capcom.sys
Anti-cheat driver from Street Fighter V (2016)
Capcom.sys was the anti-cheat driver bundled with the 2016 release of Street Fighter V on PC. By design, the driver exposed an IOCTL whose purpose was to execute a buffer of code in kernel mode after temporarily disabling Supervisor Mode Execution Protection. That decision turned a game's anti-cheat shim into a fully working BYOVD primitive for anyone who could load it.
The driver was pulled and Capcom rebuilt the anti-cheat without it, but the original signed binary continued to load. It became famous in the security research community as one of the cleanest possible examples of a BYOVD target, and it remains one of the most-cited drivers in public reports on cheaters bypassing anti-cheat, in firmware research, and in incident-response cases where attackers brought it with them to disable security software. Microsoft eventually added explicit deny rules for it in the Vulnerable Driver Blocklist.
It is uncommon to encounter capcom.sys through normal gameplay today. Its presence on a current system most often indicates it was placed there deliberately, not as part of a routine install.
capcom.sys is listed as a known-vulnerable driver on the public LOLDrivers project. One distinct binary hash matching this filename is on record.
Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.
Vera Project. “capcom.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/capcom-sys
