Skip to content

NeoMaster831/kurasagi

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
VerifyPg
VerifyPg
 
 
assets
assets
 
 
kurasagi
kurasagi
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
kurasagi.sln
kurasagi.sln
 
 

Repository files navigation

kurasagi

kurasagi is full POC of PatchGuard bypass for Windows 24H2 - 25H2. Tested on 24H2 26100.4351 - Up to 25H2 26200.6899.

For more information, please refer to the product branch, which contains the PDF paper detailing the bypass.

If any BSOD which is related to CRITICAL_STRUCTURE_CORRUPTION (PatchGuard) appears, please create issue with it!

Disclaimers

  1. PLEASE USE IT FOR ONLY EDUCATIONAL PURPOSES!
  2. Do not turn on hypervisor-based security factors when running! (It will BSOD!)
  3. Use kdmapper for driver loading.
  4. After kurasagi has been loaded, we just found there's some weird issue when you allocate pool with NonPagedPoolExecute (or NonPagedPool, it is same), it is not executable. I'll fix as soon as possible.

Images

proof

Credit

Here are the helpful resources I referred to in completing this project. I appreciate these works, ideas, and source codes. Thanks

About

Windows 11 24H2-25H2 Runtime PatchGuard Bypass

Topics

windows pg bypass patchguard kpp windows-11 24h2 kernel-patch-protection

Resources

Readme

License

Apache-2.0 license
Activity

Stars

200 stars

Watchers

4 watching

Forks

19 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages