|
|
|
|
#1
08-25-2014, 19:13
|
|||
|
|||
|
@Fyyre:
If you found a bug like that, please keep it either to yourself or - even better - report it in private to Microsoft and the perpetrator, so they can fix it. Nobody wants "driver hell" coming back to production systems. I know PatchGuard and Driver Signing Enforcement made RCE work a bit harder, but they also made our systems much more stable. @Cyber_Coder: I don't think Fyyre needs to be reminded of documents he wrote by himself many years ago and which he is currently hosting on his own website. 
|
| The Following User Says Thank You to Kerlingen For This Useful Post: | ||
Indigo (07-19-2019) | ||
|
#2
08-26-2014, 01:27
|
|||
|
|||
|
There's no public way to bypass it, so I doubt anyone is going to just give it away.
http://vrt-blog.snort.org/2014/08/th...rotection.html - "Patchguard v8 - Internal architecture" is the most recent, but not very helpful. AFAIK it can be somewhat bypassed with virtualization by spoofing the LSTAR MSR(syscall) or intercepting IDT events. There's still the cost of performance.
|
| The Following User Gave Reputation+1 to Nukem For This Useful Post: | ||
bolzano_1989 (08-26-2014) | ||
| The Following User Says Thank You to Nukem For This Useful Post: | ||
Indigo (07-19-2019) | ||
 |
| Thread Tools | |
| Display Modes | |
|
|
Hybrid Mode
