is it right to bypass mem corrupt ?

can1357 / ByePg

Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.

804 stars 182 forks source link

is it right to bypass mem corrupt ? #8

Closed YangKi1902 closed 4 years ago

YangKi1902 commented 4 years ago

hello, i want to hook something but i got auto restart, is this snippet good to bypass mem corrupt guard ? thanks

ByePgInitialize( [ ] ( CONTEXT* ContextRecord, EXCEPTION_RECORD* ExceptionRecord ) -> LONG
    {
        if ( ExceptionRecord->ExceptionCode == ( CRITICAL_STRUCTURE_CORRUPTION << 32 | KERNEL_SECURITY_CHECK_FAILURE ) )
        {
            ContextRecord->Rip++;
            return EXCEPTION_CONTINUE_EXECUTION;
        }
        return EXCEPTION_EXECUTE_HANDLER;
    }, Verbose );

can1357 commented 4 years ago

That won't work. Putting away the fact that your code is wrong, this project is not disarming patchguard. It simply avoids it. You need to think of a way to hook whatever it is that you want using exceptions.

YangKi1902 commented 4 years ago

That won't work. Putting away the fact that your code is wrong, this project is not disarming patchguard. It simply avoids it. You need to think of a way to hook whatever it is that you want using exceptions.

oh thank you for the answer, do you know any Exception can cause when patchguard being fire ? i dont want to disarming patchguard, i just want to catch before it being fire