gmh5225
/
CallMeWin32kDriver
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Load your driver like win32k.sys
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
220 KiB
 
 
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Go to file
gmh5225 7550573da7
Update 'README.md' 		2 years ago
CallMeWin32kDriver Update 2 years ago
win32bro hide world 2 years ago
.clang-format Update 2 years ago
CallMeWin32kDriver.sln Update 2 years ago
README.md Update 'README.md' 2 years ago
license Update 2 years ago

README.md

CallMeWin32kDriver

Load your driver like win32k.sys

Q`NXJ7G@89G@K)6~5H8JA@6

~MF %CSVW(FCL8H1G4UJ@6Y

Motivation

This feature was analyzed from a certain PUBG cheat driver.

What it can do?

  • Protection against direct dump by Anti-Rootkit tools
  • Bypass MmCopyMemory
  • Hide world does not trigger PG

How to detect?

  • Attach a GUI process before using MmCopyMemory

Compile

  • Visual Studio 2022 & WDK10
  • llvm-msvc [link]

Some discussions on UnknownCheats

https://www.unknowncheats.me/forum/anti-cheat-bypass/511107-load-driver-win32k-sys.html