GrapheneOS will remain usable by anyone around the world without requiring personal information, identification or an account. GrapheneOS and our services will remain available internationally. If GrapheneOS devices can't be sold in a region due to their regulations, so be it.
It’s very funny that gaming community was turned into a mdern frontier of rootkit/bootkit development — the most interesting projects that I seen recently are related to either cheats or anti-cheats
Fortunately, it's quite trivial to bypass this "mitigation" by verifying sections list of the "fake" images against actual PE sections that normally presents in the kernel image. Keep this stuff in your mind while working on kernel exploits, DIFR tools, DMA attacks and other things where it may be relevant :)
The fake PE images shown above aren't "real" memory allocations, but rather dual mappings of already loaded legitimate images, and they seem to be randomized on every boot. I'm not sure why exactly it's done, but likely to screw up kernel exploit primitives like "using memory scanning to determine the kernel base address from a leaked pointer", since it's impossible to get the kernel base address from a low-privileged process on modern versions of Windows 2/2
While playing with my Hyper-V backdoor on Windows Server 10.0.20348 test machine I noticed some pretty unexpected memory content in the discardable sections of PE images belonging to the NT kernel. It turns out that on modern systems the kernel plants "fake" PE images into these sections, which normally shouldn't be mapped at all due to the IMAGE_SCN_MEM_DISCARDABLE attribute 1/2
@anparker It seems that it was font rendering issue in Qt: I fixed those lags by changing command window and hex view font to Consolas. For unknown reason, it picked up some terminus-alike raster font by default (which is weird because I don't even have it installed, it's a clean Windows box)
It seems that IDA Pro with version 9.3 finally reached maturity level of the Visual Studio -- you're using old version not because you like it more, but because it doesn't have UI lags 😬
@wdormann Is it virt-manager bug, libvirt or libvirtd bug?
@preinheimer Konosuke Matsushita
GrapheneOS
Tim Blazytko
