So I have created my driver, it works fine (I use kdmapper).
Right now it's not detected (yet), I can do some pointer read/write operations using MmCopyVirtualMemory.
But there is something I'm concern of.
1.Can EAC detect my driver if I use kdmappper?
2. Can EAC detect my...
I've been trying to read process memory with code below
PKERNEL_READ_REQUEST ReadInput = (PKERNEL_READ_REQUEST)Irp->AssociatedIrp.SystemBuffer;
if (NT_SUCCESS(PsLookupProcessByProcessId(ULongToHandle(0 /* <-- game pid*/), &Process)))...
Vanguard is blocking these drivers, I have never heard about them so I looked inside what can I find and to my big surprise I found nothing.
These drivers do not import anything suspicios (KeStackAttachProcess, ZwMapViewOfSection, MmMapIoSpace etc..), they even dont have ioctl dispatch routines...
This tutorial series will teach you everything you need to make a kernel driver on Windows.
This video gives you a basic insight on how kernel drivers work, how can you setup your Visual Studio to be able to make & compile one. It also shows you how to view debug output of your drivers.
So a couple of weeks ago I started learning my way of Kernel Drivers with the help of @Life_45, and @Daax 's articles also provided me valueable information with I was looking for.
There is still much to learn I'm 200% sure about that, but I feel like I'm on the right track, and I feel like...
for a while I have been reversing ioctl dispatch routines of some drivers and the most interesting stuff I found was only access to in & out instructions. I can read and write arbitrary byte at arbitrary port. I heard that it may have an impact on security... but my question is how can it...