View previous topic :: View next topic |
Author |
Message |
Ikaron How do I cheat? Reputation: 0
Joined: 31 Aug 2017 Posts: 5
|
Posted: Thu Aug 31, 2017 8:37 am Post subject: Using the kernel mode API |
|
|
Hello!
Due to some security limitations (Because being the owner of a PC doesn't mean you can tell it what to do ) I wanted to execute the ReadProcessMemory, WriteProcessMemory and CreateRemoteThread functions in kernel mode... But I don't know anything about kernel mode driver development and I'd imagine that learning about it would be a lot of work. I remembered that CE has its own kernel mode driver though - the dbk. Is there any way to access it and request it to call those functions? I've noticed before that if the CE exe has been modified, loading the driver will bluescreen your system (which makes sense because being able to use the DBK gives anyone A LOT of power, which in the wrong hands can be quite a problem)
However, I am willing to give up the security (and allow unsigned usage) for this.
Thanks for your time!
Last edited by Ikaron on Thu Aug 31, 2017 11:15 am; edited 1 time in total |
|
Back to top |
|
|
STN I post too much Reputation: 42
Joined: 09 Nov 2005 Posts: 2672
|
Posted: Thu Aug 31, 2017 9:39 am Post subject: |
|
|
You are better off asking this in multiplayer gamehacking sites
_________________
|
|
Back to top |
|
|
Ikaron How do I cheat? Reputation: 0
Joined: 31 Aug 2017 Posts: 5
|
Posted: Thu Aug 31, 2017 10:22 am Post subject: |
|
|
STN wrote: | You are better off asking this in multiplayer gamehacking sites |
Why? This is a CE specific question about a driver that Dark Byte developed in Dark Byte's forum that Dark Byte frequently checks. Pretty sure at least the most important part of my question is well placed here.
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4291
|
Posted: Thu Aug 31, 2017 10:58 am Post subject: |
|
|
The discussion of how to bypass specific anti cheat systems is not allowed on these forums. If it were, it could easily be seen as criminal conspiracy, and DarkByte could get in trouble as well.
Either use equivocal wording or take this to another forum.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Ikaron How do I cheat? Reputation: 0
Joined: 31 Aug 2017 Posts: 5
|
Posted: Thu Aug 31, 2017 11:17 am Post subject: |
|
|
ParkourPenguin wrote: | The discussion of how to bypass specific anti cheat systems is not allowed on these forums. If it were, it could easily be seen as criminal conspiracy, and DarkByte could get in trouble as well.
Either use equivocal wording or take this to another forum. |
Bypassing specific anti cheats? But my wording doesn't even mention any game or application! You must be imagining things. *wink wink*
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25288 Location: The netherlands
|
Posted: Thu Aug 31, 2017 1:54 pm Post subject: |
|
|
you need to compile and sign the driver yourself.
also i think you may be mixing up dbvm and dbk
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Ikaron How do I cheat? Reputation: 0
Joined: 31 Aug 2017 Posts: 5
|
Posted: Thu Aug 31, 2017 2:31 pm Post subject: |
|
|
Dark Byte wrote: | you need to compile and sign the driver yourself.
|
Yeah I thought as much - Downloaded the source but very much struggling with the compilation. What's your build environment? Which Visual Studio, "build command", libraries, WDK/WDF version etc are you using? Which additional linker commands?
Dark Byte wrote: | also i think you may be mixing up dbvm and dbk |
Very much possible. I thought DBVM was the lightweight virtual machine that puts all of Windows into a virtual machine (Also, should have a 16% chance of crashing according to you but honestly has worked flawlessly every time for me). Because of this, DBVM basically has full control over everything, and... here's kind of where it gets blurry, I assume it could possibly load the DBK "invisibly"?
The DBK, from what I understand, is the kernel mode driver that can execute anything in ring0, specifically memory read and write operations, however, it only allows access from the cheat engine exe that is signed - If it has been modified in any way, the driver crashes and turns my screen a lovely baby blue, I assume to protect against anyone writing a program to abuse the power of the DBK (As it is more powerful than the operating system or any anti virus, etc..)
Because of this, I thought my best plan of action would be:
1. Build the DBK myself or binary edit it so that it doesn't check the signature anymore
2. Figure out how to communicate with it (basically, read CE source)
Any corrections/tips?
Thanks for your time~
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25288 Location: The netherlands
|
Posted: Thu Aug 31, 2017 4:45 pm Post subject: |
|
|
windows 7 64 bit free build environment , it comes with the wdk
dbvm is the virtual machine, but is not needed for dbk. but can be used for things drivers usually can't do. (e.g cr3 change callback)
communicating with dbk happens using deviceiocontrol (and yes, another reason you need to compile it yourself is that the released build won't talk to anything besides ce. the source on github doesn't have that limitation)
dbvm can be talked to by vmcall instructions. it doesn't 'need' the driver(dbk) to function. (you can even write the vmdisk.img to a bootable usb and boot of that into eindows and it'll be loaded)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
|