@campuscodi and after this writeup I threw the driver in IDA and found another vuln, to escalate a process to protected process or protected process light

i found the same vulnerability in battleye some time ago, which is why lots of bedaisy.sys got added to MS vulnerable driver blocklist

thread with jokes and discussion about how bad this echoac driver is: https://haqueers.com/@Rairii/110720082166451464