├── .editorconfig
├── .gitattributes
├── .gitignore
├── LICENSE.txt
├── README.MD
├── cheat-driver.sln
└── src
    ├── driver.c
    ├── driver.vcxproj
    ├── driver.vcxproj.filters
    ├── driver_codes.h
    └── driver_config.h


/.editorconfig:
--------------------------------------------------------------------------------
1 | [*.{c,h,cpp,sh}]
2 | charset = utf-8
3 | indent_style = tab
4 | indent_size = 4
5 | trim_trailing_whitespace = true
6 | 


--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
 1 | ###############################################################################
 2 | # Set default behavior to automatically normalize line endings.
 3 | ###############################################################################
 4 | * text=auto
 5 | 
 6 | ###############################################################################
 7 | # Set default behavior for command prompt diff.
 8 | #
 9 | # This is need for earlier builds of msysgit that does not have it on by
10 | # default for csharp files.
11 | # Note: This is only used by command line
12 | ###############################################################################
13 | #*.cs     diff=csharp
14 | 
15 | ###############################################################################
16 | # Set the merge driver for project and solution files
17 | #
18 | # Merging from the command prompt will add diff markers to the files if there
19 | # are conflicts (Merging from VS is not affected by the settings below, in VS
20 | # the diff markers are never inserted). Diff markers may cause the following 
21 | # file extensions to fail to load in VS. An alternative would be to treat
22 | # these files as binary and thus will always conflict and require user
23 | # intervention with every merge. To do so, just uncomment the entries below
24 | ###############################################################################
25 | #*.sln       merge=binary
26 | #*.csproj    merge=binary
27 | #*.vbproj    merge=binary
28 | #*.vcxproj   merge=binary
29 | #*.vcproj    merge=binary
30 | #*.dbproj    merge=binary
31 | #*.fsproj    merge=binary
32 | #*.lsproj    merge=binary
33 | #*.wixproj   merge=binary
34 | #*.modelproj merge=binary
35 | #*.sqlproj   merge=binary
36 | #*.wwaproj   merge=binary
37 | 
38 | ###############################################################################
39 | # behavior for image files
40 | #
41 | # image files are treated as binary by default.
42 | ###############################################################################
43 | #*.jpg   binary
44 | #*.png   binary
45 | #*.gif   binary
46 | 
47 | ###############################################################################
48 | # diff behavior for common document formats
49 | # 
50 | # Convert binary document formats to text before diffing them. This feature
51 | # is only available from the command line. Turn it on by uncommenting the 
52 | # entries below.
53 | ###############################################################################
54 | #*.doc   diff=astextplain
55 | #*.DOC   diff=astextplain
56 | #*.docx  diff=astextplain
57 | #*.DOCX  diff=astextplain
58 | #*.dot   diff=astextplain
59 | #*.DOT   diff=astextplain
60 | #*.pdf   diff=astextplain
61 | #*.PDF   diff=astextplain
62 | #*.rtf   diff=astextplain
63 | #*.RTF   diff=astextplain
64 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | ## Ignore Visual Studio temporary files, build results, and
  2 | ## files generated by popular Visual Studio add-ons.
  3 | 
  4 | # User-specific files
  5 | *.suo
  6 | *.user
  7 | *.userosscache
  8 | *.sln.docstates
  9 | 
 10 | # User-specific files (MonoDevelop/Xamarin Studio)
 11 | *.userprefs
 12 | 
 13 | # Build results
 14 | [Dd]ebug/
 15 | [Dd]ebugPublic/
 16 | [Rr]elease/
 17 | [Rr]eleases/
 18 | x64/
 19 | x86/
 20 | bld/
 21 | bin/
 22 | tmp/
 23 | [Bb]in/
 24 | [Oo]bj/
 25 | [Ll]og/
 26 | 
 27 | # Visual Studio 2015 cache/options directory
 28 | .vs/
 29 | # Uncomment if you have tasks that create the project's static files in wwwroot
 30 | #wwwroot/
 31 | 
 32 | # MSTest test Results
 33 | [Tt]est[Rr]esult*/
 34 | [Bb]uild[Ll]og.*
 35 | 
 36 | # NUNIT
 37 | *.VisualState.xml
 38 | TestResult.xml
 39 | 
 40 | # Build Results of an ATL Project
 41 | [Dd]ebugPS/
 42 | [Rr]eleasePS/
 43 | dlldata.c
 44 | 
 45 | # DNX
 46 | project.lock.json
 47 | project.fragment.lock.json
 48 | artifacts/
 49 | 
 50 | *_i.c
 51 | *_p.c
 52 | *_i.h
 53 | *.ilk
 54 | *.meta
 55 | *.obj
 56 | *.pch
 57 | *.pdb
 58 | *.pgc
 59 | *.pgd
 60 | *.rsp
 61 | *.sbr
 62 | *.tlb
 63 | *.tli
 64 | *.tlh
 65 | *.tmp
 66 | *.tmp_proj
 67 | *.log
 68 | *.vspscc
 69 | *.vssscc
 70 | .builds
 71 | *.pidb
 72 | *.svclog
 73 | *.scc
 74 | 
 75 | # Chutzpah Test files
 76 | _Chutzpah*
 77 | 
 78 | # Visual C++ cache files
 79 | ipch/
 80 | *.aps
 81 | *.ncb
 82 | *.opendb
 83 | *.opensdf
 84 | *.sdf
 85 | *.cachefile
 86 | *.VC.db
 87 | *.VC.VC.opendb
 88 | 
 89 | # Visual Studio profiler
 90 | *.psess
 91 | *.vsp
 92 | *.vspx
 93 | *.sap
 94 | 
 95 | # TFS 2012 Local Workspace
 96 | $tf/
 97 | 
 98 | # Guidance Automation Toolkit
 99 | *.gpState
100 | 
101 | # ReSharper is a .NET coding add-in
102 | _ReSharper*/
103 | *.[Rr]e[Ss]harper
104 | *.DotSettings.user
105 | 
106 | # JustCode is a .NET coding add-in
107 | .JustCode
108 | 
109 | # TeamCity is a build add-in
110 | _TeamCity*
111 | 
112 | # DotCover is a Code Coverage Tool
113 | *.dotCover
114 | 
115 | # NCrunch
116 | _NCrunch_*
117 | .*crunch*.local.xml
118 | nCrunchTemp_*
119 | 
120 | # MightyMoose
121 | *.mm.*
122 | AutoTest.Net/
123 | 
124 | # Web workbench (sass)
125 | .sass-cache/
126 | 
127 | # Installshield output folder
128 | [Ee]xpress/
129 | 
130 | # DocProject is a documentation generator add-in
131 | DocProject/buildhelp/
132 | DocProject/Help/*.HxT
133 | DocProject/Help/*.HxC
134 | DocProject/Help/*.hhc
135 | DocProject/Help/*.hhk
136 | DocProject/Help/*.hhp
137 | DocProject/Help/Html2
138 | DocProject/Help/html
139 | 
140 | # Click-Once directory
141 | publish/
142 | 
143 | # Publish Web Output
144 | *.[Pp]ublish.xml
145 | *.azurePubxml
146 | # TODO: Comment the next line if you want to checkin your web deploy settings
147 | # but database connection strings (with potential passwords) will be unencrypted
148 | #*.pubxml
149 | *.publishproj
150 | 
151 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
152 | # checkin your Azure Web App publish settings, but sensitive information contained
153 | # in these scripts will be unencrypted
154 | PublishScripts/
155 | 
156 | # NuGet Packages
157 | *.nupkg
158 | # The packages folder can be ignored because of Package Restore
159 | **/packages/*
160 | # except build/, which is used as an MSBuild target.
161 | !**/packages/build/
162 | # Uncomment if necessary however generally it will be regenerated when needed
163 | #!**/packages/repositories.config
164 | # NuGet v3's project.json files produces more ignoreable files
165 | *.nuget.props
166 | *.nuget.targets
167 | 
168 | # Microsoft Azure Build Output
169 | csx/
170 | *.build.csdef
171 | 
172 | # Microsoft Azure Emulator
173 | ecf/
174 | rcf/
175 | 
176 | # Windows Store app package directories and files
177 | AppPackages/
178 | BundleArtifacts/
179 | Package.StoreAssociation.xml
180 | _pkginfo.txt
181 | 
182 | # Visual Studio cache files
183 | # files ending in .cache can be ignored
184 | *.[Cc]ache
185 | # but keep track of directories ending in .cache
186 | !*.[Cc]ache/
187 | 
188 | # Others
189 | ClientBin/
190 | ~$*
191 | *~
192 | *.dbmdl
193 | *.dbproj.schemaview
194 | *.jfm
195 | *.pfx
196 | *.publishsettings
197 | node_modules/
198 | orleans.codegen.cs
199 | 
200 | # Since there are multiple workflows, uncomment next line to ignore bower_components
201 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
202 | #bower_components/
203 | 
204 | # RIA/Silverlight projects
205 | Generated_Code/
206 | 
207 | # Backup & report files from converting an old project file
208 | # to a newer Visual Studio version. Backup files are not needed,
209 | # because we have git ;-)
210 | _UpgradeReport_Files/
211 | Backup*/
212 | UpgradeLog*.XML
213 | UpgradeLog*.htm
214 | 
215 | # SQL Server files
216 | *.mdf
217 | *.ldf
218 | 
219 | # Business Intelligence projects
220 | *.rdl.data
221 | *.bim.layout
222 | *.bim_*.settings
223 | 
224 | # Microsoft Fakes
225 | FakesAssemblies/
226 | 
227 | # GhostDoc plugin setting file
228 | *.GhostDoc.xml
229 | 
230 | # Node.js Tools for Visual Studio
231 | .ntvs_analysis.dat
232 | 
233 | # Visual Studio 6 build log
234 | *.plg
235 | 
236 | # Visual Studio 6 workspace options file
237 | *.opt
238 | 
239 | # Visual Studio LightSwitch build output
240 | **/*.HTMLClient/GeneratedArtifacts
241 | **/*.DesktopClient/GeneratedArtifacts
242 | **/*.DesktopClient/ModelManifest.xml
243 | **/*.Server/GeneratedArtifacts
244 | **/*.Server/ModelManifest.xml
245 | _Pvt_Extensions
246 | 
247 | # Paket dependency manager
248 | .paket/paket.exe
249 | paket-files/
250 | 
251 | # FAKE - F# Make
252 | .fake/
253 | 
254 | # JetBrains Rider
255 | .idea/
256 | *.sln.iml
257 | 
258 | # CodeRush
259 | .cr/
260 | 
261 | # Python Tools for Visual Studio (PTVS)
262 | __pycache__/
263 | *.pyc


--------------------------------------------------------------------------------
/LICENSE.txt:
--------------------------------------------------------------------------------
1 | Copyright (c) 2016 nkga
2 | 
3 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
4 | 
5 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
6 | 
7 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.


--------------------------------------------------------------------------------
/README.MD:
--------------------------------------------------------------------------------
 1 | # cheat-driver
 2 | 
 3 | Simple WDM kernel mode driver for handling read/write memory requests into
 4 | arbitrary processes.
 5 | 
 6 | ### Background
 7 | 
 8 | Kernel based anti-cheat drivers (EAC, BattleEye) block or monitor requests for
 9 | interfacing with the memory from the game process. The simplest way to bypass anti-cheat protections from the kernel is to use your own kernel mode driver.
10 | 
11 | ### Building
12 | 
13 | 1. Install [Visual Studio](https://www.visualstudio.com/).
14 | 2. Install the [Windows Driver Kit](https://docs.microsoft.com/en-us/windows-hardware/drivers/download-the-wdk).
15 | 3. Set the solution configuration to `x64` and `Release` and build the solution.
16 | 
17 | ### Usage
18 | 
19 | For practical use you will need a driver signing certificate. For development
20 | purposes you can enable [test-signing mode](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/the-testsigning-boot-configuration-option).
21 | 
22 | You will need to either install and run the driver as a service with `CreateService` or use a function like `NtLoadDriver`.
23 | Once the driver is loaded, you can open a handle to the driver:
24 | 
25 | ```cpp
26 | #include "driver_config.h"
27 | #include "driver_codes.h"
28 | 
29 | HANDLE driver = CreateFileW(
30 |     DRIVER_DEVICE_PATH, 
31 |     GENERIC_READ | GENERIC_WRITE, 
32 |     FILE_SHARE_READ | FILE_SHARE_WRITE, 
33 |     0, 
34 |     OPEN_EXISTING, 
35 |     0, 0);
36 | ```
37 | 
38 | To issue read or write requests, you send the driver a control code:
39 | 
40 | ```cpp
41 | DRIVER_COPY_MEMORY copy = {};
42 | copy.ProcessId = processId;
43 | copy.Source = sourceBufferPtr;
44 | copy.Target = targetAddressPtr;
45 | copy.Size = bytesToRead;
46 | copy.Write = FALSE;
47 | 
48 | DeviceIoControl(
49 |     driver, 
50 |     IOCTL_DRIVER_COPY_MEMORY,
51 |      &copy, 
52 |      sizeof(copy), 
53 |      &copy, 
54 |      sizeof(copy),
55 |      0, 0)
56 | ```
57 | 
58 | The target and source parameters should be reversed if issuing a write request.


--------------------------------------------------------------------------------
/cheat-driver.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 15
 4 | VisualStudioVersion = 15.0.27703.2000
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "driver", "src\driver.vcxproj", "{E1F91302-CD35-4B3A-9F01-7CC5BF8C24CF}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Release|x64 = Release|x64
12 | 	EndGlobalSection
13 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | 		{E1F91302-CD35-4B3A-9F01-7CC5BF8C24CF}.Debug|x64.ActiveCfg = Debug|x64
15 | 		{E1F91302-CD35-4B3A-9F01-7CC5BF8C24CF}.Debug|x64.Build.0 = Debug|x64
16 | 		{E1F91302-CD35-4B3A-9F01-7CC5BF8C24CF}.Debug|x64.Deploy.0 = Debug|x64
17 | 		{E1F91302-CD35-4B3A-9F01-7CC5BF8C24CF}.Release|x64.ActiveCfg = Release|x64
18 | 		{E1F91302-CD35-4B3A-9F01-7CC5BF8C24CF}.Release|x64.Build.0 = Release|x64
19 | 		{E1F91302-CD35-4B3A-9F01-7CC5BF8C24CF}.Release|x64.Deploy.0 = Release|x64
20 | 	EndGlobalSection
21 | 	GlobalSection(SolutionProperties) = preSolution
22 | 		HideSolutionNode = FALSE
23 | 	EndGlobalSection
24 | 	GlobalSection(ExtensibilityGlobals) = postSolution
25 | 		SolutionGuid = {569B6580-CAF4-4273-BFF7-EC37D6538BF5}
26 | 	EndGlobalSection
27 | EndGlobal
28 | 


--------------------------------------------------------------------------------
/src/driver.c:
--------------------------------------------------------------------------------
  1 | #include <ntifs.h>
  2 | #include <ntstrsafe.h>
  3 | #include "driver_codes.h"
  4 | #include "driver_config.h"
  5 | 
  6 | // Copies virtual memory from one process to another.
  7 | NTKERNELAPI NTSTATUS NTAPI MmCopyVirtualMemory(
  8 | 	IN PEPROCESS FromProcess,
  9 | 	IN PVOID FromAddress,
 10 | 	IN PEPROCESS ToProcess,
 11 | 	OUT PVOID ToAddress,
 12 | 	IN SIZE_T BufferSize,
 13 | 	IN KPROCESSOR_MODE PreviousMode,
 14 | 	OUT PSIZE_T NumberOfBytesCopied
 15 | );
 16 | 
 17 | // Forward declaration for suppressing code analysis warnings.
 18 | DRIVER_INITIALIZE DriverEntry;
 19 | 
 20 | // Dispatch function.
 21 | _Dispatch_type_(IRP_MJ_CREATE)
 22 | _Dispatch_type_(IRP_MJ_CLOSE)
 23 | _Dispatch_type_(IRP_MJ_DEVICE_CONTROL)
 24 | DRIVER_DISPATCH DriverDispatch;
 25 | 
 26 | // Performs a memory copy request.
 27 | NTSTATUS DriverCopy(IN PDRIVER_COPY_MEMORY copy) {
 28 | 	NTSTATUS status = STATUS_SUCCESS;
 29 | 	PEPROCESS process;
 30 | 
 31 | 	status = PsLookupProcessByProcessId((HANDLE)copy->ProcessId, &process);
 32 | 
 33 | 	if (NT_SUCCESS(status)) {
 34 | 		PEPROCESS sourceProcess, targetProcess;
 35 | 		PVOID sourcePtr, targetPtr;
 36 | 
 37 | 		if (copy->Write == FALSE) {
 38 | 			sourceProcess = process;
 39 | 			targetProcess = PsGetCurrentProcess();
 40 | 			sourcePtr = (PVOID)copy->Target;
 41 | 			targetPtr = (PVOID)copy->Source;
 42 | 		} else {
 43 | 			sourceProcess = PsGetCurrentProcess();
 44 | 			targetProcess = process;
 45 | 			sourcePtr = (PVOID)copy->Source;
 46 | 			targetPtr = (PVOID)copy->Target;
 47 | 		}
 48 | 
 49 | 		SIZE_T bytes;
 50 | 		status = MmCopyVirtualMemory(sourceProcess, sourcePtr, targetProcess, targetPtr, copy->Size, KernelMode, &bytes);
 51 | 
 52 | 		ObDereferenceObject(process);
 53 | 	}
 54 | 
 55 | 	return status;
 56 | }
 57 | 
 58 | // Handles a IRP request.
 59 | NTSTATUS DriverDispatch(_In_ PDEVICE_OBJECT DeviceObject, _Inout_ PIRP Irp) {
 60 | 	UNREFERENCED_PARAMETER(DeviceObject);
 61 | 
 62 | 	Irp->IoStatus.Status = STATUS_SUCCESS;
 63 | 	Irp->IoStatus.Information = 0;
 64 | 
 65 | 	PIO_STACK_LOCATION irpStack = IoGetCurrentIrpStackLocation(Irp);
 66 | 	PVOID ioBuffer = Irp->AssociatedIrp.SystemBuffer;
 67 | 	ULONG inputLength = irpStack->Parameters.DeviceIoControl.InputBufferLength;
 68 | 
 69 | 	if (irpStack->MajorFunction == IRP_MJ_DEVICE_CONTROL) {
 70 | 		ULONG ioControlCode = irpStack->Parameters.DeviceIoControl.IoControlCode;
 71 | 
 72 | 		if (ioControlCode == IOCTL_DRIVER_COPY_MEMORY) {
 73 | 			if (ioBuffer && inputLength >= sizeof(DRIVER_COPY_MEMORY)) {
 74 | 				Irp->IoStatus.Status = DriverCopy((PDRIVER_COPY_MEMORY)ioBuffer);
 75 | 				Irp->IoStatus.Information = sizeof(DRIVER_COPY_MEMORY);
 76 | 			} else {
 77 | 				Irp->IoStatus.Status = STATUS_INFO_LENGTH_MISMATCH;
 78 | 			}
 79 | 		} else {
 80 | 			Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
 81 | 		}
 82 | 	}
 83 | 
 84 | 	NTSTATUS status = Irp->IoStatus.Status;
 85 | 	IoCompleteRequest(Irp, IO_NO_INCREMENT);
 86 | 
 87 | 	return status;
 88 | }
 89 | 
 90 | // Unloads the driver.
 91 | VOID DriverUnload(IN PDRIVER_OBJECT DriverObject) {
 92 | 	UNICODE_STRING dosDeviceName;
 93 | 	RtlUnicodeStringInit(&dosDeviceName, DRIVER_DOS_DEVICE_NAME);
 94 | 
 95 | 	IoDeleteSymbolicLink(&dosDeviceName);
 96 | 	IoDeleteDevice(DriverObject->DeviceObject);
 97 | }
 98 | 
 99 | // Entry point for the driver.
100 | NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath) {
101 | 	NTSTATUS status = STATUS_SUCCESS;
102 | 
103 | 	UNREFERENCED_PARAMETER(RegistryPath);
104 | 
105 | 	UNICODE_STRING deviceName;
106 | 	RtlUnicodeStringInit(&deviceName, DRIVER_DEVICE_NAME);
107 | 
108 | 	PDEVICE_OBJECT deviceObject = NULL;
109 | 	status = IoCreateDevice(DriverObject, 0, &deviceName, DRIVER_DEVICE_TYPE, 0, FALSE, &deviceObject);
110 | 
111 | 	if (!NT_SUCCESS(status)) {
112 | 		return status;
113 | 	}
114 | 
115 | 	DriverObject->MajorFunction[IRP_MJ_CREATE] = DriverDispatch;
116 | 	DriverObject->MajorFunction[IRP_MJ_CLOSE] = DriverDispatch;
117 | 	DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DriverDispatch;
118 | 	DriverObject->DriverUnload = DriverUnload;
119 | 
120 | 	UNICODE_STRING dosDeviceName;
121 | 	RtlUnicodeStringInit(&dosDeviceName, DRIVER_DOS_DEVICE_NAME);
122 | 
123 | 	status = IoCreateSymbolicLink(&dosDeviceName, &deviceName);
124 | 
125 | 	if (!NT_SUCCESS(status)) {
126 | 		IoDeleteDevice(deviceObject);
127 | 	}
128 | 
129 | 	return status;
130 | }
131 | 


--------------------------------------------------------------------------------
/src/driver.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |     <ProjectConfiguration Include="Debug|ARM">
 21 |       <Configuration>Debug</Configuration>
 22 |       <Platform>ARM</Platform>
 23 |     </ProjectConfiguration>
 24 |     <ProjectConfiguration Include="Release|ARM">
 25 |       <Configuration>Release</Configuration>
 26 |       <Platform>ARM</Platform>
 27 |     </ProjectConfiguration>
 28 |     <ProjectConfiguration Include="Debug|ARM64">
 29 |       <Configuration>Debug</Configuration>
 30 |       <Platform>ARM64</Platform>
 31 |     </ProjectConfiguration>
 32 |     <ProjectConfiguration Include="Release|ARM64">
 33 |       <Configuration>Release</Configuration>
 34 |       <Platform>ARM64</Platform>
 35 |     </ProjectConfiguration>
 36 |   </ItemGroup>
 37 |   <PropertyGroup Label="Globals">
 38 |     <ProjectGuid>{E1F91302-CD35-4B3A-9F01-7CC5BF8C24CF}</ProjectGuid>
 39 |     <TemplateGuid>{497e31cb-056b-4f31-abb8-447fd55ee5a5}</TemplateGuid>
 40 |     <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
 41 |     <MinimumVisualStudioVersion>12.0</MinimumVisualStudioVersion>
 42 |     <Configuration>Debug</Configuration>
 43 |     <Platform Condition="'$(Platform)' == ''">Win32</Platform>
 44 |     <RootNamespace>driver</RootNamespace>
 45 |     <WindowsTargetPlatformVersion>$(LatestTargetPlatformVersion)</WindowsTargetPlatformVersion>
 46 |   </PropertyGroup>
 47 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 49 |     <TargetVersion>Windows10</TargetVersion>
 50 |     <UseDebugLibraries>true</UseDebugLibraries>
 51 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 52 |     <ConfigurationType>Driver</ConfigurationType>
 53 |     <DriverType>KMDF</DriverType>
 54 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
 55 |   </PropertyGroup>
 56 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 57 |     <TargetVersion>Windows10</TargetVersion>
 58 |     <UseDebugLibraries>false</UseDebugLibraries>
 59 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 60 |     <ConfigurationType>Driver</ConfigurationType>
 61 |     <DriverType>KMDF</DriverType>
 62 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
 63 |   </PropertyGroup>
 64 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 65 |     <TargetVersion>Windows10</TargetVersion>
 66 |     <UseDebugLibraries>true</UseDebugLibraries>
 67 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 68 |     <ConfigurationType>Driver</ConfigurationType>
 69 |     <DriverType>WDM</DriverType>
 70 |     <DriverTargetPlatform>Desktop</DriverTargetPlatform>
 71 |   </PropertyGroup>
 72 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 73 |     <TargetVersion>Windows10</TargetVersion>
 74 |     <UseDebugLibraries>false</UseDebugLibraries>
 75 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 76 |     <ConfigurationType>Driver</ConfigurationType>
 77 |     <DriverType>WDM</DriverType>
 78 |     <DriverTargetPlatform>Desktop</DriverTargetPlatform>
 79 |   </PropertyGroup>
 80 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
 81 |     <TargetVersion>Windows10</TargetVersion>
 82 |     <UseDebugLibraries>true</UseDebugLibraries>
 83 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 84 |     <ConfigurationType>Driver</ConfigurationType>
 85 |     <DriverType>KMDF</DriverType>
 86 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
 87 |   </PropertyGroup>
 88 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
 89 |     <TargetVersion>Windows10</TargetVersion>
 90 |     <UseDebugLibraries>false</UseDebugLibraries>
 91 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 92 |     <ConfigurationType>Driver</ConfigurationType>
 93 |     <DriverType>KMDF</DriverType>
 94 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
 95 |   </PropertyGroup>
 96 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
 97 |     <TargetVersion>Windows10</TargetVersion>
 98 |     <UseDebugLibraries>true</UseDebugLibraries>
 99 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
100 |     <ConfigurationType>Driver</ConfigurationType>
101 |     <DriverType>KMDF</DriverType>
102 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
103 |   </PropertyGroup>
104 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
105 |     <TargetVersion>Windows10</TargetVersion>
106 |     <UseDebugLibraries>false</UseDebugLibraries>
107 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
108 |     <ConfigurationType>Driver</ConfigurationType>
109 |     <DriverType>KMDF</DriverType>
110 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
111 |   </PropertyGroup>
112 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
113 |   <ImportGroup Label="ExtensionSettings">
114 |   </ImportGroup>
115 |   <ImportGroup Label="PropertySheets">
116 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
117 |   </ImportGroup>
118 |   <PropertyGroup Label="UserMacros" />
119 |   <PropertyGroup />
120 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
121 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
122 |   </PropertyGroup>
123 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
124 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
125 |   </PropertyGroup>
126 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
127 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
128 |     <CodeAnalysisRuleSet>..\..\..\Program Files (x86)\Windows Kits\10\CodeAnalysis\DriverMinimumRules.ruleset</CodeAnalysisRuleSet>
129 |     <RunCodeAnalysis>false</RunCodeAnalysis>
130 |     <OutDir>$(SolutionDir)bin\$(Configuration)\</OutDir>
131 |     <IntDir>$(SolutionDir)tmp\$(ProjectName)\$(Configuration)\</IntDir>
132 |   </PropertyGroup>
133 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
134 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
135 |     <CodeAnalysisRuleSet>..\..\..\Program Files (x86)\Windows Kits\10\CodeAnalysis\DriverMinimumRules.ruleset</CodeAnalysisRuleSet>
136 |     <RunCodeAnalysis>false</RunCodeAnalysis>
137 |     <OutDir>$(SolutionDir)bin\$(Configuration)\</OutDir>
138 |     <IntDir>$(SolutionDir)tmp\$(ProjectName)\$(Configuration)\</IntDir>
139 |   </PropertyGroup>
140 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
141 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
142 |   </PropertyGroup>
143 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
144 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
145 |   </PropertyGroup>
146 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
147 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
148 |   </PropertyGroup>
149 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
150 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
151 |   </PropertyGroup>
152 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
153 |     <ClCompile>
154 |       <WppEnabled>true</WppEnabled>
155 |       <WppRecorderEnabled>true</WppRecorderEnabled>
156 |       <WppScanConfigurationData Condition="'%(ClCompile.ScanConfigurationData)' == ''">trace.h</WppScanConfigurationData>
157 |       <WppKernelMode>true</WppKernelMode>
158 |     </ClCompile>
159 |   </ItemDefinitionGroup>
160 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
161 |     <ClCompile>
162 |       <WppEnabled>true</WppEnabled>
163 |       <WppRecorderEnabled>true</WppRecorderEnabled>
164 |       <WppScanConfigurationData Condition="'%(ClCompile.ScanConfigurationData)' == ''">trace.h</WppScanConfigurationData>
165 |       <WppKernelMode>true</WppKernelMode>
166 |     </ClCompile>
167 |   </ItemDefinitionGroup>
168 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
169 |     <ClCompile>
170 |       <WppRecorderEnabled>true</WppRecorderEnabled>
171 |       <WppScanConfigurationData Condition="'%(ClCompile.ScanConfigurationData)' == ''">trace.h</WppScanConfigurationData>
172 |       <WppKernelMode>true</WppKernelMode>
173 |       <LanguageStandard>stdcpplatest</LanguageStandard>
174 |       <EnablePREfast>false</EnablePREfast>
175 |     </ClCompile>
176 |   </ItemDefinitionGroup>
177 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
178 |     <ClCompile>
179 |       <WppRecorderEnabled>true</WppRecorderEnabled>
180 |       <WppScanConfigurationData Condition="'%(ClCompile.ScanConfigurationData)' == ''">trace.h</WppScanConfigurationData>
181 |       <WppKernelMode>true</WppKernelMode>
182 |       <Optimization>MaxSpeed</Optimization>
183 |       <InlineFunctionExpansion>AnySuitable</InlineFunctionExpansion>
184 |       <FavorSizeOrSpeed>Speed</FavorSizeOrSpeed>
185 |       <LanguageStandard>stdcpplatest</LanguageStandard>
186 |       <EnablePREfast>false</EnablePREfast>
187 |     </ClCompile>
188 |   </ItemDefinitionGroup>
189 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
190 |     <ClCompile>
191 |       <WppEnabled>true</WppEnabled>
192 |       <WppRecorderEnabled>true</WppRecorderEnabled>
193 |       <WppScanConfigurationData Condition="'%(ClCompile.ScanConfigurationData)' == ''">trace.h</WppScanConfigurationData>
194 |       <WppKernelMode>true</WppKernelMode>
195 |     </ClCompile>
196 |   </ItemDefinitionGroup>
197 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
198 |     <ClCompile>
199 |       <WppEnabled>true</WppEnabled>
200 |       <WppRecorderEnabled>true</WppRecorderEnabled>
201 |       <WppScanConfigurationData Condition="'%(ClCompile.ScanConfigurationData)' == ''">trace.h</WppScanConfigurationData>
202 |       <WppKernelMode>true</WppKernelMode>
203 |     </ClCompile>
204 |   </ItemDefinitionGroup>
205 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
206 |     <ClCompile>
207 |       <WppEnabled>true</WppEnabled>
208 |       <WppRecorderEnabled>true</WppRecorderEnabled>
209 |       <WppScanConfigurationData Condition="'%(ClCompile.ScanConfigurationData)' == ''">trace.h</WppScanConfigurationData>
210 |       <WppKernelMode>true</WppKernelMode>
211 |     </ClCompile>
212 |   </ItemDefinitionGroup>
213 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
214 |     <ClCompile>
215 |       <WppEnabled>true</WppEnabled>
216 |       <WppRecorderEnabled>true</WppRecorderEnabled>
217 |       <WppScanConfigurationData Condition="'%(ClCompile.ScanConfigurationData)' == ''">trace.h</WppScanConfigurationData>
218 |       <WppKernelMode>true</WppKernelMode>
219 |     </ClCompile>
220 |   </ItemDefinitionGroup>
221 |   <ItemGroup>
222 |     <FilesToPackage Include="$(TargetPath)" />
223 |   </ItemGroup>
224 |   <ItemGroup>
225 |     <ClCompile Include="driver.c" />
226 |   </ItemGroup>
227 |   <ItemGroup>
228 |     <ClInclude Include="driver_codes.h" />
229 |     <ClInclude Include="driver_config.h" />
230 |   </ItemGroup>
231 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
232 |   <ImportGroup Label="ExtensionTargets">
233 |   </ImportGroup>
234 | </Project>


--------------------------------------------------------------------------------
/src/driver.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="include">
 5 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
 6 |       <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="source">
 9 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
10 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
11 |     </Filter>
12 |   </ItemGroup>
13 |   <ItemGroup>
14 |     <ClCompile Include="driver.c">
15 |       <Filter>source</Filter>
16 |     </ClCompile>
17 |   </ItemGroup>
18 |   <ItemGroup>
19 |     <ClInclude Include="driver_codes.h">
20 |       <Filter>include</Filter>
21 |     </ClInclude>
22 |     <ClInclude Include="driver_config.h">
23 |       <Filter>include</Filter>
24 |     </ClInclude>
25 |   </ItemGroup>
26 | </Project>


--------------------------------------------------------------------------------
/src/driver_codes.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | // #include <ntifs.h>
 3 | #include "driver_codes.h"
 4 | 
 5 | // Request for read/writing memory from/to a process.
 6 | #define IOCTL_DRIVER_COPY_MEMORY ((ULONG)CTL_CODE(DRIVER_DEVICE_TYPE, 0x808, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS))
 7 | 
 8 | // Copy requeest data.
 9 | typedef struct _DRIVER_COPY_MEMORY {
10 | 	ULONGLONG Source; // Source buffer address.
11 | 	ULONGLONG Target; // Target buffer address.
12 | 	ULONGLONG Size; // Buffer size.
13 | 	ULONG ProcessId; // Target process ID.
14 | 	BOOLEAN Write; // TRUE if writing, FALSE if reading.
15 | } DRIVER_COPY_MEMORY, *PDRIVER_COPY_MEMORY;
16 | 


--------------------------------------------------------------------------------
/src/driver_config.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | 
3 | #define DRIVER_NAME L"MemoryDriver"
4 | #define DRIVER_DEVICE_NAME     L"\\Device\\MemoryDriver"
5 | #define DRIVER_DOS_DEVICE_NAME L"\\DosDevices\\MemoryDriver"
6 | #define DRIVER_DEVICE_PATH  L"\\\\.\\MemoryDriver"
7 | #define DRIVER_DEVICE_TYPE 0x00000022
8 | 


--------------------------------------------------------------------------------