Joined: 23 Oct 2016
|Posted: Fri Jul 27, 2018 7:13 am Post subject: Kernel driver for specific purpose
I've a working cheat that currently is in the form of an executable that extracts a dynamic library link (DLL) and injects it in a game (Cheat Engine was used for designing this cheat, and C programming language for actually coding both the executable and the DLL). The DLL then patches the game accordingly, setting a hook into one of the call instructions of the game that redirects the flow of the program to an allocated code which calls the function which would be called in the first place multiple times (restoring registers between calls) and then returns flawlessly to the instruction right next to the original call as if nothing ever happened.
I'd like to know if there is an easy method to do the same thing via kernel code injection (i.e. a kernel driver injecting code into an userland application). I've been analysing dbk driver from Cheat Engine, but it seems to be too complex for my intentions (I've never programmed a kernel driver before). How would I go for creating a driver with just the functionality I need?
And also, there must be different drivers for x86 and x64 bit platforms, right? I'm a little bit lost in this subject; does the dbk driver implement its own Read/Write functions or does it use a system call of some type (i.e. the real "Read/Write" functions)? What will I need to compile and test the driver? Could you explain a little bit of how the dbk driver was designed, and what should I focus in in order to achieve the above code injection from a kernel driver?
I'm a little bit perfeccionist; that's why I would like to develop my own driver(s) with just what I need (no irrelevant data/code) rather than using dbk... I've, however, never "touched" the kernel before (kinda ironic, isn't it?)
Thanks for your help. All information is greatly appreciated!