Kernel patch protection, also known by Microsoft's marketing name "PatchGuard," is a Windows feature that prevents unauthorized modification of the system kernel and other associated binaries. Unfortunately, it is often necessary to modify the system kernel, and so we must defeat PatchGuard to do so.
Microsoft provides no official mechanism to disable PatchGuard, so instead I have devised my own modification to do it by hand. The modification is very simple, you just need to change all MOV instructions containing 0xC0000428 as the second operand to use 0x0 as the second operand instead. For example:
You must also make the following changes to the BCD settings:
bcdedit /set nointegritychecks on bcdedit /set recoveryenabled off
Otherwise, Windows will detect that something is amiss, and end up kicking itself into recovery to restore the original, unmodified binaries.