Protect a game from a kernel driver

TheGodFather · Feb 21, 2021

Hello guys.
I was trying to make a clone of anti-cheats with one feature wich block access to the game from any program or tool. like popular anti-cheat or like UGK-Anti Cheat does.

I dont know the idea of how to make it. its just about a kernel driver poop.

if anyone can help me or give me a hint.

Pictures :-

iostream · Feb 27, 2021

CE is very hard to block. especially private CE.

TheGodFather · Feb 27, 2021

iostream said:
CE is very hard to block. especially private CE.

can i hook system calls to prevent CE ?

like hook zwOpenPorcess or NtOpen ...etc

Ryusaki · Feb 27, 2021

If you are in kernel mode, you could use

You must be registered to see links

to intercept OpenProcess attempts from user mode.
Obs: I wouldn't recommend hooking syscalls.

TheGodFather · Feb 27, 2021

Ryusaki said:
If you are in kernel mode, you could use
You must be registered to see links
to intercept OpenProcess attempts from user mode.
Obs: I wouldn't recommend hooking syscalls.

Thank you so much,

I am noob to kernel driver stuff so can you give me a simple code or some github repo for an example

k0d0k · Feb 27, 2021

TheGodFather said:
Thank you so much,

I am noob to kernel driver stuff so can you give me a simple code or some github repo for an example

You must be registered to see links

Flipend0 · Mar 2, 2021

I personally would not recommend touching drivers if you have no idea how they work. Especially if it's going to be intended as an Anti Cheat service for your Clients. Unless you have the financial ability to add a CSC to the driver to whatever game you're working on. Otherwise you're going to have to inform all users to Disable Driver Signature Enforcement.

I just build my house made anti cheat in Usermode instead. I run integerty checks and hash the entire application after I implement my own modifications. This way, if any after modifications gets detected. I simply just close the entire client down.

TheGodFather · Mar 2, 2021

Flipend0 said:
I personally would not recommend touching drivers if you have no idea how they work. Especially if it's going to be intended as an Anti Cheat service for your Clients. Unless you have the financial ability to add a CSC to the driver to whatever game you're working on. Otherwise you're going to have to inform all users to Disable Driver Signature Enforcement.

I just build my house made anti cheat in Usermode instead. I run integerty checks and hash the entire application after I implement my own modifications. This way, if any after modifications gets detected. I simply just close the entire client down.

I got a way to protect my game through some vuldriver.

i edit the code and got these result wich is so pretty

After edit code and hook some syscalls and run the game under SYSTEM

Protect a game from a kernel driver

TheGodFather

Newbie Spellweaver

iostream

Junior Spellweaver

TheGodFather

Newbie Spellweaver

Ryusaki

Newbie Spellweaver

TheGodFather

Newbie Spellweaver

k0d0k

Elite Diviner

Flipend0

Junior Spellweaver

TheGodFather

Newbie Spellweaver