HyperBone icon indicating copy to clipboard operation
HyperBone copied to clipboard

Published 20 hours ago verified publisher icon DarthTon

Kernel security check failure - on load

Open DebugBuggin opened this issue 6 years ago • 2 comments

trying to test in vmware 14 windows 10 1709 and I get "Kernel security check" failure which I believe maybe patchguard causing the crash?? rebooted and tried twice, happens every time

DebugBuggin avatar Nov 18 '18 08:11 DebugBuggin

Same issue, 1809.

coltonon avatar Dec 03 '18 09:12 coltonon

at least one of the problems that may cause this BSOD is RtlRestoreContext() function.

since Win10 build 15063 it calls KeCheckStackAndTargetAddress(), which checks both current rsp and context rsp to be in the range of PsGetCurrentThread's stack limits. and since DarthTon's exit handler uses it (while his handler works with custom allocated memory region for rsp), the check for current rsp fails and gives BSOD.

try to replace RtlRestoreContext() to something else, or write your own function just as SimpleVisor did.

w3lld0ne avatar Mar 13 '19 22:03 w3lld0ne