1765187315-hidedriver-normal-main
1.修复了原作者中ImageDirectoryEntryToData函数会异常,重写同样功能函数;
2……记不得了;
博客
-
Windows X64 平台驱动级内存读写库
Windows X64 平台驱动级内存读写库,方便无痕游戏辅助开发
目前支持:Win10 ~ Latest
Warning: Progressing Project…
API:
static BOOL Install(); // 驱动安装 static VOID Uninstall(); // 驱动卸载 static DWORD Test(IN DWORD num); // 驱动测试: 如果正常 返回 num+1 // Read static BOOL ReadBytes(IN DWORD pid, IN DWORD64 address, IN DWORD size, OUT BYTE* data); // 读字节集: data需自己申请空间且确保空间大于size static BOOL ReadByte(IN DWORD pid, IN DWORD64 address, OUT BYTE* data); // 读字节 static BOOL ReadShort(IN DWORD pid, IN DWORD64 address, OUT SHORT* data); // 读短整数 static BOOL ReadInt(IN DWORD pid, IN DWORD64 address, OUT INT* data); // 读整数 static BOOL ReadLong(IN DWORD pid, IN DWORD64 address, OUT LONGLONG* data); // 读长整数 static BOOL ReadFloat(IN DWORD pid, IN DWORD64 address, OUT FLOAT* data); // 读小数 static BOOL ReadDouble(IN DWORD pid, IN DWORD64 address, OUT DOUBLE* data); // 读双精度小数 // Write static BOOL WriteBytes(IN DWORD pid, IN DWORD64 address, IN DWORD size, IN BYTE* data); // 写字节集: data为写入数据 确保一次写入小于1000字节 static BOOL WriteByte(IN DWORD pid, IN DWORD64 address, IN BYTE data); // 写字节 static BOOL WriteShort(IN DWORD pid, IN DWORD64 address, IN SHORT data); // 写短整数 static BOOL WriteInt(IN DWORD pid, IN DWORD64 address, IN INT data); // 写整数 static BOOL WriteLong(IN DWORD pid, IN DWORD64 address, IN LONGLONG data); // 写长整数 static BOOL WriteFloat(IN DWORD pid, IN DWORD64 address, IN FLOAT data); // 写小数 static BOOL WriteDouble(IN DWORD pid, IN DWORD64 address, IN DOUBLE data); // 写双精度小数 // Keyboard and Mouse static BOOL KeyDown(IN USHORT keyCode); // 键盘按下 static BOOL keyUp(IN USHORT keyCode); // 键盘弹起 static BOOL MouseLeftButtonDown(); // 鼠标左键按下 static BOOL MouseLeftButtonUp(); // 鼠标左键弹起 static BOOL MouseRightButtonDown(); // 鼠标右键按下 static BOOL MouseRightButtonUp(); // 鼠标右键弹起 static BOOL MouseMiddleButtonDown(); // 鼠标滚轮按下 static BOOL MouseMiddleButtonUp(); // 鼠标滚轮弹起 static BOOL MouseMoveRelative(IN LONG dx, IN LONG dy); // 鼠标相对移动 static BOOL MouseMoveAbsolute(IN LONG dx, IN LONG dy); // 鼠标绝对移动 // GDI Draw static BOOL GDIDrawInit(IN DRAW_LOOP drawLoop, IN INT fontSize = 16); // 初始化绘制 static BOOL GDIDrawDestroy(); // 结束绘制 static BOOL GDIDrawFps(); // 绘制FPS static BOOL GDIDrawText(IN LONG x, IN LONG y, IN LPCWSTR str, IN COLORREF color, IN INT fontSize = 16); // 绘制文本 static BOOL GDIDrawLine(IN LONG x1, IN LONG y1, IN LONG x2, IN LONG y2, IN LONG lineWidth, IN COLORREF color); // 绘制线条 static BOOL GDIDrawRect(IN LONG x, IN LONG y, IN LONG width, IN LONG height, IN LONG lineWidth, IN COLORREF color); // 绘制矩形 static BOOL GDIDrawRectFill(IN LONG x, IN LONG y, IN LONG width, IN LONG height, IN COLORREF color); // 填充矩形 static BOOL GDIDrawCircle(IN LONG x, IN LONG y, IN LONG r, IN COLORREF color, IN LONG lineCount, IN LONG lineWidth); // 绘制圆圈 // D3DX9 Draw static BOOL D3DDrawInit(IN DRAW_LOOP drawLoop, IN INT fontSize = 16); // 初始化绘制 static BOOL D3DDrawDestroy(); // 结束绘制 static BOOL D3DDrawFps(IN INT fontSzie); // 绘制FPS static BOOL D3DDrawText(IN LONG x, IN LONG y, IN LPCWSTR str, IN D3DCOLOR color, IN INT fontSize = 16); // 绘制文本 static BOOL D3DDrawLine(IN FLOAT x1, IN FLOAT y1, IN FLOAT x2, IN FLOAT y2, IN FLOAT lineWidth, IN D3DCOLOR color); // 绘制线条 static BOOL D3DDrawRect(IN FLOAT x, IN FLOAT y, IN FLOAT width, IN FLOAT height, IN FLOAT lineWidth, IN D3DCOLOR color); // 绘制矩形 static BOOL D3DDrawRectFill(IN FLOAT x, IN FLOAT y, IN FLOAT width, IN FLOAT height, IN D3DCOLOR color); // 填充矩形 static BOOL D3DDrawCircle(IN FLOAT x, IN FLOAT y, IN FLOAT r, IN D3DCOLOR color, IN LONG lineCount, IN FLOAT lineWidth); // 绘制圆圈 // IMGUI DX11 Draw static BOOL IMGDrawInit(IN DRAW_LOOP drawLoop, IN INT fontSize = 16); // 初始化绘制 static BOOL IMGDrawDestroy(); // 结束绘制 static BOOL IMGDrawFps(); // 绘制FPS static BOOL IMGDrawText(IN FLOAT x, IN FLOAT y, IN LPCWSTR str, IN IMGCOLOR color); // 绘制文本 static BOOL IMGDrawLine(IN FLOAT x1, IN FLOAT y1, IN FLOAT x2, IN FLOAT y2, IN FLOAT lineWidth, IN IMGCOLOR color); // 绘制线条 static BOOL IMGDrawRect(IN FLOAT x, IN FLOAT y, IN FLOAT width, IN FLOAT height, IN FLOAT lineWidth, IN IMGCOLOR color); // 绘制矩形 static BOOL IMGDrawRectFill(IN FLOAT x, IN FLOAT y, IN FLOAT width, IN FLOAT height, IN IMGCOLOR color); // 填充矩形 static BOOL IMGDrawCircle(IN FLOAT x, IN FLOAT y, IN FLOAT r, IN IMGCOLOR color, IN LONG lineCount, IN FLOAT lineWidth); // 绘制圆圈 // Utils static BOOL ForceDeleteFile(IN PCWSTR filePath); // 强制删除文件 filePath 为宽字符路径 例如 L"C:\\123.exe" static DWORD64 GetModuleBase(IN DWORD pid, IN PCWSTR moduleName); // 取进程模块基址 static BOOL ProcessHide(IN DWORD pid, IN BOOL hide = TRUE); // 隐藏进程 hide==0时回复隐藏 Warning: 如果要用绘制,请先初始化绘制模块再隐藏进程 static BOOL WindowHide(IN HWND hwnd); // 隐藏窗口 反截图 static DWORD GetProcessId(IN PCWSTR processName);// 根据进程名称获取ID static BOOL InjectDll(IN DWORD pid, IN PCWSTR dllPath);// DLL注入
ToDo:
- MDL Read MDL 读内存
- MDL Write MDL 写内存
- Keyboard and Mouse 驱动键鼠
- GetModuleBase 取进程模块基址
- ForceDeleteFile 强删文件
- ProcessHide 进程隐藏
- WindowHide 窗口隐藏
- GetProcessId 获取进程 ID
- InjectDll DLL 注入
- GDI 绘制 API
- D3D DX9 绘制 API
- IMGUI DX11 绘制 API
- 打包为 Lib 和 Dll
- 转易语言模块
- 驱动隐藏
-
Windows 内核隐藏驱动源码
Driver_Hide_And_Camouflage
Due to the use of a large number of Windows unexported functions, Need to modify InitAllOffSet() at Kernel_PDB.c
Win10 and Win11 tested for 40+hours without being detected by patchguard
Hide:
Driver loaded( Test_Drv.sys ),But ARK Not found:
Camouflage:
1:Test_Drv.sys —–> 360AntiHacker64.sys
Unsigned driver disguised as 360 driver
Look at the device name, this is my driver and device
2: Test_Drv.sys —–> EasyAntiCheat.sys
-
阿里云轻量限速清洗解决办法
在顶部左边选择实例区域—点开对应的ip,设置清洗阈值 bps 250Mbps |pps: 50000
这样就不会触发清洗被限速了,这是阿里云挖的坑
-
vs双机调试
1.VS201X 以下任一版本都可以: Visual Studio Community 201X, Visual Studio Professional 201X,Visual Studio Enterprise 201X. (根据:以前的 WDK 版本和其他下载 – Windows drivers | Microsoft Docs,Visual studio也不是任一版本都可以安装的, 见下面图(5) Windows 版本/build No. 及对应的Visual studio版本)
2.Windows 11 SDK (版本:10.0.XXXXX), 有两种途径安装SDK:1) 在VS2019 installer 中选择安装,见下面的图(1)。2)在SDK的存档页面选择安装: ( Windows SDK 存档 – Windows 应用开发)
3.Windows 11 WDK(Windows Driver kit),版本:10.0.XXXXX , ( 以前的 WDK 版本和其他下载 – Windows drivers | Microsoft Docs)
ERROR: Task “Installing VC Redist (x64)” failed to complete successfully. Look at the logs in the driver test group explorer for more details on the failure.
错误的解决办法是卸载掉系统安装的vc运行库
sdk和wdk必须要和系统的编译版本号相等,比如下面是19041相同才可以在vs中配置成功,要不会出现Windows Driver Testing Framework 安装失败错误
如果出现创建还原点错误,不用管它.
老版本vs wdk sdk下载地址
https://learn.microsoft.com/zh-cn/windows-hardware/drivers/legacy-wdk-downloads
windows 各版本支持的sdk列表
https://developer.microsoft.com/zh-cn/windows/downloads/sdk-archive
1. 启用测试签名
bcdedit /set testsigning on
bcdedit /set nointegritychecks on2. 禁用驱动强制签名
bcdedit /set loadoptions DISABLE_INTEGRITY_CHECKS
bcdedit /set advancedoptions on3. 重启
shutdown /r /t 0
WinDbg Preview 商店版下载方式
首先打开商店搜索WinDbghttps://apps.microsoft.com/store/detail/windbg-preview/9PGJGD53TN86?hl=zh-cn&gl=CN
得到9PGJGD53TN86应用标识
再通过这个网站下载商店应用安装包https://store.rg-adguard.net
输入框左边URL改成ProductId,右边输入9PGJGD53TN86点击按钮
下载最新版本的msixbundle格式的文件。
下载后直接7zip解压,再找到x64.app解压,就会看到DbgX.Shell.exe,运行就可以了。不用安装
