To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/cazz/. The first 200 of you will get 20% off Brilliant’s annual premium subscription.
Timeline: 43:30 Programming The Windows Driver Model by Walter Oney and Windows Kernel Programming by Pavel Yosifovich warned against touching the IRP after calling IoCompleteRequest(). Did you take that into consideration? I noticed that you touched the IRP after calling IoCompleteRequest() by following with return irp->IoStatus.Status. They pointed out that it could lead to system crash.
I was going to propose to Cazz if he could make slightly longer videos and this man just drops over an hour of content😂 Dude’s already absolutely going off the rails in all the good ways. Definitely gonna watch this whole! ❤ my guy
@@buddybrax Are you serious? Its literally a step-by-step how to access any process memory from a self written kernel driver. But sure, thats not useful to anyone.
@@timnonik2736 Yes, I am very serious. This is the most common, easiest, most plastered source/PoC of 'bypassing' an anti-virus / anti-cheat in the world. If you don't actually understand how it works, you will achieve and learn nothing. And saying it's "self-written" is a fucking joke. Typing it out on your own doesn't make it self-written. That's like saying "Well I hook something else than he does, so it's unique!"
Why haven't I seen this channel earlier? There is a lot of stuff that I can learn about windows and game cheats. Now I need to watch every single video to know everything. Thanks for your work.
Thanks Cazz! I learned so much from you in the past few weeks. Humanity can be proud to have you. Keep going. You are my main source when it comes to c++ and game hacking in general!
Tutorials like this where things are really spelled out for you are so valuable. Thank you. The game hacking community can be very gatekeep-y at with information and people like me just need things shown to them to understand. Appreciate you.
Damn lol, just discovered your channel start of this month when coding for my DMA cs2 cheat, you videos helped with some additional knowledge. pretty convenient how you start uploading now again😂 Welcome back
Note for future reference: the offsets (and client_dll.hpp for that matter) use nested namespaces so either use something like cs2_dumper::offsets::client_dll::dwLocalPlayerPawn or declare parent namespaces with: using namespace cs2_dumper::offsets; otherwise visual studio won't help you much since there are 2 instances of the client_dll namespace so you gotta specify which one you want exactly (one inside offsets.hpp under cs2_dumber::offsets::client_dll and one inside cliend_dll.hpp under cs2_dumper::schemas::client_dll) edit: same goes for the rest of the nested namespaces or user aliases: namespace client_dll = cs2_dumper::schemas::client_dll; namespace offsets = cs2_dumper::offsets::client_dll;
MS devs back in the day didn't call the blue screen "blue screen of death". They call it simply blue screen or a BugCheck. BugCheck(or KeBugCheck) is a function down in the NT API that allows to raise the blue screen in the event that something down in the kernel. I'm here mostly for malware development, because the knowledge between cheat development and malware development is interchangeable. Like creating drivers and making malware that is invisible to the antiviurs or an IDS program. Or bypasssing anticheats, that are behaving like antiviruses themselves. The more you live, the more you learn.
everything worked just fine until 19:23 when I launch VMware to test the connection & I get an error message that reads: Transport (VMDB) error -14: Pipe connection has been broken. I google the error & did everything suggested but nothing worked. Guess I'm just not gonna use VMware then
@@Hostlyy in un-installed both Visual Studio & Visual Studio Code then reinstalled them. Apparently I didn't install an important library expansion/package. Worked fine after that
This video is awesome and I learned a lot. Thank you very much cazz! It would be great if you could make more videos about drivers. e.g. minifilters, anti-delete for our cheat solutions or kernel mode bypasses.
Thank you for your video! It was pretty clear, however, could you please tell me, how did you find the IoCreateDriver and the other if it isn't documented? How can I find the other functions which are not documented? Thank you!
@@Bukharian-gw8mv the harm is me getting baned 😂, or geting a virus by downloading the tools 🙄, or corruping my os onto oblivion given that the tutorial is a kernel cheat 😫
@@akakamaz7382getting banned is so easily avoidable. You’re definitely not gonna get a virus, and the incredible part about a VM is you won’t fuck your pc.
@@akakamaz7382 banned is an issue but virus??? The tools wont harm you. The reason why you set up a VM is because it is kernel and you need to debug and fix issues that corrupts your pc.
Thank you for making videos man, and not only just making them but putting in so much effort. I just wish I had this level of motivation towards something lol
If anyone has "No certificates were found that met all the given criteria SIGNTASK" then: Go to properties of Kernel Project -> Driver Signing -> General and set Sign Mode to "Off"
Great video! Btw, if someone gets an error about lower version of WDK extension than VS requires, then install WDK through the windows installer (individual component)
Well, driver working, my cheat is working, but any idea to fix the "Failed to create the driver handle" after restarting the PC ? If i want it to work again after rebooting i need to modify the 4 names of the driver and use Kdmapper again... Any fix to this ? I don't want to rename it everytime and map it everytime with kdmapper if their is a way for both, please let me know.
You shouldn't need to modify the driver at all, but you do need to map the driver using kdmapper each time you restart, because restarting your PC will cause the driver to no longer be loaded.
tried and followed everything, all was good until 1:13:26, when i dropped km.sys into kdmapper, the terminal was not showing anything. the debugger was not showing any of the 4 messages as well. what could be the problem?
im having this same issue rn, but its 3:35 am so im calling it a night and gonna try again tomorrow with a fresh mind. did you ever figure it out? im building in debug mode
hey, if you still need help, i had the same problem because i put the std::cin.get() in front of every return. you should use cin.get() only before returns that return a message
great stuff!! 🥰 One anticheat i am trying to brake hopefully with this guid is using TLS callback as way to know if user is doing sketchy stuff. Would this method bypass the check? Is there another way i could bypass the TLS callbacks?
Thanks this is very informative video but can you make a video for vanguard bypass for Leauge of Legends? or just how to disassemble the vanguard. sys and find how to bypass
After "bcdedit /debug on" and rebooting, things can start going crazy. Slow boot, freezes time-to-time. As far as I have read - this is UEFI/BIOS nuances. bcdedit can be slower on UEFI systems due to synchronization between NVRAM (which holds UEFI boot variables) and the BCD (Boot Configuration Data) stored in the registry. If anybody faces this - do not freak out. Just disable kernel debugging. Things should go back to normal 💪
brooo i wish i read this before i reset my pc lol i didnt actually know what caused it and i thought that this _surely_ wouldnt of messed up my pc out of all the things i did but i guess i was wrong. is there any way to fix this?
@@Hostlyy same 😅 Reset my pc, then made the investigation. Haven’t found the solution, but next time i knew the issue, so waited all the freezes, debugged the driver and disabled debug mode. Not the best way to deal with the things, still i made my way.
@@hooliganez no yeah tbf my pc needed that reset since i havent reset since i got it now everything runs smoother even on debug mode for most normal operations except from games with kernel ac i think
Could you do a video on either MmMapIo Managing / Usage or creating a loader/mapper tool for the drivers like say using a DSE Bypass to load a driver over NtLoad and then using that driver to map the other driver into kernel space with a pre-defined object and then calling the OEP and starting a thread out of the mapping driver to bypass Ps Module Lists in the NTOSKRNL Structs? I've been studying this and a lot of other people do too so it would be cool.
And maybe using other driver communication methods like encrypted post-server kSockets or HW Paging BP with register spoofing to interpret calls in the kernel using a custom dispatch in the PE of the usermode program? Maybe even try teaching people more about NTOSKRNL, EPROCESS, Ps, PEB/TEB, Etc?
!!!!!! IMPORTANT If you making driver for Tarkov, be carefully with "bcdedit /debug on" and dont forget write "bcdedit /debug off" after debugging on VM, because you can catch game freezes completely
How can I call the game function? I couldn't find any resources on this topic. For example, I want to call the jump function. Could you create a video about it?
You should do a part 2 continue building on this driver. Swap out IOCTL for UM-KM shared memory, pointer/function hooking, callbacks. Maybe impersonate a PatchGuard thread? ;)
Thanks, I'm planning on writing a driver api wrapper in the future to minimise differences between linux and msw so this was helpful for that future plan. For now though I'll be focusing on a separate more important project for ending the need for compiling *.exe/*.elf/*.dll/*.so directly (in most cases, certain exceptions apply, underlying wrappers can still be used though)
Amazing content!! As a side note, i was wondering: I got a firewire soundcard that has no drivers for the latest Windows.. Considering we know what is the FireWire chip you think we could code one ourselves? Is there such a thing as reverse engineering a driver already made and then updating it?
you forgot the part where I try running it in my host and it bluescreens and bootloops But honestly, great content! Though I'm not into C++, still love your videos ❤
Bro did u ever figure this out? Fucked my pc the first time, reset my entire pc and tried again and it’s fucked again so now I gotta reset it again😢 I just wanna learn dawg
@@sxmrrzjust learn about “driver hijacking” if your making a cheat. Unless you get your stuff signed by Microsoft it’s pointless. If not then I’d still look into hijacking
@@outcome2715 yeah fs. I got this all figured out months ago and made a solid cheat with it. Even if it’s not signed VAC is UM so this is overkill anyway
to fix client + client_dll not found, please use the below code! const auto local_player_pawn = driver::read_memory(driver, client + cs2_dumper::offsets::client_dll::dwLocalPlayerPawn); I hope this helps!
Hey man! Tysm for the video, truly appreciate it. Just wanted to ask how to go about a driver that works for AC’s that run on KM and not UM, for example EAC. Asking because I want to code a driver for Apex
So hi cazz. I'm having a really strange problem. When enabling debug with "bcdedit /debug on" and restarting my pc, it boots up very slow, and starts to freeze a lot. Have you encountered this, and if you had do you have any possible solution to this?
I've never tried to code a driver before, this video made me give it a try and no matter what i do, i have followed the video and everything you said, i can read memory fine but if i go to write memory anywhere i get a STATUS_PARTIAL_COPY, the header of this status code mentions protection conflicts related to this, even if the memory i am trying to write to is not even in read only i tried changing protection using ZwProtectVirtualMemory but also fails with 0xC0000008 error, what is going on here?
Anyone know why tf when I do this it absolutely destroys my pc. From the first time I open it and restart my pc I get boot loops, constant freezing of everything even my mouse etc. had to reset my entire pc once and I thought it was something else but sure enough after trying it again my pc is fucked again
i literally did the same thing, although i didnt reset my whole pc, just turned on secure boot and it will boot finally. i thought i was the only one w the issue. If u ever get it working reply to me with how.
@@vrxg yeah I figured it out. I you have to manually turn off Microsoft blocking vulnerable drivers even if there isn’t an option in settings. Look up “how to turn off Microsoft blocking vulnerable drivers greyed out” all you do is go to a specific location in registry editor and set the enable value to zero. And make sure fast boot is off too(look it up if u don’t know how) that way the driver is completely clean when ur pc turns back on. Works great now👍🏼
Having a bit of a problem, compiled both (updated offsets), tested and mapped the driver (it works), but I am unable to write process memory. I'm able to make the player jump through Cheat Engine but not with this cheat, tried to play around with the flags and forcejump but no luck.
hello, for me the driver was warking fine only for the frist time that i mapped it , when i restarted the pc for the first time it stopped working showing Failed to create our driver handle. if i change the name of the driver i can map it another one time until i reboot again.
Yes it's a bit annoying, i can make a full multi cheat with the driver, but if i reboot my PC and just try to launch the cheat again i get an error with the Handle and need to change the name of it everytime. Need to figure out how to make it work without renaming everytime.
kdmapper is manually loading the driver into memory, when you reboot your PC it is no longer in memory and will have to be loaded again using kdmapper. This is normal and expected behavior.
after turning on bcdedit i have this problem "Transport (VMDB) error -14: Pipe connection has been broken." and i cant fix it anyone know how to fix it?
To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/cazz/. The first 200 of you will get 20% off Brilliant’s annual premium subscription.
W sponsorship
get_module_base is not working
Timeline: 43:30 Programming The Windows Driver Model by Walter Oney and Windows Kernel Programming by Pavel Yosifovich warned against touching the IRP after calling IoCompleteRequest(). Did you take that into consideration?
I noticed that you touched the IRP after calling IoCompleteRequest() by following with return irp->IoStatus.Status.
They pointed out that it could lead to system crash.
"Look I can even do it backwards." Absolute monster XD
yes.
I was going to propose to Cazz if he could make slightly longer videos and this man just drops over an hour of content😂
Dude’s already absolutely going off the rails in all the good ways.
Definitely gonna watch this whole!
❤ my guy
Finding resources this good is extremely difficult, thanks for releasing this content for free legend
it's not you people just can't read
its legit not your just a paster sadly
@@dkkogmaw1311on god. He thinks he’s learning something from the video. These people have lost their mind
@@buddybrax Are you serious? Its literally a step-by-step how to access any process memory from a self written kernel driver. But sure, thats not useful to anyone.
@@timnonik2736 Yes, I am very serious.
This is the most common, easiest, most plastered source/PoC of 'bypassing' an anti-virus / anti-cheat in the world.
If you don't actually understand how it works, you will achieve and learn nothing.
And saying it's "self-written" is a fucking joke. Typing it out on your own doesn't make it self-written. That's like saying "Well I hook something else than he does, so it's unique!"
Why haven't I seen this channel earlier? There is a lot of stuff that I can learn about windows and game cheats. Now I need to watch every single video to know everything. Thanks for your work.
I have no intention to make a kernel cheat, I don't even use windows, and yet here I am anyway
“I don’t even use windows” is based, glad you’re here bru
same, arch user here
oml what are you using then
@@execute214 btw...
@iaros.hbro i stg. I tried to install some standard libraries or something one time and gave up and haven’t tried to develop on windows since
I figured you were South African but when I heard the "yoh if I could spell" I knew
Thanks Cazz! I learned so much from you in the past few weeks. Humanity can be proud to have you. Keep going. You are my main source when it comes to c++ and game hacking in general!
Thank you so much Cazz for sharing all your knowledge with us man 🔥
Thanks!
Tutorials like this where things are really spelled out for you are so valuable. Thank you. The game hacking community can be very gatekeep-y at with information and people like me just need things shown to them to understand. Appreciate you.
Great Video as always. Where did you learn stuff like that anyway?
Just the first 30 minutes of the setup is gold -- very well explained, thank you. 🙏
THE RETURN OF THE KING
Welcome back Cazz 👑
Damn lol, just discovered your channel start of this month when coding for my DMA cs2 cheat, you videos helped with some additional knowledge. pretty convenient how you start uploading now again😂 Welcome back
hi tkcz
Wtf real tkcz?!?
which dma device are u using for cs2? also why do you use dma when u can simply use a kernel driver like shown in the video?
@@mariobabic9326 Maybe Faceit?
@@mariobabic9326 dma for faceit cheating
Note for future reference: the offsets (and client_dll.hpp for that matter) use nested namespaces so either use something like cs2_dumper::offsets::client_dll::dwLocalPlayerPawn or declare parent namespaces with: using namespace cs2_dumper::offsets; otherwise visual studio won't help you much since there are 2 instances of the client_dll namespace so you gotta specify which one you want exactly (one inside offsets.hpp under cs2_dumber::offsets::client_dll and one inside cliend_dll.hpp under cs2_dumper::schemas::client_dll)
edit: same goes for the rest of the nested namespaces or user aliases:
namespace client_dll = cs2_dumper::schemas::client_dll;
namespace offsets = cs2_dumper::offsets::client_dll;
i had to figure this out myself. glad there is someone out there spreading this information. i hope you are placing this on his other tutorials.
@perq_hvh didn't think of it. I will
Bro this is like a course omg thank you for this knowledge u are the best!
I was waiting for this!!! ❤❤
I use Linux exclusively on literally all my devices but boy do I enjoy this kind of content, pop corn ready
Crowdstrike should watch this
MS devs back in the day didn't call the blue screen "blue screen of death". They call it simply blue screen or a BugCheck. BugCheck(or KeBugCheck) is a function down in the NT API that allows to raise the blue screen in the event that something down in the kernel.
I'm here mostly for malware development, because the knowledge between cheat development and malware development is interchangeable. Like creating drivers and making malware that is invisible to the antiviurs or an IDS program. Or bypasssing anticheats, that are behaving like antiviruses themselves. The more you live, the more you learn.
how long did it take you to learn all this man, my head explodes just by watching.
I can apply these methods to other games correct?
A tutorial for user mode driver (UMDF V2) would be greatly appreciated. This video is invaluable, nevertheless.
Thank you for sharing these valuable resources! Much appreciated ❤
everything worked just fine until 19:23 when I launch VMware to test the connection & I get an error message that reads: Transport (VMDB) error -14: Pipe connection has been broken.
I google the error & did everything suggested but nothing worked. Guess I'm just not gonna use VMware then
how did you fix it?
@@Hostlyy in un-installed both Visual Studio & Visual Studio Code then reinstalled them. Apparently I didn't install an important library expansion/package. Worked fine after that
"I really hope this doesn't ruin cs2" UD cheats are like 5 bucks a month already lol. Great video, as always. Really appreciate your hard work.
if you want to sell a cs2 cheat, just paste aimstar's src and change its menu
It's incredible. Thanks for your work. Your videos are always interesting but this one is the best. I'm waiting for more 👏
Amazing video! Thanks for this detailed tutorial!
This video is awesome and I learned a lot. Thank you very much cazz! It would be great if you could make more videos about drivers. e.g. minifilters, anti-delete for our cheat solutions or kernel mode bypasses.
Thank you for your video! It was pretty clear, however, could you please tell me, how did you find the IoCreateDriver and the other if it isn't documented? How can I find the other functions which are not documented? Thank you!
DUDE NO WAY I WAS SEARCHING YESTERDAY FOR A TUT AND CAZZ SAVED THE DAY TODAY!!!!!!
first time in my entire life leaving a comment when a video posted recently
im too incompetent to make a cheat, nor do i want to make one, but youtube continues to recomend me this channel
whats the harm in trying, go for it.
@@Bukharian-gw8mv the harm is me getting baned 😂, or geting a virus by downloading the tools 🙄, or corruping my os onto oblivion given that the tutorial is a kernel cheat 😫
@@akakamaz7382 😂 lmao and for that reason alone in trying it on my spare laptop.
@@akakamaz7382getting banned is so easily avoidable. You’re definitely not gonna get a virus, and the incredible part about a VM is you won’t fuck your pc.
@@akakamaz7382 banned is an issue but virus??? The tools wont harm you. The reason why you set up a VM is because it is kernel and you need to debug and fix issues that corrupts your pc.
Thank you for making videos man, and not only just making them but putting in so much effort. I just wish I had this level of motivation towards something lol
Do you know any other articles/tutorials/resources that teach more advanced stuff about kernels?
GH
If anyone has perfomance issues on windows (booting and while using it) after this. Disabling bcdedit with bcdedit /debug off did the job for me
Thank you.. I was going insane wondering what I fucked up
If anyone has "No certificates were found that met all the given criteria SIGNTASK" then: Go to properties of Kernel Project -> Driver Signing -> General and set Sign Mode to "Off"
Broooooo Ur the fucking best. Thanks a lot
I was struggling so hard with this I ended up deleting my whole solution when I could have done this xD
thank you dudeee, helped
cheers
wow i have been waiting for this! thank you!
Great video! Btw, if someone gets an error about lower version of WDK extension than VS requires, then install WDK through the windows installer (individual component)
Best practice is to match the latest version release of WDK and the Windows SDK.
Hello coded it up yesterday works like a charm I love it. Thanks so much! but I gotta rather picky question just simply why the bool in_air reversed?
im unable to find FoceJump in the offsets have they changed?
are you find dwForceJump ?
Me: wow, really cool
NoOne: CS2 devs watching carefully
could you do a part 2 on this for injecting a DLL into a process from the kernel driver?
Well, driver working, my cheat is working, but any idea to fix the "Failed to create the driver handle" after restarting the PC ? If i want it to work again after rebooting i need to modify the 4 names of the driver and use Kdmapper again...
Any fix to this ? I don't want to rename it everytime and map it everytime with kdmapper if their is a way for both, please let me know.
You shouldn't need to modify the driver at all, but you do need to map the driver using kdmapper each time you restart, because restarting your PC will cause the driver to no longer be loaded.
tried and followed everything, all was good until 1:13:26, when i dropped km.sys into kdmapper, the terminal was not showing anything. the debugger was not showing any of the 4 messages as well. what could be the problem?
Did you build kdmapper in Release mode?
Did you build your driver in Debug mode?
i got same thing, but i relize, i put std::cin.get() outside of wmain too, so when i delete that it work fine
im having this same issue rn, but its 3:35 am so im calling it a night and gonna try again tomorrow with a fresh mind. did you ever figure it out? im building in debug mode
hey, if you still need help, i had the same problem because i put the std::cin.get() in front of every return. you should use cin.get() only before returns that return a message
Hello,
am i the only one who cant get client.dll base module? please let me know if your having the same issue
thankyou for your hardwork : easy to understand because of your explanation
great stuff!! 🥰
One anticheat i am trying to brake hopefully with this guid is using TLS callback as way to know if user is doing sketchy stuff.
Would this method bypass the check?
Is there another way i could bypass the TLS callbacks?
no wonder you’ve been quiet can only imagine how long this took
Like 1hr if you are bad at coding 😂
It definitely took some time to put together and a few revisions, thanks for the comment brother
Thanks this is very informative video but can you make a video for vanguard bypass for Leauge of Legends? or just how to disassemble the vanguard. sys and find how to bypass
legend is spoon feeding us, watch it whole dont skip u dont wanna miss anything important
admin, he's doing it in ring 0
new to this all, will this work on win11?
I’m getting an errors- violated CI chase policy and Failed to create driver kernel. Why. Code was built successfully
In offsets there is no dwForceJump now. So what to do?
are you find dwForceJump ?
@@ayras7932 yeah, now its in buttons
@@Scorpion-qn2mncan you give a example how you called it like his is”client_dll::dwForceJump” what would i put to replace that?
great tutorial great for beginners but i would recommend u only use this one usermode anti cheats as its the basic ioctl communication
1:21:07 how u enabled showing "vKey" near VK_SPACE ?
p2c in shambles after this comes out, good job Cazz !!!
Does the kernel driver only work for cs2?
After "bcdedit /debug on" and rebooting, things can start going crazy.
Slow boot, freezes time-to-time. As far as I have read - this is UEFI/BIOS nuances. bcdedit can be slower on UEFI systems due to synchronization between NVRAM (which holds UEFI boot variables) and the BCD (Boot Configuration Data) stored in the registry.
If anybody faces this - do not freak out. Just disable kernel debugging. Things should go back to normal 💪
brooo i wish i read this before i reset my pc lol i didnt actually know what caused it and i thought that this _surely_ wouldnt of messed up my pc out of all the things i did but i guess i was wrong. is there any way to fix this?
@@Hostlyy same 😅 Reset my pc, then made the investigation. Haven’t found the solution, but next time i knew the issue, so waited all the freezes, debugged the driver and disabled debug mode. Not the best way to deal with the things, still i made my way.
@@hooliganez no yeah tbf my pc needed that reset since i havent reset since i got it now everything runs smoother even on debug mode for most normal operations except from games with kernel ac i think
@@hooliganez also ur lithuanian right laba diena seni
Just use CSM/Legacy. Fuck Secure Boot. 😂
Wow dude, what a brilliant video!!!
What is the new offset of dwForceJump pls ?
Could you do a video on either MmMapIo Managing / Usage or creating a loader/mapper tool for the drivers like say using a DSE Bypass to load a driver over NtLoad and then using that driver to map the other driver into kernel space with a pre-defined object and then calling the OEP and starting a thread out of the mapping driver to bypass Ps Module Lists in the NTOSKRNL Structs? I've been studying this and a lot of other people do too so it would be cool.
And maybe using other driver communication methods like encrypted post-server kSockets or HW Paging BP with register spoofing to interpret calls in the kernel using a custom dispatch in the PE of the usermode program? Maybe even try teaching people more about NTOSKRNL, EPROCESS, Ps, PEB/TEB, Etc?
How did you learn this stuff? Maybe you should make a vid
Thank you cazz ❤🔥🔥
!!!!!! IMPORTANT
If you making driver for Tarkov, be carefully with "bcdedit /debug on" and dont forget write "bcdedit /debug off" after debugging on VM, because you can catch game freezes completely
Yo doit the same of the video for tarkov??
I've been waiting for this for so long, very anticipated, can't wait to start. Thanks cazz!
I’m getting a “No certificate were found that met all the criteria” error in km. How do I fix it
Go to sln setting and in singing off it (default: on test)
@@ItzStiless idiot answer
just run your visual studio at administrator
It's such a whelsome feeleing trying to learn something while U understand only 10% of what's going on there))
How can I call the game function? I couldn't find any resources on this topic. For example, I want to call the jump function. Could you create a video about it?
Nice video would you do that same thing for a Normal Injector ?
You should do a part 2 continue building on this driver. Swap out IOCTL for UM-KM shared memory, pointer/function hooking, callbacks. Maybe impersonate a PatchGuard thread? ;)
Do you have any resources for studying how to bypass kernel level anti-cheats?
Cazz gives me a tingly feeling with these videos
Make a video on how you learned assembly
[-] Failed to establish symbolic link. What should I do?
In which step? Can u share code?
@@ichigokurosaki7945 i fixed that, the problem vas in «DosDevices», i called it “DosDevice”
Thanks, I'm planning on writing a driver api wrapper in the future to minimise differences between linux and msw so this was helpful for that future plan. For now though I'll be focusing on a separate more important project for ending the need for compiling *.exe/*.elf/*.dll/*.so directly (in most cases, certain exceptions apply, underlying wrappers can still be used though)
Amazing content!! As a side note, i was wondering: I got a firewire soundcard that has no drivers for the latest Windows.. Considering we know what is the FireWire chip you think we could code one ourselves?
Is there such a thing as reverse engineering a driver already made and then updating it?
you forgot the part where I try running it in my host and it bluescreens and bootloops
But honestly, great content! Though I'm not into C++, still love your videos ❤
Bro did u ever figure this out? Fucked my pc the first time, reset my entire pc and tried again and it’s fucked again so now I gotta reset it again😢 I just wanna learn dawg
This is for what are vms
@@sxmrrzjust learn about “driver hijacking” if your making a cheat. Unless you get your stuff signed by Microsoft it’s pointless. If not then I’d still look into hijacking
@@outcome2715 yeah fs. I got this all figured out months ago and made a solid cheat with it. Even if it’s not signed VAC is UM so this is overkill anyway
Well thats why you test in on a vm first...
to fix client + client_dll not found, please use the below code!
const auto local_player_pawn = driver::read_memory(driver, client + cs2_dumper::offsets::client_dll::dwLocalPlayerPawn);
I hope this helps!
You don't believe how helpful your comment was to me. Thanks so much.
@@caffeine4687 hey, welcome buddy
Hey man! Tysm for the video, truly appreciate it.
Just wanted to ask how to go about a driver that works for AC’s that run on KM and not UM, for example EAC.
Asking because I want to code a driver for Apex
What should I look up if I want to find/pay a dev to develop a chair or series of chairs for me?
Bro please make a video that how to make Bypass for those games that need Emulator like PUBG.
love you bro from Afghanistan!
im working on one but pubg steam
Can you make a tutorial on kernel's for kernel anti-cheats?
From where you learned how to deal with windows APIs ?
Basic question .. if you already made your own driver and loaded it, why a kernel mode ac can detect you?
Jesus. Christ.
That’s not how any of that works.
You’ll never know unless you can actually reverse the anti cheat and understand the OS
So hi cazz. I'm having a really strange problem. When enabling debug with "bcdedit /debug on" and restarting my pc, it boots up very slow, and starts to freeze a lot. Have you encountered this, and if you had do you have any possible solution to this?
im having the same problem, my computer freezes after startup. how did you fix it?
@@user98292 u found a fix?
@@user98292 bcdedit /debug off
I've never tried to code a driver before, this video made me give it a try and no matter what i do, i have followed the video and everything you said, i can read memory fine but if i go to write memory anywhere i get a STATUS_PARTIAL_COPY, the header of this status code mentions protection conflicts related to this, even if the memory i am trying to write to is not even in read only i tried changing protection using ZwProtectVirtualMemory but also fails with 0xC0000008 error, what is going on here?
Anyone know why tf when I do this it absolutely destroys my pc. From the first time I open it and restart my pc I get boot loops, constant freezing of everything even my mouse etc. had to reset my entire pc once and I thought it was something else but sure enough after trying it again my pc is fucked again
it's because of bcdedit debug =)
i literally did the same thing, although i didnt reset my whole pc, just turned on secure boot and it will boot finally. i thought i was the only one w the issue. If u ever get it working reply to me with how.
@@vrxg I just realised that i have boot loops and freezing due-to powershell console, when i turn debug on
@@vrxg yeah I figured it out. I you have to manually turn off Microsoft blocking vulnerable drivers even if there isn’t an option in settings. Look up “how to turn off Microsoft blocking vulnerable drivers greyed out” all you do is go to a specific location in registry editor and set the enable value to zero. And make sure fast boot is off too(look it up if u don’t know how) that way the driver is completely clean when ur pc turns back on. Works great now👍🏼
Your visual studio looks awesome how can i do it like this?
for real, i would love to know what extensions he's got
@@mobslicer1529bro he seriously told this in the video on vs installation
Having a bit of a problem, compiled both (updated offsets), tested and mapped the driver (it works), but I am unable to write process memory. I'm able to make the player jump through Cheat Engine but not with this cheat, tried to play around with the flags and forcejump but no luck.
hey bro i want to ask u is visual studio not anymore safe which alternative should i use?
visual studio is safe use it
Can oI give a tutorial on shellcode execution soon?
hello can i ask if i the cs hack will work to cs2? if i change the basics and the assets?
hello, for me the driver was warking fine only for the frist time that i mapped it , when i restarted the pc for the first time it stopped working showing Failed to create our driver handle. if i change the name of the driver i can map it another one time until i reboot again.
Yes it's a bit annoying, i can make a full multi cheat with the driver, but if i reboot my PC and just try to launch the cheat again i get an error with the Handle and need to change the name of it everytime. Need to figure out how to make it work without renaming everytime.
Still have not figured how to make it working without renaming everytime... any help ? x)
kdmapper is manually loading the driver into memory, when you reboot your PC it is no longer in memory and will have to be loaded again using kdmapper. This is normal and expected behavior.
@@hustlecroweYe ok for that, but why the driver needs to be renamed after reboot also ?
@@Kutila622 I have never had to rename the driver after a reboot. Just remap the same driver using kdmapper.
BRO THIS VIDEO IS AMAZING
after turning on bcdedit i have this problem "Transport (VMDB) error -14: Pipe connection has been broken." and i cant fix it anyone know how to fix it?
LOVE YOUR CHANNEL , Please please please keep it up.
You are awesome, keep going and i hope you success
Gratitude be upon thee for bestowing thy wisdom without demand of coin
demandeth**