|
|
|
|
@ -10,6 +10,13 @@ Load your driver like win32k.sys
|
|
|
|
|
This feature was analyzed from a certain PUBG cheat driver.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## What it can do?
|
|
|
|
|
- Protection against direct dump by Anti-Rootkit tools
|
|
|
|
|
- Bypass MmCopyMemory
|
|
|
|
|
|
|
|
|
|
## How to detect?
|
|
|
|
|
- Attach a GUI process before using MmCopyMemory
|
|
|
|
|
|
|
|
|
|
## Compile
|
|
|
|
|
- Visual Studio 2022 & WDK10
|
|
|
|
|
- llvm-msvc [[link]](https://github.com/NewWorldComingSoon/llvm-msvc-build)
|
|
|
|
|
|
