Simple WDM kernel mode driver for handling read/write memory requests into arbitrary processes.
Kernel based anti-cheat drivers (EAC, BattleEye) block or monitor requests for interfacing with the memory from the game process. The simplest way to bypass anti-cheat protections from the kernel is to use your own kernel mode driver.
- Install Visual Studio.
- Install the Windows Driver Kit.
- Set the solution configuration to x64 and Release and build the solution.
For practical use you will need a driver signing certificate. For development purposes you can enable test-signing mode.
You will need to either install and run the driver as a service with CreateService or use a function like NtLoadDriver. Once the driver is loaded, you can open a handle to the driver:
#include "driver_config.h" #include "driver_codes.h"
HANDLE driver = CreateFileW( DRIVER_DEVICE_PATH, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0);
To issue read or write requests, you send the driver a control code:
DRIVER_COPY_MEMORY copy = {}; copy.ProcessId = processId; copy.Source = sourceBufferPtr; copy.Target = targetAddressPtr; copy.Size = bytesToRead; copy.Write = FALSE;
DeviceIoControl( driver, IOCTL_DRIVER_COPY_MEMORY, ©, sizeof(copy), ©, sizeof(copy), 0, 0)
The target and source parameters should be reversed if issuing a write request.