You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
# BEDaisy
reverse engineering of bedaisy.sys (battleyes kernel driver). By registering on image load callbacks and IAT hooking BEDaisy's `MmGetSystemRoutineAddress` we can simply hook any imports
we want and have control flow over subsequent functions.
< img src = "https://imgur.com/NFGyGrY.png" / >
# APCS
The below function will be executed in each thread that bedaisy registers an APC on.
```cpp
__int64 __usercall apc_callback@< rax > (char _CL@< cl > , char _BH@< bh > , __int64 *a3@< r9 > )
{
__int64 v4; // rbx
__asm { rcl bh, cl }
v4 = *a3;
*(_DWORD * )(v4 + 2160) = RtlWalkFrameChain(*a3 + 0x70, 256i64, 0i64);
return KeSetEvent(v4 + 88, 0i64, 0i64);
}
```