kernel mode

Hello! This is my first post, and first tutorial. This write-up will explain how to develop, compile and load your first Linux kernel module. Step 0: Prerequisites This tutorial assumes you are running Linux (duh.), and you have the Linux headers installed. (linux-headers for Arch) You should...

I've been developing a kernel mode driver that would allow me to copy arbitrary sections of memory between processes using the MmCopyVirtualMemory function. The user-mode program would call the driver passing source and target PIDs as well as memory addresses and number of bytes to be copied...

Hi, I'm trying to use the kernel mode debugger but I got an error loading the driver with your version of CE (works fine with basic CE). I downloaded the source and I think the reason can be that replacing every "Cheat Engine" in a Hex Editor change also the "Cheat Engine" string in a Reg path...

While learning to manual map a driver, i came to the part where i have to fix the IAT. While in user land we would use LoadLibrary + GetProcAddress functions to get the addresses, in kernel we have to use other methods that do the same thing. I found two methods, both first relay on getting...

can you imagine, you write code, and you have checked that the code you wrote is correct, but in the manual map from x64 drive to x32 it doesn't work on 32 bit Windows, the code I made works well, so does Windows 64, but when injecting from a 64 bit driver to a 32 bit process there is an...

push ebx mov ebx, esp and esp, 0xfffffff0 ; Call DllMain mov ecx, 0x41414141 ; DLLHandle, set by PowerShell mov edx, 0x1 ; PROCESS_ATTACH mov eax, 0x0 ; NULL push eax push edx push ecx mov eax, 0x41414141 ; Address...

Hey, I tried to read a text file with my kernel driver. But it´s not working. Does someone know how to read a simple .txt file with a kernel driver? Thank you for your help :)

I'm not sure if anyone has experience with drivers and reading memory but, my situation is that MmCopyVirtualMemory almost always (%99 of the time) returns STATUS_PARTIAL_COPY. Every single time it fails. Unless I’ve disabled battle eye then it’ll work. I've tried so many different things...