GithubHelp home page GithubHelp logo

anthrax3 / dsefix Goto Github PK

View Code? Open in Web Editor NEW

This project forked from hfiref0x/dsefix

0.0 1.0 0.0 260 KB

Windows x64 Driver Signature Enforcement Overrider

License: BSD 2-Clause "Simplified" License

C 99.58% Objective-C 0.18% C++ 0.24%

dsefix's Introduction

DSEFix

Windows x64 Driver Signature Enforcement Overrider

For more info see Defeating x64 Driver Signature Enforcement http://www.kernelmode.info/forum/viewtopic.php?f=11&t=3322.

System Requirements

x64 Windows Vista/7/8/8.1/10.

Windows 8.1/10: warning, see PatchGuard note below.

DSEFix designed only for x64 Windows.

Administrative privilege is required.

Build

DSEFix comes with full source code. In order to build from source you need Microsoft Visual Studio 2013 U4 and later versions.

How it work

It uses WinNT/Turla VirtualBox kernel mode exploit technique to overwrite global system variable controlling DSE behavior, which itself located in kernel memory space. Prior to Windows 8 it is ntoskrnl!g_CiEnabled - a boolean variable (0 disabled, 1 enabled) and starting from Windows 8 it is CI.DLL!g_CiOptions - combination of flags, where value of 6 is default options and value of 0 is equal to "no integrity checks". If you run DSEFix without parameters it will attempt to disable DSE in a way depending on the system version. If you run DSEFix with "-e" parameter (without quotes) it will attempt to restore DSE controlling variable to default state.

PatchGuard incompatibility

Warning, starting from Windows 8.1 CI.DLL variables protected by Kernel Patch Protection (PatchGuard) as a generic data region. This doesn't mean instant PatchGuard response (BSOD) but will eventually lead to it when PatchGuard will be able to detect modification fact (doesn't really matter if you restore original state). Time of reaction is almost random. It can be almost instanst, or take a hour, two or four etc.

Deprecation

DSEFix based on old Oracle VirtualBox driver which was created in 2008. This driver wasn't designed to be compatible with newest Windows operation system versions and may work incorrectly. Because DSEFix entirely based on this exact VirtualBox driver version LPE it is not wise to use it on newest version of Windows. Consider this repository as depricated/abandonware. The only possible updates can be related only to DSEFix software itself.

Authors

(c) 2014 - 2018 DSEFix Project

dsefix's People

Contributors

bryant1410 avatar hfiref0x avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.