search

can1357 / ByePg

Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.
804 stars 182 forks source link

HalCallbacks::Register() Issue #14

Closed Shhoya closed 4 years ago

Shhoya commented 4 years ago

Hi, i'm newbie.... The "ExHook" test was run on a virtual machine. (Win10 (1809)) The build went well and I loaded the driver via "OSR Loader" but freezing occurred. I checked that HalCallbacks :: Register () freezes while hooking "HalNotifyProcessorFreeze"... The issue is that freezing takes place as soon as you replace "HalPrivateDispatchTable" + 0x1A8 ("HalpTimerNotifyProcessorFreeze") with a hooking function ("HkHalTimerNotifyProcessorFreeze"). Do you know how to solve the problem?

Freeze point: 이미지 1

can1357 commented 4 years ago

Are you using Windows kernel debugger?

Shhoya commented 4 years ago

Are you using Windows kernel debugger?

Yes, To study, I loaded and debug the driver using VirtualKD. Is this a problem?

can1357 commented 4 years ago

Yes, KD uses the same freezing mechanism so it will not work. Switch to a hypervisor based debugger like VMWare's GDB stub.