A kernel driver for reading and writing memory. Contains a test that writes to notepad.exe's memory, and classes to read/write to two games (Halo: MCC & Apex Legends) which are protected by EAC. I also created a modified version of ReClass.NET that utilizes the driver for its read/write operations, but the laptop I had it on sustained water damage and was destroyed. I will recreate it when I have the time.
Please note that the function addresses are currently hardcoded for Windows 11 kernel 10.0.22000.376. A signature scanner can (and should) be added in the future to avoid this.
MmAllocateIndependentPages()
, and then sets its page protection to make it executable memory with MmSetPageProtection()
win32kbase.sys;NtUserSetSysColors
and overwrites a global pointer in NtUserSetSysColors()
for its hook• JD96 for answering questions, of course! ☺️
• Frostiest for his physmem class, since I had to add it in at the last minute after I found out that the Apex version of EAC supposedly detects KeStackAttach()
.