PatchGuard bypass at runtime
When you unlink a process from the PsActiveProcessList. It's a classic DKOM which is subject to a CRITICAL_STRUCTURE_CORRUPTION (109) Type 1 process list corruption BSDO.
Anyways you can test the bypass with it so you'll know for sure that it worked and bypass is as described in the first post. And there is a documented way in the source code to intentionally trigger a PG BSDO faster so you'll not have to necessarily wait hours for a bug check.
Post a comment