R&W Memory From Ring 0

In C++

Requirements

Download and install the WDK (Windows Driver Kit)
Create a new Kernel Mode Driver, Empty (KMDF) project in Visual Studio

Source code

driver.cpp

#include "driver.hpp"

NTSTATUS DriverEntry()

{

log("Driver loaded.");

PEPROCESS Process;

PsLookupProcessByProcessId((HANDLE)123, &Process);

// Example usage

int Example;

kReadProcessMemory(Process, (PVOID)0xdeadbeef, &Example, sizeof(__int32));

Example++;

kWriteProcessMemory(Process, &Example, (PVOID)0xdeadbeef, sizeof(__int32));

return STATUS_SUCCESS;

}

driver.hpp

#pragma once

#include <ntifs.h>

#define log(x) DbgPrintEx(0, 0, x)

SIZE_T size;

#define kReadProcessMemory(Process, SourceAddress, TargetAddress, Size) \

MmCopyVirtualMemory(Process, SourceAddress, PsGetCurrentProcess(), TargetAddress, Size, KernelMode, &size)

#define kWriteProcessMemory(Process, SourceAddress, TargetAddress, Size) \

MmCopyVirtualMemory(PsGetCurrentProcess(), SourceAddress, Process, TargetAddress, Size, KernelMode, &size)

extern "C" NTSTATUS MmCopyVirtualMemory(PEPROCESS SourceProcess, PVOID SourceAddress, PEPROCESS TargetProcess, PVOID TargetAddress, SIZE_T BufferSize, KPROCESSOR_MODE PreviousMode, PSIZE_T ReturnSize);

What's next?

You (might) want your kernel driver to communicate with your cheat (km<->um communication). I found this GitHub repository helpful:

https://github.com/adspro15/km-um-communication