https://github.com/VollRagm/KernelBypassSharp

C# Kernel Mode Driver to read and write memory in protected processes
https://github.com/VollRagm/KernelBypassSharp

Last synced: 22 days ago
JSON representation

C# Kernel Mode Driver to read and write memory in protected processes

• Host: GitHub
• URL: https://github.com/VollRagm/KernelBypassSharp
• Owner: VollRagm
• License: mit
• Created: 2021-12-16T20:07:49.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2023-08-03T05:50:09.000Z (over 1 year ago)
• Last Synced: 2024-08-05T17:26:04.906Z (4 months ago)
• Language: C#
• Size: 43 KB
• Stars: 358
• Watchers: 14
• Forks: 77
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-hacking-lists - VollRagm/KernelBypassSharp - C# Kernel Mode Driver to read and write memory in protected processes (C# #)

README

        
# KernelBypassSharp

C# Kernel Mode Driver to read and write memory in protected processes.

This project is based on my https://github.com/VollRagm/KernelSharp repository.

The hooked function this example uses has been shared publicly, so Anticheat solutions might detect it.

The most important part of the code is in [Program.cs](https://github.com/VollRagm/KernelBypassSharp/blob/main/KernelBypassSharp/Program.cs).

# Compiling

Clone this repository. Then run `nuget restore` to restore the required packages. Open the build.bat and fix the file paths.

ILCPATH is located at something like `C:\Users\username\.nuget\packages\runtime.win-x64.microsoft.dotnet.ilcompiler\7.0.0-alpha.1.21430.2\tools`, ntoskrnl.lib is located in the WDK install path.

Run `x64 Native Tools Command Prompt for VS 2019` from the Windows search, cd into the project directory and run build.bat.

You can load the driver or map it with kdmapper.

# Usage

After mapping or loading the driver, run the UsermodeApp to test it.

If you want to build your own API, simply replicate the structs and logic in the UsermodeApp example.