Can I use ByePG in this case?

can1357 / ByePg

Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.

804 stars 182 forks source link

Can I use ByePG in this case? #17

Closed ReverseKR closed 4 years ago

ReverseKR commented 4 years ago

I want to hide process by modyifying ActiveProcessLinks, but it causes bsod by PatchGuard. Even I use ByePG, result is same. Can I use ByePG in this case?

Bsod code is CRITICAL_STRUCTURE_CORRUPTION

This bsod doesn't contain context in bugcheck args.

hzqst commented 4 years ago

no you can not.

zer0call commented 4 years ago

no you can not.

Why not?

hzqst commented 4 years ago

no you can not.

Why not?

PatchGuard clears stack memory before calling KeBugCheck so you won't be able to unwind the stack.