BadlionLogger
kernel driver used to monitor the activity of BadlionAnticheat.sys by patching its IAT
Install / Use
/learn @KiFilterFiberContext/BadlionLoggerREADME
BadlionLogger
BadlionLogger is a rudimentary PoC of a kernel driver used to monitor the activity of BadlionClient's kernelmode anti-cheat (BadlionAnticheat.sys) by applying IAT hooks on the image during the image load callback.
BadlionAnticheat is virtualized with VMProtect, a popular VM packer used in many products.
This project employs a blackbox approach to monitoring driver activity without devirtualization due to no integrity checking.
Example
DriverEntry
<img src="https://i.imgur.com/W1O7wPR.png"/>CreateProcess callback
<img src="https://i.imgur.com/WoJkeg1.png"/>Disclaimer
- BadlionLogger is a proof-of-concept and is not intended to be a reliable product
- This project contains numerous bad practices that should be considered
Related Skills
node-connect
344.4kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
99.2kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
344.4kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
344.4kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
