Skip to content

EvMac0/TestSigning_driver

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
dummy
dummy
 
 
.gitignore
.gitignore
 
 
Driver_TestSignerPatcher.sln
Driver_TestSignerPatcher.sln
 
 
README.md
README.md
 
 

Repository files navigation

How to load your unsigned driver and hide all traces after that

About TESTSIGNING mode: https://docs.microsoft.com/en-us/windows-hardware/drivers/install/the-testsigning-boot-configuration-option

  1. Run cmd.exe with administrator rights and enter: bcdedit.exe /set TESTSIGNING ON
  2. Reboot your PC
  3. In user-mode app load CI.dll with LoadLibraryEx and get kernel address of g_CiOptions flag
  4. Create shared memory buffer with information for kernel driver
  5. Load the driver to kernel with service or ZwLoadDriver
  6. Driver patch g_CiOptions to off TESTSIGNING mode
  7. In your user-mode app, run bcdedit.exe /set TESTSIGNING OFF
  8. Clear traces in registry

Warning: Windows implemented Kernel Patch Protection(KPP) aka PatchGuard after Windows 7

Patching kernel flags may crash your system(BSOD)!

About

Driver loading with TEST SIGNING mode in Windows and patch g_CiOptions flag

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages