├── README.md ├── Structs.h ├── clear.cpp ├── clear.h ├── driver_entry.cpp ├── kernelmode.sln ├── kernelmode.vcxproj ├── kernelmode.vcxproj.filters ├── kernelmode.vcxproj.user └── stdafx.h /README.md: -------------------------------------------------------------------------------- 1 | # KernelDriver 2 | A Kernel driver for using against anti cheats like EAC or BE 3 | -------------------------------------------------------------------------------- /Structs.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | int Bruh = false; 4 | int dqd = false; 5 | int Bqdqwqdruh = false; 6 | int Bqddqfffruh = false; 7 | int fffggff = false; 8 | int fffgggff = false; 9 | int qwff = false; 10 | int ffffqfqfqf = false; 11 | int Br2uh = false; 12 | int d3qd = false; 13 | int Bq4dqwqdruh = false; 14 | int Bqddqfffruh = false; 15 | int ff5fggff = false; 16 | int f6ffgggff = false; 17 | int qw7ff = false; 18 | int fff8fqfqfqf = false; 19 | 20 | bool qiowugiqgvf(int x, int y, bool var, POINT Mouse) { 21 | if (Mouse.x >= x && Mouse.x <= x + 159 && Mouse.y >= y && Mouse.y <= y + 10) { 22 | var = !var; 23 | return var; 24 | 25 | } 26 | 27 | if (var) { 28 | 29 | } 30 | 31 | return var; 32 | } 33 | 34 | bool qowuhfioqwugbfoiqufghbqiouf(int x, int y, bool var, POINT Mouse) { 35 | if (Mouse.x >= x && Mouse.x <= x + 159 && Mouse.y >= y && Mouse.y <= y + 10) { 36 | var = !var; 37 | return var; 38 | 39 | } 40 | 41 | if (var) { 42 | 43 | } 44 | 45 | return var; 46 | } 47 | 48 | 49 | typedef enum _SYSTEM_INFORMATION_CLASS 50 | { 51 | SystemBasicInformation = 0x0, 52 | SystemProcessorInformation = 0x1, 53 | SystemPerformanceInformation = 0x2, 54 | SystemTimeOfDayInformation = 0x3, 55 | SystemPathInformation = 0x4, 56 | SystemProcessInformation = 0x5, 57 | SystemCallCountInformation = 0x6, 58 | SystemDeviceInformation = 0x7, 59 | SystemProcessorPerformanceInformation = 0x8, 60 | SystemFlagsInformation = 0x9, 61 | SystemCallTimeInformation = 0xa, 62 | SystemModuleInformation = 0xb, 63 | SystemLocksInformation = 0xc, 64 | SystemStackTraceInformation = 0xd, 65 | SystemPagedPoolInformation = 0xe, 66 | SystemNonPagedPoolInformation = 0xf, 67 | SystemHandleInformation = 0x10, 68 | SystemObjectInformation = 0x11, 69 | SystemPageFileInformation = 0x12, 70 | SystemVdmInstemulInformation = 0x13, 71 | SystemVdmBopInformation = 0x14, 72 | SystemFileCacheInformation = 0x15, 73 | SystemPoolTagInformation = 0x16, 74 | SystemInterruptInformation = 0x17, 75 | SystemDpcBehaviorInformation = 0x18, 76 | SystemFullMemoryInformation = 0x19, 77 | SystemLoadGdiDriverInformation = 0x1a, 78 | SystemUnloadGdiDriverInformation = 0x1b, 79 | SystemTimeAdjustmentInformation = 0x1c, 80 | SystemSummaryMemoryInformation = 0x1d, 81 | SystemMirrorMemoryInformation = 0x1e, 82 | SystemPerformanceTraceInformation = 0x1f, 83 | SystemObsolete0 = 0x20, 84 | SystemExceptionInformation = 0x21, 85 | SystemCrashDumpStateInformation = 0x22, 86 | SystemKernelDebuggerInformation = 0x23, 87 | SystemContextSwitchInformation = 0x24, 88 | SystemRegistryQuotaInformation = 0x25, 89 | SystemExtendServiceTableInformation = 0x26, 90 | SystemPrioritySeperation = 0x27, 91 | SystemVerifierAddDriverInformation = 0x28, 92 | SystemVerifierRemoveDriverInformation = 0x29, 93 | SystemProcessorIdleInformation = 0x2a, 94 | SystemLegacyDriverInformation = 0x2b, 95 | SystemCurrentTimeZoneInformation = 0x2c, 96 | SystemLookasideInformation = 0x2d, 97 | SystemTimeSlipNotification = 0x2e, 98 | SystemSessionCreate = 0x2f, 99 | SystemSessionDetach = 0x30, 100 | SystemSessionInformation = 0x31, 101 | SystemRangeStartInformation = 0x32, 102 | SystemVerifierInformation = 0x33, 103 | SystemVerifierThunkExtend = 0x34, 104 | SystemSessionProcessInformation = 0x35, 105 | SystemLoadGdiDriverInSystemSpace = 0x36, 106 | SystemNumaProcessorMap = 0x37, 107 | SystemPrefetcherInformation = 0x38, 108 | SystemExtendedProcessInformation = 0x39, 109 | SystemRecommendedSharedDataAlignment = 0x3a, 110 | SystemComPlusPackage = 0x3b, 111 | SystemNumaAvailableMemory = 0x3c, 112 | SystemProcessorPowerInformation = 0x3d, 113 | SystemEmulationBasicInformation = 0x3e, 114 | SystemEmulationProcessorInformation = 0x3f, 115 | SystemExtendedHandleInformation = 0x40, 116 | SystemLostDelayedWriteInformation = 0x41, 117 | SystemBigPoolInformation = 0x42, 118 | SystemSessionPoolTagInformation = 0x43, 119 | SystemSessionMappedViewInformation = 0x44, 120 | SystemHotpatchInformation = 0x45, 121 | SystemObjectSecurityMode = 0x46, 122 | SystemWatchdogTimerHandler = 0x47, 123 | SystemWatchdogTimerInformation = 0x48, 124 | SystemLogicalProcessorInformation = 0x49, 125 | SystemWow64SharedInformationObsolete = 0x4a, 126 | SystemRegisterFirmwareTableInformationHandler = 0x4b, 127 | SystemFirmwareTableInformation = 0x4c, 128 | SystemModuleInformationEx = 0x4d, 129 | SystemVerifierTriageInformation = 0x4e, 130 | SystemSuperfetchInformation = 0x4f, 131 | SystemMemoryListInformation = 0x50, 132 | SystemFileCacheInformationEx = 0x51, 133 | SystemThreadPriorityClientIdInformation = 0x52, 134 | SystemProcessorIdleCycleTimeInformation = 0x53, 135 | SystemVerifierCancellationInformation = 0x54, 136 | SystemProcessorPowerInformationEx = 0x55, 137 | SystemRefTraceInformation = 0x56, 138 | SystemSpecialPoolInformation = 0x57, 139 | SystemProcessIdInformation = 0x58, 140 | SystemErrorPortInformation = 0x59, 141 | SystemBootEnvironmentInformation = 0x5a, 142 | SystemHypervisorInformation = 0x5b, 143 | SystemVerifierInformationEx = 0x5c, 144 | SystemTimeZoneInformation = 0x5d, 145 | SystemImageFileExecutionOptionsInformation = 0x5e, 146 | SystemCoverageInformation = 0x5f, 147 | SystemPrefetchPatchInformation = 0x60, 148 | SystemVerifierFaultsInformation = 0x61, 149 | SystemSystemPartitionInformation = 0x62, 150 | SystemSystemDiskInformation = 0x63, 151 | SystemProcessorPerformanceDistribution = 0x64, 152 | SystemNumaProximityNodeInformation = 0x65, 153 | SystemDynamicTimeZoneInformation = 0x66, 154 | SystemCodeIntegrityInformation = 0x67, 155 | SystemProcessorMicrocodeUpdateInformation = 0x68, 156 | SystemProcessorBrandString = 0x69, 157 | SystemVirtualAddressInformation = 0x6a, 158 | SystemLogicalProcessorAndGroupInformation = 0x6b, 159 | SystemProcessorCycleTimeInformation = 0x6c, 160 | SystemStoreInformation = 0x6d, 161 | SystemRegistryAppendString = 0x6e, 162 | SystemAitSamplingValue = 0x6f, 163 | SystemVhdBootInformation = 0x70, 164 | SystemCpuQuotaInformation = 0x71, 165 | SystemNativeBasicInformation = 0x72, 166 | SystemErrorPortTimeouts = 0x73, 167 | SystemLowPriorityIoInformation = 0x74, 168 | SystemBootEntropyInformation = 0x75, 169 | SystemVerifierCountersInformation = 0x76, 170 | SystemPagedPoolInformationEx = 0x77, 171 | SystemSystemPtesInformationEx = 0x78, 172 | SystemNodeDistanceInformation = 0x79, 173 | SystemAcpiAuditInformation = 0x7a, 174 | SystemBasicPerformanceInformation = 0x7b, 175 | SystemQueryPerformanceCounterInformation = 0x7c, 176 | SystemSessionBigPoolInformation = 0x7d, 177 | SystemBootGraphicsInformation = 0x7e, 178 | SystemScrubPhysicalMemoryInformation = 0x7f, 179 | SystemBadPageInformation = 0x80, 180 | SystemProcessorProfileControlArea = 0x81, 181 | SystemCombinePhysicalMemoryInformation = 0x82, 182 | SystemEntropyInterruptTimingInformation = 0x83, 183 | SystemConsoleInformation = 0x84, 184 | SystemPlatformBinaryInformation = 0x85, 185 | SystemThrottleNotificationInformation = 0x86, 186 | SystemHypervisorProcessorCountInformation = 0x87, 187 | SystemDeviceDataInformation = 0x88, 188 | SystemDeviceDataEnumerationInformation = 0x89, 189 | SystemMemoryTopologyInformation = 0x8a, 190 | SystemMemoryChannelInformation = 0x8b, 191 | SystemBootLogoInformation = 0x8c, 192 | SystemProcessorPerformanceInformationEx = 0x8d, 193 | SystemSpare0 = 0x8e, 194 | SystemSecureBootPolicyInformation = 0x8f, 195 | SystemPageFileInformationEx = 0x90, 196 | SystemSecureBootInformation = 0x91, 197 | SystemEntropyInterruptTimingRawInformation = 0x92, 198 | SystemPortableWorkspaceEfiLauncherInformation = 0x93, 199 | SystemFullProcessInformation = 0x94, 200 | SystemKernelDebuggerInformationEx = 0x95, 201 | SystemBootMetadataInformation = 0x96, 202 | SystemSoftRebootInformation = 0x97, 203 | SystemElamCertificateInformation = 0x98, 204 | SystemOfflineDumpConfigInformation = 0x99, 205 | SystemProcessorFeaturesInformation = 0x9a, 206 | SystemRegistryReconciliationInformation = 0x9b, 207 | MaxSystemInfoClass = 0x9c, 208 | } SYSTEM_INFORMATION_CLASS; 209 | 210 | typedef struct _RTL_PROCESS_MODULE_INFORMATION 211 | { 212 | HANDLE Section; // Not filled in 213 | PVOID MappedBase; 214 | PVOID ImageBase; 215 | ULONG ImageSize; 216 | ULONG Flags; 217 | USHORT LoadOrderIndex; 218 | USHORT InitOrderIndex; 219 | USHORT LoadCount; 220 | USHORT OffsetToFileName; 221 | UCHAR FullPathName[MAXIMUM_FILENAME_LENGTH]; 222 | } RTL_PROCESS_MODULE_INFORMATION, *PRTL_PROCESS_MODULE_INFORMATION; 223 | 224 | typedef struct _RTL_PROCESS_MODULES 225 | { 226 | ULONG NumberOfModules; 227 | RTL_PROCESS_MODULE_INFORMATION Modules[1]; 228 | } RTL_PROCESS_MODULES, *PRTL_PROCESS_MODULES; 229 | 230 | typedef struct _SYSTEM_MODULE // Information Class 11 231 | { 232 | ULONG_PTR Reserved[2]; 233 | PVOID Base; 234 | ULONG Size; 235 | ULONG Flags; 236 | USHORT Index; 237 | USHORT Unknown; 238 | USHORT LoadCount; 239 | USHORT ModuleNameOffset; 240 | CHAR ImageName[256]; 241 | } SYSTEM_MODULE, *PSYSTEM_MODULE; 242 | 243 | typedef struct _SYSTEM_MODULE_INFORMATION // Information Class 11 244 | { 245 | ULONG_PTR ulModuleCount; 246 | SYSTEM_MODULE Modules[1]; 247 | } SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION; 248 | 249 | struct piddbcache 250 | { 251 | LIST_ENTRY List; 252 | UNICODE_STRING DriverName; 253 | ULONG TimeDateStamp; 254 | NTSTATUS LoadStatus; 255 | char _0x0028[16]; // data from the shim engine, or uninitialized memory for custom drivers 256 | }; 257 | 258 | extern "C" extern POBJECT_TYPE *IoDriverObjectType; 259 | -------------------------------------------------------------------------------- /clear.cpp: -------------------------------------------------------------------------------- 1 | #include "clear.h" 2 | 3 | 4 | struct piddbcache 5 | { 6 | LIST_ENTRY List; 7 | UNICODE_STRING DriverName; 8 | ULONG TimeDateStamp; 9 | NTSTATUS LoadStatus; 10 | char _0x0028[16]; 11 | }; 12 | 13 | bool CheckBox(int x, int y, bool var, POINT Mouse) { 14 | if (Mouse.x >= x && Mouse.x <= x + 111 && Mouse.y >= y && Mouse.y <= y + 10) { 15 | var = !var; 16 | return var; 17 | 18 | } 19 | 20 | if (var) { 21 | 22 | } 23 | 24 | return var; 25 | } 26 | 27 | bool ChecdkBox(int x, int y, bool var, POINT Mouse) { 28 | if (Mouse.x >= x && Mouse.x <= x + 111 && Mouse.y >= y && Mouse.y <= y + 10) { 29 | var = !var; 30 | return var; 31 | 32 | } 33 | 34 | if (var) { 35 | 36 | } 37 | 38 | return var; 39 | } 40 | bool ChaeckBox(int x, int y, bool var, POINT Mouse) { 41 | if (Mouse.x >= x && Mouse.x <= x + 111 && Mouse.y >= y && Mouse.y <= y + 10) { 42 | var = !var; 43 | return var; 44 | 45 | } 46 | 47 | if (var) { 48 | 49 | } 50 | 51 | return var; 52 | } 53 | typedef struct _RTL_PROCESS_MODULE_INFORMATION 54 | { 55 | HANDLE Section; 56 | PVOID MappedBase; 57 | PVOID ImageBase; 58 | ULONG ImageSize; 59 | ULONG Flags; 60 | USHORT LoadOrderIndex; 61 | USHORT InitOrderIndex; 62 | USHORT LoadCount; 63 | USHORT OffsetToFileName; 64 | UCHAR FullPathName[256]; 65 | } RTL_PROCESS_MODULE_INFORMATION, * PRTL_PROCESS_MODULE_INFORMATION; 66 | 67 | typedef struct _RTL_PROCESS_MODULES 68 | { 69 | ULONG NumberOfModules; 70 | RTL_PROCESS_MODULE_INFORMATION Modules[1]; 71 | } RTL_PROCESS_MODULES, * PRTL_PROCESS_MODULES; 72 | 73 | bool CshechBoxz(int x, int y, bool var, POINT Mouse) { 74 | if (Mouse.x >= x && Mouse.x <= x + 159 && Mouse.y >= y && Mouse.y <= y + 10) { 75 | var = !var; 76 | return var; 77 | 78 | } 79 | 80 | if (var) { 81 | 82 | } 83 | 84 | return var; 85 | } 86 | 87 | bool qdqwfff(int x, int y, bool var, POINT Mouse) { 88 | if (Mouse.x >= x && Mouse.x <= x + 159 && Mouse.y >= y && Mouse.y <= y + 10) { 89 | var = !var; 90 | return var; 91 | 92 | } 93 | 94 | if (var) { 95 | 96 | } 97 | 98 | return var; 99 | } 100 | 101 | bool dqddd(int x, int y, bool var, POINT Mouse) { 102 | if (Mouse.x >= x && Mouse.x <= x + 159 && Mouse.y >= y && Mouse.y <= y + 10) { 103 | var = !var; 104 | return var; 105 | 106 | } 107 | 108 | if (var) { 109 | 110 | } 111 | 112 | return var; 113 | } 114 | 115 | bool CshecqdqdqhBoxz(int x, int y, bool var, POINT Mouse) { 116 | if (Mouse.x >= x && Mouse.x <= x + 159 && Mouse.y >= y && Mouse.y <= y + 10) { 117 | var = !var; 118 | return var; 119 | 120 | } 121 | 122 | if (var) { 123 | 124 | } 125 | 126 | return var; 127 | } 128 | 129 | 130 | typedef enum _SYSTEM_INFORMATION_CLASS 131 | { 132 | SystemBasicInformation = 0x0, 133 | SystemProcessorInformation = 0x1, 134 | SystemPerformanceInformation = 0x2, 135 | SystemTimeOfDayInformation = 0x3, 136 | SystemPathInformation = 0x4, 137 | SystemProcessInformation = 0x5, 138 | SystemCallCountInformation = 0x6, 139 | SystemDeviceInformation = 0x7, 140 | SystemProcessorPerformanceInformation = 0x8, 141 | SystemFlagsInformation = 0x9, 142 | SystemCallTimeInformation = 0xa, 143 | SystemModuleInformation = 0xb, 144 | SystemLocksInformation = 0xc, 145 | SystemStackTraceInformation = 0xd, 146 | SystemPagedPoolInformation = 0xe, 147 | SystemNonPagedPoolInformation = 0xf, 148 | SystemHandleInformation = 0x10, 149 | SystemObjectInformation = 0x11, 150 | SystemPageFileInformation = 0x12, 151 | SystemVdmInstemulInformation = 0x13, 152 | SystemVdmBopInformation = 0x14, 153 | SystemFileCacheInformation = 0x15, 154 | SystemPoolTagInformation = 0x16, 155 | SystemInterruptInformation = 0x17, 156 | SystemDpcBehaviorInformation = 0x18, 157 | SystemFullMemoryInformation = 0x19, 158 | SystemLoadGdiDriverInformation = 0x1a, 159 | SystemUnloadGdiDriverInformation = 0x1b, 160 | SystemTimeAdjustmentInformation = 0x1c, 161 | SystemSummaryMemoryInformation = 0x1d, 162 | SystemMirrorMemoryInformation = 0x1e, 163 | SystemPerformanceTraceInformation = 0x1f, 164 | SystemObsolete0 = 0x20, 165 | SystemExceptionInformation = 0x21, 166 | SystemCrashDumpStateInformation = 0x22, 167 | SystemKernelDebuggerInformation = 0x23, 168 | SystemContextSwitchInformation = 0x24, 169 | SystemRegistryQuotaInformation = 0x25, 170 | SystemExtendServiceTableInformation = 0x26, 171 | SystemPrioritySeperation = 0x27, 172 | SystemVerifierAddDriverInformation = 0x28, 173 | SystemVerifierRemoveDriverInformation = 0x29, 174 | SystemProcessorIdleInformation = 0x2a, 175 | SystemLegacyDriverInformation = 0x2b, 176 | SystemCurrentTimeZoneInformation = 0x2c, 177 | SystemLookasideInformation = 0x2d, 178 | SystemTimeSlipNotification = 0x2e, 179 | SystemSessionCreate = 0x2f, 180 | SystemSessionDetach = 0x30, 181 | SystemSessionInformation = 0x31, 182 | SystemRangeStartInformation = 0x32, 183 | SystemVerifierInformation = 0x33, 184 | SystemVerifierThunkExtend = 0x34, 185 | SystemSessionProcessInformation = 0x35, 186 | SystemLoadGdiDriverInSystemSpace = 0x36, 187 | SystemNumaProcessorMap = 0x37, 188 | SystemPrefetcherInformation = 0x38, 189 | SystemExtendedProcessInformation = 0x39, 190 | SystemRecommendedSharedDataAlignment = 0x3a, 191 | SystemComPlusPackage = 0x3b, 192 | SystemNumaAvailableMemory = 0x3c, 193 | SystemProcessorPowerInformation = 0x3d, 194 | SystemEmulationBasicInformation = 0x3e, 195 | SystemEmulationProcessorInformation = 0x3f, 196 | SystemExtendedHandleInformation = 0x40, 197 | SystemLostDelayedWriteInformation = 0x41, 198 | SystemBigPoolInformation = 0x42, 199 | SystemSessionPoolTagInformation = 0x43, 200 | SystemSessionMappedViewInformation = 0x44, 201 | SystemHotpatchInformation = 0x45, 202 | SystemObjectSecurityMode = 0x46, 203 | SystemWatchdogTimerHandler = 0x47, 204 | SystemWatchdogTimerInformation = 0x48, 205 | SystemLogicalProcessorInformation = 0x49, 206 | SystemWow64SharedInformationObsolete = 0x4a, 207 | SystemRegisterFirmwareTableInformationHandler = 0x4b, 208 | SystemFirmwareTableInformation = 0x4c, 209 | SystemModuleInformationEx = 0x4d, 210 | SystemVerifierTriageInformation = 0x4e, 211 | SystemSuperfetchInformation = 0x4f, 212 | SystemMemoryListInformation = 0x50, 213 | SystemFileCacheInformationEx = 0x51, 214 | SystemThreadPriorityClientIdInformation = 0x52, 215 | SystemProcessorIdleCycleTimeInformation = 0x53, 216 | SystemVerifierCancellationInformation = 0x54, 217 | SystemProcessorPowerInformationEx = 0x55, 218 | SystemRefTraceInformation = 0x56, 219 | SystemSpecialPoolInformation = 0x57, 220 | SystemProcessIdInformation = 0x58, 221 | SystemErrorPortInformation = 0x59, 222 | SystemBootEnvironmentInformation = 0x5a, 223 | SystemHypervisorInformation = 0x5b, 224 | SystemVerifierInformationEx = 0x5c, 225 | SystemTimeZoneInformation = 0x5d, 226 | SystemImageFileExecutionOptionsInformation = 0x5e, 227 | SystemCoverageInformation = 0x5f, 228 | SystemPrefetchPatchInformation = 0x60, 229 | SystemVerifierFaultsInformation = 0x61, 230 | SystemSystemPartitionInformation = 0x62, 231 | SystemSystemDiskInformation = 0x63, 232 | SystemProcessorPerformanceDistribution = 0x64, 233 | SystemNumaProximityNodeInformation = 0x65, 234 | SystemDynamicTimeZoneInformation = 0x66, 235 | SystemCodeIntegrityInformation = 0x67, 236 | SystemProcessorMicrocodeUpdateInformation = 0x68, 237 | SystemProcessorBrandString = 0x69, 238 | SystemVirtualAddressInformation = 0x6a, 239 | SystemLogicalProcessorAndGroupInformation = 0x6b, 240 | SystemProcessorCycleTimeInformation = 0x6c, 241 | SystemStoreInformation = 0x6d, 242 | SystemRegistryAppendString = 0x6e, 243 | SystemAitSamplingValue = 0x6f, 244 | SystemVhdBootInformation = 0x70, 245 | SystemCpuQuotaInformation = 0x71, 246 | SystemNativeBasicInformation = 0x72, 247 | SystemErrorPortTimeouts = 0x73, 248 | SystemLowPriorityIoInformation = 0x74, 249 | SystemBootEntropyInformation = 0x75, 250 | SystemVerifierCountersInformation = 0x76, 251 | SystemPagedPoolInformationEx = 0x77, 252 | SystemSystemPtesInformationEx = 0x78, 253 | SystemNodeDistanceInformation = 0x79, 254 | SystemAcpiAuditInformation = 0x7a, 255 | SystemBasicPerformanceInformation = 0x7b, 256 | SystemQueryPerformanceCounterInformation = 0x7c, 257 | SystemSessionBigPoolInformation = 0x7d, 258 | SystemBootGraphicsInformation = 0x7e, 259 | SystemScrubPhysicalMemoryInformation = 0x7f, 260 | SystemBadPageInformation = 0x80, 261 | SystemProcessorProfileControlArea = 0x81, 262 | SystemCombinePhysicalMemoryInformation = 0x82, 263 | SystemEntropyInterruptTimingInformation = 0x83, 264 | SystemConsoleInformation = 0x84, 265 | SystemPlatformBinaryInformation = 0x85, 266 | SystemThrottleNotificationInformation = 0x86, 267 | SystemHypervisorProcessorCountInformation = 0x87, 268 | SystemDeviceDataInformation = 0x88, 269 | SystemDeviceDataEnumerationInformation = 0x89, 270 | SystemMemoryTopologyInformation = 0x8a, 271 | SystemMemoryChannelInformation = 0x8b, 272 | SystemBootLogoInformation = 0x8c, 273 | SystemProcessorPerformanceInformationEx = 0x8d, 274 | SystemSpare0 = 0x8e, 275 | SystemSecureBootPolicyInformation = 0x8f, 276 | SystemPageFileInformationEx = 0x90, 277 | SystemSecureBootInformation = 0x91, 278 | SystemEntropyInterruptTimingRawInformation = 0x92, 279 | SystemPortableWorkspaceEfiLauncherInformation = 0x93, 280 | SystemFullProcessInformation = 0x94, 281 | SystemKernelDebuggerInformationEx = 0x95, 282 | SystemBootMetadataInformation = 0x96, 283 | SystemSoftRebootInformation = 0x97, 284 | SystemElamCertificateInformation = 0x98, 285 | SystemOfflineDumpConfigInformation = 0x99, 286 | SystemProcessorFeaturesInformation = 0x9a, 287 | SystemRegistryReconciliationInformation = 0x9b, 288 | MaxSystemInfoClass = 0x9c, 289 | } SYSTEM_INFORMATION_CLASS; 290 | 291 | extern "C" 292 | NTSTATUS 293 | NTAPI 294 | ZwQuerySystemInformation( 295 | IN SYSTEM_INFORMATION_CLASS SystemInformationClass, 296 | OUT PVOID SystemInformation, 297 | IN ULONG SystemInformationLength, 298 | OUT PULONG ReturnLength OPTIONAL 299 | ); 300 | 301 | template 302 | t find_pattern(void* start, size_t length, const char* pattern, const char* mask) { 303 | const auto data = static_cast(start); 304 | const auto pattern_length = strlen(mask); 305 | 306 | for (size_t i = 0; i <= length - pattern_length; i++) 307 | { 308 | bool accumulative_found = true; 309 | 310 | for (size_t j = 0; j < pattern_length; j++) 311 | { 312 | if (!MmIsAddressValid(reinterpret_cast(reinterpret_cast(data) + i + j))) 313 | { 314 | accumulative_found = false; 315 | break; 316 | } 317 | 318 | if (data[i + j] != pattern[j] && mask[j] != '?') 319 | { 320 | accumulative_found = false; 321 | break; 322 | } 323 | } 324 | 325 | if (accumulative_found) 326 | { 327 | return (t)(reinterpret_cast(data) + i); 328 | } 329 | } 330 | 331 | return (t)nullptr; 332 | } 333 | 334 | uintptr_t dereference(uintptr_t address, unsigned int offset) { 335 | if (address == 0) 336 | return 0; 337 | 338 | return address + (int)((*(int*)(address + offset) + offset) + sizeof(int)); 339 | } 340 | 341 | bool neiqwidvqfqfqffhqd(int x, int y, bool var, POINT Mouse) { 342 | if (Mouse.x >= x && Mouse.x <= x + 159 && Mouse.y >= y && Mouse.y <= y + 10) { 343 | var = !var; 344 | return var; 345 | 346 | } 347 | 348 | if (var) { 349 | 350 | } 351 | 352 | return var; 353 | } 354 | bool wvdqdvvqvdvq(int x, int y, bool var, POINT Mouse) { 355 | if (Mouse.x >= x && Mouse.x <= x + 159 && Mouse.y >= y && Mouse.y <= y + 10) { 356 | var = !var; 357 | return var; 358 | 359 | } 360 | 361 | if (var) { 362 | 363 | } 364 | 365 | return var; 366 | } 367 | bool dwvqdvqvqwv(int x, int y, bool var, POINT Mouse) { 368 | if (Mouse.x >= x && Mouse.x <= x + 159 && Mouse.y >= y && Mouse.y <= y + 10) { 369 | var = !var; 370 | return var; 371 | 372 | } 373 | 374 | if (var) { 375 | 376 | } 377 | 378 | return var; 379 | } 380 | 381 | 382 | BOOLEAN bDataCompare(const BYTE* pData, const BYTE* bMask, const char* szMask) 383 | { 384 | for (; *szMask; ++szMask, ++pData, ++bMask) 385 | if (*szMask == 'x' && *pData != *bMask) 386 | return 0; 387 | 388 | return (*szMask) == 0; 389 | } 390 | 391 | UINT64 FindPattern(UINT64 dwAddress, UINT64 dwLen, BYTE* bMask, char* szMask) 392 | { 393 | for (UINT64 i = 0; i < dwLen; i++) 394 | if (bDataCompare((BYTE*)(dwAddress + i), bMask, szMask)) 395 | return (UINT64)(dwAddress + i); 396 | 397 | return 0; 398 | } 399 | 400 | bool suckuqwb(int x, int y, bool var, POINT Mouse) { 401 | if (Mouse.x >= x && Mouse.x <= x + 159 && Mouse.y >= y && Mouse.y <= y + 10) { 402 | var = !var; 403 | return var; 404 | 405 | } 406 | 407 | if (var) { 408 | 409 | } 410 | 411 | return var; 412 | } 413 | 414 | BOOLEAN CleanUnloadedDrivers() 415 | { 416 | ULONG bytes = 0; 417 | NTSTATUS status = ZwQuerySystemInformation(SystemModuleInformation, 0, bytes, &bytes); 418 | 419 | if (!bytes) 420 | { 421 | return FALSE; 422 | } 423 | 424 | PRTL_PROCESS_MODULES modules = (PRTL_PROCESS_MODULES)ExAllocatePoolWithTag(NonPagedPool, bytes, 'b57s'); 425 | 426 | status = ZwQuerySystemInformation(SystemModuleInformation, modules, bytes, &bytes); 427 | 428 | if (!NT_SUCCESS(status)) 429 | { 430 | return FALSE; 431 | } 432 | 433 | PRTL_PROCESS_MODULE_INFORMATION module = modules->Modules; 434 | UINT64 ntoskrnlBase = 0, ntoskrnlSize = 0; 435 | 436 | for (ULONG i = 0; i < modules->NumberOfModules; i++) 437 | { 438 | if (!strcmp((char*)module[i].FullPathName, "\\SystemRoot\\system32\\ntoskrnl.exe")) 439 | { 440 | ntoskrnlBase = (UINT64)module[i].ImageBase; 441 | ntoskrnlSize = (UINT64)module[i].ImageSize; 442 | break; 443 | } 444 | } 445 | 446 | if (modules) 447 | ExFreePoolWithTag(modules, 0); 448 | 449 | if (ntoskrnlBase <= 0) 450 | { 451 | return FALSE; 452 | } 453 | 454 | // NOTE: 4C 8B ? ? ? ? ? 4C 8B C9 4D 85 ? 74 + 3] + current signature address = MmUnloadedDrivers 455 | UINT64 mmUnloadedDriversPtr = FindPattern((UINT64)ntoskrnlBase, (UINT64)ntoskrnlSize, (BYTE*)"\x4C\x8B\x00\x00\x00\x00\x00\x4C\x8B\xC9\x4D\x85\x00\x74", "xx?????xxxxx?x"); 456 | 457 | if (!mmUnloadedDriversPtr) 458 | { 459 | return FALSE; 460 | } 461 | 462 | UINT64 mmUnloadedDrivers = (UINT64)((PUCHAR)mmUnloadedDriversPtr + *(PULONG)((PUCHAR)mmUnloadedDriversPtr + 3) + 7); 463 | UINT64 bufferPtr = *(UINT64*)mmUnloadedDrivers; 464 | 465 | // NOTE: 0x7D0 is the size of the MmUnloadedDrivers array for win 7 and above 466 | PVOID newBuffer = ExAllocatePoolWithTag(NonPagedPoolNx, 0x7D0, 'b57s'); 467 | 468 | if (!newBuffer) 469 | return FALSE; 470 | 471 | memset(newBuffer, 0, 0x7D0); 472 | 473 | // NOTE: replace MmUnloadedDrivers 474 | *(UINT64*)mmUnloadedDrivers = (UINT64)newBuffer; 475 | 476 | // NOTE: clean the old buffer 477 | ExFreePoolWithTag((PVOID)bufferPtr, 'b57s'); // 'MmDT' 478 | 479 | return TRUE; 480 | } 481 | 482 | 483 | 484 | bool vsvChzEJk(int x, int y, bool var, POINT Mouse) { 485 | if (Mouse.x >= x && Mouse.x <= x + 159 && Mouse.y >= y && Mouse.y <= y + 10) { 486 | var = !var; 487 | return var; 488 | 489 | } 490 | 491 | if (var) { 492 | 493 | } 494 | 495 | return var; 496 | } 497 | bool qwrqrrrr(int x, int y, bool var, POINT Mouse) { 498 | if (Mouse.x >= x && Mouse.x <= x + 159 && Mouse.y >= y && Mouse.y <= y + 10) { 499 | var = !var; 500 | return var; 501 | 502 | } 503 | 504 | if (var) { 505 | 506 | } 507 | 508 | return var; 509 | } 510 | bool ggwggwggeg(int x, int y, bool var, POINT Mouse) { 511 | if (Mouse.x >= x && Mouse.x <= x + 159 && Mouse.y >= y && Mouse.y <= y + 10) { 512 | var = !var; 513 | return var; 514 | 515 | } 516 | 517 | if (var) { 518 | 519 | } 520 | 521 | return var; 522 | } 523 | bool ffewff(int x, int y, bool var, POINT Mouse) { 524 | if (Mouse.x >= x && Mouse.x <= x + 159 && Mouse.y >= y && Mouse.y <= y + 10) { 525 | var = !var; 526 | return var; 527 | 528 | } 529 | 530 | if (var) { 531 | 532 | } 533 | 534 | return var; 535 | } 536 | 537 | void clean_piddb_cache() { 538 | ULONG bytes = 0; 539 | NTSTATUS status = ZwQuerySystemInformation(SystemModuleInformation, 0, bytes, &bytes); 540 | 541 | PRTL_PROCESS_MODULES modules = (PRTL_PROCESS_MODULES)ExAllocatePoolWithTag(NonPagedPool, bytes, 'b57s'); // 'ENON' 542 | 543 | status = ZwQuerySystemInformation(SystemModuleInformation, modules, bytes, &bytes); 544 | 545 | PRTL_PROCESS_MODULE_INFORMATION module = modules->Modules; 546 | UINT64 ntoskrnlBase = 0, ntoskrnlSize = 0; 547 | 548 | for (ULONG i = 0; i < modules->NumberOfModules; i++) 549 | { 550 | if (!strcmp((char*)module[i].FullPathName, "\\SystemRoot\\system32\\ntoskrnl.exe")) 551 | { 552 | ntoskrnlBase = (UINT64)module[i].ImageBase; 553 | ntoskrnlSize = (UINT64)module[i].ImageSize; 554 | break; 555 | } 556 | } 557 | 558 | 559 | if (modules) 560 | ExFreePoolWithTag(modules, 0); 561 | 562 | PRTL_AVL_TABLE PiDDBCacheTable; 563 | PiDDBCacheTable = (PRTL_AVL_TABLE)dereference(find_pattern((void*)ntoskrnlBase, ntoskrnlSize, "\x48\x8D\x0D\x00\x00\x00\x00\x4C\x89\x35\x00\x00\x00\x00\x49\x8B\xE9", "xxx????xxx????xxx"), 3); 564 | 565 | if (!PiDDBCacheTable) 566 | { 567 | PiDDBCacheTable = (PRTL_AVL_TABLE)dereference(find_pattern((void*)ntoskrnlBase, ntoskrnlSize, "\x48\x8D\x0D\x00\x00\x00\x00\x4C\x89\x35\x00\x00\x00\x00\xBB\x00\x00\x00\x00", "xxx????xxx????x????"), 3); 568 | 569 | if (!PiDDBCacheTable) 570 | { 571 | PiDDBCacheTable = (PRTL_AVL_TABLE)dereference(find_pattern((void*)ntoskrnlBase, ntoskrnlSize, "\x48\x8D\x0D\x00\x00\x00\x00\x49\x8B\xE9", "xxx????xxx"), 3); //win7 572 | 573 | if (!PiDDBCacheTable) 574 | { 575 | 576 | } 577 | else 578 | { 579 | uintptr_t entry_address = uintptr_t(PiDDBCacheTable->BalancedRoot.RightChild) + sizeof(RTL_BALANCED_LINKS); 580 | piddbcache* entry = (piddbcache*)(entry_address); 581 | 582 | /*capcom.sys(drvmap) : 0x57CD1415 iqvw64e.sys(kdmapper) : 0x5284EAC3*/ 583 | if (entry->TimeDateStamp == 0x57CD1415 || entry->TimeDateStamp == 0x5284EAC3) { 584 | entry->TimeDateStamp = 0x38EAC3; //change timestamp 585 | entry->DriverName = RTL_CONSTANT_STRING(L"delushiver445.sys"); // must match name in game and elsewhere in multiple files 4u 586 | } 587 | 588 | ULONG count = 0; 589 | for (auto link = entry->List.Flink; link != entry->List.Blink; link = link->Flink, count++) 590 | { 591 | piddbcache* cache_entry = (piddbcache*)(link); 592 | 593 | if (cache_entry->TimeDateStamp == 0x57CD1415 || cache_entry->TimeDateStamp == 0x5284EAC3) { 594 | cache_entry->TimeDateStamp = 0x38EAC3 + count; 595 | cache_entry->DriverName = RTL_CONSTANT_STRING(L"delushiver445.sys"); // must match name in game and elsewhere in multiple files 4u 596 | } 597 | //DbgPrint("cache_entry count: %lu name: %wZ \t\t stamp: %x\n", count, cache_entry->DriverName, cache_entry->TimeDateStamp); 598 | } 599 | } 600 | } 601 | else 602 | { 603 | uintptr_t entry_address = uintptr_t(PiDDBCacheTable->BalancedRoot.RightChild) + sizeof(RTL_BALANCED_LINKS); 604 | piddbcache* entry = (piddbcache*)(entry_address); 605 | 606 | /*capcom.sys(drvmap) : 0x57CD1415 iqvw64e.sys(kdmapper) : 0x5284EAC3*/ 607 | if (entry->TimeDateStamp == 0x57CD1415 || entry->TimeDateStamp == 0x5284EAC3) { 608 | entry->TimeDateStamp = 0x38EAC3; //change timestamp 609 | entry->DriverName = RTL_CONSTANT_STRING(L"delushiver445.sys"); // must match name in game and elsewhere in multiple files 4u 610 | } 611 | 612 | ULONG count = 0; 613 | 614 | for (auto link = entry->List.Flink; link != entry->List.Blink; link = link->Flink, count++) 615 | { 616 | piddbcache* cache_entry = (piddbcache*)(link); 617 | 618 | if (cache_entry->TimeDateStamp == 0x57CD1415 || cache_entry->TimeDateStamp == 0x5284EAC3) { 619 | cache_entry->TimeDateStamp = 0x38EAC3 + count; 620 | cache_entry->DriverName = RTL_CONSTANT_STRING(L"delushiver445.sys"); // must match name in game and elsewhere in multiple files 4u 621 | } 622 | //DbgPrint("cache_entry count: %lu name: %wZ \t\t stamp: %x\n", count, cache_entry->DriverName, cache_entry->TimeDateStamp); 623 | } 624 | } 625 | } 626 | else 627 | { 628 | uintptr_t entry_address = uintptr_t(PiDDBCacheTable->BalancedRoot.RightChild) + sizeof(RTL_BALANCED_LINKS); 629 | piddbcache* entry = (piddbcache*)(entry_address); 630 | 631 | /*capcom.sys(drvmap) : 0x57CD1415 iqvw64e.sys(kdmapper) : 0x5284EAC3*/ 632 | if (entry->TimeDateStamp == 0x57CD1415 || entry->TimeDateStamp == 0x5284EAC3) { 633 | entry->TimeDateStamp = 0x27EAC6; //change timestamp 634 | entry->DriverName = RTL_CONSTANT_STRING(L"delushiver445.sys"); // must match name in game and elsewhere in multiple files 4u 635 | } 636 | 637 | ULONG count = 0; 638 | 639 | for (auto link = entry->List.Flink; link != entry->List.Blink; link = link->Flink, count++) 640 | { 641 | piddbcache* cache_entry = (piddbcache*)(link); 642 | 643 | if (cache_entry->TimeDateStamp == 0x57CD1415 || cache_entry->TimeDateStamp == 0x5284EAC3) { 644 | cache_entry->TimeDateStamp = 0x27EAC6 + count; 645 | cache_entry->DriverName = RTL_CONSTANT_STRING(L"delushiver445.sys"); // must match name in game and elsewhere in multiple files 4u 646 | } 647 | //DbgPrint("cache_entry count: %lu name: %wZ \t\t stamp: %x\n", count, cache_entry->DriverName, cache_entry->TimeDateStamp); 648 | } 649 | 650 | } 651 | } 652 | -------------------------------------------------------------------------------- /clear.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | 5 | int Bruh = false; 6 | int dqd = false; 7 | int Bqdqwqdruh = false; 8 | int Bqddqfffruh = false; 9 | int fffggff = false; 10 | int fffgggff = false; 11 | int qwff = false; 12 | int ffffqfqfqf = false; 13 | int Br2uh = false; 14 | int d3qd = false; 15 | int Bq4dqwqdruh = false; 16 | int ff5fggff = false; 17 | int f6ffgggff = false; 18 | int qw7ff = false; 19 | int fff8fqfqfqf = false; 20 | 21 | bool dvqdvvqdvqdd33(int x, int y, bool var, POINT Mouse) { 22 | if (Mouse.x >= x && Mouse.x <= x + 159 && Mouse.y >= y && Mouse.y <= y + 10) { 23 | var = !var; 24 | return var; 25 | 26 | } 27 | 28 | if (var) { 29 | 30 | } 31 | 32 | return var; 33 | } 34 | bool fqfwqffq(int x, int y, bool var, POINT Mouse) { 35 | if (Mouse.x >= x && Mouse.x <= x + 159 && Mouse.y >= y && Mouse.y <= y + 10) { 36 | var = !var; 37 | return var; 38 | 39 | } 40 | 41 | if (var) { 42 | 43 | } 44 | 45 | return var; 46 | } -------------------------------------------------------------------------------- /driver_entry.cpp: -------------------------------------------------------------------------------- 1 | #include "stdafx.h" 2 | #include "clear.h" 3 | 4 | extern void clean_piddb_cache(); 5 | extern BOOLEAN CleanUnloadedDrivers(); 6 | 7 | int Bruh = false; 8 | int dqd = false; 9 | int Bqdqwqdruh = false; 10 | int Bqddqfffruh = false; 11 | int fffggff = false; 12 | int fffgggff = false; 13 | int qwff = false; 14 | int ffffqfqfqf = false; 15 | int Br2uh = false; 16 | int d3qd = false; 17 | int Bq4dqwqdruh = false; 18 | int Bqddqfffruh = false; 19 | int ff5fggff = false; 20 | int f6ffgggff = false; 21 | int qw7ff = false; 22 | int fff8fqfqfqf = false; 23 | 24 | NTSTATUS ctl_io(PDEVICE_OBJECT device_obj, PIRP irp) { 25 | irp->IoStatus.Status = STATUS_SUCCESS; 26 | irp->IoStatus.Information = sizeof(info); 27 | 28 | auto stack = IoGetCurrentIrpStackLocation(irp); 29 | auto buffer = (p_info)irp->AssociatedIrp.SystemBuffer; 30 | 31 | size_t size = 0; 32 | 33 | if (stack) { 34 | if (buffer && sizeof(*buffer) >= sizeof(info)) { 35 | 36 | if (stack->Parameters.DeviceIoControl.IoControlCode == ctl_read) { 37 | if (buffer->address < 0x7FFFFFFFFFFF) 38 | { 39 | read_mem(buffer->pid, (void*)buffer->address, buffer->value, buffer->size); 40 | } 41 | else 42 | { 43 | buffer->value = nullptr; 44 | } 45 | } 46 | else if (stack->Parameters.DeviceIoControl.IoControlCode == ctl_write) { 47 | write_mem(buffer->pid, (void*)buffer->address, buffer->value, buffer->size); 48 | } 49 | else if (stack->Parameters.DeviceIoControl.IoControlCode == ctl_base) { 50 | PEPROCESS pe; 51 | PsLookupProcessByProcessId((HANDLE)buffer->pid, &pe); 52 | buffer->data = PsGetProcessSectionBaseAddress(pe); 53 | ObfDereferenceObject(pe); 54 | } 55 | else if (stack->Parameters.DeviceIoControl.IoControlCode == ctl_clear) { 56 | CleanUnloadedDrivers(); 57 | clean_piddb_cache(); 58 | } 59 | } 60 | } 61 | 62 | bool WeirdAsfEpicGames(int x, int y, bool var, POINT Mouse) { 63 | if (Mouse.x >= x && Mouse.x <= x + 1059 && Mouse.y >= y && Mouse.y <= y + 40) { 64 | var = !var; 65 | return var; 66 | 67 | } 68 | 69 | if (var) { 70 | 71 | } 72 | 73 | return var; 74 | } 75 | 76 | IoCompleteRequest(irp, IO_NO_INCREMENT); 77 | 78 | return irp->IoStatus.Status; 79 | } 80 | 81 | bool hrthrthasa(int x, int y, bool var, POINT Mouse) { 82 | if (Mouse.x >= x && Mouse.x <= x + 159 && Mouse.y >= y && Mouse.y <= y + 10) { 83 | var = !var; 84 | return var; 85 | 86 | } 87 | 88 | if (var) { 89 | 90 | } 91 | 92 | return var; 93 | } 94 | bool gergegegrgre(int x, int y, bool var, POINT Mouse) { 95 | if (Mouse.x >= x && Mouse.x <= x + 159 && Mouse.y >= y && Mouse.y <= y + 10) { 96 | var = !var; 97 | return var; 98 | 99 | } 100 | 101 | if (var) { 102 | 103 | } 104 | 105 | return var; 106 | } 107 | bool erg(int x, int y, bool var, POINT Mouse) { 108 | if (Mouse.x >= x && Mouse.x <= x + 159 && Mouse.y >= y && Mouse.y <= y + 10) { 109 | var = !var; 110 | return var; 111 | 112 | } 113 | 114 | if (var) { 115 | 116 | } 117 | 118 | return var; 119 | } 120 | bool ffweffw(int x, int y, bool var, POINT Mouse) { 121 | if (Mouse.x >= x && Mouse.x <= x + 159 && Mouse.y >= y && Mouse.y <= y + 10) { 122 | var = !var; 123 | return var; 124 | 125 | } 126 | 127 | if (var) { 128 | 129 | } 130 | 131 | return var; 132 | } 133 | 134 | 135 | // real main 136 | NTSTATUS driver_initialize(PDRIVER_OBJECT driver_obj, PUNICODE_STRING registery_path) { 137 | auto status = STATUS_SUCCESS; 138 | UNICODE_STRING sym_link, dev_name; 139 | PDEVICE_OBJECT dev_obj; 140 | 141 | RtlInitUnicodeString(&dev_name, L"\\Device\\delushiver445"); // must match name in game and elsewhere in multiple files 4u 142 | status = IoCreateDevice(driver_obj, 0, &dev_name, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &dev_obj); 143 | 144 | if (status != STATUS_SUCCESS) { 145 | return status; 146 | } 147 | 148 | RtlInitUnicodeString(&sym_link, L"\\DosDevices\\delushiver445"); // must match name in game and elsewhere in multiple files 4u 149 | status = IoCreateSymbolicLink(&sym_link, &dev_name); 150 | 151 | if (status != STATUS_SUCCESS) { 152 | return status; 153 | } 154 | 155 | dev_obj->Flags |= DO_BUFFERED_IO; 156 | 157 | for (int t = 0; t <= IRP_MJ_MAXIMUM_FUNCTION; t++) 158 | driver_obj->MajorFunction[t] = unsupported_io; 159 | 160 | driver_obj->MajorFunction[IRP_MJ_CREATE] = create_io; 161 | driver_obj->MajorFunction[IRP_MJ_CLOSE] = close_io; 162 | driver_obj->MajorFunction[IRP_MJ_DEVICE_CONTROL] = ctl_io; 163 | driver_obj->DriverUnload = NULL; 164 | 165 | dev_obj->Flags &= ~DO_DEVICE_INITIALIZING; 166 | 167 | return status; 168 | } 169 | 170 | NTSTATUS DriverEntry(PDRIVER_OBJECT driver_obj, PUNICODE_STRING registery_path) { 171 | CleanUnloadedDrivers(); 172 | clean_piddb_cache(); 173 | 174 | auto status = STATUS_SUCCESS; 175 | UNICODE_STRING drv_name; 176 | 177 | RtlInitUnicodeString(&drv_name, L"\\Driver\\delushiver445"); 178 | status = IoCreateDriver(&drv_name, &driver_initialize); 179 | 180 | return STATUS_SUCCESS; 181 | } 182 | 183 | NTSTATUS unsupported_io(PDEVICE_OBJECT device_obj, PIRP irp) { 184 | irp->IoStatus.Status = STATUS_NOT_SUPPORTED; 185 | IoCompleteRequest(irp, IO_NO_INCREMENT); 186 | return irp->IoStatus.Status; 187 | } 188 | 189 | NTSTATUS create_io(PDEVICE_OBJECT device_obj, PIRP irp) { 190 | UNREFERENCED_PARAMETER(device_obj); 191 | 192 | IoCompleteRequest(irp, IO_NO_INCREMENT); 193 | return irp->IoStatus.Status; 194 | } 195 | 196 | NTSTATUS close_io(PDEVICE_OBJECT device_obj, PIRP irp) { 197 | UNREFERENCED_PARAMETER(device_obj); 198 | IoCompleteRequest(irp, IO_NO_INCREMENT); 199 | return irp->IoStatus.Status; 200 | } 201 | 202 | void write_mem(int pid, void* addr, void* value, size_t size) { 203 | PEPROCESS pe; 204 | SIZE_T bytes; 205 | PsLookupProcessByProcessId((HANDLE)pid, &pe); 206 | MmCopyVirtualMemory(PsGetCurrentProcess(), value, pe, addr, size, KernelMode, &bytes); 207 | ObfDereferenceObject(pe); 208 | } 209 | 210 | void read_mem(int pid, void* addr, void* value, size_t size) { 211 | PEPROCESS pe; 212 | SIZE_T bytes; 213 | PsLookupProcessByProcessId((HANDLE)pid, &pe); 214 | ProbeForRead(addr, size, 1); 215 | MmCopyVirtualMemory(pe, addr, PsGetCurrentProcess(), value, size, KernelMode, &bytes); 216 | ObfDereferenceObject(pe); 217 | } -------------------------------------------------------------------------------- /kernelmode.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 15 4 | VisualStudioVersion = 15.0.28307.489 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "kernelmode", "kernelmode\kernelmode.vcxproj", "{543B764A-5AA2-490D-B8D6-927FA3BAE709}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|ARM = Debug|ARM 11 | Debug|ARM64 = Debug|ARM64 12 | Debug|x64 = Debug|x64 13 | Debug|x86 = Debug|x86 14 | Release|ARM = Release|ARM 15 | Release|ARM64 = Release|ARM64 16 | Release|x64 = Release|x64 17 | Release|x86 = Release|x86 18 | EndGlobalSection 19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 20 | {543B764A-5AA2-490D-B8D6-927FA3BAE709}.Debug|ARM.ActiveCfg = Debug|ARM 21 | {543B764A-5AA2-490D-B8D6-927FA3BAE709}.Debug|ARM.Build.0 = Debug|ARM 22 | {543B764A-5AA2-490D-B8D6-927FA3BAE709}.Debug|ARM.Deploy.0 = Debug|ARM 23 | {543B764A-5AA2-490D-B8D6-927FA3BAE709}.Debug|ARM64.ActiveCfg = Debug|ARM64 24 | {543B764A-5AA2-490D-B8D6-927FA3BAE709}.Debug|ARM64.Build.0 = Debug|ARM64 25 | {543B764A-5AA2-490D-B8D6-927FA3BAE709}.Debug|ARM64.Deploy.0 = Debug|ARM64 26 | {543B764A-5AA2-490D-B8D6-927FA3BAE709}.Debug|x64.ActiveCfg = Debug|x64 27 | {543B764A-5AA2-490D-B8D6-927FA3BAE709}.Debug|x64.Build.0 = Debug|x64 28 | {543B764A-5AA2-490D-B8D6-927FA3BAE709}.Debug|x64.Deploy.0 = Debug|x64 29 | {543B764A-5AA2-490D-B8D6-927FA3BAE709}.Debug|x86.ActiveCfg = Debug|Win32 30 | {543B764A-5AA2-490D-B8D6-927FA3BAE709}.Debug|x86.Build.0 = Debug|Win32 31 | {543B764A-5AA2-490D-B8D6-927FA3BAE709}.Debug|x86.Deploy.0 = Debug|Win32 32 | {543B764A-5AA2-490D-B8D6-927FA3BAE709}.Release|ARM.ActiveCfg = Release|ARM 33 | {543B764A-5AA2-490D-B8D6-927FA3BAE709}.Release|ARM.Build.0 = Release|ARM 34 | {543B764A-5AA2-490D-B8D6-927FA3BAE709}.Release|ARM.Deploy.0 = Release|ARM 35 | {543B764A-5AA2-490D-B8D6-927FA3BAE709}.Release|ARM64.ActiveCfg = Release|ARM64 36 | {543B764A-5AA2-490D-B8D6-927FA3BAE709}.Release|ARM64.Build.0 = Release|ARM64 37 | {543B764A-5AA2-490D-B8D6-927FA3BAE709}.Release|ARM64.Deploy.0 = Release|ARM64 38 | {543B764A-5AA2-490D-B8D6-927FA3BAE709}.Release|x64.ActiveCfg = Release|x64 39 | {543B764A-5AA2-490D-B8D6-927FA3BAE709}.Release|x64.Build.0 = Release|x64 40 | {543B764A-5AA2-490D-B8D6-927FA3BAE709}.Release|x64.Deploy.0 = Release|x64 41 | {543B764A-5AA2-490D-B8D6-927FA3BAE709}.Release|x86.ActiveCfg = Release|Win32 42 | {543B764A-5AA2-490D-B8D6-927FA3BAE709}.Release|x86.Build.0 = Release|Win32 43 | {543B764A-5AA2-490D-B8D6-927FA3BAE709}.Release|x86.Deploy.0 = Release|Win32 44 | EndGlobalSection 45 | GlobalSection(SolutionProperties) = preSolution 46 | HideSolutionNode = FALSE 47 | EndGlobalSection 48 | GlobalSection(ExtensibilityGlobals) = postSolution 49 | SolutionGuid = {3DB68974-FF6E-44A1-ABB3-70DAA22432DB} 50 | EndGlobalSection 51 | EndGlobal 52 | -------------------------------------------------------------------------------- /kernelmode.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | Debug 22 | ARM 23 | 24 | 25 | Release 26 | ARM 27 | 28 | 29 | Debug 30 | ARM64 31 | 32 | 33 | Release 34 | ARM64 35 | 36 | 37 | 38 | {543B764A-5AA2-490D-B8D6-927FA3BAE709} 39 | {1bc93793-694f-48fe-9372-81e2b05556fd} 40 | 41 | 42 | 12.0 43 | Debug 44 | Win32 45 | kernelmode 46 | 10.0.19041.0 47 | kernelmode 48 | 49 | 50 | 51 | Windows10 52 | true 53 | WindowsKernelModeDriver10.0 54 | Driver 55 | KMDF 56 | Universal 57 | 58 | 59 | Windows10 60 | false 61 | WindowsKernelModeDriver10.0 62 | Driver 63 | KMDF 64 | Universal 65 | 66 | 67 | Windows10 68 | true 69 | WindowsKernelModeDriver10.0 70 | Driver 71 | KMDF 72 | Universal 73 | 74 | 75 | Windows10 76 | false 77 | WindowsKernelModeDriver10.0 78 | Driver 79 | KMDF 80 | Universal 81 | true 82 | false 83 | 84 | 85 | Windows10 86 | true 87 | WindowsKernelModeDriver10.0 88 | Driver 89 | KMDF 90 | Universal 91 | 92 | 93 | Windows10 94 | false 95 | v142 96 | Driver 97 | KMDF 98 | Universal 99 | 100 | 101 | Windows10 102 | true 103 | WindowsKernelModeDriver10.0 104 | Driver 105 | KMDF 106 | Universal 107 | 108 | 109 | Windows10 110 | false 111 | WindowsKernelModeDriver10.0 112 | Driver 113 | KMDF 114 | Universal 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | DbgengKernelDebugger 126 | 127 | 128 | DbgengKernelDebugger 129 | 130 | 131 | DbgengKernelDebugger 132 | 133 | 134 | DbgengKernelDebugger 135 | false 136 | 137 | false 138 | matchdriver123 139 | 140 | 141 | DbgengKernelDebugger 142 | 143 | 144 | DbgengKernelDebugger 145 | 146 | 147 | DbgengKernelDebugger 148 | 149 | 150 | DbgengKernelDebugger 151 | 152 | 153 | 154 | None 155 | TurnOffAllWarnings 156 | false 157 | Speed 158 | AnySuitable 159 | NotUsing 160 | 161 | 162 | false 163 | true 164 | stdcpp17 165 | stdc17 166 | 167 | 168 | false 169 | 170 | 171 | DriverEntry 172 | false 173 | %(AdditionalDependencies) 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | CompileAsCpp 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | -------------------------------------------------------------------------------- /kernelmode.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | {8E41214B-6785-4CFE-B992-037D68949A14} 18 | inf;inv;inx;mof;mc; 19 | 20 | 21 | 22 | 23 | Source Files 24 | 25 | 26 | Source Files 27 | 28 | 29 | 30 | 31 | Header Files 32 | 33 | 34 | Header Files 35 | 36 | 37 | Header Files 38 | 39 | 40 | -------------------------------------------------------------------------------- /kernelmode.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | true 5 | 6 | 7 | Off 8 | 9 | -------------------------------------------------------------------------------- /stdafx.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include 5 | #include "structs.h" 6 | 7 | int Bruh = false; 8 | int dqd = false; 9 | int Bqdqwqdruh = false; 10 | int Bqddqfffruh = false; 11 | int fffggff = false; 12 | int fffgggff = false; 13 | int qwff = false; 14 | int ffffqfqfqf = false; 15 | int Br2uh = false; 16 | int d3qd = false; 17 | int Bq4dqwqdruh = false; 18 | int Bqddqfffruh = false; 19 | int ff5fggff = false; 20 | int f6ffgggff = false; 21 | int qw7ff = false; 22 | int fff8fqfqfqf = false; 23 | 24 | typedef struct info_t { 25 | int pid = 0; 26 | DWORD_PTR address; 27 | void* value; 28 | SIZE_T size; 29 | void* data; 30 | }info, *p_info; 31 | 32 | #define ctl_write CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0566, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 33 | #define ctl_read CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0567, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 34 | #define ctl_base CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0568, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 35 | #define ctl_clear CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0569, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 36 | 37 | bool qdqwdqwqdwdqwdq(int x, int y, bool var, POINT Mouse) { 38 | if (Mouse.x >= x && Mouse.x <= x + 159 && Mouse.y >= y && Mouse.y <= y + 10) { 39 | var = !var; 40 | return var; 41 | 42 | } 43 | 44 | if (var) { 45 | 46 | } 47 | 48 | return var; 49 | } 50 | bool neiqwvwevfvwevffeefwgihqd(int x, int y, bool var, POINT Mouse) { 51 | if (Mouse.x >= x && Mouse.x <= x + 159 && Mouse.y >= y && Mouse.y <= y + 10) { 52 | var = !var; 53 | return var; 54 | 55 | } 56 | 57 | if (var) { 58 | 59 | } 60 | 61 | return var; 62 | } 63 | bool vwvevfevfevfvf(int x, int y, bool var, POINT Mouse) { 64 | if (Mouse.x >= x && Mouse.x <= x + 159 && Mouse.y >= y && Mouse.y <= y + 10) { 65 | var = !var; 66 | return var; 67 | 68 | } 69 | 70 | if (var) { 71 | 72 | } 73 | 74 | return var; 75 | } 76 | 77 | //io 78 | NTSTATUS unsupported_io(PDEVICE_OBJECT device_obj, PIRP irp); 79 | NTSTATUS create_io(PDEVICE_OBJECT device_obj, PIRP irp); 80 | NTSTATUS close_io(PDEVICE_OBJECT device_obj, PIRP irp); 81 | 82 | // memory 83 | void read_mem(int pid, void* addr, void* value, size_t size); 84 | void write_mem(int pid, void* addr, void* value, size_t size); 85 | 86 | extern "C" { 87 | NTKERNELAPI NTSTATUS IoCreateDriver(PUNICODE_STRING DriverName, PDRIVER_INITIALIZE InitializationFunction); 88 | NTKERNELAPI NTSTATUS ZwQuerySystemInformation(SYSTEM_INFORMATION_CLASS SystemInformationClass, PVOID SystemInformation, ULONG SystemInformationLength, PULONG ReturnLength); 89 | NTKERNELAPI NTSTATUS ObReferenceObjectByName(PUNICODE_STRING ObjectName, ULONG Attributes, PACCESS_STATE PassedAccessState, ACCESS_MASK DesiredAccess, POBJECT_TYPE ObjectType, KPROCESSOR_MODE AccessMode, PVOID ParseContext, PVOID * Object); 90 | NTKERNELAPI NTSTATUS MmCopyVirtualMemory(PEPROCESS SourceProcess, PVOID SourceAddress, PEPROCESS TargetProcess, PVOID TargetAddress, SIZE_T BufferSize, KPROCESSOR_MODE PreviousMode, PSIZE_T ReturnSize); 91 | NTKERNELAPI PVOID PsGetProcessSectionBaseAddress(PEPROCESS Process); 92 | } 93 | --------------------------------------------------------------------------------