vendredi 3 juillet 2020

Bypass hooks an imported function inside dxgkrnl.sys

Bypass hooks an imported function inside dxgkrnl.sys. This imported function resides in watchdog.sys, and is called when NtDxgkCreateTrackedWorkload gets called from win32u.dll

NtDxgkCreateTrackedWorkload syscall win32u.dll -> NtDxgkCreateTrackedWorkload dxgkrnl.sys -> (half way through function) WdLenter image description hereogEvent5_WdError watchdog.sys

[enter image description here][2]

This hook could be detcted if two things occur

  1. If EAC scans watchdog.sys for hooks (%99 doubt they do, its just some random windows non-pg protcted module why would they)
  2. If EACscans and compares all loaded drivers (doubt too would cause to many false positives probaly?) To pass the struct I used shared memory. I think the bypass is safe, although the renderering method is probaly not. Method I used to render: https://github.com/thesecretclub/window_hijack
  • . Features:
  1. Recoil Control
  2. Auto Pistol
  3. Spiderman
  4. Admin flags
  5. ESP
  6. Player
  7. Scientist
  8. Stash
  • Compiling

  1. Right click on "OverflowR6Rust.sln" in the first folder.

  2. Open it in a text editor such as notepad++

  3. Change the directories to where your files are located

  • Credits:
  1. Me
  2. Window Hijacking https://github.com/thesecretclub/window_hijack
  3. Hooking class/library: https://github.com/adrianyy/kernelhook
Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)