Git Product home page Git Product logo

kernel-rpm-wpm-with-driver-destroyer's Introduction

Kernel RPM/WPM with Driver Destroyer

There is a sample of a Kernel Driver used for Reading and Writing to user-space memory from Kernel Mode. It uses MmCopyVirtualMemory to transfer the data UM<->KM. The driver allows remove himself from a PC while stays loaded (that's bypassing Win10 func to block deleting loaded drivers - PatchGuard safe!) For now this should be UD on almost every non-bootloaded ACs (that's for sure detected on FaceIT/ESEA - you have to use another method to transfer data and bootload your driver and probably not using any UM apps at all (do everything from Kernel instead))

For UserMode AC's (VAC etc...)

  1. Just load your Windows in Test-Mode and normally load this driver

For Kernel AC's (EAC/BattlEye/ESPORTAL/ESL Wire)

  1. Find any public blacklisted certs and sign this driver.
  2. Upload this driver to a host/server.
  3. From your UM app: download this driver from server, load it using SCManager/NtLoadDriver and delete driver file after that (using DeleteFileA or it's Kernel equivalent ZwDeleteFile).

TODO:

Code a UM app which will do the following things:

  1. Send a pID of target process using following IOCTL: IO_GET_ID_REQUEST
  2. Receive a BaseAddress of target process using following IOCTL: IO_GET_MODULE_REQUEST
  3. After that, you're able to read/write memory.

kernel-rpm-wpm-with-driver-destroyer's People

Contributors

wolfyz99 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.