View previous topic :: View next topic |
Author |
Message |
yazigegeda Expert Cheater Reputation: 0
Joined: 22 Jan 2019 Posts: 159
|
Posted: Sat Sep 18, 2021 1:54 am Post subject: Can't read the content of gs:[00000030] address? |
|
|
Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
GlobalAlloc(GetPeb,1024)
Label(pteb)
RegisterSymbol(pteb)
CreateThread(GetPeb)
GetPeb:
sub rsp,28
mov rax,gs:[00000030]
mov [pteb],rax
add rsp,28
ret
pteb:
dq 0
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
|
What should I do if I can’t get help?
Description: |
|
Filesize: |
26.48 KB |
Viewed: |
878 Time(s) |
|
Description: |
|
Filesize: |
49.59 KB |
Viewed: |
879 Time(s) |
|
|
|
Back to top |
|
|
DanyDollaro Master Cheater Reputation: 3
Joined: 01 Aug 2019 Posts: 334
|
Posted: Sat Sep 18, 2021 2:08 pm Post subject: |
|
|
If you are trying to get the IsDebuggerPresent flag which is inside the PEB structure you should do this (64 bit process case):
Code: | mov rax, gs:[60] // You get the base of PEB
mov [PEB], rax // And store it into a variable |
And if you want to have the IsDebuggerPresent flag in the table you have to add the following address:
Description: |
|
Filesize: |
10 KB |
Viewed: |
812 Time(s) |
|
|
|
Back to top |
|
|
|