Open Mecanik opened 6 years ago
@Mecanik, because this project doesn’t bypass PatchGuard the blue screen will occur on any x64 windows build newer than Windows XP SP1.
“In x64 editions of Windows, Microsoft began to enforce restrictions on what structures drivers can and cannot modify. Kernel Patch Protection is the technology that enforces these restrictions. It works by periodically checking to make sure that protected system structures in the kernel have not been modified. If a modification is detected, then Windows will initiate a bug check and shut down the system,[5][7] with a blue screen and/or reboot.”
You can read more about PatchGuard here: https://en.m.wikipedia.org/wiki/Kernel_Patch_Protection
There are some open source bypasses for PatchGuard here on Github, but they won’t work on all versions or all service packs. It’s basically a cat and mouse game between Reverse engineers and Microsoft.
@Mecanik Just noticed you said x32. My fault!
Let me see if I can find that build and spin up a VM over the weekend.
Do you have any other information on the box? Any 3rd party Anti Virus products?
@landhb Well I tried both scenario with antivirus and without because I really needed this. Does not matter what I tried, still BSOD.
I am running Hyper-V, if that make any difference ?
As the title says, I have been testing this and after 2 minutes of hiding your process the system just freezes.
Is it because of this windows build maybe ?
Compiling and running the driver was very easy, it worked like a charm.