Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Unable to get dll module symbols in driver protected game

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
zanor29
How do I cheat?
Reputation: 0

Joined: 25 Nov 2020
Posts: 2
PostPosted: Wed Nov 25, 2020 3:24 am    Post subject: Unable to get dll module symbols in driver protected game Reply with quote
As the title says, I cannot see any dll symbols when attaching CE to a driver protected game. Already changed CE settings to kernel routines for OpenProcess and Read/Write

The driver protected game uses ObRegisterCallbacks to strip userland access

In the following image, this is from attaching to a driver protected game
This is the exe base address, it reads fine but cannot retrieve any dll symbols
Using 7.2 btw

Is there a way around this?
I also tried process hacker without admin, with its driver, it can view module information on admin and driver protected process

Capture.JPG
 Description:
 Filesize:  129.15 KB
 Viewed:  1117 Time(s)

Capture.JPG
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 471

Joined: 09 May 2003
Posts: 25831
Location: The netherlands
PostPosted: Wed Nov 25, 2020 4:32 am    Post subject: Reply with quote
try this lua code before opening the process
Code:

autoAssemble(string.format([[
NtOpenProcess:
jmp %x
]],dbk_NtOpenProcess),true)



(Also, you can use the windows symbols to find the ObregisterCallback pointers, and remove the one that you don't want to intercept openProcess)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
zanor29
How do I cheat?
Reputation: 0

Joined: 25 Nov 2020
Posts: 2
PostPosted: Wed Nov 25, 2020 8:40 pm    Post subject: Reply with quote
Dark Byte wrote:
try this lua code before opening the process
Code:

autoAssemble(string.format([[
NtOpenProcess:
jmp %x
]],dbk_NtOpenProcess),true)



(Also, you can use the windows symbols to find the ObregisterCallback pointers, and remove the one that you don't want to intercept openProcess)


Tried the lua script, didn't work

As of removing the callback, I used pchunter to remove it's PreOperation callback and it BSOD'd me with kernel_security_check_failure
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites