Data ptr comm
Communicate between user-mode and kernel-mode through a swapped QWORD pointer argument.
communicate between usermode and kernelmode through a swapped qword ptr argument The project is written primarily in C++, first published in 2022. Key topics include: battleye, cheat, driver, eac, easyanticheat.
data-ptr-comm
communicate between usermode and kernelmode through a swapped qword ptr argument
used to bypass game anti-cheats like easyanticheat and battleye
notes
tested on win ver 21h2
i'm not sure if this is undetected as i chain different pointers (which i have deleted), so chaining might be a good idea
the function
NtUserSetGestureConfig in win32k.sys
pseudocode
cpp__int64 (__fastcall *__fastcall NtUserSetGestureConfig(__int64 a1))(_QWORD) { __int64 (__fastcall *result)(_QWORD); // rax result = qword_FFFFF97FFF065648; if ( qword_FFFFF97FFF065648 ) return (__int64 (__fastcall *)(_QWORD))qword_FFFFF97FFF065648(a1); return result; }
assembly
asmsub rsp, 38h mov rax, cs:qword_FFFFF97FFF065648 // <-- our qword, signature created here test rax, rax jz short loc_FFFFF97FFF007DC0
Contributors
Showing top 1 contributor by commit count.
Related Repositories
sailro/EscapeFromTarkov-Trainer
Escape from Tarkov (EFT) Trainer - Internal
AreWeAntiCheatYet/AreWeAntiCheatYet
A comprehensive and crowd-sourced list of games using anti-cheats and their compatibility with GNU/Linux or Wine.
DErDYAST1R/64KernelDriverCleaner
A Kernel Driver that can be used for a cheat or malware base to circumvent common cache & structure table checks. PsLoadedModuleList however requires a PG Bypass on (Some) Machines > 22H2 Win10, Not Win 11
DErDYAST1R/BEKernelDriverUpdated
This is a repo of my previous BEKernelDriver but updated to add better protections and a more detailed setup. also with a good bit of code cleanup.
es3n1n/be-shellcode-tester
BattlEye shellcodes tester
kila58/qemu-patched
QEMU patched to avoid detection from various anticheats such as Battleye/EAC