AC130 How do I cheat? Reputation: 0
Joined: 17 Dec 2019 Posts: 1
|
Posted: Tue Dec 17, 2019 10:30 am Post subject: WOW64 |
|
|
Does cheat engine support the transition of 32 bit code and 64 bit code? (mixed mode)
I used to place a hook on the address pointed by fs:[C0] to intercept syscalls, then I noticed some syscalls weren't intercepted anymore, so I began to think that an application is manually switching the context to 64 bit and directly call some function in the native ntdll.dll.
I noticed with Cheat Engine that all nt functions from the 64 bit ntdll.dll are preceeded with an underscore.
Is there anyway to backtrace from _NtOpenProcess to see the callstack and figure out the subroutine responsible from switching from 32 bit to 64 bit mode and place a hook there instead?
|
|