无法进入内核模式的非官方暂时解决办法 Unofficial temporary workaround to enter "kernel mode" #58
Comments
|
question: logs: [ArkDrvApi::Process::OpenProcess] [ERR] OpenProcess by Kernel pid:4 err:2 |
You may see the new path in the log. However I haven't been using this tool for quite some time. I don't know what was going on then. |
|
Oh I see. Tried 1.3.0. It automatically deletes the driver after operation even if it failed to load. You have to make use of NTFS ACL to deny deletion, so that the file would be kept. |
|
With EfiGuard having DSE disabled, you have to deny deletion and data write/modify/append with NTFS ACL. |
signtool.exe remove /s OpenArkDrv64.syssigntool.exe可以从Windows SDK中获取。signtool.exe can be obtained from Windows SDK.
OpenArkDrv64.sys在%temp%下可以找到。OpenArkDrv64.sys can be found at %temp%.
有多种方法。There're multiple ways to achieve this.
方法之一是使用EfiGuard,需要禁用SecureBoot。One of the methods is using EfiGuard, with SecureBoot disabled.
https://github.com/Mattiwatti/EfiGuard
大致步骤: Brief instructions:
(1) 挂载ESP(EFI系统分区)到S盘 Mount the ESP (EFI System Partition) to driveletter S
mountvol S: /s(2) 把EfiGuardDxe.efi、Loader.config.efi、Loader.efi三个文件复制到S:\EFI\Boot\
copy EfiGuard-v1.2.1\EFI\Boot\*.efi S:\EFI\Boot\(3) 用BOOTICE给Loader.config.efi添加UEFI启动项 Add Loader.config.efi to the UEFI boot sequence list using BOOTICE
可以勾选下次启动时使用该项,也可以在BIOS设置(也就是所谓的“UEFI固件设置”)的(硬盘)启动顺序里选择新加入的UEFI启动项。You can either check the "Boot this entry next time" checkbox in BOOTICE or adjust UEFI (harddrive) boot sequence in the BIOS settings (so-called "UEFI firmware settings") .
(4) 别忘了禁用安全启动。Don't forget to disable SecureBoot.
在F8启动菜单里选择禁用驱动强制签名应该也可以,但我没试过。而且桌面版Windows的F8从Win8开始就被微软干掉了,想重新开启F8菜单需要
bcdedit /set {default} bootmenupolicy legacy(bootmenupolicy默认是standard)Choosing "Disable driver signature enforcement" in the F8 boot menu should work as well, but I haven't tested this method. Also, F8 boot menu of desktop versions of Windows has been crippled by Microsoft since Win8, you can re-enable it bybcdedit /set {default} bootmenupolicy legacy(if you want to revert to the default, change bootmenupolicy value from "legacy" to "standard")先把已被去除数字签名的OpenArkDrv64.sys复制到
%windir%\system32\drivers\First, copy OpenArkDrv64.sys (which already has its signature removed) to%windir%\system32\drivers\然后删除服务(如果存在) Then delete the service (if exists)
sc delete OpenArkDrv64然后创建服务 Then create the service
sc create OpenArkDrv64 binpath= \Windows\system32\drivers\OpenArkDrv64.sys type= kernel start= demand最后启动服务 Then start the service
sc start OpenArkDrv64The text was updated successfully, but these errors were encountered: