dsefix

Windows x64 Driver Signature Enforcement Overrider

CPU-Z driver does not work from windows 10 1803. Since MmMapIoSpace does not allow to map page table, Application with CPU-Z driver can not translate virtual address to physical address anymore.

In my windows 10 1903, g_CiOptions value is not 0x6 but 0x2006.
I changed shellcode using bit operation so no more bsod when DSE re-enabled.

before

/*
**  Disable DSE (Vista and above)
**  xor rax, rax
**  ret
*/
const unsigned char scDisable[] = {
    0x48, 0x31, 0xc0, 0xc3
};

/*
**  Enable DSE (W8 and above)
**  xor rax, rax
**  mov al, 6
**  ret
*/
const unsigned char scEnable8Plus[] = {
    0x48, 0x31, 0xc0, 0xb0, 0x06, 0xc3
};

after

/*
**  Disable DSE (W7 also has ci.dll)
**  mov eax,[g_CiAddress]
**  and al,~6
**  ret
*/
unsigned char scDisable[] = {
	0xA1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0xF9, 0xC3
};

/*
**  Enable DSE
**  mov eax,[g_CiAddress]
**  or al,6
**  ret
*/
unsigned char scEnable[] = {
	0xA1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C, 0x06, 0xC3
};

Name		Name	Last commit message	Last commit date
Latest commit History 15 Commits
dsefix_console		dsefix_console
.gitignore		.gitignore
README.md		README.md
dsefix_console.sln		dsefix_console.sln

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

dsefix

About

Releases

Packages

Languages

kuangke9527/dsefix

Folders and files

Latest commit

History

Repository files navigation

dsefix

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages