Skip to content

Kernel mode driver for reading/writing process memory. C/Win32.

License

Notifications You must be signed in to change notification settings

nkga/cheat-driver

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

cheat-driver

Simple WDM kernel mode driver for handling read/write memory requests into arbitrary processes.

Background

Kernel based anti-cheat drivers (EAC, BattleEye) block or monitor requests for interfacing with the memory from the game process. The simplest way to bypass anti-cheat protections from the kernel is to use your own kernel mode driver.

Building

  1. Install Visual Studio.
  2. Install the Windows Driver Kit.
  3. Set the solution configuration to x64 and Release and build the solution.

Usage

For practical use you will need a driver signing certificate. For development purposes you can enable test-signing mode.

You will need to either install and run the driver as a service with CreateService or use a function like NtLoadDriver. Once the driver is loaded, you can open a handle to the driver:

#include "driver_config.h"
#include "driver_codes.h"

HANDLE driver = CreateFileW(
    DRIVER_DEVICE_PATH, 
    GENERIC_READ | GENERIC_WRITE, 
    FILE_SHARE_READ | FILE_SHARE_WRITE, 
    0, 
    OPEN_EXISTING, 
    0, 0);

To issue read or write requests, you send the driver a control code:

DRIVER_COPY_MEMORY copy = {};
copy.ProcessId = processId;
copy.Source = sourceBufferPtr;
copy.Target = targetAddressPtr;
copy.Size = bytesToRead;
copy.Write = FALSE;

DeviceIoControl(
    driver, 
    IOCTL_DRIVER_COPY_MEMORY,
     &copy, 
     sizeof(copy), 
     &copy, 
     sizeof(copy),
     0, 0)

The target and source parameters should be reversed if issuing a write request.

About

Kernel mode driver for reading/writing process memory. C/Win32.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages