├── .gitattributes
├── .gitignore
├── KernelController
├── KernelController.vcxproj
├── KernelController.vcxproj.filters
├── communication.hpp
├── kernel_Interface.h
├── main.cpp
└── offsets.h
├── myFirstKernel.sln
└── myFirstKernel
├── communications.c
├── communications.h
├── define.h
├── driver.c
├── driver.h
├── events.c
├── events.h
├── memory.c
├── memory.h
├── message.h
├── myFirstKernel.inf
├── myFirstKernel.vcxproj
└── myFirstKernel.vcxproj.filters
/.gitattributes:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | # Set default behavior to automatically normalize line endings.
3 | ###############################################################################
4 | * text=auto
5 |
6 | ###############################################################################
7 | # Set default behavior for command prompt diff.
8 | #
9 | # This is need for earlier builds of msysgit that does not have it on by
10 | # default for csharp files.
11 | # Note: This is only used by command line
12 | ###############################################################################
13 | #*.cs diff=csharp
14 |
15 | ###############################################################################
16 | # Set the merge driver for project and solution files
17 | #
18 | # Merging from the command prompt will add diff markers to the files if there
19 | # are conflicts (Merging from VS is not affected by the settings below, in VS
20 | # the diff markers are never inserted). Diff markers may cause the following
21 | # file extensions to fail to load in VS. An alternative would be to treat
22 | # these files as binary and thus will always conflict and require user
23 | # intervention with every merge. To do so, just uncomment the entries below
24 | ###############################################################################
25 | #*.sln merge=binary
26 | #*.csproj merge=binary
27 | #*.vbproj merge=binary
28 | #*.vcxproj merge=binary
29 | #*.vcproj merge=binary
30 | #*.dbproj merge=binary
31 | #*.fsproj merge=binary
32 | #*.lsproj merge=binary
33 | #*.wixproj merge=binary
34 | #*.modelproj merge=binary
35 | #*.sqlproj merge=binary
36 | #*.wwaproj merge=binary
37 |
38 | ###############################################################################
39 | # behavior for image files
40 | #
41 | # image files are treated as binary by default.
42 | ###############################################################################
43 | #*.jpg binary
44 | #*.png binary
45 | #*.gif binary
46 |
47 | ###############################################################################
48 | # diff behavior for common document formats
49 | #
50 | # Convert binary document formats to text before diffing them. This feature
51 | # is only available from the command line. Turn it on by uncommenting the
52 | # entries below.
53 | ###############################################################################
54 | #*.doc diff=astextplain
55 | #*.DOC diff=astextplain
56 | #*.docx diff=astextplain
57 | #*.DOCX diff=astextplain
58 | #*.dot diff=astextplain
59 | #*.DOT diff=astextplain
60 | #*.pdf diff=astextplain
61 | #*.PDF diff=astextplain
62 | #*.rtf diff=astextplain
63 | #*.RTF diff=astextplain
64 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 | ##
4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
5 |
6 | # User-specific files
7 | *.rsuser
8 | *.suo
9 | *.user
10 | *.userosscache
11 | *.sln.docstates
12 |
13 | # User-specific files (MonoDevelop/Xamarin Studio)
14 | *.userprefs
15 |
16 | # Mono auto generated files
17 | mono_crash.*
18 |
19 | # Build results
20 | [Dd]ebug/
21 | [Dd]ebugPublic/
22 | [Rr]elease/
23 | [Rr]eleases/
24 | x64/
25 | x86/
26 | [Ww][Ii][Nn]32/
27 | [Aa][Rr][Mm]/
28 | [Aa][Rr][Mm]64/
29 | bld/
30 | [Bb]in/
31 | [Oo]bj/
32 | [Oo]ut/
33 | [Ll]og/
34 | [Ll]ogs/
35 |
36 | # Visual Studio 2015/2017 cache/options directory
37 | .vs/
38 | # Uncomment if you have tasks that create the project's static files in wwwroot
39 | #wwwroot/
40 |
41 | # Visual Studio 2017 auto generated files
42 | Generated\ Files/
43 |
44 | # MSTest test Results
45 | [Tt]est[Rr]esult*/
46 | [Bb]uild[Ll]og.*
47 |
48 | # NUnit
49 | *.VisualState.xml
50 | TestResult.xml
51 | nunit-*.xml
52 |
53 | # Build Results of an ATL Project
54 | [Dd]ebugPS/
55 | [Rr]eleasePS/
56 | dlldata.c
57 |
58 | # Benchmark Results
59 | BenchmarkDotNet.Artifacts/
60 |
61 | # .NET Core
62 | project.lock.json
63 | project.fragment.lock.json
64 | artifacts/
65 |
66 | # ASP.NET Scaffolding
67 | ScaffoldingReadMe.txt
68 |
69 | # StyleCop
70 | StyleCopReport.xml
71 |
72 | # Files built by Visual Studio
73 | *_i.c
74 | *_p.c
75 | *_h.h
76 | *.ilk
77 | *.meta
78 | *.obj
79 | *.iobj
80 | *.pch
81 | *.pdb
82 | *.ipdb
83 | *.pgc
84 | *.pgd
85 | *.rsp
86 | *.sbr
87 | *.tlb
88 | *.tli
89 | *.tlh
90 | *.tmp
91 | *.tmp_proj
92 | *_wpftmp.csproj
93 | *.log
94 | *.vspscc
95 | *.vssscc
96 | .builds
97 | *.pidb
98 | *.svclog
99 | *.scc
100 |
101 | # Chutzpah Test files
102 | _Chutzpah*
103 |
104 | # Visual C++ cache files
105 | ipch/
106 | *.aps
107 | *.ncb
108 | *.opendb
109 | *.opensdf
110 | *.sdf
111 | *.cachefile
112 | *.VC.db
113 | *.VC.VC.opendb
114 |
115 | # Visual Studio profiler
116 | *.psess
117 | *.vsp
118 | *.vspx
119 | *.sap
120 |
121 | # Visual Studio Trace Files
122 | *.e2e
123 |
124 | # TFS 2012 Local Workspace
125 | $tf/
126 |
127 | # Guidance Automation Toolkit
128 | *.gpState
129 |
130 | # ReSharper is a .NET coding add-in
131 | _ReSharper*/
132 | *.[Rr]e[Ss]harper
133 | *.DotSettings.user
134 |
135 | # TeamCity is a build add-in
136 | _TeamCity*
137 |
138 | # DotCover is a Code Coverage Tool
139 | *.dotCover
140 |
141 | # AxoCover is a Code Coverage Tool
142 | .axoCover/*
143 | !.axoCover/settings.json
144 |
145 | # Coverlet is a free, cross platform Code Coverage Tool
146 | coverage*.json
147 | coverage*.xml
148 | coverage*.info
149 |
150 | # Visual Studio code coverage results
151 | *.coverage
152 | *.coveragexml
153 |
154 | # NCrunch
155 | _NCrunch_*
156 | .*crunch*.local.xml
157 | nCrunchTemp_*
158 |
159 | # MightyMoose
160 | *.mm.*
161 | AutoTest.Net/
162 |
163 | # Web workbench (sass)
164 | .sass-cache/
165 |
166 | # Installshield output folder
167 | [Ee]xpress/
168 |
169 | # DocProject is a documentation generator add-in
170 | DocProject/buildhelp/
171 | DocProject/Help/*.HxT
172 | DocProject/Help/*.HxC
173 | DocProject/Help/*.hhc
174 | DocProject/Help/*.hhk
175 | DocProject/Help/*.hhp
176 | DocProject/Help/Html2
177 | DocProject/Help/html
178 |
179 | # Click-Once directory
180 | publish/
181 |
182 | # Publish Web Output
183 | *.[Pp]ublish.xml
184 | *.azurePubxml
185 | # Note: Comment the next line if you want to checkin your web deploy settings,
186 | # but database connection strings (with potential passwords) will be unencrypted
187 | *.pubxml
188 | *.publishproj
189 |
190 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
191 | # checkin your Azure Web App publish settings, but sensitive information contained
192 | # in these scripts will be unencrypted
193 | PublishScripts/
194 |
195 | # NuGet Packages
196 | *.nupkg
197 | # NuGet Symbol Packages
198 | *.snupkg
199 | # The packages folder can be ignored because of Package Restore
200 | **/[Pp]ackages/*
201 | # except build/, which is used as an MSBuild target.
202 | !**/[Pp]ackages/build/
203 | # Uncomment if necessary however generally it will be regenerated when needed
204 | #!**/[Pp]ackages/repositories.config
205 | # NuGet v3's project.json files produces more ignorable files
206 | *.nuget.props
207 | *.nuget.targets
208 |
209 | # Microsoft Azure Build Output
210 | csx/
211 | *.build.csdef
212 |
213 | # Microsoft Azure Emulator
214 | ecf/
215 | rcf/
216 |
217 | # Windows Store app package directories and files
218 | AppPackages/
219 | BundleArtifacts/
220 | Package.StoreAssociation.xml
221 | _pkginfo.txt
222 | *.appx
223 | *.appxbundle
224 | *.appxupload
225 |
226 | # Visual Studio cache files
227 | # files ending in .cache can be ignored
228 | *.[Cc]ache
229 | # but keep track of directories ending in .cache
230 | !?*.[Cc]ache/
231 |
232 | # Others
233 | ClientBin/
234 | ~$*
235 | *~
236 | *.dbmdl
237 | *.dbproj.schemaview
238 | *.jfm
239 | *.pfx
240 | *.publishsettings
241 | orleans.codegen.cs
242 |
243 | # Including strong name files can present a security risk
244 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
245 | #*.snk
246 |
247 | # Since there are multiple workflows, uncomment next line to ignore bower_components
248 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
249 | #bower_components/
250 |
251 | # RIA/Silverlight projects
252 | Generated_Code/
253 |
254 | # Backup & report files from converting an old project file
255 | # to a newer Visual Studio version. Backup files are not needed,
256 | # because we have git ;-)
257 | _UpgradeReport_Files/
258 | Backup*/
259 | UpgradeLog*.XML
260 | UpgradeLog*.htm
261 | ServiceFabricBackup/
262 | *.rptproj.bak
263 |
264 | # SQL Server files
265 | *.mdf
266 | *.ldf
267 | *.ndf
268 |
269 | # Business Intelligence projects
270 | *.rdl.data
271 | *.bim.layout
272 | *.bim_*.settings
273 | *.rptproj.rsuser
274 | *- [Bb]ackup.rdl
275 | *- [Bb]ackup ([0-9]).rdl
276 | *- [Bb]ackup ([0-9][0-9]).rdl
277 |
278 | # Microsoft Fakes
279 | FakesAssemblies/
280 |
281 | # GhostDoc plugin setting file
282 | *.GhostDoc.xml
283 |
284 | # Node.js Tools for Visual Studio
285 | .ntvs_analysis.dat
286 | node_modules/
287 |
288 | # Visual Studio 6 build log
289 | *.plg
290 |
291 | # Visual Studio 6 workspace options file
292 | *.opt
293 |
294 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
295 | *.vbw
296 |
297 | # Visual Studio LightSwitch build output
298 | **/*.HTMLClient/GeneratedArtifacts
299 | **/*.DesktopClient/GeneratedArtifacts
300 | **/*.DesktopClient/ModelManifest.xml
301 | **/*.Server/GeneratedArtifacts
302 | **/*.Server/ModelManifest.xml
303 | _Pvt_Extensions
304 |
305 | # Paket dependency manager
306 | .paket/paket.exe
307 | paket-files/
308 |
309 | # FAKE - F# Make
310 | .fake/
311 |
312 | # CodeRush personal settings
313 | .cr/personal
314 |
315 | # Python Tools for Visual Studio (PTVS)
316 | __pycache__/
317 | *.pyc
318 |
319 | # Cake - Uncomment if you are using it
320 | # tools/**
321 | # !tools/packages.config
322 |
323 | # Tabs Studio
324 | *.tss
325 |
326 | # Telerik's JustMock configuration file
327 | *.jmconfig
328 |
329 | # BizTalk build output
330 | *.btp.cs
331 | *.btm.cs
332 | *.odx.cs
333 | *.xsd.cs
334 |
335 | # OpenCover UI analysis results
336 | OpenCover/
337 |
338 | # Azure Stream Analytics local run output
339 | ASALocalRun/
340 |
341 | # MSBuild Binary and Structured Log
342 | *.binlog
343 |
344 | # NVidia Nsight GPU debugger configuration file
345 | *.nvuser
346 |
347 | # MFractors (Xamarin productivity tool) working folder
348 | .mfractor/
349 |
350 | # Local History for Visual Studio
351 | .localhistory/
352 |
353 | # BeatPulse healthcheck temp database
354 | healthchecksdb
355 |
356 | # Backup folder for Package Reference Convert tool in Visual Studio 2017
357 | MigrationBackup/
358 |
359 | # Ionide (cross platform F# VS Code tools) working folder
360 | .ionide/
361 |
362 | # Fody - auto-generated XML schema
363 | FodyWeavers.xsd
--------------------------------------------------------------------------------
/KernelController/KernelController.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 16.0
23 | Win32Proj
24 | {a5dcafbc-eeb7-415b-bc88-07c00c3bdfd7}
25 | KernelController
26 | 10.0
27 |
28 |
29 |
30 | Application
31 | true
32 | v142
33 | Unicode
34 |
35 |
36 | Application
37 | false
38 | v142
39 | true
40 | Unicode
41 |
42 |
43 | Application
44 | true
45 | v142
46 | Unicode
47 |
48 |
49 | Application
50 | false
51 | v142
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 | true
75 |
76 |
77 | false
78 |
79 |
80 | true
81 |
82 |
83 | false
84 |
85 |
86 |
87 | Level3
88 | true
89 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
90 | true
91 |
92 |
93 | Console
94 | true
95 |
96 |
97 |
98 |
99 | Level3
100 | true
101 | true
102 | true
103 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
104 | true
105 |
106 |
107 | Console
108 | true
109 | true
110 | true
111 |
112 |
113 |
114 |
115 | Level3
116 | true
117 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
118 | true
119 |
120 |
121 | Console
122 | true
123 |
124 |
125 |
126 |
127 | Level3
128 | true
129 | true
130 | true
131 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
132 | true
133 |
134 |
135 | Console
136 | true
137 | true
138 | true
139 |
140 |
141 |
142 |
143 |
144 |
145 |
146 |
147 |
148 |
149 |
150 |
151 |
152 |
--------------------------------------------------------------------------------
/KernelController/KernelController.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Header Files
20 |
21 |
22 | Header Files
23 |
24 |
25 | Header Files
26 |
27 |
28 |
29 |
30 | Source Files
31 |
32 |
33 |
--------------------------------------------------------------------------------
/KernelController/communication.hpp:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include
4 |
5 | #define IO_GET_CLIENTADDRESS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x666, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
6 |
7 | #define IO_READ_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x667, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
8 |
9 | #define IO_WRITE_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x668, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
10 |
11 | #define IO_REQUEST_PROCESSID CTL_CODE(FILE_DEVICE_UNKNOWN, 0x669, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
12 |
13 | typedef struct _KERNEL_READ_REQUEST
14 | {
15 | ULONG ProcessId;
16 | ULONG Address;
17 | PVOID pBuff;
18 | ULONG Size;
19 |
20 | } KERNEL_READ_REQUEST, * PKERNEL_READ_REQUEST;
21 |
22 | typedef struct _KERNEL_WRITE_REQUEST
23 | {
24 | ULONG ProcessId;
25 | ULONG Address;
26 | PVOID pBuff;
27 | ULONG Size;
28 |
29 | } KERNEL_WRITE_REQUEST, * PKERNEL_WRITE_REQUEST;
--------------------------------------------------------------------------------
/KernelController/kernel_Interface.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #pragma warning(disable: 6001 4244)
3 | #include "communication.hpp"
4 |
5 | class KernelInterface
6 | {
7 | public:
8 | HANDLE hDriver;
9 |
10 | KernelInterface(LPCSTR RegistryPath)
11 | {
12 | hDriver = CreateFileA(RegistryPath, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0);
13 | }
14 |
15 | DWORD GetClientAddress()
16 | {
17 | if (hDriver == INVALID_HANDLE_VALUE)
18 | {
19 | return 0;
20 | }
21 |
22 | ULONG Address;
23 | DWORD Bytes;
24 |
25 | if (DeviceIoControl(hDriver, IO_GET_CLIENTADDRESS, &Address, sizeof(Address), &Address, sizeof(Address), &Bytes, NULL))
26 | {
27 | return Address;
28 | }
29 |
30 | return 0;
31 | }
32 |
33 | DWORD GetProcessId()
34 | {
35 | if (hDriver == INVALID_HANDLE_VALUE)
36 | {
37 | return 0;
38 | }
39 |
40 | ULONG ProccessID;
41 | DWORD Bytes;
42 |
43 | if (DeviceIoControl(hDriver, IO_REQUEST_PROCESSID, &ProccessID, sizeof(ProccessID), &ProccessID, sizeof(ProccessID), &Bytes, NULL))
44 | {
45 | return ProccessID;
46 | }
47 |
48 | return 0;
49 | }
50 |
51 | template
52 | type ReadVirtualMemory(ULONG ProcessId, ULONG ReadAddress, SIZE_T Size)
53 | {
54 | type Buffer;
55 |
56 | KERNEL_READ_REQUEST ReadRequest;
57 |
58 | ReadRequest.ProcessId = ProcessId;
59 | ReadRequest.Address = ReadAddress;
60 | ReadRequest.pBuff = &Buffer;
61 | ReadRequest.Size = Size;
62 |
63 | if (DeviceIoControl(hDriver, IO_READ_REQUEST, &ReadRequest, sizeof(ReadRequest), &ReadRequest, sizeof(ReadRequest), 0, 0))
64 | {
65 | return Buffer;
66 | }
67 |
68 | return Buffer;
69 | }
70 |
71 | template
72 | bool WriteVirtualMemory(ULONG ProcessId, ULONG WriteAddress, type WriteValue, SIZE_T Size)
73 | {
74 | if (hDriver == INVALID_HANDLE_VALUE)
75 | {
76 | return false;
77 | }
78 |
79 | DWORD Bytes;
80 |
81 | KERNEL_WRITE_REQUEST WriteRequest;
82 |
83 | WriteRequest.ProcessId = ProcessId;
84 | WriteRequest.Address = WriteAddress;
85 | WriteRequest.pBuff = &WriteValue;
86 | WriteRequest.Size = Size;
87 |
88 | if (DeviceIoControl(hDriver, IO_WRITE_REQUEST, &WriteRequest, sizeof(WriteRequest), 0, 0, &Bytes, NULL))
89 | {
90 | return true;
91 | }
92 |
93 | return false;
94 | }
95 | };
96 |
--------------------------------------------------------------------------------
/KernelController/main.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include "kernel_interface.h"
3 | #include "offsets.h"
4 |
5 | int main()
6 | {
7 | KernelInterface Driver = KernelInterface("\\\\.\\mfk");
8 |
9 | ULONG address = Driver.GetClientAddress();
10 | ULONG processid = Driver.GetProcessId();
11 |
12 | std::cout << " Client Address " << std::hex << address << std::endl;
13 | std::cout << " ProcessID " << processid << std::endl;
14 |
15 | while (true)
16 | {
17 | uint32_t base = Driver.ReadVirtualMemory(processid, 0x0014FF78, sizeof(uint32_t));
18 | std::cout << base << std::endl;
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/KernelController/offsets.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include
4 | #include
5 |
6 | // 2020-08-07 10:11:41.226410900 UTC
7 |
8 | namespace hazedumper {
9 | constexpr ::std::int64_t timestamp = 1596795101;
10 | namespace netvars {
11 | constexpr ::std::ptrdiff_t cs_gamerules_data = 0x0;
12 | constexpr ::std::ptrdiff_t m_ArmorValue = 0xB378;
13 | constexpr ::std::ptrdiff_t m_Collision = 0x320;
14 | constexpr ::std::ptrdiff_t m_CollisionGroup = 0x474;
15 | constexpr ::std::ptrdiff_t m_Local = 0x2FBC;
16 | constexpr ::std::ptrdiff_t m_MoveType = 0x25C;
17 | constexpr ::std::ptrdiff_t m_OriginalOwnerXuidHigh = 0x31C4;
18 | constexpr ::std::ptrdiff_t m_OriginalOwnerXuidLow = 0x31C0;
19 | constexpr ::std::ptrdiff_t m_SurvivalGameRuleDecisionTypes = 0x1320;
20 | constexpr ::std::ptrdiff_t m_SurvivalRules = 0xCF8;
21 | constexpr ::std::ptrdiff_t m_aimPunchAngle = 0x302C;
22 | constexpr ::std::ptrdiff_t m_aimPunchAngleVel = 0x3038;
23 | constexpr ::std::ptrdiff_t m_angEyeAnglesX = 0xB37C;
24 | constexpr ::std::ptrdiff_t m_angEyeAnglesY = 0xB380;
25 | constexpr ::std::ptrdiff_t m_bBombPlanted = 0x99D;
26 | constexpr ::std::ptrdiff_t m_bFreezePeriod = 0x20;
27 | constexpr ::std::ptrdiff_t m_bGunGameImmunity = 0x3944;
28 | constexpr ::std::ptrdiff_t m_bHasDefuser = 0xB388;
29 | constexpr ::std::ptrdiff_t m_bHasHelmet = 0xB36C;
30 | constexpr ::std::ptrdiff_t m_bInReload = 0x32A5;
31 | constexpr ::std::ptrdiff_t m_bIsDefusing = 0x3930;
32 | constexpr ::std::ptrdiff_t m_bIsQueuedMatchmaking = 0x74;
33 | constexpr ::std::ptrdiff_t m_bIsScoped = 0x3928;
34 | constexpr ::std::ptrdiff_t m_bIsValveDS = 0x75;
35 | constexpr ::std::ptrdiff_t m_bSpotted = 0x93D;
36 | constexpr ::std::ptrdiff_t m_bSpottedByMask = 0x980;
37 | constexpr ::std::ptrdiff_t m_bStartedArming = 0x33F0;
38 | constexpr ::std::ptrdiff_t m_bUseCustomAutoExposureMax = 0x9D9;
39 | constexpr ::std::ptrdiff_t m_bUseCustomAutoExposureMin = 0x9D8;
40 | constexpr ::std::ptrdiff_t m_bUseCustomBloomScale = 0x9DA;
41 | constexpr ::std::ptrdiff_t m_clrRender = 0x70;
42 | constexpr ::std::ptrdiff_t m_dwBoneMatrix = 0x26A8;
43 | constexpr ::std::ptrdiff_t m_fAccuracyPenalty = 0x3330;
44 | constexpr ::std::ptrdiff_t m_fFlags = 0x104;
45 | constexpr ::std::ptrdiff_t m_flC4Blow = 0x2990;
46 | constexpr ::std::ptrdiff_t m_flCustomAutoExposureMax = 0x9E0;
47 | constexpr ::std::ptrdiff_t m_flCustomAutoExposureMin = 0x9DC;
48 | constexpr ::std::ptrdiff_t m_flCustomBloomScale = 0x9E4;
49 | constexpr ::std::ptrdiff_t m_flDefuseCountDown = 0x29AC;
50 | constexpr ::std::ptrdiff_t m_flDefuseLength = 0x29A8;
51 | constexpr ::std::ptrdiff_t m_flFallbackWear = 0x31D0;
52 | constexpr ::std::ptrdiff_t m_flFlashDuration = 0xA420;
53 | constexpr ::std::ptrdiff_t m_flFlashMaxAlpha = 0xA41C;
54 | constexpr ::std::ptrdiff_t m_flLastBoneSetupTime = 0x2924;
55 | constexpr ::std::ptrdiff_t m_flLowerBodyYawTarget = 0x3A90;
56 | constexpr ::std::ptrdiff_t m_flNextAttack = 0x2D70;
57 | constexpr ::std::ptrdiff_t m_flNextPrimaryAttack = 0x3238;
58 | constexpr ::std::ptrdiff_t m_flSimulationTime = 0x268;
59 | constexpr ::std::ptrdiff_t m_flTimerLength = 0x2994;
60 | constexpr ::std::ptrdiff_t m_hActiveWeapon = 0x2EF8;
61 | constexpr ::std::ptrdiff_t m_hMyWeapons = 0x2DF8;
62 | constexpr ::std::ptrdiff_t m_hObserverTarget = 0x338C;
63 | constexpr ::std::ptrdiff_t m_hOwner = 0x29CC;
64 | constexpr ::std::ptrdiff_t m_hOwnerEntity = 0x14C;
65 | constexpr ::std::ptrdiff_t m_iAccountID = 0x2FC8;
66 | constexpr ::std::ptrdiff_t m_iClip1 = 0x3264;
67 | constexpr ::std::ptrdiff_t m_iCompetitiveRanking = 0x1A84;
68 | constexpr ::std::ptrdiff_t m_iCompetitiveWins = 0x1B88;
69 | constexpr ::std::ptrdiff_t m_iCrosshairId = 0xB3E4;
70 | constexpr ::std::ptrdiff_t m_iEntityQuality = 0x2FAC;
71 | constexpr ::std::ptrdiff_t m_iFOV = 0x31E4;
72 | constexpr ::std::ptrdiff_t m_iFOVStart = 0x31E8;
73 | constexpr ::std::ptrdiff_t m_iGlowIndex = 0xA438;
74 | constexpr ::std::ptrdiff_t m_iHealth = 0x100;
75 | constexpr ::std::ptrdiff_t m_iItemDefinitionIndex = 0x2FAA;
76 | constexpr ::std::ptrdiff_t m_iItemIDHigh = 0x2FC0;
77 | constexpr ::std::ptrdiff_t m_iMostRecentModelBoneCounter = 0x2690;
78 | constexpr ::std::ptrdiff_t m_iObserverMode = 0x3378;
79 | constexpr ::std::ptrdiff_t m_iShotsFired = 0xA390;
80 | constexpr ::std::ptrdiff_t m_iState = 0x3258;
81 | constexpr ::std::ptrdiff_t m_iTeamNum = 0xF4;
82 | constexpr ::std::ptrdiff_t m_lifeState = 0x25F;
83 | constexpr ::std::ptrdiff_t m_nFallbackPaintKit = 0x31C8;
84 | constexpr ::std::ptrdiff_t m_nFallbackSeed = 0x31CC;
85 | constexpr ::std::ptrdiff_t m_nFallbackStatTrak = 0x31D4;
86 | constexpr ::std::ptrdiff_t m_nForceBone = 0x268C;
87 | constexpr ::std::ptrdiff_t m_nTickBase = 0x3430;
88 | constexpr ::std::ptrdiff_t m_rgflCoordinateFrame = 0x444;
89 | constexpr ::std::ptrdiff_t m_szCustomName = 0x303C;
90 | constexpr ::std::ptrdiff_t m_szLastPlaceName = 0x35B4;
91 | constexpr ::std::ptrdiff_t m_thirdPersonViewAngles = 0x31D8;
92 | constexpr ::std::ptrdiff_t m_vecOrigin = 0x138;
93 | constexpr ::std::ptrdiff_t m_vecVelocity = 0x114;
94 | constexpr ::std::ptrdiff_t m_vecViewOffset = 0x108;
95 | constexpr ::std::ptrdiff_t m_viewPunchAngle = 0x3020;
96 | } // namespace netvars
97 | namespace signatures {
98 | constexpr ::std::ptrdiff_t anim_overlays = 0x2980;
99 | constexpr ::std::ptrdiff_t clientstate_choked_commands = 0x4D28;
100 | constexpr ::std::ptrdiff_t clientstate_delta_ticks = 0x174;
101 | constexpr ::std::ptrdiff_t clientstate_last_outgoing_command = 0x4D24;
102 | constexpr ::std::ptrdiff_t clientstate_net_channel = 0x9C;
103 | constexpr ::std::ptrdiff_t convar_name_hash_table = 0x2F0F8;
104 | constexpr ::std::ptrdiff_t dwClientState = 0x58ADD4;
105 | constexpr ::std::ptrdiff_t dwClientState_GetLocalPlayer = 0x180;
106 | constexpr ::std::ptrdiff_t dwClientState_IsHLTV = 0x4D40;
107 | constexpr ::std::ptrdiff_t dwClientState_Map = 0x28C;
108 | constexpr ::std::ptrdiff_t dwClientState_MapDirectory = 0x188;
109 | constexpr ::std::ptrdiff_t dwClientState_MaxPlayer = 0x388;
110 | constexpr ::std::ptrdiff_t dwClientState_PlayerInfo = 0x52B8;
111 | constexpr ::std::ptrdiff_t dwClientState_State = 0x108;
112 | constexpr ::std::ptrdiff_t dwClientState_ViewAngles = 0x4D88;
113 | constexpr ::std::ptrdiff_t dwEntityList = 0x4D5450C;
114 | constexpr ::std::ptrdiff_t dwForceAttack = 0x3185AA0;
115 | constexpr ::std::ptrdiff_t dwForceAttack2 = 0x3185AAC;
116 | constexpr ::std::ptrdiff_t dwForceBackward = 0x3185A58;
117 | constexpr ::std::ptrdiff_t dwForceForward = 0x3185A64;
118 | constexpr ::std::ptrdiff_t dwForceJump = 0x51FE22C;
119 | constexpr ::std::ptrdiff_t dwForceLeft = 0x3185A7C;
120 | constexpr ::std::ptrdiff_t dwForceRight = 0x3185A70;
121 | constexpr ::std::ptrdiff_t dwGameDir = 0x629678;
122 | constexpr ::std::ptrdiff_t dwGameRulesProxy = 0x527151C;
123 | constexpr ::std::ptrdiff_t dwGetAllClasses = 0xD662BC;
124 | constexpr ::std::ptrdiff_t dwGlobalVars = 0x58AAD8;
125 | constexpr ::std::ptrdiff_t dwGlowObjectManager = 0x529C3D8;
126 | constexpr ::std::ptrdiff_t dwInput = 0x51A5AE8;
127 | constexpr ::std::ptrdiff_t dwInterfaceLinkList = 0x9087D4;
128 | constexpr ::std::ptrdiff_t dwLocalPlayer = 0xD3FC5C;
129 | constexpr ::std::ptrdiff_t dwMouseEnable = 0xD45800;
130 | constexpr ::std::ptrdiff_t dwMouseEnablePtr = 0xD457D0;
131 | constexpr ::std::ptrdiff_t dwPlayerResource = 0x3183DF0;
132 | constexpr ::std::ptrdiff_t dwRadarBase = 0x518927C;
133 | constexpr ::std::ptrdiff_t dwSensitivity = 0xD4569C;
134 | constexpr ::std::ptrdiff_t dwSensitivityPtr = 0xD45670;
135 | constexpr ::std::ptrdiff_t dwSetClanTag = 0x89FB0;
136 | constexpr ::std::ptrdiff_t dwViewMatrix = 0x4D45E54;
137 | constexpr ::std::ptrdiff_t dwWeaponTable = 0x51A65A8;
138 | constexpr ::std::ptrdiff_t dwWeaponTableIndex = 0x325C;
139 | constexpr ::std::ptrdiff_t dwYawPtr = 0xD45460;
140 | constexpr ::std::ptrdiff_t dwZoomSensitivityRatioPtr = 0xD4A700;
141 | constexpr ::std::ptrdiff_t dwbSendPackets = 0xD423A;
142 | constexpr ::std::ptrdiff_t dwppDirect3DDevice9 = 0xA7030;
143 | constexpr ::std::ptrdiff_t find_hud_element = 0x27D64310;
144 | constexpr ::std::ptrdiff_t force_update_spectator_glow = 0x3A3242;
145 | constexpr ::std::ptrdiff_t interface_engine_cvar = 0x3E9EC;
146 | constexpr ::std::ptrdiff_t is_c4_owner = 0x3AFCD0;
147 | constexpr ::std::ptrdiff_t m_bDormant = 0xED;
148 | constexpr ::std::ptrdiff_t m_flSpawnTime = 0xA370;
149 | constexpr ::std::ptrdiff_t m_pStudioHdr = 0x294C;
150 | constexpr ::std::ptrdiff_t m_pitchClassPtr = 0x5189518;
151 | constexpr ::std::ptrdiff_t m_yawClassPtr = 0xD45460;
152 | constexpr ::std::ptrdiff_t model_ambient_min = 0x58DE4C;
153 | constexpr ::std::ptrdiff_t set_abs_angles = 0x1D7110;
154 | constexpr ::std::ptrdiff_t set_abs_origin = 0x1D6F50;
155 | } // namespace signatures
156 | } // namespace hazedumper
--------------------------------------------------------------------------------
/myFirstKernel.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.31729.503
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "myFirstKernel", "myFirstKernel\myFirstKernel.vcxproj", "{723334BF-176F-4F0C-AF04-742F0C7B465F}"
7 | EndProject
8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KernelController", "KernelController\KernelController.vcxproj", "{A5DCAFBC-EEB7-415B-BC88-07C00C3BDFD7}"
9 | EndProject
10 | Global
11 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
12 | Debug|ARM = Debug|ARM
13 | Debug|ARM64 = Debug|ARM64
14 | Debug|x64 = Debug|x64
15 | Debug|x86 = Debug|x86
16 | Release|ARM = Release|ARM
17 | Release|ARM64 = Release|ARM64
18 | Release|x64 = Release|x64
19 | Release|x86 = Release|x86
20 | EndGlobalSection
21 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
22 | {723334BF-176F-4F0C-AF04-742F0C7B465F}.Debug|ARM.ActiveCfg = Debug|ARM
23 | {723334BF-176F-4F0C-AF04-742F0C7B465F}.Debug|ARM.Build.0 = Debug|ARM
24 | {723334BF-176F-4F0C-AF04-742F0C7B465F}.Debug|ARM.Deploy.0 = Debug|ARM
25 | {723334BF-176F-4F0C-AF04-742F0C7B465F}.Debug|ARM64.ActiveCfg = Debug|ARM64
26 | {723334BF-176F-4F0C-AF04-742F0C7B465F}.Debug|ARM64.Build.0 = Debug|ARM64
27 | {723334BF-176F-4F0C-AF04-742F0C7B465F}.Debug|ARM64.Deploy.0 = Debug|ARM64
28 | {723334BF-176F-4F0C-AF04-742F0C7B465F}.Debug|x64.ActiveCfg = Debug|x64
29 | {723334BF-176F-4F0C-AF04-742F0C7B465F}.Debug|x64.Build.0 = Debug|x64
30 | {723334BF-176F-4F0C-AF04-742F0C7B465F}.Debug|x64.Deploy.0 = Debug|x64
31 | {723334BF-176F-4F0C-AF04-742F0C7B465F}.Debug|x86.ActiveCfg = Debug|Win32
32 | {723334BF-176F-4F0C-AF04-742F0C7B465F}.Debug|x86.Build.0 = Debug|Win32
33 | {723334BF-176F-4F0C-AF04-742F0C7B465F}.Debug|x86.Deploy.0 = Debug|Win32
34 | {723334BF-176F-4F0C-AF04-742F0C7B465F}.Release|ARM.ActiveCfg = Release|ARM
35 | {723334BF-176F-4F0C-AF04-742F0C7B465F}.Release|ARM.Build.0 = Release|ARM
36 | {723334BF-176F-4F0C-AF04-742F0C7B465F}.Release|ARM.Deploy.0 = Release|ARM
37 | {723334BF-176F-4F0C-AF04-742F0C7B465F}.Release|ARM64.ActiveCfg = Release|ARM64
38 | {723334BF-176F-4F0C-AF04-742F0C7B465F}.Release|ARM64.Build.0 = Release|ARM64
39 | {723334BF-176F-4F0C-AF04-742F0C7B465F}.Release|ARM64.Deploy.0 = Release|ARM64
40 | {723334BF-176F-4F0C-AF04-742F0C7B465F}.Release|x64.ActiveCfg = Release|x64
41 | {723334BF-176F-4F0C-AF04-742F0C7B465F}.Release|x64.Build.0 = Release|x64
42 | {723334BF-176F-4F0C-AF04-742F0C7B465F}.Release|x64.Deploy.0 = Release|x64
43 | {723334BF-176F-4F0C-AF04-742F0C7B465F}.Release|x86.ActiveCfg = Release|Win32
44 | {723334BF-176F-4F0C-AF04-742F0C7B465F}.Release|x86.Build.0 = Release|Win32
45 | {723334BF-176F-4F0C-AF04-742F0C7B465F}.Release|x86.Deploy.0 = Release|Win32
46 | {A5DCAFBC-EEB7-415B-BC88-07C00C3BDFD7}.Debug|ARM.ActiveCfg = Debug|Win32
47 | {A5DCAFBC-EEB7-415B-BC88-07C00C3BDFD7}.Debug|ARM64.ActiveCfg = Debug|Win32
48 | {A5DCAFBC-EEB7-415B-BC88-07C00C3BDFD7}.Debug|x64.ActiveCfg = Debug|x64
49 | {A5DCAFBC-EEB7-415B-BC88-07C00C3BDFD7}.Debug|x64.Build.0 = Debug|x64
50 | {A5DCAFBC-EEB7-415B-BC88-07C00C3BDFD7}.Debug|x86.ActiveCfg = Debug|Win32
51 | {A5DCAFBC-EEB7-415B-BC88-07C00C3BDFD7}.Debug|x86.Build.0 = Debug|Win32
52 | {A5DCAFBC-EEB7-415B-BC88-07C00C3BDFD7}.Release|ARM.ActiveCfg = Release|Win32
53 | {A5DCAFBC-EEB7-415B-BC88-07C00C3BDFD7}.Release|ARM64.ActiveCfg = Release|Win32
54 | {A5DCAFBC-EEB7-415B-BC88-07C00C3BDFD7}.Release|x64.ActiveCfg = Release|x64
55 | {A5DCAFBC-EEB7-415B-BC88-07C00C3BDFD7}.Release|x64.Build.0 = Release|x64
56 | {A5DCAFBC-EEB7-415B-BC88-07C00C3BDFD7}.Release|x86.ActiveCfg = Release|Win32
57 | {A5DCAFBC-EEB7-415B-BC88-07C00C3BDFD7}.Release|x86.Build.0 = Release|Win32
58 | EndGlobalSection
59 | GlobalSection(SolutionProperties) = preSolution
60 | HideSolutionNode = FALSE
61 | EndGlobalSection
62 | GlobalSection(ExtensibilityGlobals) = postSolution
63 | SolutionGuid = {B92034B0-E1E0-4240-AB9C-6D078BB6C19C}
64 | EndGlobalSection
65 | EndGlobal
66 |
--------------------------------------------------------------------------------
/myFirstKernel/communications.c:
--------------------------------------------------------------------------------
1 | #pragma warning (disable : 4022)
2 |
3 | #include "communications.h"
4 | #include "define.h"
5 | #include "memory.h"
6 | #include "message.h"
7 |
8 | NTSTATUS CreateCall(PDEVICE_OBJECT DeviceObject, PIRP Irp)
9 | {
10 | UNREFERENCED_PARAMETER(DeviceObject);
11 | Irp->IoStatus.Status = STATUS_SUCCESS;
12 | Irp->IoStatus.Information = 0;
13 |
14 | IoCompleteRequest(Irp, IO_NO_INCREMENT);
15 |
16 | DebugMessage("CreateCall was called, connection enstablished!\n");
17 |
18 | return STATUS_SUCCESS;
19 | }
20 |
21 | NTSTATUS CloseCall(PDEVICE_OBJECT DeviceObject, PIRP Irp)
22 | {
23 | UNREFERENCED_PARAMETER(DeviceObject);
24 | Irp->IoStatus.Status = STATUS_SUCCESS;
25 | Irp->IoStatus.Information = 0;
26 |
27 | IoCompleteRequest(Irp, IO_NO_INCREMENT);
28 |
29 | DebugMessage("Connection Terminated!\n");
30 |
31 | return STATUS_SUCCESS;
32 | }
33 |
34 | NTSTATUS IoControl(PDEVICE_OBJECT DeviceObject, PIRP Irp)
35 | {
36 | UNREFERENCED_PARAMETER(DeviceObject);
37 | NTSTATUS Status = STATUS_UNSUCCESSFUL;
38 | ULONG ByteIO = 0;
39 |
40 | PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(Irp);
41 |
42 | ULONG ControlCode = stack->Parameters.DeviceIoControl.IoControlCode;
43 |
44 | if (ControlCode == IO_GET_CLIENTADDRESS)
45 | {
46 | PULONG OutPut = (PULONG)Irp->AssociatedIrp.SystemBuffer;
47 | *OutPut = GameBaseAddress;
48 |
49 | DebugMessage("ClientAddress requested!\n");
50 |
51 | Status = STATUS_SUCCESS;
52 | ByteIO = sizeof(*OutPut);
53 | }
54 | else if (ControlCode == IO_REQUEST_PROCESSID)
55 | {
56 | PULONG OutPut = (PULONG)Irp->AssociatedIrp.SystemBuffer;
57 | *OutPut = ProcessID;
58 |
59 | DebugMessage("ProcessID requested!\n");
60 |
61 | Status = STATUS_SUCCESS;
62 | ByteIO = sizeof(*OutPut);
63 | }
64 | else if (ControlCode == IO_READ_REQUEST)
65 | {
66 | PKERNEL_READ_REQUEST ReadInput = (PKERNEL_READ_REQUEST)Irp->AssociatedIrp.SystemBuffer;
67 | PEPROCESS Process;
68 |
69 | if (NT_SUCCESS(PsLookupProcessByProcessId(ReadInput->ProcessId, &Process)))
70 | {
71 | KernelReadVirtualMemory(Process, ReadInput->Address, ReadInput->pBuff, ReadInput->Size);
72 | Status = STATUS_SUCCESS;
73 | ByteIO = sizeof(KERNEL_READ_REQUEST);
74 | }
75 | }
76 | else if (ControlCode == IO_WRITE_REQUEST)
77 | {
78 | PKERNEL_WRITE_REQUEST WriteInput = (PKERNEL_WRITE_REQUEST)Irp->AssociatedIrp.SystemBuffer;
79 | PEPROCESS Process;
80 |
81 | if (NT_SUCCESS(PsLookupProcessByProcessId(WriteInput->ProcessId, &Process)))
82 | {
83 | KernelWriteVirtualMemory(Process, WriteInput->pBuff, WriteInput->Address, WriteInput->Size);
84 | Status = STATUS_SUCCESS;
85 | ByteIO = sizeof(KERNEL_READ_REQUEST);
86 | }
87 | }
88 | else
89 | {
90 | ByteIO = 0;
91 | }
92 |
93 | Irp->IoStatus.Status = Status;
94 | Irp->IoStatus.Information = ByteIO;
95 | IoCompleteRequest(Irp, IO_NO_INCREMENT);
96 |
97 | return Status;
98 | }
99 |
100 |
--------------------------------------------------------------------------------
/myFirstKernel/communications.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include
3 |
4 | #define IO_GET_CLIENTADDRESS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x666, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
5 |
6 | #define IO_READ_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x667, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
7 |
8 | #define IO_WRITE_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x668, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
9 |
10 | #define IO_REQUEST_PROCESSID CTL_CODE(FILE_DEVICE_UNKNOWN, 0x669, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
11 |
12 | NTSTATUS IoControl(PDEVICE_OBJECT DeviceObject, PIRP Irp);
13 |
14 | NTSTATUS CloseCall(PDEVICE_OBJECT DeviceObject, PIRP Irp);
15 |
16 | NTSTATUS CreateCall(PDEVICE_OBJECT DeviceObject, PIRP Irp);
17 |
18 | typedef struct _KERNEL_READ_REQUEST
19 | {
20 | ULONG ProcessId;
21 | ULONG Address;
22 | PVOID pBuff;
23 | ULONG Size;
24 |
25 | } KERNEL_READ_REQUEST, * PKERNEL_READ_REQUEST;
26 |
27 | typedef struct _KERNEL_WRITE_REQUEST
28 | {
29 | ULONG ProcessId;
30 | ULONG Address;
31 | PVOID pBuff;
32 | ULONG Size;
33 |
34 | } KERNEL_WRITE_REQUEST, * PKERNEL_WRITE_REQUEST;
--------------------------------------------------------------------------------
/myFirstKernel/define.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include
3 |
4 | ULONG GameBaseAddress, ProcessID;
5 | PDEVICE_OBJECT pDeviceObject;
6 | UNICODE_STRING dev, dos;
--------------------------------------------------------------------------------
/myFirstKernel/driver.c:
--------------------------------------------------------------------------------
1 | #pragma warning (disable : 4100 4047 4024 6011)
2 |
3 | #include "driver.h"
4 | #include "communications.h"
5 | #include "define.h"
6 | #include "events.h"
7 | #include "message.h"
8 |
9 | NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath)
10 | {
11 | UNREFERENCED_PARAMETER(pRegistryPath);
12 | pDriverObject->DriverUnload = UnloadDriver;
13 | DebugMessage("Welcome to the first kernel Driver!");
14 |
15 | PsSetLoadImageNotifyRoutine(ImageLoadCallback);
16 |
17 | RtlInitUnicodeString(&dev, L"\\Device\\mfk");
18 | RtlInitUnicodeString(&dos, L"\\DosDevices\\mfk");
19 |
20 | IoCreateDevice(pDriverObject, 0, &dev, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDeviceObject);
21 | IoCreateSymbolicLink(&dos, &dev);
22 |
23 | pDriverObject->MajorFunction[IRP_MJ_CREATE] = CreateCall;
24 | pDriverObject->MajorFunction[IRP_MJ_CLOSE] = CloseCall;
25 | pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = IoControl;
26 |
27 | pDeviceObject->Flags |= DO_DIRECT_IO;
28 | pDeviceObject->Flags &= ~DO_DEVICE_INITIALIZING;
29 |
30 | return STATUS_SUCCESS;
31 | }
32 |
33 | NTSTATUS UnloadDriver(PDRIVER_OBJECT pDriverObject)
34 | {
35 | UNREFERENCED_PARAMETER(pDriverObject);
36 | DebugMessage("Good bye!");
37 |
38 | PsRemoveLoadImageNotifyRoutine(ImageLoadCallback);
39 |
40 | IoDeleteSymbolicLink(&dos);
41 | IoDeleteDevice(pDriverObject->DeviceObject);
42 |
43 | return STATUS_SUCCESS;
44 | }
45 |
46 |
--------------------------------------------------------------------------------
/myFirstKernel/driver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include
4 |
5 | NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath);
6 |
7 | NTSTATUS UnloadDriver(PDRIVER_OBJECT pDriverObject);
--------------------------------------------------------------------------------
/myFirstKernel/events.c:
--------------------------------------------------------------------------------
1 | #pragma warning(disable: 4311 4459 4047)
2 | #include "events.h"
3 | #include "message.h"
4 | #include "define.h"
5 | PLOAD_IMAGE_NOTIFY_ROUTINE ImageLoadCallback(PUNICODE_STRING FullImageName, HANDLE ProcessId, PIMAGE_INFO ImageInfo) {
6 | if (wcsstr(FullImageName->Buffer, L"\\VALORANT-Win64-Shipping.exe")) {
7 | DebugMessage("Game Process Found !!!");
8 | GameBaseAddress = ImageInfo->ImageBase;
9 | ProcessID = (ULONG)ProcessId;
10 | DebugMessage("Game Base: %p \n",GameBaseAddress);
11 | DebugMessage("Process ID: %d \n", ProcessId);
12 | }
13 | return STATUS_SUCCESS;
14 | }
15 |
--------------------------------------------------------------------------------
/myFirstKernel/events.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include
4 |
5 | PLOAD_IMAGE_NOTIFY_ROUTINE ImageLoadCallback(PUNICODE_STRING FullImageName, HANDLE ProcessId, PIMAGE_INFO ImageInfo);
--------------------------------------------------------------------------------
/myFirstKernel/memory.c:
--------------------------------------------------------------------------------
1 | #include "memory.h"
2 |
3 | NTSTATUS KernelReadVirtualMemory(PEPROCESS Process, PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size)
4 | {
5 | PSIZE_T Bytes;
6 |
7 | return MmCopyVirtualMemory(Process, SourceAddress, PsGetCurrentProcess(), TargetAddress, Size, KernelMode, &Bytes);
8 | }
9 |
10 | NTSTATUS KernelWriteVirtualMemory(PEPROCESS Process, PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size)
11 | {
12 | PSIZE_T Bytes;
13 |
14 | return MmCopyVirtualMemory(PsGetCurrentProcess(), SourceAddress, Process, TargetAddress, Size, KernelMode, &Bytes);
15 | }
--------------------------------------------------------------------------------
/myFirstKernel/memory.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #pragma warning (disable : 4047 4024)
3 | #include "ntifs.h"
4 |
5 | NTSTATUS NTAPI MmCopyVirtualMemory
6 | (
7 | PEPROCESS SourceProcess,
8 | PVOID SourceAddress,
9 | PEPROCESS TargetProcess,
10 | PVOID TargetAddress,
11 | SIZE_T BufferSize,
12 | KPROCESSOR_MODE PreviousMode,
13 | PSIZE_T ReturnSize
14 | );
15 |
16 | NTSTATUS KernelReadVirtualMemory(PEPROCESS Process, PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size);
17 |
18 | NTSTATUS KernelWriteVirtualMemory(PEPROCESS Process, PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size);
--------------------------------------------------------------------------------
/myFirstKernel/message.h:
--------------------------------------------------------------------------------
1 | #define DebugMessage(x,...) DbgPrintEx(0,0,x,__VA_ARGS__)
--------------------------------------------------------------------------------
/myFirstKernel/myFirstKernel.inf:
--------------------------------------------------------------------------------
1 | ;
2 | ; myFirstKernel.inf
3 | ;
4 |
5 | [Version]
6 | Signature="$WINDOWS NT$"
7 | Class=System ; TODO: specify appropriate Class
8 | ClassGuid={4d36e97d-e325-11ce-bfc1-08002be10318} ; TODO: specify appropriate ClassGuid
9 | Provider=%ManufacturerName%
10 | CatalogFile=myFirstKernel.cat
11 | DriverVer= ; TODO: set DriverVer in stampinf property pages
12 | PnpLockdown=1
13 |
14 | [DestinationDirs]
15 | DefaultDestDir = 12
16 | myFirstKernel_Device_CoInstaller_CopyFiles = 11
17 |
18 | [SourceDisksNames]
19 | 1 = %DiskName%,,,""
20 |
21 | [SourceDisksFiles]
22 | myFirstKernel.sys = 1,,
23 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1 ; make sure the number matches with SourceDisksNames
24 |
25 | ;*****************************************
26 | ; Install Section
27 | ;*****************************************
28 |
29 | [Manufacturer]
30 | %ManufacturerName%=Standard,NT$ARCH$
31 |
32 | [Standard.NT$ARCH$]
33 | %myFirstKernel.DeviceDesc%=myFirstKernel_Device, Root\myFirstKernel ; TODO: edit hw-id
34 |
35 | [myFirstKernel_Device.NT]
36 | CopyFiles=Drivers_Dir
37 |
38 | [Drivers_Dir]
39 | myFirstKernel.sys
40 |
41 | ;-------------- Service installation
42 | [myFirstKernel_Device.NT.Services]
43 | AddService = myFirstKernel,%SPSVCINST_ASSOCSERVICE%, myFirstKernel_Service_Inst
44 |
45 | ; -------------- myFirstKernel driver install sections
46 | [myFirstKernel_Service_Inst]
47 | DisplayName = %myFirstKernel.SVCDESC%
48 | ServiceType = 1 ; SERVICE_KERNEL_DRIVER
49 | StartType = 3 ; SERVICE_DEMAND_START
50 | ErrorControl = 1 ; SERVICE_ERROR_NORMAL
51 | ServiceBinary = %12%\myFirstKernel.sys
52 |
53 | ;
54 | ;--- myFirstKernel_Device Coinstaller installation ------
55 | ;
56 |
57 | [myFirstKernel_Device.NT.CoInstallers]
58 | AddReg=myFirstKernel_Device_CoInstaller_AddReg
59 | CopyFiles=myFirstKernel_Device_CoInstaller_CopyFiles
60 |
61 | [myFirstKernel_Device_CoInstaller_AddReg]
62 | HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller"
63 |
64 | [myFirstKernel_Device_CoInstaller_CopyFiles]
65 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll
66 |
67 | [myFirstKernel_Device.NT.Wdf]
68 | KmdfService = myFirstKernel, myFirstKernel_wdfsect
69 | [myFirstKernel_wdfsect]
70 | KmdfLibraryVersion = $KMDFVERSION$
71 |
72 | [Strings]
73 | SPSVCINST_ASSOCSERVICE= 0x00000002
74 | ManufacturerName="" ;TODO: Replace with your manufacturer name
75 | DiskName = "myFirstKernel Installation Disk"
76 | myFirstKernel.DeviceDesc = "myFirstKernel Device"
77 | myFirstKernel.SVCDESC = "myFirstKernel Service"
78 |
--------------------------------------------------------------------------------
/myFirstKernel/myFirstKernel.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 | Debug
22 | ARM
23 |
24 |
25 | Release
26 | ARM
27 |
28 |
29 | Debug
30 | ARM64
31 |
32 |
33 | Release
34 | ARM64
35 |
36 |
37 |
38 | {723334BF-176F-4F0C-AF04-742F0C7B465F}
39 | {1bc93793-694f-48fe-9372-81e2b05556fd}
40 | v4.5
41 | 12.0
42 | Debug
43 | Win32
44 | myFirstKernel
45 |
46 |
47 |
48 | Windows10
49 | true
50 | WindowsKernelModeDriver10.0
51 | Driver
52 | KMDF
53 | Universal
54 |
55 |
56 | Windows10
57 | false
58 | WindowsKernelModeDriver10.0
59 | Driver
60 | KMDF
61 | Universal
62 |
63 |
64 | Windows10
65 | true
66 | WindowsKernelModeDriver10.0
67 | Driver
68 | KMDF
69 | Universal
70 |
71 |
72 | Windows10
73 | false
74 | WindowsKernelModeDriver10.0
75 | Driver
76 | KMDF
77 | Universal
78 |
79 |
80 | Windows10
81 | true
82 | WindowsKernelModeDriver10.0
83 | Driver
84 | KMDF
85 | Universal
86 |
87 |
88 | Windows10
89 | false
90 | WindowsKernelModeDriver10.0
91 | Driver
92 | KMDF
93 | Universal
94 |
95 |
96 | Windows10
97 | true
98 | WindowsKernelModeDriver10.0
99 | Driver
100 | KMDF
101 | Universal
102 |
103 |
104 | Windows10
105 | false
106 | WindowsKernelModeDriver10.0
107 | Driver
108 | KMDF
109 | Universal
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 | DbgengKernelDebugger
121 | true
122 |
123 |
124 | DbgengKernelDebugger
125 |
126 |
127 | DbgengKernelDebugger
128 |
129 |
130 | DbgengKernelDebugger
131 | true
132 |
133 |
134 | DbgengKernelDebugger
135 |
136 |
137 | DbgengKernelDebugger
138 |
139 |
140 | DbgengKernelDebugger
141 |
142 |
143 | DbgengKernelDebugger
144 |
145 |
146 |
147 | sha256
148 |
149 |
150 |
151 |
152 | sha256
153 |
154 |
155 |
156 |
157 | sha256
158 |
159 |
160 |
161 |
162 | sha256
163 |
164 |
165 |
166 |
167 | sha256
168 |
169 |
170 |
171 |
172 | sha256
173 |
174 |
175 |
176 |
177 | sha256
178 |
179 |
180 |
181 |
182 | sha256
183 |
184 |
185 |
186 |
187 |
188 |
189 |
190 |
191 |
192 |
193 |
194 |
195 |
196 |
197 |
198 |
199 |
200 |
201 |
202 |
203 |
204 |
205 |
206 |
207 |
208 |
--------------------------------------------------------------------------------
/myFirstKernel/myFirstKernel.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {8E41214B-6785-4CFE-B992-037D68949A14}
18 | inf;inv;inx;mof;mc;
19 |
20 |
21 |
22 |
23 | Driver Files
24 |
25 |
26 |
27 |
28 | Source Files
29 |
30 |
31 | Source Files
32 |
33 |
34 | Source Files
35 |
36 |
37 | Source Files
38 |
39 |
40 |
41 |
42 | Header Files
43 |
44 |
45 | Header Files
46 |
47 |
48 | Header Files
49 |
50 |
51 | Header Files
52 |
53 |
54 | Header Files
55 |
56 |
57 | Header Files
58 |
59 |
60 |
--------------------------------------------------------------------------------