Skip to content

Dy-Baby/ReadWriteDriver

Repository files navigation

ReadWriteDriver

A kernel driver for reading and writing memory. Contains a test that writes to notepad.exe's memory, and classes to read/write to two games (Halo: MCC & Apex Legends) which are protected by EAC. I also created a modified version of ReClass.NET that utilizes the driver for its read/write operations, but the laptop I had it on sustained water damage and was destroyed. I will recreate it when I have the time.

Please note that the function addresses are currently hardcoded for Windows 11 kernel 10.0.22000.376. A signature scanner can (and should) be added in the future to avoid this.

image

Technical information

  • The usermode module (ReadWriteUser.exe) loads ReadWriteDriverMapper.sys, which then manually maps ReadWriteDriver.sys
  • ReadWriteDriverMapper.sys allocates non-paged memory with MmAllocateIndependentPages(), and then sets its page protection to make it executable memory with MmSetPageProtection()
  • ReadWriteDriver.sys attaches to a usermode process that loads user32.dll (in this case, ReadWriteUser.exe) to gain access to win32kbase.sys;NtUserSetSysColors and overwrites a global pointer in NtUserSetSysColors() for its hook

Credits

• JD96 for answering questions, of course! ☺️

Frostiest for his physmem class, since I had to add it in at the last minute after I found out that the Apex version of EAC supposedly detects KeStackAttach().

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages