Home

Awesome

Remap

This project will copy all pages from the protected process to another process You will be able to read/write memory, dump the game and so on... without RING0/Windows kernel

I tested it for several hours and no bsod, but it may have that risk.
It is working for 1803 until 21H2

imagem

### Warnings:
Before closing the game, restore the process you remapped first, otherwise you will have bsod

Another POC

It seems that this works too, but it needs some code to make it work perfectly

typedef NTSTATUS (fastcall* t_MiCloneProcessAddressSpace)(
     IN  PEPROCESS ProcessToClone,
	    IN  PEPROCESS ProcessToInitialize,
	    IN  PVOID SectionToMap
 );

// Win 10 2004 sig
auto MiCloneProcessAddressSpace = t_MiCloneProcessAddressSpace(FindPatternImage(PVOID(KernelBase), "48 89 5C 24 ? 55 56 57 41 54 41 55 41 56 41 57 48 8D 6C 24 ? 48 81 EC ?       ?     ? ? 48 8B 05 ? ? ? ? 48 33 C4 48 89 45 1F 45 33 C9 44 89 45 C7 0F 57 C0 4C 89 4D CF 0F 11 45 EF 45 8B F8 48"));

 MiCloneProcessAddressSpace(ProcessToClone, ProcessToInitialize, 0); // call function

https://www.unknowncheats.me/forum/anti-cheat-bypass/487047-remapping-process.html

Forget to unload driver https://github.com/EBalloon/Remap/blob/8b4ba7259d8f48b9863126901e1ebf8c9ee91a62/Remap/Remap.cpp#L158 put this: intel_driver::Unload(iqvw64e_device_handle);