BadlionLogger is a rudimentary PoC of a kernel driver used to monitor the activity of BadlionClient's kernelmode anti-cheat (BadlionAnticheat.sys) by applying IAT hooks on the image during the image load callback.
BadlionAnticheat is virtualized with VMProtect, a popular VM packer used in many products.
This project employs a blackbox approach to monitoring driver activity without devirtualization due to no integrity checking.
- BadlionLogger is a proof-of-concept and is not intended to be a reliable product
- This project contains numerous bad practices that should be considered