korangar How do I cheat? Reputation: 0
Joined: 21 Jan 2020 Posts: 1
|
Posted: Tue Jan 21, 2020 1:48 am Post subject: CE and VM |
|
|
Hi
This is my first post.
I´m trying to modify the memory of a process (P) running in VMware, using CE in the host (please, don´t answer "just use CE in the VM" since this is exactly what I´m trying to avoid. This process will know I'm running CE for sure (anti-cheat))
Just to see if I can do the same running CE and P on the same machine and running CE on the host and P on the guest, I run this test:
With CE and P (notepad in this case) on the same machine, I was able to find the text of the buffer and change it, the same with the length of the buffer. I was able to force notepad to overflow this buffer, printing a lot of trash and eventually being killed by the OS.
However when I try to do the same running CE on the host and notepad on the guest, sometimes, I can find the text and sometimes I can't. This depends on the word I write on notepad, for example, I can find the word "hello" but I can't find the word "cake" (I don't remember the exact examples). I´ve already enabled memory-mapped and UTF-16.
I've already read some interesting posts about CE and VM which recommend getting the CR3 register and doing some address arithmetic, however, I think it'll be easier to find the desired address with iterative searching (incrementing the value, searching some incremented value and so on).
Am I missing something here? Am I assuming something which is not correct?
Thanks in advance
|
|