Bypass Patchguard to Load Driver on Windows 10
He’s right tho, half way anyway. If you do it fast enough and don’t use SC controller it won’t insta bsod, and there’s a “chance” it won’t bsod later on. (Tbh stupid to have any chance though.)
ex. snippets from my 2014 arma adventures, which used DriveCrypt to run the DSEFix shellcode. Not going to repeat it since everything has been said, but it’s certainly not old and I’m 100% certain people did it before I did..
My main thing is everyone said disabling signing didn’t work on win 8.1+ (causes BSOD), but I found out that it actually does (doesn’t cause BSOD). It might be because I use an official windows driver to do the writes, but I really doubt it. From my testing, you can avoid literally any type of PG detection by doing your work in <15ms. This applies to protected processes, registry locks, etc. So I spent weeks and weeks developing a win10 driver loading method and found out recently I could have just done this. BTW that research paper is really a good thing to save. You'll never get detected if you do DKOM/kernel modification with an official Microsoft WHQL signed driver.