Thanks to visit codestin.com
Credit goes to github.com

Skip to content
/ kernel-mode-ram-read-write Public
forked from WzrterFX/kernel-mode-ram-read-write

Kernel-mode driver for reading/writing memory without using standard windows syscalls like ReadProcessMemory and OpenProcess, avoiding detection by user-mode anti-cheats.

License

MIT license
0 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

liyufeiffef/kernel-mode-ram-read-write

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
kmd
kmd
 
 
uma
uma
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
kernel-mode-ram-read-write.sln
kernel-mode-ram-read-write.sln
 
 

Repository files navigation

kernel-mode-ram-read-write

Overview

kernel-mode-ram-read-write is a kernel-mode driver and user-mode application designed to allow direct reading and writing of process memory. By utilizing kernel-level operations, this avoids detection by anti-cheats that monitor user-mode memory access functions such as ReadProcessMemory, WriteProcessMemory, and OpenProcess. The driver operates by accepting custom Ioctl requests, which enable controlled access to a target process's memory, bypassing common detection mechanisms employed by modern anti-cheat software. This makes it particularly useful for scenarios requiring stealthy memory manipulation.

Disclaimer

kernel-mode-ram-read-write is intended for educational purposes only. Use responsibly and ensure compliance with all relevant laws and regulations regarding software manipulation and anti-cheat measures. Misuse of this software may result in account bans or legal consequences. It is strongly advised to test drivers on a virtual machine, and the author assumes no responsibility for any misuse or damage resulting from the use of this software.

Knowledge

IRQL (Interrupt Request Level)

IRQL stands for Interrupt Request Level, which is a crucial concept in Windows kernel programming. It represents the priority level at which a particular piece of code is running. The Windows operating system uses IRQLs to manage the execution of different processes and interrupts, ensuring that higher-priority tasks can preempt lower-priority ones. Understanding IRQL is essential for kernel-mode development because many kernel functions and operations, including memory access and interrupt handling, depend on the current IRQL. For instance, when performing operations like reading or writing memory, the driver must operate at the appropriate IRQL to ensure that it does not violate system stability or security.

IOCTL (Input/Output Control)

IOCTL stands for Input/Output Control and is a system call used to communicate with device drivers in the Windows operating system. IOCTL allows user-mode applications to send control codes to a driver, which can then perform specific functions that are not possible through standard read and write operations. Enables secure data transfer between user-mode applications and kernel-mode drivers. IOCTL can handle complex data structures and parameters, making it suitable for sophisticated operations beyond simple data reads and writes.

About

Kernel-mode driver for reading/writing memory without using standard windows syscalls like ReadProcessMemory and OpenProcess, avoiding detection by user-mode anti-cheats.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C++ 100.0%