Try UPGDSED

[gailium119]

The is a project on Github called UPGDSED that can crack the digital signature module in ntoskrnl.exe to disable driver signing(And maybe other system files).Unfortunately the owner abandoned the project and it cannot support any version higer than 17134.0. Maybe you can develop it and by doing so the system dlls can be changed freely

[valinet]

Please send a mail when communicating general ideas. This is a forum for issues regarding ExplorerPatcher if that wasn't obvious. I don't want to be rude, but is it that hard to follow some basic rules? I receive notifications for both mail and Github, but sending everything where it belongs helps keep everything organized...

Regarding the project, it looks interesting, I may look on it, seems interesting from an academic perspective, although I don't think you should put the whole system in a highly vulnerable state just to load your own driver, for example. Otherwise, there are already ways to patch system files and have them run even with a broken digital signature, depends on what you are trying to achieve.

If you want to run your own drivers, that you self sign for example with your own key, without putting the system in test mode, I recommend this approach: ssde.

[gailium119]

I’m Very sorry.i didn’t realize I can contact with mail since I rarely use it. And signing drivers require a valid signature that costs thousands, which I can’t afford.

从 Windows 版邮件https://go.microsoft.com/fwlink/?LinkId=550986发送

发件人: Valentin-Gabriel @.> 发送时间: 2021年10月4日 21:26 收件人: @.> 抄送: @.>; @.> 主题: Re: [valinet/ExplorerPatcher] Try UPGDSED (#35)

Please send a mail when communicating general ideas. This is a forum for issues regarding ExplorerPatcher if that wasn't obvious. I don't want to be rude, but is it that hard to follow some basic rules? I receive notifications for both mail and Github, but sending everything where it belongs helps keep everything organized...

Regarding the project, it looks interesting, I may look on it, seems interesting from an academic perspective, although I don't think you should put the whole system in a highly vulnerable state just to load your own driver, for example. Otherwise, there are already ways to patch system files and have them run even with a broken digital signature, depends on what you are trying to achieve.

If you want to run your own drivers, that you self sign for example with your own key, without putting the system in test mode, I recommend this approach: ssdehttps://github.com/valinet/ssde.

― You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/valinet/ExplorerPatcher/issues/35#issuecomment-933484959, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ASPQLONXSFVTRIPNGLTPL4LUFGTP3ANCNFSM5FJLE5PQ. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

[valinet]

Self signing drivers does not cost anything, you generate a certificate that you add in the trusted certification authorities on the PC and also set it as you platform key (PK) in UEFI SecureBoot, and then you just need to enable this feature in Windows where it loads self signed drivers signed with a key descendant of PK or PK when SecureBoot is enabled. Read at the link I referenced, I haven't included it there just in case. It shows a method of running self signed drivers that you trust with SecureBoot on, not in test mode, and as I said, self signing doesn't cost any money.