emendelson
commented
3 years ago It's very possible that you'll need Secure Boot to install Windows 11 but that you'll be able to turn it off after it's installed.
Closed kristibektashi closed 2 years ago
emendelson
commented
3 years ago It's very possible that you'll need Secure Boot to install Windows 11 but that you'll be able to turn it off after it's installed.
G-Rumpel
commented
3 years ago Actually this isn't an issue yet :o) Through all these years Microsoft insist on "We know you best" and that is where a lot of misunderstandings stem from. That's why projects like NTVDMx64 exist. Nowadays they are more open and who knows, one day MS could reintroduce NTVDMx64 support as the author hopes for.
CAHbKA-IV
commented
3 years ago What about importing custom secure boot keys? Most BIOSes allow user to do it and system can boot files signed that keys without necessary to turn secure boot off. So NTVDMx64 can be signed and that may be solution of this problem.
leecher1337
commented
3 years ago Actually, secure boot itself wouldn't be an issue. The problem is that AppInit_DLLs only work with secure boot turned off and if there is no possibility to turn secure boot off, there is no possibility to turn AppInit_DLLs on.
One idea to overcome this problem is to write a kernel mode driver which does the process injection and patching (i.e. https://github.com/wbenny/injdrv), but to use it without turning on testing mode, someone would need to buy a driver signing certificate (afaik it is only issued to companies, private persons cannot purchase one and it isn't cheap) so that I can sign the driver that does the process injection. Such a certificate would also be very helpful for the HAXM build, as it greatly facilitates installation of the VT-x driver. Not sure if someone wants to donate such a certificate, I certainly won't spend any of my personal money on it.
There are other possibilities of process propagation of DLLs to be loaded (as I do with console mode applications), but none of these methods are really reliable, monstly because of timing issues. i.e. CreateProcess hooking introduces some stability and compatibility issues on some configurations, that's why it isn't done in ldntvdm loader anymore.
kristibektashi
commented
3 years ago Actually, secure boot itself wouldn't be an issue. The problem is that AppInit_DLLs only work with secure boot turned off and if there is no possibility to turn secure boot off, there is no possibility to turn AppInit_DLLs on.
One idea to overcome this problem is to write a kernel mode driver which does the process injection and patching (i.e. https://github.com/wbenny/injdrv), but to use it without turning on testing mode, someone would need to buy a driver signing certificate (afaik it is only issued to companies, private persons cannot purchase one and it isn't cheap) so that I can sign the driver that does the process injection. Such a certificate would also be very helpful for the HAXM build, as it greatly facilitates installation of the VT-x driver. Not sure if someone wants to donate such a certificate, I certainly won't spend any of my personal money on it.
There are other possibilities of process propagation of DLLs to be loaded (as I do with console mode applications), but none of these methods are really reliable, monstly because of timing issues. i.e. CreateProcess hooking introduces some stability and compatibility issues on some configurations, that's why it isn't done in ldntvdm loader anymore.
Or you could do the same thing Sandboxie-Plus did before it got an officially signed driver
leecher1337
commented
3 years ago What do you mean?
kristibektashi
commented
3 years ago What do you mean?
Before the person that maintains Sandboxie-Plus bought a signing certificate, they used a leaked code signing certificate they found on the internet, as they explain in https://github.com/sandboxie-plus/Sandboxie/releases/tag/v0.4.5. One downside of that it will be detectable by antivirus software, but I'm pretty sure that is already the case
leecher1337
commented
3 years ago They used https://github.com/hackedteam/GeoTrust Hacking Team certificate, which has been revoked, expired and is detected by Antivirus signatures (including Windows' own Antimalware). Doesn't sound like a to good option, do drivers with revoked certificates even load?
rari-teh
commented
2 years ago Apparently, Windows 11 doesn’t actually require Secure Boot to work—it just checks if you have it on on the installation process and does not proceed if it determines you’re on legacy mode. There seem to be multiple ways to bypass this check.
leecher1337
commented
2 years ago Btw.: One way to bypass AppInit-DLL deprecation is enabling Test Signing mode like it is also recommended to try the NTVDM HAXM-Build.
Currently working on a loader that does classic CreateProcess Hooking to propagate to not depend on AppInitDLLs, it basically works, but I'm still having issues with elevated processes (Run as Administrator... doesn't inject it yet). Quite a lot of code enhancements in the loader.
I can upload it for those who are interested.
leecher1337
commented
2 years ago Closing ticket as Windows 11 support is implemented and there are no futher action on this ticket, so assuming it works for everyone.
Windows 11 requires Secure Boot and ntvdmx64 requires Secure Boot to be disabled. So no Windows 11 support