communicate between usermode and kernelmode through a swapped qword ptr argument

Overview

data-ptr-comm

communicate between usermode and kernelmode through a swapped qword ptr argument

used to bypass game anti-cheats like easyanticheat and battleye

notes

tested on win ver 21h2

i'm not sure if this is undetected as i chain different pointers (which i have deleted), so chaining might be a good idea

the function

NtUserSetGestureConfig in win32k.sys

pseudocode

__int64 (__fastcall *__fastcall NtUserSetGestureConfig(__int64 a1))(_QWORD)
{
  __int64 (__fastcall *result)(_QWORD); // rax

  result = qword_FFFFF97FFF065648;
  if ( qword_FFFFF97FFF065648 )
    return (__int64 (__fastcall *)(_QWORD))qword_FFFFF97FFF065648(a1);
  return result;
}

assembly

sub     rsp, 38h
mov     rax, cs:qword_FFFFF97FFF065648 // <-- our qword, signature created here
test    rax, rax
jz      short loc_FFFFF97FFF007DC0
Issues
  • BaseAddress

    BaseAddress

    I tried getting the base address but it doesnt (driver is loaded with kdmapper)

    uintptr_t base = driver::get_base_address("chrome.exe"); Am I doing something wrong?

    opened by 1blackhat101 1
  • 1909 and other versions

    1909 and other versions

    So i tried to use it on my main system win 10 20h2 And then on a vm thats on 1909 and it cant find the ptr also my friends tried it on 20h2 aswell and there the ptr dosent get found aswell what could the problem be?

    opened by nuss31 6
PoC capable of detecting manual syscalls from usermode.

syscall-detect PoC capable of detecting manual syscalls from usermode. More information available at: https://winternl.com/detecting-manual-syscalls-f

null 105 Jun 27, 2022
KernelReadWriteMemory - Simple code to manipulate the memory of a usermode process from kernel.

KernelReadWriteMemory Simple proof of concept -code to manipulate the memory of a usermode process from kernelmode of a windows NT operating system. T

Zer0Mem0ry 144 Jun 26, 2022
This is a simple project of a driver + usermode.

This is a simple project of a driver + usermode.

Spuckwaffel 19 Jun 17, 2022
SinMapper - usermode driver mapper that forcefully loads any signed kernel driver

usermode driver mapper that forcefully loads any signed kernel driver (legit cert) with a big enough section (example: .data, .rdata) to map your driver over. the main focus of this project is to prevent modern anti-cheats (BattlEye, EAC) from finding your driver and having the power to hook anything due to being inside of legit memory (signed legit driver).

null 95 Jun 19, 2022
Cobalt Strike Beacon Object File (BOF) that takes the name of of a PE file as an argument and spawns the process in a suspended state

Beacon Object File (BOF) that spawns an arbitrary process from beacons memory. Supports Parent Process ID (PPID) spoofing & blocking non-MS signed DLLs from loading into the processes memory (some EDR DLLs).

boku 329 Jun 27, 2022
An Arduino library which allows you to communicate seamlessly with the full range of u-blox GNSS modules

u-blox makes some incredible GNSS receivers covering everything from low-cost, highly configurable modules such as the SAM-M8Q all the way up to the surveyor grade ZED-F9P with precision of the diameter of a dime.

SparkFun Electronics 112 Jun 22, 2022
Library for STM32 microcontrollers with HAL to communicate with absolute orientation sensor Bosh BNO055.

Bosh BNO055 sensor library fro STM32 with HAL Library for STM32 microcontrollers with HAL to communicate with absolute orientation sensor Bosh BNO055.

Eryk Możdżeń 1 Nov 20, 2021
This is some utility functions/classes for having a nice way to communicate with a pico board RP2040

PicoScreenTerminal This is some utility functions/classes for having a nice way to communicate with a pico board RP2040 How to build First follow the

GuillaumeG. 4 Nov 15, 2021
A run-time C++ library for working with units of measurement and conversions between them and with string representations of units and measurements

Units What's new Some of the CMake target names have changed in the latest release, please update builds appropriately Documentation A library that pr

Lawrence Livermore National Laboratory 103 Jun 24, 2022
A Fingerprint Door Lock using a microprocessor named Arduino UNO and programming through Arduino IDE

INSTRUCTIONS - The codes for the Fingerprint Door lock are present in the Code For Fingerprint Door Lock folder The instructions of how to operate the

Akhil Sahukaru 15 Mar 3, 2022
A continuation of FSund's pteron-keyboard project. Feel free to contribute, or use these files to make your own! Kits and PCBs are also available through my facebook page.

pteron-pcb Intro This project is the evolution of the Pteron-Keyboard project, an incredible ergonomic keyboard that was handwired only. I aimed to in

null 15 Mar 20, 2022
Samir Teymurov 1 Oct 6, 2021
A gazebo actor plugin that utilizes the map of the environment and graph search methods to generate random actor trajectories that don't pass through walls, furniture, etc.

Gazebo-Map-Actor-Plugin A gazebo actor plugin that utilizes the map of the environment and graph search methods to generate random actor trajectories

Yasin Sonmez 10 Jun 25, 2022
CredBandit - Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel

CredBandit CredBandit is a proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process a

anthemtotheego 160 Jun 17, 2022
Step-by-step guide through the abstract and complex universe of Fragment Shaders.

The Book of Shaders by Patricio Gonzalez Vivo and Jen Lowe This is a gentle step-by-step guide through the abstract and complex universe of Fragment S

Patricio Gonzalez Vivo 4.5k Jul 7, 2022
4HP through hole version of the HAGIWO FM/additive/chord oscillator with mode switch and gain input.

HAGIWO 019/022/023 Triple Oscillator (FM/CHORD/ADDITIVE) 4HP through hole version of the HAGIWO FM/additive/chord oscillator with mode switch and gain

null 12 Jun 30, 2022
Send messages to a LED Matrix display through Telegram. Inspired by a tweet from Smarter Every Day

Send messages to a LED Matrix display through Telegram. Inspired by a tweet from Smarter Every Day

Brian Lough 22 Jun 13, 2022
ESP32 software USB host through general IO pins. We can connect up to 4 USB-LS HID (keyboard mouse joystick) devices simultaneously.

esp32_usb_soft_host esp32 USB-LS pure software host thru general IO pins. Up to 4 HID devices simultaneously. board ~$3 :https://www.aliexpress.com/pr

Samsonov Dima 263 Jun 30, 2022
Quick patch to prevent fatal crashing when downloading title assets (boxart, etc) through FSD or Aurora.

Quick patch to prevent fatal crashing when downloading title assets (boxart, etc) through FSD or Aurora. As of v0.2-beta, this patch should work for everyone, regardless of geographic location (both in and outside of the US).

Stelio Kontos 26 Jun 26, 2022