Cheat Engine :: View topic - Can't read the content of gs:[00000030] address?

Cheat Engine
The Official Site of Cheat Engine

FAQ

Memberlist

Usergroups

Profile

Can't read the content of gs:[00000030] address?

Cheat Engine Forum Index -> Cheat Engine

View previous topic :: View next topic

Author

Message

yazigegeda
Expert Cheater

Reputation: 0

Joined: 22 Jan 2019
Posts: 183

Posted: Sat Sep 18, 2021 1:54 am Post subject: Can't read the content of gs:[00000030] address?

Code:

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

GlobalAlloc(GetPeb,1024)
Label(pteb)
RegisterSymbol(pteb)
CreateThread(GetPeb)

GetPeb:

sub rsp,28

mov rax,gs:[00000030]
mov [pteb],rax

add rsp,28
ret

pteb:
dq 0

[DISABLE]
//code from here till the end of the code will be used to disable the cheat

What should I do if I can’t get help?

2.jpg

Description:

Filesize:

26.48 KB

Viewed:

1253 Time(s)

1.jpg

Description:

Filesize:

49.59 KB

Viewed:

1254 Time(s)

DanyDollaro
Master Cheater

Reputation: 3

Joined: 01 Aug 2019
Posts: 334

Posted: Sat Sep 18, 2021 2:08 pm Post subject:

If you are trying to get the IsDebuggerPresent flag which is inside the PEB structure you should do this (64 bit process case):

Code:

mov rax, gs:[60] // You get the base of PEB
mov [PEB], rax // And store it into a variable

And if you want to have the IsDebuggerPresent flag in the table you have to add the following address:

Code:

[PEB] + 2

Peb.png

Description:

Filesize:

10 KB

Viewed:

1187 Time(s)

Display posts from previous:

	Cheat Engine Forum Index -> Cheat Engine	All times are GMT - 6 Hours
Page 1 of 1

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum