tandasat/meow

语言: C++

git: https://github.com/tandasat/meow

NYA
nyā
README.md (中文)

喵是Windows 8.1和RT的即时PatchGuard禁用程序 取决于特定于构建版本的魔术值。

可以在此处找到相关的博客条目:

http://standa-note.blogspot.ca/2015/10/some-tips-to-analyze-patchguard.html

如果您的目标是Windows 7或更早版本,则可以使用 而是DisPG。

重要

由于PatchGuard是一个,因此该程序不会像预期的那样永远有效 移动目标,即使现在也可能不完美。

安装和卸载

从此链接获取已编译文件的存档文件:

https://github.com/tandasat/meow/releases/latest

在x64平台上,您必须启用测试签名才能安装驱动程序。至 这样做,使用管理员权限打开命令提示符并键入 执行以下命令,然后重新启动系统以激活更改:

bcdedit /set {current} testsigning on

在ARM平台(ig,Windows RT)上,您可能必须利用CVE-2015-2552 (ms15-111)为了启用测试签名,因为上面的命令不是 允许。有关漏洞的更多详细信息,请参阅Bugtraq报告 Windows 8+ - 受信任的引导安全功能绕过漏洞

要安装驱动程序,请解压缩存档文件并确保该Internet 连接是可用的,因为该程序需要下载符号文件,除非 您的系统已经有正确的符号文件。

然后,使用管理员权限运行install.bat。它安装并启动 驱动程序,启动PowerShell以显示日志和支持程序 meow_client.exe安装挂钩并停用PatchGuard。

建议保持meow.sys运行以确保PatchGuard 完全禁用,否则PatchGuard可能会检测到您的修改 在检测到并删除所有PatchGuard上下文之前卸载喵喵。如果 你不打算安装自己的补丁,停止和卸载都没关系 喵喵,因为如果卸载,喵喵不会在内核中留下任何变化。

要停止和卸载驱动程序,请与管理员一起执行uninstall.bat 特权。

用法

启动并禁用PatchGuard后,您可以自由安装自己的工具 使用钩子。 RemoteWriteMonitor 是这种工具的一个例子。

建立

要下载完整的源代码,请使用--recursive克隆它:

git clone --recursive https://github.com/tandasat/meow.git

在使用Visual Studio进行构建时,系统将提示您输入 证书的密码。密码为“密码”(不带引号)。

支持的平台

  • Windows 8.1(x64 / ARM)

执照

该软件根据MIT许可证发布,请参阅LICENSE。

本文使用googletrans自动翻译,仅供参考, 原文来自github.com

en_README.md

meow

meow is an on-the-fly PatchGuard disabler for Windows 8.1 and RT which does not
depends on magic values specific to build versions.

A related blog entry can be found here:

http://standa-note.blogspot.ca/2015/10/some-tips-to-analyze-patchguard.html

If you are targeting Windows 7 or older, you can use
DisPG instead.

Important

This program will not going to work as expected forever since PatchGuard is a
moving target and may not be perfect even now.

Installation and Uninstallation

Get an archive file for compiled files form this link:

https://github.com/tandasat/meow/releases/latest

On the x64 platform, you have to enable test signing to install the driver. To
do that, open the command prompt with the administrator privilege and type the
following command, and then restart the system to activate the change:

bcdedit /set {current} testsigning on

On the ARM platform (ig, Windows RT), you may have to exploit CVE-2015-2552
(ms15-111) in order to enable test signing since the above command is not
allowed. For more details on the vulnerability, see the Bugtraq report
Windows 8+ - Trusted Boot Security Feature Bypass Vulnerability

To install the driver, extract the archive file and make sure that internet
connection is available since this program needs to download symbol files unless
your system already has right symbol files.

Then, run install.bat with the administrator privilege. It installs and starts
the driver, launches PowerShell for displaying log and a support program
meow_client.exe to install hooks and deactivate PatchGuard.
Typical output on RT

It is advised to keep meow.sys running to make sure that PatchGuard is
completely disabled otherwise PatchGuard may detect your modification if you
uninstall meow before all of PatchGuard contexts are detected and dropped. If
you are not going to install your own patches, it is fine to stop and uninstall
meow because meow does not leave any changes in the kernel if it is unloaded.

To stop and uninstall the driver, execute uninstall.bat with the administrator
privilege.

Usage

Once you started and disabled PatchGuard, you are free to install your own tools
using hooks. RemoteWriteMonitor
is an example of this type of tools.

Build

To download full source code, clone it with --recursive:

git clone --recursive https://github.com/tandasat/meow.git

At the first time of build with Visual Studio, you will be prompted for a
password of the certificate. The password is 'password' (without quotes).

Supported Platform(s)

  • Windows 8.1 (x64/ARM)

License

This software is released under the MIT License, see LICENSE.