The win32k.sys is not listed in Windows Internals as driver protected by PG. I hooked it several times and never encountered any problems with PG, so it seems that the driver is currently not protected.
A forum for reverse engineering, OS internals and malware analysis
I am trying to modify the black background boot background. I notice that MS has used patchguard on that file. Is there a way to shutdown pg do my edits then start pg again? I really don't want to bypass it, just shut it down. Thank you, John :D :geek: :arrow:
as EP said, you can kill PG with Fyyre's code: http://fyyre.ivory-tower.de
you could also boot in debug mode (with bcedit). I think that runs without PG.
you could also boot in debug mode (with bcedit). I think that runs without PG.
RBCC wrote:I am trying to modify the black background boot background. I notice that MS has used patchguard on that file. Is there a way to shutdown pg do my edits then start pg again? I really don't want to bypass it, just shut it down. Thank you, John :D :geek: :arrow:If error occur right after BCD screen (boot selection), resulting black screen w/ error message... problem is --> winload.exe If problem occur ~3s (-/+ 1.5s, machine depending...) after display of Windows 'loading screen' resulting in BSOD --> problem is PatchGuard (ntoskrnl.exe).
-Fyyre
