ByePg
Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.
Install / Use
/learn @can1357/ByePgREADME
ByePg: Defeating Patchguard using Exception-hooking
ByePg hijacks the HalPrivateDispatchTable table to create a early-bugcheck hook. Utilizing this early-bugcheck hook it collects information about the exception and basically provides a simple interface to register a high-level system-wide exception handler.
A variety of kernel hooks can be implemented using this method completely bypassing PatchGuard and HVCI as it creates an entirely new attack surface, exception-based hooking, which was previously not possible in Windows kernel.
Writeup:
https://blog.can.ac/2019/10/19/byepg-defeating-patchguard-using-exception-hooking/
Project Structure:
\ByePgLibcontains the base library\ExHookcontains a standalone SYSCALL hooking example using ByePg\ExceptionHookingDemodemonstrates the exception handler\InfinityHookFixcontains a sample rendering the recent InfinityHook patch by Microsoft useless\FreeSehcontains a SEH-via-ByePg module letting you use SEH in manual mapped images bypassing PatchGuard's inverted function table checks
Result:
P.S.
There are many other things that can be done using the base library and many things can be improved, be SEH handling or BugCheck parsing, so I would really appreciate any form of contribution to this repo.
Related Skills
node-connect
342.0kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
84.7kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
342.0kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
commit-push-pr
84.7kCommit, push, and open a PR
