New bypass,it's works
This project can not work now.(18/6/7)
Sup all guys.
I know how to bypass BE for change PAK file.it's working now(2018/4/27)(2018/5/5)
if u can change(using?i dont know) PAK file.u can do evething u wanna.
all right.lets stop bullshit.just do it
- ready PAK file.
- create win mklink. (mklink K:/Game/Steam/blablabla/Paks/xxx.pak C:/1.pak) this step is necessary.if u dont want got 100 years ban
- load start driver
- delete u deriver file.just see Kernel_Force_Delete.cc
- use MiProcessLoaderEntry hidden u driver. look at IO_Control.cc .ok.now ,who are u?i dont know.i guess BE too
- when u eject from aircraft.hidden u pak file.look of MiniFilter-Monitor.cc
- all right.enjoy killing.
serach all kernel mode memory.ok,im joke,i take the address from user mode
why we should hidden file and deriver.and delete file
1.i dont know why hidden file can bypass BE.but it's work
2 & 3. because BE serach memory.upload u driver file.it's really.listen.if u dont want banned.just do it.
from here: https://www.unknowncheats.me/forum/index.php
and i just know here.i dont know how to decrypt
VS2013
WDK8.1
C++11
Ⱥ:546110133
my steam profile: https://steamcommunity.com/profiles/76561198224009192/
my github profile: https://github.com/DragonQuestHero
my gitee profile: https://gitee.com/ockdieso
wanna more?maybe u can see this: https://github.com/DragonQuestHero/awesome-windows-security-development