diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2019-09-18 21:36:20 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2019-09-18 21:36:20 +0200 |
| commit | ecc2960c0848a41534759d693896031bc21ffc60 (patch) | |
| tree | e64adf57a4e4c967e60a2159fedcb887105438e6 | |
| parent | badca5036cd02f8c6049e9eaed7942ef2ed2b100 (diff) | |
| parent | 6b57f6882a6ac03810b2a0a83399f0a2b3932b13 (diff) | |
Merge branch 'master' of https://e35git.ddnss.org/redmonder/KMemDriver
| -rw-r--r-- | README.md | 15 |
1 files changed, 14 insertions, 1 deletions
@@ -1,6 +1,7 @@ # What? *KMemDriver* is a **Windows 10 x64 driver** designed to manipulate memory (and more) from ring0. It is also possible to bypass existing ring0/ring3 AntiCheat solutions e.g. BE and EAC. +It can also be used to manual map a user space DLL to a protected process and hide its occupied memory pages. # Dependencies @@ -17,7 +18,19 @@ The recommended way to install all dependencies is through [vs_community.exe](ht # HowTo *KMemDriver* was designed work together with *PastDSE* as injector. -*KMemDriver* supports manual mapping. +*KMemDriver* supports manual mapping in terms as it does not use any kernel symbol (with 1 exception) that require a legit loaded driver. + + +# Features +- communicates to the user space controller program via own written shared memory alike mechanism +- uses Windows events for the kernel space and user space as synchronization +- read all mapped memory pages of a process +- read all mapped modules of process +- read memory of a process (bypass page protections) +- write memory to a process (bypass page protections) +- allocate memory with specified page protection to a process +- free memory of a process +- unlink memory from VAD of a process # Contributors |