diff options
author | Toni Uhlig <matzeton@googlemail.com> | 2019-09-18 08:55:42 +0200 |
---|---|---|
committer | Toni Uhlig <matzeton@googlemail.com> | 2019-09-18 08:55:42 +0200 |
commit | 6b57f6882a6ac03810b2a0a83399f0a2b3932b13 (patch) | |
tree | 51b26bebcc835fab6bbf887cf283ab1b54471f16 /README.md | |
parent | 829c4ce86b4fd062670e1a1e679117d55b7d4109 (diff) |
README update
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 15 |
1 files changed, 14 insertions, 1 deletions
@@ -1,6 +1,7 @@ # What? *KMemDriver* is a **Windows 10 x64 driver** designed to manipulate memory (and more) from ring0. It is also possible to bypass existing ring0/ring3 AntiCheat solutions e.g. BE and EAC. +It can also be used to manual map a user space DLL to a protected process and hide its occupied memory pages. # Dependencies @@ -17,7 +18,19 @@ The recommended way to install all dependencies is through [vs_community.exe](ht # HowTo *KMemDriver* was designed work together with *PastDSE* as injector. -*KMemDriver* supports manual mapping. +*KMemDriver* supports manual mapping in terms as it does not use any kernel symbol (with 1 exception) that require a legit loaded driver. + + +# Features +- communicates to the user space controller program via own written shared memory alike mechanism +- uses Windows events for the kernel space and user space as synchronization +- read all mapped memory pages of a process +- read all mapped modules of process +- read memory of a process (bypass page protections) +- write memory to a process (bypass page protections) +- allocate memory with specified page protection to a process +- free memory of a process +- unlink memory from VAD of a process # Contributors |