gmh5225
/
CallMeWin32kDriver
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c9f9092ec3'
${ noResults }
CallMeWin32kDriver/README.md

23 lines
675 B
Raw Blame History

# CallMeWin32kDriver
Load your driver like win32k.sys
![Q`NXJ7G@89G@K)6~5H8JA@6](https://user-images.githubusercontent.com/13917777/184930976-1ee5dd35-04a0-4d98-85a4-1f51074b9784.png)
![~MF %CSVW(FCL8H1G4UJ@6Y](https://user-images.githubusercontent.com/13917777/184935919-f9ee10ec-fbc3-48ef-8545-6269d078d0b1.png)
## Motivation
This feature was analyzed from a certain PUBG cheat driver.
## What it can do?
- Protection against direct dump by Anti-Rootkit tools
- Bypass MmCopyMemory
## How to detect?
- Attach a GUI process before using MmCopyMemory
## Compile
- Visual Studio 2022 & WDK10
- llvm-msvc [[link]](https://github.com/NewWorldComingSoon/llvm-msvc-build)
Reference in new issue View Git Blame Copy Permalink