriver. Arguments: Arg1: fffff8054b74d12d, Virtual address for the attempted write. Arg2: 090000000394d121, PTE contents. Arg3: ffffe085ef83e530, (reserved) Arg4: 000000000000000b, (reserved)
PROCESS_NAME: EfiDSEFix.exe
TRAP_FRAME: ffffe085ef83e530 -- (.trap 0xffffe085ef83e530) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000000 rbx=0000000000000000 rcx=00f88b9000000000 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff8054d23a83f rsp=ffffe085ef83e6c0 rbp=ffffe085ef83e7b0 r8=ff00000000ffffff r9=fffff8054b74d12d r10=ffffe280a91a2c60 r11=ffffe085ef83ea48 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr ac po nc fffff805
4d23a83f 418911 mov dword ptr [r9],edx ds:fffff8054b74d12d=f88b9000 Resetting default scopeSTACK_TEXT:
ffffe085
ef83e288 fffff8054848dfb3 : 00000000000000be fffff8054b74d12d 090000000394d121 ffffe085ef83e530 : nt!KeBugCheckEx ffffe085ef83e290 fffff80548328210 : 00000000004e004c 0000000000000003 ffffe085ef83e5b0 0000000000000000 : nt!MiSystemFault+0x147ef3 ffffe085ef83e390 fffff80548404e5e : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!MmAccessFault+0x400 ffffe085ef83e530 fffff8054d23a83f : 0000000000000000 0000000000000008 ffffb20cba75e080 fffff8054829240a : nt!KiPageFault+0x35e ffffe085ef83e6c0 0000000000000000 : 0000000000000008 ffffb20cba75e080 fffff8054829240a fffff9fc00000000 : 0xfffff805`4d23a83fSYMBOL_NAME: nt!MiSystemFault+147ef3
MODULE_NAME: nt
STACK_COMMAND: .thread ; .cxr ; kb
IMAGE_NAME: memory_corruption
BUCKET_ID_FUNC_OFFSET: 147ef3
FAILURE_BUCKET_ID: 0xBE_nt!MiSystemFault
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {f42e95f2-ac01-9f1a-bba7-f215636b6297}
Followup: MachineOwner