Skip to content
/ dse_hook Public

load unsigned kernel-driver by patching dse in 248 lines

80 stars 18 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

emlinhax/dse_hook

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
.gitignore
.gitignore
 
 
dse_hook.cpp
dse_hook.cpp
 
 
dse_hook.vcxproj
dse_hook.vcxproj
 
 
dse_hook.vcxproj.filters
dse_hook.vcxproj.filters
 
 
readme.md
readme.md
 
 

Repository files navigation

dse_hook

this project abuses a vulnerable driver called "winio64.sys"

we patch SeValidateImageData & SeValidateImageHeader to return zero.
those functions are being used by ntoskrnl.exe when NtLoadDriver is called.
by patching those functions we bypass the signature enforcement.

but what about patchguard?

since patchguard only scans the system in random intervals,
we have a small time-window to place a patch and remove it again.
in that time we load our driver.

perks

  • bypasses KDP and PG(kinda).
  • supports normal drivers (with driverobject).

tested on

  • Windows 10 22H2
  • Windows 11 23H2

About

load unsigned kernel-driver by patching dse in 248 lines

Resources

Readme
Activity

Stars

80 stars

Watchers

3 watching

Forks

18 forks
Report repository

Releases 1

Windows 11 Support Latest
Jan 20, 2024

Packages

 
 
 

Languages