Injecting in to a process protected by obRegisterCallbacks

#24472 by Atexrh
Sun Nov 30, 2014 6:08 pm

I've been trying to inject my module in to a game protected with obRegisterCallbacks
What functions or methods do you suggest as i can not open any handles to the process
also: i would like to keep this usermode

Username

Atexrh

Posts

1

Joined

Sun Nov 30, 2014 6:04 pm

Re: Injecting in to a process protected by obRegisterCallbac

#24475 by EP_X0FF
Mon Dec 01, 2014 3:55 am

You can use this -> http://www.kernelmode.info/forum/viewto ... =15&t=3418 to load in the process at the early stage of it life.

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Injecting in to a process protected by obRegisterCallbac

#25960 by ring0star
Sun May 31, 2015 8:21 am

That won't work. You can unregister their callbacks or set a callback above and below their procedure and reset access rights or filter out your process.

Username

ring0star

Posts

4

Joined

Thu May 07, 2015 4:55 pm

Re: Injecting in to a process protected by obRegisterCallbac

#25986 by InvokeStatic
Mon Jun 01, 2015 4:34 pm

ring0star wrote:That won't work. You can unregister their callbacks or set a callback above and below their procedure and reset access rights or filter out your process.

You could also register your own callback with the same altitude and cause a collision. The game anticheat that I was dealing with didn't check ObRegisterCallbacks NTSTATUS :lol: .

You can also just byte patch ObRegisterCallbacks and then unpatch it after you are finished. You can view the driver I created for this purpose here:

http://www.unknowncheats.me/forum/dayz- ... t-sys.html

Username

InvokeStatic

Posts

9

Joined

Sun Feb 15, 2015 5:12 pm