Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


ObRegisterCallbacks process freezes

BiboGBiboG Member Posts: 11

Hey, I really need help with my driver. I tried to protect my process with driver from cheaters.
When I start my driver before the game and after that I start game from steam then steam just freezes, and the process itself does not start.
Any idea how to solve it?
Thanks everyone for help.

Comments

  • Sergey_PisarevSergey_Pisarev Member - All Emails Posts: 252

    Validate data on server.
    Users have full access to their PC. Hackers will find a way to disable your protection.

    Client-side anti-cheat(especially kernel-level one) will just make people hate you.
    Haven't you heard about recent Denuvo anti-cheat for Doom debacle ?

  • BiboGBiboG Member Posts: 11

    @Sergey_Pisarev said:
    Validate data on server.
    Hackers will find a way to disable your protection.

    Yes, I know they can bypass, but will be a little more difficult than just injection with a conventional injector.
    I still need help to figure out what the problem

  • BiboGBiboG Member Posts: 11

    I can use my driver after launch game and this is works good, but when you start game some one can use FindWindows for injection and then he can inject .dll inside game, after 1 second maybe less process will be protected

  • Sergey_PisarevSergey_Pisarev Member - All Emails Posts: 252

    Read about protected processes in Windows.
    I think code can't be injected in such processes.

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,498

    Any idea how to solve it?

    Your message is essentially saying "My driver doesn't work. How do I fix it?" We don't have any idea what your driver does. You'll have to hook up a debugger and see what is blocking the process' threads. Of course, some games check for the presence of a debugger and won't launch.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • BiboGBiboG Member Posts: 11

    @Tim_Roberts said:

    Any idea how to solve it?

    Your message is essentially saying "My driver doesn't work. How do I fix it?" We don't have any idea what your driver does. You'll have to hook up a debugger and see what is blocking the process' threads. Of course, some games check for the presence of a debugger and won't launch.

    Thank you for answer, I'll try to look inside Windbg

  • BiboGBiboG Member Posts: 11

    @Sergey_Pisarev said:
    Read about protected processes in Windows.
    I think code can't be injected in such processes.

    I got it, thank you for answer

  • BiboGBiboG Member Posts: 11

    Okay, I figured out.
    I just looked at process and and he was suspended.
    Thank you everyone who helped me.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 15 Jun 2020 LIVE ONLINE
Writing WDF Drivers 22 June 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA