The professional version of the software costs $479
USD for individual users (a one-time payment for lifetime updates). This thread is the primary support for the software.
Every order of the software is subject to manual approval/processing. The approval process may take anywhere from 12 hours up to 4 weeks when using PayPal. Read this post for more information: https://overlayhack.com/hex-deref-support/984
Official site: https://hexderef.com/
Current version: v1.09
May 15th, 2022
The author of the software uses the tool almost daily to ensure the quality of the software. And the best part is that the software does not require internet connection to work. As of 06/2022 the software has been developed for (5
) years, usually on a daily basis.
MEMORY SCANNING OPTIONS: https://overlayhack.com/hex-deref-support/985
HOW TO / TERMINOLOGY: https://overlayhack.com/hex-deref-support/983
If your task is to test or "bypass" kernel level anti-cheats. That can be easily done with the software as shown in https://hexderef.com/how-to-make-cheat-engine-undetectable
Q: How the professional version differs from the free version?
1) No thread limitation in multi-threaded disassembler (use as many threads as your CPU support)
2) Commercial use of the software is allowed
3) An unsigned version of the kernel driver is included which enables arbitrary kernel memory to be read and written through the driver. This functionality enables an unattainable level of analysis and disclosure of information from the kernel and loaded modules memory
In terms of AV, advanced malware or kernel level anti-cheat evasion and testing, every publicly released software or kernel driver may be eventually detected, blacklisted, deemed as an unwanted software and so forth. The result could be a loss of business profit for no real reason.
Therefore the kernel features of the software cannot be provided for free. The PRO version of the software has a different control flow obfuscation and the DKOM functionality in the kernel driver is provided as a solution for your researching task.
The HEX DEREF software does not do anything without the user consent.
Please watch the introduction video of the kernel features at the official site: https://hexderef.com/
and try out the free version before you purchase because all payments are final and non refundable.
The following Windows 10 64-bit (Home or Pro) versions are supported in the kernel driver
Windows 10 21H2 Build: 19044
Windows 10 21H1 Build: 19043
Able to read and write (RW) protected user mode process arbitrary memory
Arbitrary kernel memory read or write (RW) without the need to enable kernel debugging
Handle elevation DKOM that bypasses EAC/Battleye
Process hiding functionality
A customized version of the kernel driver costs $499 - $2,499 USD depending on your needs (Payment in Bitcoins or ETH)
You can verify your windows version by typing "winver" in the search.
You can sign the driver with your "Comodo standard code signing certificate" (the cheapest option for individuals). The more expensive EV code signing certificate (works with secure boot) is purchasable for corporate users as it requires a verified company.
I only accept PayPal payments higher than $500 USD from verified business accounts: https://overlayhack.com/hex-deref-support/984
Leave a comment with your contact details in the thread (every comment is subject to manual approval) if you want to pay in cryptocurrency (Bitcoins or ETH)
If you host a quality forum or security research related blog and write related articles. It is possible to get the PRO version for advertising the software in your articles.
Implemented a page table walk which is pretty much effectively able to find every allocated user or kernel memory page in a matter of few seconds.
That feature enables dumping strings from the kernel memory (e.g from kernel driver). Try out the free version Tools->Dump strings feature.
PayPal is no longer payment option for individual customers because of a severe abuse of the dispute system.
Here is the latest example of abuse: https://hexderef.com/images/PP-D-149422468.png
The long story sort:
Initially there was a few days delays in the initial communication because the emails I sent went in the spam folder. A few days after this "customer" contacted me on Discord (I recorded a video proof for the dispute) but I did not linked to the video because the discussion contains his personal information...
I've a feeling the customer refused intentionally the fact (unless there was some kind of language barrier whatsoever) that his order for the software could be approved before 21th of May 2022. I told him on Discord that he need to wait exactly for the day PayPal will release the funds. The next day he disputed the payment. At this point he started to use the dispute system as a support system. I have no time for this when I do code the software, usually the entire day.
Ironically the "security" in PayPal system is actually acting against them. Everyone time is getting wasted and everyone is getting nothing but more frustrated. And if you wished that was all it. I dont think so PayPal dispute team is technically even capable of resolving issues like this in a professional manner.
If they will decide in the favor of the buyer. They will charge the seller for a dispute fee! Can things get more unfair!? Already they charge at the time of this post for a fee of 6.5% from the paid amount.
Finally. Even if you do everything properly and be polite. PayPal tends to decide in favor of the scammer because their dispute team is not either technically capable enough of solving the dispute in a professional manner (no matter how convincing evidence you provided that the client was a scammer) and they will charge the seller for a dispute fee. I have had enough of this unfairness.
Therefore as of this post PayPal will be only available as a payment option only for those with legitimate business accounts who registered with their business email such as email@example.com.
At the time of this post. I will only accept Bitcoin/ETH
payments. If you're not able to to pay in cryptocurrency, then the software is not for you. I use coinbase.com as my primary cryptocurrency provider.
Memory scanning is in user mode by default. The process you opened from the process list by left-clicking on the process name. When you scan your PC or laptop physical memory through the kernel driver, there is no need to open a handle to any process.
The options for kernel driver must be initialized and the driver loaded using the KDI before you can scan kernel memory.
KERNEL_MEMORY: The memory allocated by the kernel and the loaded kernel modules is scanned.
KERNEL_MODULES: The kernel and drivers data and discardable sections are checked.
USER_MEMORY: The memory allocated by all user mode processes is checked. Scanning also includes all protected processes.
The above three together are the same as a computer's physical memory. The more narrowed the scan is, the better results you will get and needless to even mention, you get the results you was after faster as well.
Each time you restart your computer or virtual machine (VM).
2) KDI->Load the driver
Before you can unload the driver, you have to stop it's system thread.