>>717330503
>>717330992
And next to the Securom thing, we've also already had the exploitable kernel anti-cheats from Mihoyo and Capcom. The former of which was actively exploited in the wild and required Microsoft to update driver signature revocation lists to no longer allow it to install, and the latter was pulled by Capcom itself under outrage of the Street Fighter V community having discovered that it was installed covertly and contained a by-design unguarded feature that allowed any arbitrary program to directly inject code to run in the kernel.
Actually, the clock is ticking for kernel anti-cheat -- as after the whole Crowdstrike thing Microsoft has begun a new initative to wall off the OS kernel and push vendors to alternatives. They're creating new APIs for anti-virus vendors now -- which their own anti-virus solution is going to use as well; so they won't run afoul of the old EU ruling that forced them to give equal kernel-access to third-parties -- and after that they've got a whole list ready to run down.
Anti-cheat is undoubtedly on that list as well. And wouldn't even need special kernel APIs.
All it needs is a tamperproof environment and Windows already contains that since Windows 10:
Isolated User Mode processes (
https://learn.microsoft.com/en-us/windows/win32/procthread/isolated-user-mode--ium--processes)
Windows 10 uses a hypervisor to split the lowest level of the kernel (where ONLY MS own code is allowed) off of the upper level of the kernel and actually split the upper kernel in two, creating a secured and unsecured version. On top of which you get the normal (unsecured) user mode and a split off (secured) user mode that is tamperproofed.
