Patchguard Disabler: A Tool to Modify the Windows Kernel without Blue Screen
for this, we use winbase.dll, since this is the library that provides a standard way to get the system base address, which is the base of the kernel address space. this way, we can access the entire kernel address space from a 64-bit process. we have to make sure that the base address is modified early in the windows boot process, and its value is masked out from the kernel address space (since we want to use the upper 32-bits of the base address, and we cannot load the other 32-bits into the kernel address space).
Disable Patchguard Windows 81
the best way to do this is to update the boot image of the boot loader, so that it loads winbase.dll at the beginning of the boot process, and sets the base address to the windows 10 system base address, then begins to load the other libraries. one of the libraries, ntdll.dll, already includes the boot loader code, so it is only necessary to update the boot image of the boot loader so that it does not load the ntdll.dll at the beginning of the boot process. this is done by modifying the boot loader code to load winbase.dll, and then patch up ntdll.dll and the boot loader code.
p.s. if you want to learn more, i highly recommend the inside windows 2000 course, which also included mark russinovich and david solomon, from which i learned a lot of the material i covered here, as well as how to present complex ideas in a clear and understandable manner.
as for how i do this research, i follow the same basic methodology to every project, and this is how i have always written my papers, as well as the manner in which i do research. and so the same methodology applies here as well, which is to: research each and every individual component. usually this means reading through the source code, by looking at the source code and writing down the new information i discovered. this is a process that takes a long time, as you have to try and understand the internal logic, while at the same time, trying to keep an open mind, and not paint with too broad of a brush, and not take things too literally.
once you have a rough idea of the functionality, write down the functionality as a description, and then start from there, taking it step by step, and adding more details until you have the full picture of the functionality.
then start writing code. i usually start this part of the process by using a debugger (often windbg), and start playing around with the interface or other functionality. this usually leads to finding the undocumented features, or just simply discovering new ways to interact with the system. i then write code that does what youd expect from a debugger, and then add it to the application. this usually reveals problems and bugs that a lot of code doesnt cover, and thus, arent expected or even intended. this is how i found the patchguard mechanism, since i was trying to figure out how to make the debugger complain, and noticed that the debugger wasnt showing its errors.
finally, with enough proof to convince myself and the project, i would write up a patch, and submit it for the open source project to see how they handle it, and if its acceptable to the project.