← All drivers
vulnerable
Driver

gamedriverx64.sys

Tower of Fantasy anti-cheat driver

From Hotta Studio (Tower of Fantasy)
Part of the Tower of Fantasy family
Status
On a known-vulnerable list
Known variants
2 distinct hashes
Public CVEs
1
Field notes

GameDriverX64.sys is the anti-cheat kernel driver shipped with Tower of Fantasy, a free-to-play MMO from Hotta Studio (published by Perfect World). It is part of the game's protection layer, doing the kind of low-level kernel monitoring that competitive games rely on to detect injection and tampering.

It is on the public LOLDrivers list because of CVE-2025-61155: one of its IOCTL handlers accepts process-termination requests from any local user without authentication or access validation, letting any unprivileged process on the system crash any other process by PID. Multiple public proof-of-concept exploits have been published. The vulnerability is a denial-of-service primitive in its disclosed form, which is severe enough on its own and a useful component in larger BYOVD chains.

Its presence on a gaming PC almost always means Tower of Fantasy is or was installed. The driver may stay registered as a kernel service after the game is removed, the same pattern as the HoYoverse mhyprot family. Check Windows services and remove if you are not currently playing.

What the record shows

gamedriverx64.sys is listed as a known-vulnerable driver on the public LOLDrivers project. 2 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.

Public CVEs
What this means, plainly
Presence is not proof of misuse. Driver files on the LOLDrivers list commonly ship with legitimate hardware tools, gaming software, or vendor utilities. Their presence is recorded as evidence on a record. It is never treated as a verdict about a person.
Source

Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.

Cite this entry

Vera Project. “gamedriverx64.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/gamedriverx64-sys