YOUR FIRST KERNEL DRIVER (FULL GUIDE)
Рет қаралды 88,118
Күн бұрынTo try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/cazz/. The first 200 of you will get 20% off Brilliant’s annual premium subscription.
In this video we use Visual Studio to code an IOCTL driver for any version of Windows. The driver itself implements a custom way to read/write process memory. Alongside this we program a "user mode" application which can communicate with the driver to send it requests. This combination will effectively bypass most user mode anti-cheats out there.
Fair warning though, this is an introduction to kernel development in the world of game hacking, it does not use advanced techniques and WILL NOT bypass any decent kernel anti-cheats like Battleye or Easy Anti-Cheat. Not to mention the safety (or lack thereof) of kdmapper which has its own detection problems.
This video is meant to introduce someone who is comfortable with internal/external game hacking to the world of kernel development. We set up a virtual machine and I teach you how to debug it as well.
I encourage you to use the times stamps down below and a big shoutout to Madz for the idea 😘
💎 Source code is available for my Patrons!
/ cazzwastaken
💎 Join our community over on Discord!
/ discord
💎 Support me with a donation!
www.paypal.com/donate/?hosted...
→ Instagram: / cazzwastaken
→ X (Twitter): / cazzwastaken
→ GitHub: github.com/cazzwastaken
→ Email: cazzwastaken@gmail.com
⏰Chapters⏰
00:00 Introduction
02:17 Installing Visual Studio
04:18 Installing WDK (Windows Driver Kit)
05:44 Installing VMWare Player
07:00 Obtaining an OS Disk Image
08:38 Setting up the VM (Virtual Machine)
11:05 Configuring Windows & Installing VMWare Tools
12:01 Setting up VM for Kernel Debugging
13:30 Installing WinDbg
13:56 Configuring VM Windows for Debugging
15:03 Disabling Anti-Virus
16:24 Setting up the Host for Kernel Debugging
18:26 Setting up WinDbg
19:10 Testing kernel debugging
19:57 Acquiring kdmapper
22:47 Setting up the Solution (Master project)
23:37 Creating the UM project (User Mode)
27:32 Creating the KM project (Kernel Mode
30:20 Undocumented Windows Functions
31:22 IOCTL Codes
34:07 UM/KM Request Struct
35:17 Coding DriverEntry
39:02 Coding driver_main
42:22 Setting up Driver Major Functions
46:56 Coding driver::device_control
55:20 Coding a test User Mode program
57:48 Creating UM Driver Framework
01:02:17 Implementing Read/Write Process Memory
01:06:14 Attaching to "notepad" example
01:09:11 Debugging our Driver Test
01:15:20 Getting CS2 offsets
01:16:53 Coding the CS2 "cheat"
01:22:55 Testing the CS2 "cheat"
01:23:40 Outro
📝Resources 📝
→ Visual Studio: visualstudio.microsoft.com/do...
→ Windows Driver Kit: learn.microsoft.com/en-us/win...
→ VMWare Player: www.vmware.com/products/works...
→ Windows 11: www.microsoft.com/software-do...
→ Secure Boot: learn.microsoft.com/en-us/win...
→ Latest WinDbg: learn.microsoft.com/en-us/win...
→ kdmapper: github.com/TheCruZ/kdmapper
→ CS2 offsets: github.com/a2x/cs2-dumper
→ Reading KM Debug Messages: learn.microsoft.com/en-us/win...
👀 References 👀
github.com/beans42/kernel-rea...
⚡See More ⚡
→ Learn Game Hacking: • How to LEARN HACKING
→ Reverse Engineering: • Learn Reverse Engineer...
→ Chams: • REAL CSGO CHAMS - DRAW...
→ CreateMove: • Hook CreateMove From S...
→ Internal Menu: • IMGUI INTERNAL DIRECTX...
→ Aimbot: • MAKE AIMBOT IN 10 MINUTES
🌌 Disclaimer 🌌
This video was sponsored by Brilliant.
This video was created for educational purposes.
Shout out to @lucid_horizons for the thumbnail ⭐
@cazz 2 ай бұрын
To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/cazz/. The first 200 of you will get 20% off Brilliant’s annual premium subscription.
@popcornpizza8869 2 ай бұрын
W sponsorship
@Cameraman-lr4vb Ай бұрын
get_module_base is not working
@Giuseppe-ij5qz 2 ай бұрын
"Look I can even do it backwards." Absolute monster XD
@obiotwastaken 2 ай бұрын
yes.
@sudowtf 2 ай бұрын
I was going to propose to Cazz if he could make slightly longer videos and this man just drops over an hour of content😂 Dude’s already absolutely going off the rails in all the good ways. Definitely gonna watch this whole! ❤ my guy
@biigsmokee 2 ай бұрын
Finding resources this good is extremely difficult, thanks for releasing this content for free legend
@user-ew5pb5nj2k 2 ай бұрын
it's not you people just can't read
@dkkogmaw1311 2 ай бұрын
its legit not your just a paster sadly
@buddy3852 2 ай бұрын
@@dkkogmaw1311on god. He thinks he’s learning something from the video. These people have lost their mind
@timnonik2736 2 ай бұрын
@@buddy3852 Are you serious? Its literally a step-by-step how to access any process memory from a self written kernel driver. But sure, thats not useful to anyone.
@buddy3852 2 ай бұрын
@@timnonik2736 Yes, I am very serious. This is the most common, easiest, most plastered source/PoC of 'bypassing' an anti-virus / anti-cheat in the world. If you don't actually understand how it works, you will achieve and learn nothing. And saying it's "self-written" is a fucking joke. Typing it out on your own doesn't make it self-written. That's like saying "Well I hook something else than he does, so it's unique!"
@chavo6613 2 ай бұрын
Thank you so much Cazz for sharing all your knowledge with us man 🔥
@trechosdesucessooficial 2 ай бұрын
Bro this is like a course omg thank you for this knowledge u are the best!
@justaspeedrunner 2 ай бұрын
I have no intention to make a kernel cheat, I don't even use windows, and yet here I am anyway
@cazz 2 ай бұрын
“I don’t even use windows” is based, glad you’re here bru
@execute214 2 ай бұрын
same, arch user here
@mona.supremacy 2 ай бұрын
@@cazz in fact, using windows for development always seemed to be MUCH more complicated and nuanced to me. So yeah, it's you are the one being based here to deal with all that MS nonsense while staying super productive still.
@juanm3058 2 ай бұрын
oml what are you using then
@nikos4677 2 ай бұрын
@@execute214 btw...
@REZOLVER 2 ай бұрын
Amazing video! Thanks for this detailed tutorial!
@Eloii_Xia 2 ай бұрын
Thank you for sharing these valuable resources! Much appreciated ❤
@Martin_Val 2 ай бұрын
I was waiting for this!!! ❤❤
@phynae 2 ай бұрын
Thanks Cazz! I learned so much from you in the past few weeks. Humanity can be proud to have you. Keep going. You are my main source when it comes to c++ and game hacking in general!
@goozjeesh46 2 ай бұрын
wow i have been waiting for this! thank you!
@greeky7112 2 ай бұрын
Cazz never disappoints us
@turb0004 2 ай бұрын
It's incredible. Thanks for your work. Your videos are always interesting but this one is the best. I'm waiting for more 👏
@gastervb 5 күн бұрын
Why haven't I seen this channel earlier? There is a lot of stuff that I can learn about windows and game cheats. Now I need to watch every single video to know everything. Thanks for your work.
@nairbotisol9339 2 ай бұрын
Amaizing tutorial! Thanks.
@TBaxxx 2 ай бұрын
Thank you cazz ❤🔥🔥
@Ace-vq7jm 2 ай бұрын
Thank you for making videos man, and not only just making them but putting in so much effort. I just wish I had this level of motivation towards something lol
@Joelmatic 2 ай бұрын
This is amazing, Thanks you for this video.
@t.n.a.1703 27 күн бұрын
This video is awesome and I learned a lot. Thank you very much cazz! It would be great if you could make more videos about drivers. e.g. minifilters, anti-delete for our cheat solutions or kernel mode bypasses.
@mariobabic9326 2 ай бұрын
thank u so much brother this is exactly the video i needed
@Compyler 2 ай бұрын
THE RETURN OF THE KING Welcome back Cazz 👑
@I.walk_with_a_stick 2 ай бұрын
DUDE NO WAY I WAS SEARCHING YESTERDAY FOR A TUT AND CAZZ SAVED THE DAY TODAY!!!!!!
@nolancao2878 2 ай бұрын
thanks a lot for this.
@GoblinProductions69 Ай бұрын
Great Video as always. Where did you learn stuff like that anyway?
@thecircusb0y1 2 ай бұрын
LOVE YOUR CHANNEL , Please please please keep it up.
@LukeTKC 2 ай бұрын
Damn lol, just discovered your channel start of this month when coding for my DMA cs2 cheat, you videos helped with some additional knowledge. pretty convenient how you start uploading now again😂 Welcome back
@Michtar 2 ай бұрын
hi tkcz
@PXINXYZ 2 ай бұрын
Wtf real tkcz?!?
@mariobabic9326 2 ай бұрын
which dma device are u using for cs2? also why do you use dma when u can simply use a kernel driver like shown in the video?
@airtrack9540 2 ай бұрын
@@mariobabic9326 Maybe Faceit?
@itzlaith 2 ай бұрын
@@mariobabic9326 dma for faceit cheating
2 ай бұрын
I use Linux exclusively on literally all my devices but boy do I enjoy this kind of content, pop corn ready
@roKoTHC 2 ай бұрын
I'd recommend using physical memory for communication. Create a r/w struct in your application and have the driver grab/fill data through physical memory reads and writes.
@murderspree Ай бұрын
Could you elaborate on why?
@abuelo_gen 2 ай бұрын
You are awesome, keep going and i hope you success
@kianjs 2 ай бұрын
Cazz gives me a tingly feeling with these videos
@w42s 2 ай бұрын
Hello coded it up yesterday works like a charm I love it. Thanks so much! but I gotta rather picky question just simply why the bool in_air reversed?
@FloofyPlasma 2 ай бұрын
LOL perfect timing, was just considering making one a few days ago.
@Adrian00213 2 ай бұрын
great stuff!! 🥰 One anticheat i am trying to brake hopefully with this guid is using TLS callback as way to know if user is doing sketchy stuff. Would this method bypass the check? Is there another way i could bypass the TLS callbacks?
@krillinbaldhead9863 2 ай бұрын
p2c in shambles after this comes out, good job Cazz !!!
@adamjung9547 2 ай бұрын
thank you just what I've been looking for i'm early:)
@ningu1036 2 ай бұрын
CAZZZZ FINALLY LETS GOOO!!!
@andrew_111 2 ай бұрын
It made my day
@zxuiji 2 ай бұрын
Thanks, I'm planning on writing a driver api wrapper in the future to minimise differences between linux and msw so this was helpful for that future plan. For now though I'll be focusing on a separate more important project for ending the need for compiling *.exe/*.elf/*.dll/*.so directly (in most cases, certain exceptions apply, underlying wrappers can still be used though)
@alexandrohdez3982 2 ай бұрын
I do enjoy 👏👏👏👏👏👏
@inqmusician2 Күн бұрын
MS devs back in the day didn't call the blue screen "blue screen of death". They call it simply blue screen or a BugCheck. BugCheck(or KeBugCheck) is a function down in the NT API that allows to raise the blue screen in the event that something down in the kernel. I'm here mostly for malware development, because the knowledge between cheat development and malware development is interchangeable. Like creating drivers and making malware that is invisible to the antiviurs or an IDS program. Or bypasssing anticheats, that are behaving like antiviruses themselves. The more you live, the more you learn.
@egely1337 2 ай бұрын
great content!
@TVSh0rts 2 ай бұрын
Do you know any other articles/tutorials/resources that teach more advanced stuff about kernels?
@Luzum 2 ай бұрын
I've been waiting for this for so long, very anticipated, can't wait to start. Thanks cazz!
@henriquematias1986 2 ай бұрын
Amazing content!! As a side note, i was wondering: I got a firewire soundcard that has no drivers for the latest Windows.. Considering we know what is the FireWire chip you think we could code one ourselves? Is there such a thing as reverse engineering a driver already made and then updating it?
@julius3066 2 ай бұрын
i fully rebuild the code from the its amazing!!
@dexx0 2 ай бұрын
yoooo bro DROPPEDDDD
@senkuu2318 2 ай бұрын
first time in my entire life leaving a comment when a video posted recently
@bezik572 Ай бұрын
Thank you for your video! It was pretty clear, however, could you please tell me, how did you find the IoCreateDriver and the other if it isn't documented? How can I find the other functions which are not documented? Thank you!
@christianross2567 2 ай бұрын
"I really hope this doesn't ruin cs2" UD cheats are like 5 bucks a month already lol. Great video, as always. Really appreciate your hard work.
@oroelcobaya06 2 ай бұрын
if you want to sell a cs2 cheat, just paste aimstar's src and change its menu
@sh9351_dev 2 ай бұрын
you forgot the part where I try running it in my host and it bluescreens and bootloops But honestly, great content! Though I'm not into C++, still love your videos ❤
@sxmrrz 2 ай бұрын
Bro did u ever figure this out? Fucked my pc the first time, reset my entire pc and tried again and it’s fucked again so now I gotta reset it again😢 I just wanna learn dawg
@Cipsko 2 ай бұрын
This is for what are vms
@llozyyyy8567 2 ай бұрын
LOVE U CAZZ
@patrick_pati5036 Ай бұрын
Nice video would you do that same thing for a Normal Injector ?
@telmaceyakidua4088 2 ай бұрын
If you want to use this without KDMapper (I have AMD chip, so i use disable DSE instead): just write everything in DriverEntry function and delete IoCreateDriver implementation. To load just use (cmd -admin): sc create your_service_name type= kernel binPath= c:\yourDriver\yourDriver.sys then disable DSE sc start your_service_name
@malcoder 4 күн бұрын
MORE PLEASE!
@sepremz 2 ай бұрын
Thanks bud
@icz 2 ай бұрын
I liked your vid before started watching
@godzab 2 ай бұрын
More please 🙏
@Lojdika Ай бұрын
A tutorial for user mode driver (UMDF V2) would be greatly appreciated. This video is invaluable, nevertheless.
@Andoxico 2 ай бұрын
Do you have any resources for studying how to bypass kernel level anti-cheats?
@akakamaz7382 2 ай бұрын
im too incompetent to make a cheat, nor do i want to make one, but youtube continues to recomend me this channel
@Bukharian-gw8mv 2 ай бұрын
whats the harm in trying, go for it.
@akakamaz7382 2 ай бұрын
@@Bukharian-gw8mv the harm is me getting baned 😂, or geting a virus by downloading the tools 🙄, or corruping my os onto oblivion given that the tutorial is a kernel cheat 😫
@Bukharian-gw8mv 2 ай бұрын
@@akakamaz7382 😂 lmao and for that reason alone in trying it on my spare laptop.
@G5XD 2 ай бұрын
@@akakamaz7382getting banned is so easily avoidable. You’re definitely not gonna get a virus, and the incredible part about a VM is you won’t fuck your pc.
@NaniteWRLD Ай бұрын
Cazz, why does your Visual Studio looks so modern, I really want this design.
@DrWasabiii Ай бұрын
its the 'preview' version hes using 3:15 - Hope it helps :)
@NaniteWRLD Ай бұрын
@@DrWasabiii Hey, I was using the preview version while watching this video, but I see that he is also using community. It might be a extension or something.
@RENNE44 2 күн бұрын
Could you do a video on either MmMapIo Managing / Usage or creating a loader/mapper tool for the drivers like say using a DSE Bypass to load a driver over NtLoad and then using that driver to map the other driver into kernel space with a pre-defined object and then calling the OEP and starting a thread out of the mapping driver to bypass Ps Module Lists in the NTOSKRNL Structs? I've been studying this and a lot of other people do too so it would be cool.
@RENNE44 2 күн бұрын
And maybe using other driver communication methods like encrypted post-server kSockets or HW Paging BP with register spoofing to interpret calls in the kernel using a custom dispatch in the PE of the usermode program? Maybe even try teaching people more about NTOSKRNL, EPROCESS, Ps, PEB/TEB, Etc?
@EazyGoatz 2 ай бұрын
Make a video on how you learned assembly
@StrongerFX 2 ай бұрын
ty cazz S2
@Jujudo 27 күн бұрын
This is the sickest thing ever
@manhvo242 29 күн бұрын
This is an absolute W
@Mustlight 2 ай бұрын
Your visual studio looks awesome how can i do it like this?
@mobslicer1529 2 ай бұрын
for real, i would love to know what extensions he's got
@Cipsko 2 ай бұрын
@@mobslicer1529bro he seriously told this in the video on vs installation
@youngv3ru 2 ай бұрын
Thats a good tutorial actually. Its very helpful. Definetely Recommend this guy!
@tin13001 5 күн бұрын
You should do a part 2 continue building on this driver. Swap out IOCTL for UM-KM shared memory, pointer/function hooking, callbacks. Maybe impersonate a PatchGuard thread? ;)
@rikoboo Ай бұрын
legend is spoon feeding us, watch it whole dont skip u dont wanna miss anything important
@TreznTM 2 ай бұрын
about to make a fortnite p2c with this. Thanks boss 🙏🙏
@Dann.y 2 ай бұрын
This is epic
@disenchantedcardgd9878 2 ай бұрын
Can you make a tutorial on kernel's for kernel anti-cheats?
@noahsndergaard9297 2 ай бұрын
Keep up the good work Cazz, you're always so down to earth. So it's always so chill to watch your vids🥇
@levinho108 2 ай бұрын
Bro please make a video that how to make Bypass for those games that need Emulator like PUBG. love you bro from Afghanistan!
@ihebmahmoud6753 Ай бұрын
im working on one but pubg steam
@rlynotabot 2 ай бұрын
How did I miss this channel ?
@popcornpizza8869 2 ай бұрын
Nice
@OmegaService. Ай бұрын
Jo man, can you make maybe a Ida pro video, how to find entity list + localplayer, vars ect… In x64 bit game?
@Zarrmo 2 ай бұрын
1:21:07 how u enabled showing "vKey" near VK_SPACE ?
@shialex2553 2 ай бұрын
u have to make big video about esp(internal) on cs2, it is gonna be interesting
@Olafm 2 ай бұрын
Thanks! Ur uploads always have me "hooked" haha ...
@mokouu Ай бұрын
Gratitude be upon thee for bestowing thy wisdom without demand of coin
@Celestenshi 28 күн бұрын
demandeth**
@jarjava11 2 ай бұрын
It would be great to create a library in C# like memory.dll using kernel drivers with simple methods like readfloat readstring and so on but I see that people collaborate little sometimes
@akaipureya3380 2 ай бұрын
!!!!!! IMPORTANT If you making driver for Tarkov, be carefully with "bcdedit /debug on" and dont forget write "bcdedit /debug off" after debugging on VM, because you can catch game freezes completely
@a_talking_potato8390 4 күн бұрын
Im trying to make a valorant color triggerbot but i just cant figure it out. Ive tried for hours and nothing is working, could you maybe make a video about triggerbots or something? Love your videos
@imedox_dz 2 ай бұрын
wooow amazing, thanks for the video, the FIRST KERNEL DRIVER full tutorial in youtube 👀
@smokinglife8980 2 ай бұрын
No
@imedox_dz 2 ай бұрын
No! 🤨already have full tutorial for KERNEL DRIVER from scratch! on youtube befor that one?@@smokinglife8980
@aboveall777 Ай бұрын
hey bro i want to ask u is visual studio not anymore safe which alternative should i use?
@r0xt0 Ай бұрын
visual studio is safe use it
@xeigar 18 күн бұрын
hello can i ask if i the cs hack will work to cs2? if i change the basics and the assets?
@AbdullahYazbahar 2 ай бұрын
Me: wow, really cool NoOne: CS2 devs watching carefully
@deze-nk6gx 16 күн бұрын
im unable to find FoceJump in the offsets have they changed?
@ai_coding Ай бұрын
So if u make ur own kernel driver it will be detected by AV? Unless u get it signed off by Microsoft?
@gfhfhfhgfhfhgfhg107 2 ай бұрын
I know this is a dumb question, but im completely new to C++ / C and also Driver Development. Heres my question: Lets say you call a function from Kernel and want to return a string as the output buffer, would this be possible? Could I somehow receive the string in UM?
@Kaliyaz_GT 2 ай бұрын
ask this to chatgpt
@gfhfhfhgfhfhgfhg107 2 ай бұрын
@@Kaliyaz_GT ChatGPT does NOT give the right answers lmao, but with a bit of more learning I figured it out, I was kinda dumb at that time
@Kaliyaz_GT 2 ай бұрын
you can bypass chatgpt filter then gpt can give out any info@@gfhfhfhgfhfhgfhg107
@Brutalslayer69 13 сағат бұрын
Bro please explain how to get around kernel anti-cheats next video ;)
@RayChism 2 ай бұрын
no wonder you’ve been quiet can only imagine how long this took
@smokinglife8980 2 ай бұрын
Like 1hr if you are bad at coding 😂
@cazz 2 ай бұрын
It definitely took some time to put together and a few revisions, thanks for the comment brother
@mezzo6 2 ай бұрын
is it ppossible of using this driver for eac? or fortnite in general for an external?
@Kutila622 2 ай бұрын
He said at the begining of the video, that this driver can bypass usermode anti cheats like VAC because it's crap. But for kernel anti cheats like EAC/BE.... this won't work and require much more things to do.
@wavyyy5 2 ай бұрын
useful
@Scorpion-qn2mn 17 күн бұрын
In offsets there is no dwForceJump now. So what to do?
@jordanwright6854 Ай бұрын
I figured you were South African but when I heard the "yoh if I could spell" I knew
@Mezbelelik Ай бұрын
How can I call the game function? I couldn't find any resources on this topic. For example, I want to call the jump function. Could you create a video about it?