Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/can1357/byepg
Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.
https://github.com/can1357/byepg
exploit kernel patchguard windows
Last synced: 4 days ago
JSON representation
Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.
- Host: GitHub
- URL: https://github.com/can1357/byepg
- Owner: can1357
- Created: 2019-10-19T05:52:09.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2019-11-21T23:26:29.000Z (about 5 years ago)
- Last Synced: 2024-12-16T13:14:17.836Z (9 days ago)
- Topics: exploit, kernel, patchguard, windows
- Language: C++
- Homepage:
- Size: 206 KB
- Stars: 847
- Watchers: 25
- Forks: 178
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# ByePg: Defeating Patchguard using Exception-hooking
ByePg hijacks the HalPrivateDispatchTable table to create a early-bugcheck hook. Utilizing this early-bugcheck hook it collects information about the exception and basically provides a simple interface to register a high-level system-wide exception handler.
A variety of kernel hooks can be implemented using this method completely bypassing PatchGuard and HVCI as it creates an entirely new attack surface, exception-based hooking, which was previously not possible in Windows kernel.
## Writeup:
https://blog.can.ac/2019/10/19/byepg-defeating-patchguard-using-exception-hooking/## Project Structure:
- `\ByePgLib` contains the base library
- `\ExHook` contains a standalone SYSCALL hooking example using ByePg
- `\ExceptionHookingDemo` demonstrates the exception handler
- `\InfinityHookFix` contains a sample rendering the recent InfinityHook patch by Microsoft useless
- `\FreeSeh` contains a SEH-via-ByePg module letting you use SEH in manual mapped images bypassing PatchGuard's inverted function table checks## Result:
![ExHook](/Resources/ExHook.png)
## P.S.
There are many other things that can be done using the base library and many things can be improved, be SEH handling or BugCheck parsing, so I would **really** appreciate any form of contribution to this repo.