bright

EQU8 - Kernel Component Analysis

bright
Windows

This blog post will be a complete analysis of the EQU8 anti-cheat's kernel driver. The kernel driver is comprised of only 24 functions, and its main goal seems to be to simply keep away people from making external cheats by accessing the game's memory via traditional handle duplication / opening methods.

bright
Windows

For an attacker, a vital piece of the puzzle is to understand how the anti-cheat operates. Therefore, gaining knowledge of what happens inside the anti-cheat makes it possible to hide your tracks. Let us look at how EasyAntiCheat makes the bridge between the kernel and the game with its set of modules. This will reveal how an overlooked design flaw in the driver can allow an attacker to execute dynamic code in any EasyAntiCheat protected game (or perhaps a game protected by other competitor services) with no restriction.

bright

EQU8 - Kernel Component Analysis

EasyAntiCheat Exploit to inject unsigned code into protected processes