To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/cazz/. The first 200 of you will get 20% off Brilliant’s annual premium subscription.
Timeline: 43:30 Programming The Windows Driver Model by Walter Oney and Windows Kernel Programming by Pavel Yosifovich warned against touching the IRP after calling IoCompleteRequest(). Did you take that into consideration? I noticed that you touched the IRP after calling IoCompleteRequest() by following with return irp->IoStatus.Status. They pointed out that it could lead to system crash.
I was going to propose to Cazz if he could make slightly longer videos and this man just drops over an hour of content😂 Dude’s already absolutely going off the rails in all the good ways. Definitely gonna watch this whole! ❤ my guy
@@buddybrax Are you serious? Its literally a step-by-step how to access any process memory from a self written kernel driver. But sure, thats not useful to anyone.
@@timnonik2736 Yes, I am very serious. This is the most common, easiest, most plastered source/PoC of 'bypassing' an anti-virus / anti-cheat in the world. If you don't actually understand how it works, you will achieve and learn nothing. And saying it's "self-written" is a fucking joke. Typing it out on your own doesn't make it self-written. That's like saying "Well I hook something else than he does, so it's unique!"
Why haven't I seen this channel earlier? There is a lot of stuff that I can learn about windows and game cheats. Now I need to watch every single video to know everything. Thanks for your work.
Thanks Cazz! I learned so much from you in the past few weeks. Humanity can be proud to have you. Keep going. You are my main source when it comes to c++ and game hacking in general!
Tutorials like this where things are really spelled out for you are so valuable. Thank you. The game hacking community can be very gatekeep-y at with information and people like me just need things shown to them to understand. Appreciate you.
Damn lol, just discovered your channel start of this month when coding for my DMA cs2 cheat, you videos helped with some additional knowledge. pretty convenient how you start uploading now again😂 Welcome back
MS devs back in the day didn't call the blue screen "blue screen of death". They call it simply blue screen or a BugCheck. BugCheck(or KeBugCheck) is a function down in the NT API that allows to raise the blue screen in the event that something down in the kernel. I'm here mostly for malware development, because the knowledge between cheat development and malware development is interchangeable. Like creating drivers and making malware that is invisible to the antiviurs or an IDS program. Or bypasssing anticheats, that are behaving like antiviruses themselves. The more you live, the more you learn.
Note for future reference: the offsets (and client_dll.hpp for that matter) use nested namespaces so either use something like cs2_dumper::offsets::client_dll::dwLocalPlayerPawn or declare parent namespaces with: using namespace cs2_dumper::offsets; otherwise visual studio won't help you much since there are 2 instances of the client_dll namespace so you gotta specify which one you want exactly (one inside offsets.hpp under cs2_dumber::offsets::client_dll and one inside cliend_dll.hpp under cs2_dumper::schemas::client_dll) edit: same goes for the rest of the nested namespaces or user aliases: namespace client_dll = cs2_dumper::schemas::client_dll; namespace offsets = cs2_dumper::offsets::client_dll;
Thank you for making videos man, and not only just making them but putting in so much effort. I just wish I had this level of motivation towards something lol
This video is awesome and I learned a lot. Thank you very much cazz! It would be great if you could make more videos about drivers. e.g. minifilters, anti-delete for our cheat solutions or kernel mode bypasses.
@@Bukharian-gw8mv the harm is me getting baned 😂, or geting a virus by downloading the tools 🙄, or corruping my os onto oblivion given that the tutorial is a kernel cheat 😫
@@akakamaz7382getting banned is so easily avoidable. You’re definitely not gonna get a virus, and the incredible part about a VM is you won’t fuck your pc.
@@akakamaz7382 banned is an issue but virus??? The tools wont harm you. The reason why you set up a VM is because it is kernel and you need to debug and fix issues that corrupts your pc.
If anyone has "No certificates were found that met all the given criteria SIGNTASK" then: Go to properties of Kernel Project -> Driver Signing -> General and set Sign Mode to "Off"
Great video! Btw, if someone gets an error about lower version of WDK extension than VS requires, then install WDK through the windows installer (individual component)
After "bcdedit /debug on" and rebooting, things can start going crazy. Slow boot, freezes time-to-time. As far as I have read - this is UEFI/BIOS nuances. bcdedit can be slower on UEFI systems due to synchronization between NVRAM (which holds UEFI boot variables) and the BCD (Boot Configuration Data) stored in the registry. If anybody faces this - do not freak out. Just disable kernel debugging. Things should go back to normal 💪
brooo i wish i read this before i reset my pc lol i didnt actually know what caused it and i thought that this _surely_ wouldnt of messed up my pc out of all the things i did but i guess i was wrong. is there any way to fix this?
@@Hostlyy same 😅 Reset my pc, then made the investigation. Haven’t found the solution, but next time i knew the issue, so waited all the freezes, debugged the driver and disabled debug mode. Not the best way to deal with the things, still i made my way.
@@hooliganez no yeah tbf my pc needed that reset since i havent reset since i got it now everything runs smoother even on debug mode for most normal operations except from games with kernel ac i think
Thank you for your video! It was pretty clear, however, could you please tell me, how did you find the IoCreateDriver and the other if it isn't documented? How can I find the other functions which are not documented? Thank you!
You should do a part 2 continue building on this driver. Swap out IOCTL for UM-KM shared memory, pointer/function hooking, callbacks. Maybe impersonate a PatchGuard thread? ;)
you forgot the part where I try running it in my host and it bluescreens and bootloops But honestly, great content! Though I'm not into C++, still love your videos ❤
Bro did u ever figure this out? Fucked my pc the first time, reset my entire pc and tried again and it’s fucked again so now I gotta reset it again😢 I just wanna learn dawg
@@sxmrrzjust learn about “driver hijacking” if your making a cheat. Unless you get your stuff signed by Microsoft it’s pointless. If not then I’d still look into hijacking
@@outcome2715 yeah fs. I got this all figured out months ago and made a solid cheat with it. Even if it’s not signed VAC is UM so this is overkill anyway
Thanks this is very informative video but can you make a video for vanguard bypass for Leauge of Legends? or just how to disassemble the vanguard. sys and find how to bypass
!!!!!! IMPORTANT If you making driver for Tarkov, be carefully with "bcdedit /debug on" and dont forget write "bcdedit /debug off" after debugging on VM, because you can catch game freezes completely
Thanks, I'm planning on writing a driver api wrapper in the future to minimise differences between linux and msw so this was helpful for that future plan. For now though I'll be focusing on a separate more important project for ending the need for compiling *.exe/*.elf/*.dll/*.so directly (in most cases, certain exceptions apply, underlying wrappers can still be used though)
great stuff!! 🥰 One anticheat i am trying to brake hopefully with this guid is using TLS callback as way to know if user is doing sketchy stuff. Would this method bypass the check? Is there another way i could bypass the TLS callbacks?
If you want to use this without KDMapper (I have AMD chip, so i use disable DSE instead): just write everything in DriverEntry function and delete IoCreateDriver implementation. To load just use (cmd -admin): sc create your_service_name type= kernel binPath= c:\yourDriver\yourDriver.sys then disable DSE sc start your_service_name
Hey man! Tysm for the video, truly appreciate it. Just wanted to ask how to go about a driver that works for AC’s that run on KM and not UM, for example EAC. Asking because I want to code a driver for Apex
Could you do a video on either MmMapIo Managing / Usage or creating a loader/mapper tool for the drivers like say using a DSE Bypass to load a driver over NtLoad and then using that driver to map the other driver into kernel space with a pre-defined object and then calling the OEP and starting a thread out of the mapping driver to bypass Ps Module Lists in the NTOSKRNL Structs? I've been studying this and a lot of other people do too so it would be cool.
And maybe using other driver communication methods like encrypted post-server kSockets or HW Paging BP with register spoofing to interpret calls in the kernel using a custom dispatch in the PE of the usermode program? Maybe even try teaching people more about NTOSKRNL, EPROCESS, Ps, PEB/TEB, Etc?
Amazing content!! As a side note, i was wondering: I got a firewire soundcard that has no drivers for the latest Windows.. Considering we know what is the FireWire chip you think we could code one ourselves? Is there such a thing as reverse engineering a driver already made and then updating it?
It would be great to create a library in C# like memory.dll using kernel drivers with simple methods like readfloat readstring and so on but I see that people collaborate little sometimes
To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/cazz/. The first 200 of you will get 20% off Brilliant’s annual premium subscription.
W sponsorship
get_module_base is not working
Timeline: 43:30 Programming The Windows Driver Model by Walter Oney and Windows Kernel Programming by Pavel Yosifovich warned against touching the IRP after calling IoCompleteRequest(). Did you take that into consideration?
I noticed that you touched the IRP after calling IoCompleteRequest() by following with return irp->IoStatus.Status.
They pointed out that it could lead to system crash.
"Look I can even do it backwards." Absolute monster XD
yes.
I was going to propose to Cazz if he could make slightly longer videos and this man just drops over an hour of content😂
Dude’s already absolutely going off the rails in all the good ways.
Definitely gonna watch this whole!
❤ my guy
Finding resources this good is extremely difficult, thanks for releasing this content for free legend
it's not you people just can't read
its legit not your just a paster sadly
@@dkkogmaw1311on god. He thinks he’s learning something from the video. These people have lost their mind
@@buddybrax Are you serious? Its literally a step-by-step how to access any process memory from a self written kernel driver. But sure, thats not useful to anyone.
@@timnonik2736 Yes, I am very serious.
This is the most common, easiest, most plastered source/PoC of 'bypassing' an anti-virus / anti-cheat in the world.
If you don't actually understand how it works, you will achieve and learn nothing.
And saying it's "self-written" is a fucking joke. Typing it out on your own doesn't make it self-written. That's like saying "Well I hook something else than he does, so it's unique!"
Why haven't I seen this channel earlier? There is a lot of stuff that I can learn about windows and game cheats. Now I need to watch every single video to know everything. Thanks for your work.
Thanks Cazz! I learned so much from you in the past few weeks. Humanity can be proud to have you. Keep going. You are my main source when it comes to c++ and game hacking in general!
I have no intention to make a kernel cheat, I don't even use windows, and yet here I am anyway
“I don’t even use windows” is based, glad you’re here bru
same, arch user here
oml what are you using then
@@execute214 btw...
@iaros.hbro i stg. I tried to install some standard libraries or something one time and gave up and haven’t tried to develop on windows since
Thank you so much Cazz for sharing all your knowledge with us man 🔥
Tutorials like this where things are really spelled out for you are so valuable. Thank you. The game hacking community can be very gatekeep-y at with information and people like me just need things shown to them to understand. Appreciate you.
I figured you were South African but when I heard the "yoh if I could spell" I knew
Just the first 30 minutes of the setup is gold -- very well explained, thank you. 🙏
Thanks!
THE RETURN OF THE KING
Welcome back Cazz 👑
Damn lol, just discovered your channel start of this month when coding for my DMA cs2 cheat, you videos helped with some additional knowledge. pretty convenient how you start uploading now again😂 Welcome back
hi tkcz
Wtf real tkcz?!?
which dma device are u using for cs2? also why do you use dma when u can simply use a kernel driver like shown in the video?
@@mariobabic9326 Maybe Faceit?
@@mariobabic9326 dma for faceit cheating
MS devs back in the day didn't call the blue screen "blue screen of death". They call it simply blue screen or a BugCheck. BugCheck(or KeBugCheck) is a function down in the NT API that allows to raise the blue screen in the event that something down in the kernel.
I'm here mostly for malware development, because the knowledge between cheat development and malware development is interchangeable. Like creating drivers and making malware that is invisible to the antiviurs or an IDS program. Or bypasssing anticheats, that are behaving like antiviruses themselves. The more you live, the more you learn.
Great Video as always. Where did you learn stuff like that anyway?
Bro this is like a course omg thank you for this knowledge u are the best!
I use Linux exclusively on literally all my devices but boy do I enjoy this kind of content, pop corn ready
Note for future reference: the offsets (and client_dll.hpp for that matter) use nested namespaces so either use something like cs2_dumper::offsets::client_dll::dwLocalPlayerPawn or declare parent namespaces with: using namespace cs2_dumper::offsets; otherwise visual studio won't help you much since there are 2 instances of the client_dll namespace so you gotta specify which one you want exactly (one inside offsets.hpp under cs2_dumber::offsets::client_dll and one inside cliend_dll.hpp under cs2_dumper::schemas::client_dll)
edit: same goes for the rest of the nested namespaces or user aliases:
namespace client_dll = cs2_dumper::schemas::client_dll;
namespace offsets = cs2_dumper::offsets::client_dll;
i had to figure this out myself. glad there is someone out there spreading this information. i hope you are placing this on his other tutorials.
@perq_hvh didn't think of it. I will
"I really hope this doesn't ruin cs2" UD cheats are like 5 bucks a month already lol. Great video, as always. Really appreciate your hard work.
if you want to sell a cs2 cheat, just paste aimstar's src and change its menu
Crowdstrike should watch this
Me: wow, really cool
NoOne: CS2 devs watching carefully
I was waiting for this!!! ❤❤
It's such a whelsome feeleing trying to learn something while U understand only 10% of what's going on there))
DUDE NO WAY I WAS SEARCHING YESTERDAY FOR A TUT AND CAZZ SAVED THE DAY TODAY!!!!!!
A tutorial for user mode driver (UMDF V2) would be greatly appreciated. This video is invaluable, nevertheless.
If anyone has perfomance issues on windows (booting and while using it) after this. Disabling bcdedit with bcdedit /debug off did the job for me
Thank you.. I was going insane wondering what I fucked up
Thank you for sharing these valuable resources! Much appreciated ❤
It's incredible. Thanks for your work. Your videos are always interesting but this one is the best. I'm waiting for more 👏
Thank you for making videos man, and not only just making them but putting in so much effort. I just wish I had this level of motivation towards something lol
first time in my entire life leaving a comment when a video posted recently
This video is awesome and I learned a lot. Thank you very much cazz! It would be great if you could make more videos about drivers. e.g. minifilters, anti-delete for our cheat solutions or kernel mode bypasses.
how long did it take you to learn all this man, my head explodes just by watching.
Amazing video! Thanks for this detailed tutorial!
im too incompetent to make a cheat, nor do i want to make one, but youtube continues to recomend me this channel
whats the harm in trying, go for it.
@@Bukharian-gw8mv the harm is me getting baned 😂, or geting a virus by downloading the tools 🙄, or corruping my os onto oblivion given that the tutorial is a kernel cheat 😫
@@akakamaz7382 😂 lmao and for that reason alone in trying it on my spare laptop.
@@akakamaz7382getting banned is so easily avoidable. You’re definitely not gonna get a virus, and the incredible part about a VM is you won’t fuck your pc.
@@akakamaz7382 banned is an issue but virus??? The tools wont harm you. The reason why you set up a VM is because it is kernel and you need to debug and fix issues that corrupts your pc.
If anyone has "No certificates were found that met all the given criteria SIGNTASK" then: Go to properties of Kernel Project -> Driver Signing -> General and set Sign Mode to "Off"
Broooooo Ur the fucking best. Thanks a lot
I was struggling so hard with this I ended up deleting my whole solution when I could have done this xD
thank you dudeee, helped
cheers
wow i have been waiting for this! thank you!
thankyou for your hardwork : easy to understand because of your explanation
legend is spoon feeding us, watch it whole dont skip u dont wanna miss anything important
Great video! Btw, if someone gets an error about lower version of WDK extension than VS requires, then install WDK through the windows installer (individual component)
Best practice is to match the latest version release of WDK and the Windows SDK.
Cazz gives me a tingly feeling with these videos
I can apply these methods to other games correct?
p2c in shambles after this comes out, good job Cazz !!!
Gratitude be upon thee for bestowing thy wisdom without demand of coin
demandeth**
After "bcdedit /debug on" and rebooting, things can start going crazy.
Slow boot, freezes time-to-time. As far as I have read - this is UEFI/BIOS nuances. bcdedit can be slower on UEFI systems due to synchronization between NVRAM (which holds UEFI boot variables) and the BCD (Boot Configuration Data) stored in the registry.
If anybody faces this - do not freak out. Just disable kernel debugging. Things should go back to normal 💪
brooo i wish i read this before i reset my pc lol i didnt actually know what caused it and i thought that this _surely_ wouldnt of messed up my pc out of all the things i did but i guess i was wrong. is there any way to fix this?
@@Hostlyy same 😅 Reset my pc, then made the investigation. Haven’t found the solution, but next time i knew the issue, so waited all the freezes, debugged the driver and disabled debug mode. Not the best way to deal with the things, still i made my way.
@@hooliganez no yeah tbf my pc needed that reset since i havent reset since i got it now everything runs smoother even on debug mode for most normal operations except from games with kernel ac i think
@@hooliganez also ur lithuanian right laba diena seni
Just use CSM/Legacy. Fuck Secure Boot. 😂
I've been waiting for this for so long, very anticipated, can't wait to start. Thanks cazz!
great tutorial great for beginners but i would recommend u only use this one usermode anti cheats as its the basic ioctl communication
Thank you for your video! It was pretty clear, however, could you please tell me, how did you find the IoCreateDriver and the other if it isn't documented? How can I find the other functions which are not documented? Thank you!
You should do a part 2 continue building on this driver. Swap out IOCTL for UM-KM shared memory, pointer/function hooking, callbacks. Maybe impersonate a PatchGuard thread? ;)
Wow dude, what a brilliant video!!!
Thank you cazz ❤🔥🔥
you forgot the part where I try running it in my host and it bluescreens and bootloops
But honestly, great content! Though I'm not into C++, still love your videos ❤
Bro did u ever figure this out? Fucked my pc the first time, reset my entire pc and tried again and it’s fucked again so now I gotta reset it again😢 I just wanna learn dawg
This is for what are vms
@@sxmrrzjust learn about “driver hijacking” if your making a cheat. Unless you get your stuff signed by Microsoft it’s pointless. If not then I’d still look into hijacking
@@outcome2715 yeah fs. I got this all figured out months ago and made a solid cheat with it. Even if it’s not signed VAC is UM so this is overkill anyway
Well thats why you test in on a vm first...
no wonder you’ve been quiet can only imagine how long this took
Like 1hr if you are bad at coding 😂
It definitely took some time to put together and a few revisions, thanks for the comment brother
BRO THIS VIDEO IS AMAZING
admin, he's doing it in ring 0
Hello coded it up yesterday works like a charm I love it. Thanks so much! but I gotta rather picky question just simply why the bool in_air reversed?
Bro please make a video that how to make Bypass for those games that need Emulator like PUBG.
love you bro from Afghanistan!
im working on one but pubg steam
LOVE YOUR CHANNEL , Please please please keep it up.
thank u so much brother this is exactly the video i needed
i suck at coding, thanks for making that clear again
Thanks this is very informative video but can you make a video for vanguard bypass for Leauge of Legends? or just how to disassemble the vanguard. sys and find how to bypass
You are awesome, keep going and i hope you success
This is amazing, Thanks you for this video.
!!!!!! IMPORTANT
If you making driver for Tarkov, be carefully with "bcdedit /debug on" and dont forget write "bcdedit /debug off" after debugging on VM, because you can catch game freezes completely
Yo doit the same of the video for tarkov??
Thanks, I'm planning on writing a driver api wrapper in the future to minimise differences between linux and msw so this was helpful for that future plan. For now though I'll be focusing on a separate more important project for ending the need for compiling *.exe/*.elf/*.dll/*.so directly (in most cases, certain exceptions apply, underlying wrappers can still be used though)
could you do a part 2 on this for injecting a DLL into a process from the kernel driver?
great stuff!! 🥰
One anticheat i am trying to brake hopefully with this guid is using TLS callback as way to know if user is doing sketchy stuff.
Would this method bypass the check?
Is there another way i could bypass the TLS callbacks?
Thats a good tutorial actually.
Its very helpful.
Definetely Recommend this guy!
thank you just what I've been looking for i'm early:)
Amaizing tutorial! Thanks.
i never knew csgo cheating was this wholesome
@@piecity4 orc from org :0
thanks for the upload
Do you know any other articles/tutorials/resources that teach more advanced stuff about kernels?
GH
Make a video on how you learned assembly
CAZZZZ FINALLY LETS GOOO!!!
I liked your vid before started watching
wooow amazing, thanks for the video, the FIRST KERNEL DRIVER full tutorial in youtube 👀
No
No! 🤨already have full tutorial for KERNEL DRIVER from scratch! on youtube befor that one?@@smokinglife8980
yoooo bro DROPPEDDDD
This is the sickest thing ever
Your visual studio project setup is very ungay , i like it 👍🏻
I appreciate it 😂💪
Keep up the good work Cazz, you're always so down to earth. So it's always so chill to watch your vids🥇
If you want to use this without KDMapper (I have AMD chip, so i use disable DSE instead): just write everything in DriverEntry function and delete IoCreateDriver implementation.
To load just use (cmd -admin): sc create your_service_name type= kernel binPath= c:\yourDriver\yourDriver.sys
then disable DSE
sc start your_service_name
Thanks for this
I made the service correctly, but I'm a bit confused on how to write everything in the DriverEntry function, could you explain please?
Hey man! Tysm for the video, truly appreciate it.
Just wanted to ask how to go about a driver that works for AC’s that run on KM and not UM, for example EAC.
Asking because I want to code a driver for Apex
Could you do a video on either MmMapIo Managing / Usage or creating a loader/mapper tool for the drivers like say using a DSE Bypass to load a driver over NtLoad and then using that driver to map the other driver into kernel space with a pre-defined object and then calling the OEP and starting a thread out of the mapping driver to bypass Ps Module Lists in the NTOSKRNL Structs? I've been studying this and a lot of other people do too so it would be cool.
And maybe using other driver communication methods like encrypted post-server kSockets or HW Paging BP with register spoofing to interpret calls in the kernel using a custom dispatch in the PE of the usermode program? Maybe even try teaching people more about NTOSKRNL, EPROCESS, Ps, PEB/TEB, Etc?
How did you learn this stuff? Maybe you should make a vid
I do enjoy 👏👏👏👏👏👏
Amazing content!! As a side note, i was wondering: I got a firewire soundcard that has no drivers for the latest Windows.. Considering we know what is the FireWire chip you think we could code one ourselves?
Is there such a thing as reverse engineering a driver already made and then updating it?
It would be great to create a library in C# like memory.dll using kernel drivers with simple methods like readfloat readstring and so on but I see that people collaborate little sometimes
After following this now i cant open any game that has eac or my pc crashes so thats nice i guess
Turn the kernel debugging off again and restart your pc, and you should be fine
thanks a lot for this.
Love that someone showers in the end 😂
We need a cs2 internal video
u have to make big video about esp(internal) on cs2, it is gonna be interesting
i fully rebuild the code from the its amazing!!
bro's cooking again
Bro please explain how to get around kernel anti-cheats next video ;)
Nice video would you do that same thing for a Normal Injector ?
Can BE or EAC detect it reading game memory? I just want to read not write..
You have a great voice !
Can you make a tutorial on kernel's for kernel anti-cheats?
Your visual studio looks awesome how can i do it like this?
for real, i would love to know what extensions he's got
@@mobslicer1529bro he seriously told this in the video on vs installation