I was reading this article : http://uninformed.org/index.cgi?v=6&a=1&p=25
and it got me wondering, why isn’t patchguard protecting critical drivers such as disk miniport drivers from modification? is there any technical reason for this? for example what would happen if patchguard suddenly decided after loading the driver and initialization of it, no other driver should modify it, will something bad happen?
because if patchguard doesn’t protect them, then rootkits can easily hook them and write to disk directly and bypass security solutions