Wanted: Windows 7 device driver (ring 0) C source code that can be used to cloak memory in a userland process. Goal: Patching a userland process .IMAGE (code redirection/hooking) that has internal CRC self-checks -> Bypassing them. Driver must work on Windows 7 64bits (-> driver signing bypass + patchguard disabled -> no problem)
1. Userland application creates & starts memory cloaking service (driver)
2. Userland application launches target (CreateProcess)
3. Userland application calls driver -> CloakVirtualMemoryOnRead( hTargetProcess, dwVMemStart, dwVMemEnd, pFakeMem )
Memory is now cloaked, that means:
1. Reading the protected virtual memory will trigger a (forced) PAGE_FAULT
2. The PAGE handler decides whether the PAGE request was OnRead or OnExecute
2a. OnRead: Redirect the request to pFakeMem (cloak)
2b. OnExecute: Return the "real" memory (e.g. patched)
The userland application should be unable to detect the .CODE patches by reading them directly (internal = direct access) nor by the use of ReadProcessMemory for instance.
Pay on deliver. No cash in advance/scam possible.
4 freelance font une offre moyenne de $2000 pour ce travail
Hi, your requirements are clear but I'm not sure if they are achievable. The main problem is in that isn't possible to differ whether memory access was made for generic read or for CRC calculation. If the target proces Plus