Free and open source solution for protecting your software/games against attackers.

• Detect unsigned modules in a usermode process.
• Handle permission stripping.
• Detect usermode threads outside of a valid module.
• Detect kernel threads outside of a valid module.
• Detecting kernel threads attached to a protected process.
• Detecting usage of msr register in reserved ranges (used for communication in a virtual machine).

To execute an unsigned driver, you'll first need to enable Test Signing on your Windows machine. Follow the steps in the hyperlink to enable said setting. You also need Microsoft Visual Studio to open the project and Windows Driver Standard Development Kit and respective Visual Studio C/C++ compilers to be able to compile the driver.

Once you have compiled the project, you need to install the driver as a system service. Instructions on how to do so from the command line are at System Control.

Once you have started the service, just run the user-mode application, and it will initialise the protected process and start to communicate with the driver to run checks.

I will continue to update the driver, and add many other features. If you have any suggestions then feel free to tell me. I'd like this to become a project useful for people wanting to learn about how anticheats work and a free solution for companies to protect their applications from attackers.

This project falls under the GNU General Public License, if there are any specific enquiries regarding usage, please contact the founder of the project.