Anti-Malware, or simply AM, is an external coding method that involves the use of Kernel functions to modify the operating system's default behavior and especially M.U.G.E.N engine. It is mandatory to create special shellcode, through executable or library files, to use this tier.
Insight[]
This tier is intended to execute payloads as soon as the computer turns on. There are two types of Anti-Malwares:
PL's Anti-Malware character, Dimension Inf. It uses registry keys to inject its dll into Explorer and consequently MUGEN as well.
- Registry Type: This sub-tier is in charge of creating registry keys so that the payload is executed as soon as the computer is turned on. They are used to execute the character's code as soon as the user logs in. These registry keys often open executable files.
- Driver Type: This is, on the other hand, the most powerful but complex type to create, since you are required to possess a signed certificate in order to have your character's driver installed in the computer from those who will be using them, as Windows will not allow you to install said driver even though you have admin privileges otherwise.
This is obviously intended to protect your computer from malicious attacks.
Currently there are methods to bypass this security checking; One of them is to exploit an Intel driver, iqvw64e.sys, to manually map non-signed drivers in memory. This sub-tier has priority over the Registry one since drivers are loaded during the computer boot process. Despite the potential of this sub-tier, it is often ignored as it is able to cause serious system problems (Such as continuous BSODs or erratic OS behavior) besides comprimising the user's security.