Kernel Driver Write Process Memory - MmCopyVirtualMemory Tutorial 2/2

Channel:

Guided Hacking

Subscribers:

178,000

Published on August 12, 2020 3:34:13 PM ● Video Link: https://www.youtube.com/watch?v=W9vYO_9Q4g8

Game:

Counter-Strike 2 (2023)

Category:

Tutorial

Duration: 18:58

16,566 views

0

This is the usermode portion of the previous video: https://www.youtube.com/watch?v=EaxaQYESDlM It is part of our larger kernel tutorial series. You will learn how to write the usermode implementation. In the usermodule program we will call the kernel driver's memory writing function we wrote in the previous video. This allows you to write to any process's memory from the kernel. This will help you bypass any usermode anticheat and even kernel anticheat. But be aware your driver is easily detected if the anticheat has a kernel driver itself. MmCopyVirtualMemory is basically like a kernel memcpy / WriteProcessMemory function. This video tutorial will teach you how read and write memory to any process from the kernel, we will request the kernel to do this for us from our usermode application.

Time stamps:
0:00 Introduction
0:34 Setting up offsets
0:48 Creating functions to communicate with the driver
7:20 Making No Flash cheat
16:06 Testing No Flash cheat

Discussion & Download : https://bit.ly/2XM7MlP
Support us on Patreon: http://bit.ly/38mnveC

A kernel driver is a low level implementation of an “application” that runs in kernel mode. This means that the kernel driver has the ability to access the kernel API and memory directly. Since a kernel driver is low level, it makes it harder for the anti-cheat to detect it. Cheats that use kernel drivers are usually referred to as kernel cheats and they are considered more complex than the normal user mode cheats.

In this windows kernel programming tutorial, you will learn how to make a user mode application that communicates with a kernel driver in order to create a kernel cheat. This is a continuation to the MmCopyVirtualMemory tutorial, which, again, is a kernel WriteProcessMemory or ReadProcessMemory. To demonstrate how to read/write memory from/to a process, we will be working on Counter Strike Global Offensive (CSGO). So, naturally, we will need to grab the offsets for the game, and we do so by getting them from haze dumper. After that, we create functions in our user mode application that will send input and output control (IOCTL) codes to the driver to tell it to read/write memory from/to the process. With the functions ready, we are going to test them by creating a no flash cheat. The way no flash cheat works is by continuously setting m_flFlashMaxAlpha to zero, which will remove the effects of being flashed. After compiling, we need to make sure that the driver is running and then we launch CSGO to test our cheat.

After finishing this kernel driver tutorial, you will be able to write a user mode application that comminates with a kernel driver which in turn uses MmCopyVirtualMemory to read/write memory from/to a process in similar fashion to WriteProcessMemory and ReadProcessMemory. By achieving this, you will have enough knowledge to create your own kernel cheats.

Donate on our Forum : http://bit.ly/2HkOco9
Support us on Patreon : http://bit.ly/38mnveC

Follow us on Facebook : http://bit.ly/2vvHfhk
Follow us on Twitter : http://bit.ly/3bC7J1i
Follow us on Twitch : http://bit.ly/39ywOZ2
Follow us on Reddit : http://bit.ly/3bvOB57
Follow us on GitHub : http://bit.ly/2HoNXIS
Follow us on Instagram : http://bit.ly/2SoDOlu

Other Statistics