Windows 10 RS4+ usage and PatchGuard update notice

[hfiref0x]

Since this is popular question here is a summary.

We do not updated this since RS3 as we see no point in it. For a more than two years - almost no one contributed and we are not going to feed the leachers who use this free project for own monetization profit.

Microsoft made several improvements to the PatchGuard - and they doing this on a regular basis with each Windows 10 "whatever update". PatchGuard is double edged sword - from one side it is sort of security feature and barrier that effectively stops most of script-kiddies with their "hooking, dkom, dkoh whatever" trash from making yet another WindowsXP hell everywhere. From the other side it is guardian for DRM related trash and complicated some other things. Unfortunately it is here and won't be likely removed anytime soon.

For the current state of PatchGuard you can read from this wonderful paper
https://blog.tetrane.com/downloads/Tetrane_PatchGuard_Analysis_RS4_v1.00.pdf

From it you can learn PatchGuard now implemented not only as a rootkit component but also as independent integrity checks smashed within multiple various kernel routines, reference to page 28. So in general this mean full PatchGuard disable need more work and more investigations to find all of the hidden checks.

So far consider this repository as for historical purposes only if it comes to Windows 10 PatchGuard.

You are still welcome to contribute, fork and do whatever you want. We are leaving this for you 😃