Disabling PatchGuard-Driver Signing Bypass for X64 Windows 7

This is a simple method to successfully disable the driver signature enforcement and
kernel patch protection on X64 version of Windows 7

This instruction assumes you run Windows with administrator account, no UAC, etc...

How to use:
Download attached disable_pg_ds.rar
Place files to desktop, execute in order:

1. cmd
2. exe
3. cmd

after execute all three, is safe to delete the files and directory %userprofile%\desktop\patch_temp
upon reboot menu will present boot option "PatchGuard Disabled" ... which allows for loading
of unsigned X64 bit drivers, and hooking inside ntoskrnl.

newly created registry service key entries, delete REG_DWORD WOW64

How to uninstall:
open cmd.exe and input:
bcdedit /delete {46595952-454E-4F50-4747-554944FFFFFF}
now from \windows\system32 delete: ntkrnlmp.exe & osload.exe

After disabling PatchGuard and driver signature enforcement you can now also hide and unhide processes on X64 Windows 7 using ,for example, hidecon utility.

The utility has two parts: console program, and driver. The driver works by locating PsActiveProcessHead and use of some linked-list macros to hide/unhide processes.

Fyyre

:patching:
[Only registered and activated users can see links. Click Here To Register...] for hide.rar
[Only registered and activated users can see links. Click Here To Register...] for disable_pg_ds.rar
Such high results are obviously because of illegal nature what those patches are made to do to your system files :)

Is this method available/suitable for Vista x64 nor Win7 x64 (Service pack 1) ?

--edit-tested--

Nice work, but doesn't(can't) work for win7 x64 SP1.
After boot error: "osload.exe" checksum does not match with machine headers... Please insert to your win installation disc.

So microsoft getting smartier day by day bros. :D

[Only registered and activated users can see links. Click Here To Register...] :D

Use the updated version from my website, should work fine..

[Only registered and activated users can see links. Click Here To Register...]

Quote:

---

Originally Posted by schizoph7 [Only registered and activated users can see links. Click Here To Register...]

Is this method available/suitable for Vista x64 nor Win7 x64 (Service pack 1) ?

--edit-tested--

Nice work, but doesn't(can't) work for win7 x64 SP1.
After boot error: "osload.exe" checksum does not match with machine headers... Please insert to your win installation disc.

So microsoft getting smartier day by day bros. :D

[Only registered and activated users can see links. Click Here To Register...] :D

---

hi again fyyre, i tried the last version and windows loaded(no booting problem any more) successfully but, io driver cannot be loaded. because patchguard still running. After -ld command an information window from windows appears: This driver is unsigned etc.. etc...

In my opinion patching kernel files fixed in build 7601 nor SP 1

My protuct details:

BuildLab: 7601.win7sp1_gdr.120503-2030
BuildLabEx: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
CSDBuildNumber: 1130
CSDVersion: Service Pack 1
CurrentBuild: 7601

Now i am dowloading winXP to setup multi-boot for hiding processes... Thx for reply and patch.
I hope version details helps to other people :D

Hi Fayyre

I've been a user of your excellent patchguard disable tool for a number of years, but i'm running into a problem recently with the latest win7 SP1 build - 17944. Even though the tool seems to run through successfully, as soon as i try to install an unsigned dll, the Program compatibility assistant kicks in and won't let me load the driver! tried it a few times, but no success.

Can you help at all?