How to Write Memory from Kernel - MmCopyVirtualMemory Tutorial 1/2
0This is our third kernel tutorial, you will learn how to use MmCopyVirtualMemory which is the kernel equivalent of WriteProcessMemory. This is a 2 part video, this video "Kernel 3" will show you how to setup the kernel driver, the next video will be released shortly after this and show you the usermode portion. These 2 videos are part of our larger kernel series. MmCopyVirtualMemory is basically like a kernel memcpy / WriteProcessMemory function. This video tutorial will teach you how read and write memory to any process from the kernel, we will request the kernel to do this for us from our usermode application. It is part of our larger kernel tutorial series.
Time stamps:
0:00 Introduction
0:40 Create read/write kernel memory functions
4:36 Create IOCTL codes
5:17 Create read/write kernel memory structs
6:42 Handle the new IOCTL codes
11:53 Building driver
Discussion & Download : https://bit.ly/2XM7MlP
Support us on Patreon: http://bit.ly/38mnveC
In the usermodule program we will call the kernel driver's memory writing function we wrote in the previous video. This allows you to write to any process's memory from the kernel. This will help you bypass any usermode anticheat and even kernel anticheat. But be aware your driver is easily detected if the anticheat has a kernel driver itself. MmCopyVirtualMemory is basically like a kernel memcpy / WriteProcessMemory function. This video tutorial will teach you how read and write memory to any process from the kernel, we will request the kernel to do this for us from our usermode application.
A kernel driver is a low level implementation of an “application” that runs in kernel mode. This means that the kernel driver has the ability to access the kernel API and memory directly. Since a kernel driver is low level, it makes it harder for the anti-cheat to detect it. Cheats that use kernel drivers are usually referred to as kernel cheats and they are considered more complex than the normal user mode cheats.
In this kernel driver tutorial, you will learn how to write a kernel driver that can read and write memory in any process using the undocumented MmCopyVirtualMemory function. This, in some sense, is kernel WriteProcessMemory and kernel ReadProcessMemory, which means it allows us to read and write memory from and to any process from the kernel. The first step will be creating KernelReadVirtualMemory and KernelWriteVirtualMemory functions, which in turn will call MmCopyVirtualMemory to read/write memory from/to a process. After that, we create input and output control (IOCTL) codes and structs that will hold the parameters needed for the read/write calls, which are the process id, source and target addresses and the size of memory to read/write. The only thing left to for handle the IOCTL we created. So, we navigate to IoControl function and add cases for these new codes. In each case, we cast the SystemBuffer to the corresponding struct to get the parameters for KernelReadVirtualMemory or KernelWriteVirtualMemory and call them. With this the driver is ready and the next step would be creating a user mode application that communicates with it to read/write memory from/to other processes.
After finishing this windows kernel programming tutorial, you will be able to write a kernel driver that uses MmCopyVirtualMemory to read/write memory from/to a process in similar fashion to WriteProcessMemory and ReadProcessMemory which will come in handy when writing kernel cheats.
Donate on our Forum : http://bit.ly/2HkOco9
Support us on Patreon : http://bit.ly/38mnveC
Follow us on Facebook : http://bit.ly/2vvHfhk
Follow us on Twitter : http://bit.ly/3bC7J1i
Follow us on Twitch : http://bit.ly/39ywOZ2
Follow us on Reddit : http://bit.ly/3bvOB57
Follow us on GitHub : http://bit.ly/2HoNXIS
Follow us on Instagram : http://bit.ly/2SoDOlu