HEX DEREF SUPPORT
The professional version of the software costs $479 USD for individual users (a one-time payment for lifetime updates). This thread is the primary support for the software.
Every order of the software is subject to manual approval/processing. The approval process may take anywhere from 12 hours up to 4 weeks when using PayPal. Read this post for more information: https://overlayhack.com/hex-deref-support/984
Official site: https://hexderef.com/
Current version: v1.09
May 15th, 2022
Payment methods for individual clients: Bank transfer (SWIFT) IBAN: https://www.keycurrency.co.uk/swift-transfer/ or cryptocurrency (Bitcoin or ETH)
Payment methods for corporate customers: PayPal or bank transfer
As of 06/2022 the software has been developed for (5) years, usually on a daily basis.
MEMORY SCANNING OPTIONS: https://overlayhack.com/hex-deref-support/985
HOW TO / TERMINOLOGY: https://overlayhack.com/hex-deref-support/983
If your task is to test or "bypass" kernel level anti-cheats. That can be easily done with the software as shown in https://hexderef.com/how-to-make-cheat-engine-undetectable
Changelog: https://hexderef.com/#changelog
Q: How the professional version differs from the free version?
A:
1) No thread limitation in multi-threaded disassembler (use as many threads as your CPU support)
2) Commercial use of the software is allowed
3) An unsigned version of the kernel driver is included which enables arbitrary kernel memory to be read and written through the driver. This functionality enables an unattainable level of analysis and disclosure of information from the kernel and loaded modules memory
For example:
In terms of AV, advanced malware or kernel level anti-cheat evasion and testing, every publicly released software or kernel driver may be eventually detected, blacklisted, deemed as an unwanted software and so forth. The result could be a loss of business profit for no real reason.
Therefore the kernel features of the software cannot be provided for free. The PRO version of the software has a different control flow obfuscation and the DKOM functionality in the kernel driver is provided as a solution for your researching task.
The HEX DEREF software does not do anything without the user consent.
Please watch the introduction video of the kernel features at the official site: https://hexderef.com/ and try out the free version before you purchase because all payments are final and non refundable.
The following Windows 10 64-bit (Home or Pro) versions are supported in the kernel driver
Functionality: Able to read and write (RW) protected user mode process arbitrary memory
Arbitrary kernel memory read or write (RW) without the need to enable kernel debugging
Handle elevation DKOM that bypasses EAC/Battleye
Process hiding functionality
A customized version of the kernel driver costs $249 - $2,499 USD depending on your needs.
You can verify your windows version by typing "winver" in the search.
You can sign the driver with your "Comodo standard code signing certificate". The cheapest option for individuals. The more expensive EV code signing certificate (works with secure boot) is purchasable for corporate users as it requires a verified company.
I only accept PayPal payments higher than $500 USD from verified business accounts: https://overlayhack.com/hex-deref-support/984 Leave a comment with your contact details in the thread (every comment is subject to manual approval) if you want to pay in cryptocurrency (Bitcoins or ETH)
If you host a quality forum or security research related blog and write related articles. It may be possible to get the PRO version for advertising the software in your articles.
Every order of the software is subject to manual approval/processing. The approval process may take anywhere from 12 hours up to 4 weeks when using PayPal. Read this post for more information: https://overlayhack.com/hex-deref-support/984
Official site: https://hexderef.com/
Current version: v1.09
May 15th, 2022
Payment methods for individual clients: Bank transfer (SWIFT) IBAN: https://www.keycurrency.co.uk/swift-transfer/ or cryptocurrency (Bitcoin or ETH)
Payment methods for corporate customers: PayPal or bank transfer
As of 06/2022 the software has been developed for (5) years, usually on a daily basis.
MEMORY SCANNING OPTIONS: https://overlayhack.com/hex-deref-support/985
HOW TO / TERMINOLOGY: https://overlayhack.com/hex-deref-support/983
If your task is to test or "bypass" kernel level anti-cheats. That can be easily done with the software as shown in https://hexderef.com/how-to-make-cheat-engine-undetectable
Changelog: https://hexderef.com/#changelog
Q: How the professional version differs from the free version?
A:
1) No thread limitation in multi-threaded disassembler (use as many threads as your CPU support)
2) Commercial use of the software is allowed
3) An unsigned version of the kernel driver is included which enables arbitrary kernel memory to be read and written through the driver. This functionality enables an unattainable level of analysis and disclosure of information from the kernel and loaded modules memory
For example:
In terms of AV, advanced malware or kernel level anti-cheat evasion and testing, every publicly released software or kernel driver may be eventually detected, blacklisted, deemed as an unwanted software and so forth. The result could be a loss of business profit for no real reason.
Therefore the kernel features of the software cannot be provided for free. The PRO version of the software has a different control flow obfuscation and the DKOM functionality in the kernel driver is provided as a solution for your researching task.
The HEX DEREF software does not do anything without the user consent.
Please watch the introduction video of the kernel features at the official site: https://hexderef.com/ and try out the free version before you purchase because all payments are final and non refundable.
The following Windows 10 64-bit (Home or Pro) versions are supported in the kernel driver
Windows 10 21H2 Build: 19044
Windows 10 21H1 Build: 19043
Windows 10 21H1 Build: 19043
Functionality: Able to read and write (RW) protected user mode process arbitrary memory
Arbitrary kernel memory read or write (RW) without the need to enable kernel debugging
Handle elevation DKOM that bypasses EAC/Battleye
Process hiding functionality
A customized version of the kernel driver costs $249 - $2,499 USD depending on your needs.
You can verify your windows version by typing "winver" in the search.
You can sign the driver with your "Comodo standard code signing certificate". The cheapest option for individuals. The more expensive EV code signing certificate (works with secure boot) is purchasable for corporate users as it requires a verified company.
I only accept PayPal payments higher than $500 USD from verified business accounts: https://overlayhack.com/hex-deref-support/984 Leave a comment with your contact details in the thread (every comment is subject to manual approval) if you want to pay in cryptocurrency (Bitcoins or ETH)
If you host a quality forum or security research related blog and write related articles. It may be possible to get the PRO version for advertising the software in your articles.
| #978 Title: HEX DEREF v1.07 Administrator |
01/31/2022 12:41 - 240 days 17 hours 21 minutes #978 |
Implemented a page table walk which is pretty much effectively able to find every allocated user or kernel memory page in a matter of few seconds.
That feature enables dumping strings from the kernel memory (e.g from kernel driver). Try out the free version Tools->Dump strings feature.
That feature enables dumping strings from the kernel memory (e.g from kernel driver). Try out the free version Tools->Dump strings feature.
| #982 Title: HEX DEREF v1.08 Administrator |
04/01/2022 23:36 - 180 days 7 hours 26 minutes #982 |
Main view:
- Fixed logic issue with automatic process attach
- Fixed unhandled exceptions with protected processes where an anti-cheat stripped handle access
- Added an option in settings to refresh the process list automatically
"C" kernel driver:
Added process handle elevation feature. You can attach your favorite tool to any protected user mode process with PROCESS_ALL_ACCESS (0x1FFFFF) handle.
Memory viewer:
- Minor UI optimizations (a slightly less lag when drawing user process memory)
- By default show the values as unsigned
- When you modify a value in memory, the value entered can also be a hexadecimal number
- Fixed various unhandled exceptions with protected processes
- Fixed logic issue with automatic process attach
- Fixed unhandled exceptions with protected processes where an anti-cheat stripped handle access
- Added an option in settings to refresh the process list automatically
"C" kernel driver:
Added process handle elevation feature. You can attach your favorite tool to any protected user mode process with PROCESS_ALL_ACCESS (0x1FFFFF) handle.
Memory viewer:
- Minor UI optimizations (a slightly less lag when drawing user process memory)
- By default show the values as unsigned
- When you modify a value in memory, the value entered can also be a hexadecimal number
- Fixed various unhandled exceptions with protected processes
| #983 Title: How to / Terminology in the software Administrator |
04/01/2022 23:39 - 180 days 7 hours 23 minutes #983 |
Kernel mode (KM)
Kernel driver interface (KDI)
How to use the handle elevation DKOM feature with a game that's protected by a kernel level anti-cheat?
1) Enter the process names in the fields. If you want to elevate a handle for Cheat Engine (CE). Enter "cheatengine-x86_64-SSE4-AVX2.exe" in the "Elevate handle from process" field. Then you enter the executable name of the game in the field below.
https://hexderef.com/images/HEX_DEREF_v110_HANDLE_DKOM_EAC_BE_UNDETECTED_POC.png
2) KDI->Load
3) KDI->Hide driver
3) Start a game that's protected by a kernel level anti-cheat
4) Right-click to elevate the handle or use the KDI->Elevate the handle
The handle will be elevated with all possible access rights for a process object (PROCESS_ALL_ACCESS 0x1FFFFF).
Once you've elevated the handle. Do the following:
KDI->Unhide driver
KDI->Unload
How to hide the process?
1) KDI->Load the driver
2) Left-click on the process you want to hide. The selected process is highlighted
3) Right-click to hide the process
Every time when you reboot your computer or VM. Before you can browse the kernel memory. You need to enable KM in the settings and load the driver.
Kernel driver interface (KDI)
How to use the handle elevation DKOM feature with a game that's protected by a kernel level anti-cheat?
1) Enter the process names in the fields. If you want to elevate a handle for Cheat Engine (CE). Enter "cheatengine-x86_64-SSE4-AVX2.exe" in the "Elevate handle from process" field. Then you enter the executable name of the game in the field below.
https://hexderef.com/images/HEX_DEREF_v110_HANDLE_DKOM_EAC_BE_UNDETECTED_POC.png
2) KDI->Load
3) KDI->Hide driver
3) Start a game that's protected by a kernel level anti-cheat
4) Right-click to elevate the handle or use the KDI->Elevate the handle
The handle will be elevated with all possible access rights for a process object (PROCESS_ALL_ACCESS 0x1FFFFF).
Once you've elevated the handle. Do the following:
KDI->Unhide driver
KDI->Unload
How to hide the process?
1) KDI->Load the driver
2) Left-click on the process you want to hide. The selected process is highlighted
3) Right-click to hide the process
Every time when you reboot your computer or VM. Before you can browse the kernel memory. You need to enable KM in the settings and load the driver.
| #984 Title: No more PayPal Administrator |
05/04/2022 19:02 - 147 days 12 hours 0 minutes #984 |
PayPal is no longer payment option for individual customers because of a severe abuse of the dispute system.
Here is the latest example of abuse: https://hexderef.com/images/PP-D-149422468.png
The long story sort:
Initially there was a few days delays in the initial communication because the emails I sent went in the spam folder. A few days after this "customer" contacted me on Discord (I recorded a video proof for the dispute) but I did not linked to the video because the discussion contains his personal information...
I've a feeling the customer refused intentionally the fact (unless there was some kind of language barrier whatsoever) that his order for the software could be approved before 21th of May 2022. I told him on Discord that he need to wait exactly for the day PayPal will release the funds. The next day he disputed the payment. At this point he started to use the dispute system as a support system. I have no time for this when I do code the software, usually the entire day.
Ironically the "security" in PayPal system is actually acting against them. Everyone time is getting wasted and everyone is getting nothing but more frustrated. And if you wished that was all it. I dont think so PayPal dispute team is technically even capable of resolving issues like this in a professional manner.
If they will decide in the favor of the buyer. They will charge the seller for a dispute fee! Can things get more unfair!? Already they charge at the time of this post for a fee of 6.5% from the paid amount.
Finally. Even if you do everything properly and be polite. PayPal tends to decide in favor of the scammer because their dispute team is not either technically capable enough of solving the dispute in a professional manner (no matter how convincing evidence you provided that the client was a scammer) and they will charge the seller for a dispute fee. I have had enough of this unfairness.
Therefore as of this post PayPal will be only available as a payment option only for those with legitimate business accounts who registered with their business email such as payments@yourbusiness.com.
At the time of this post. I will only accept Bitcoin/ETH payments. If you're not able to to pay in cryptocurrency, then the software is not for you. I use coinbase.com as my primary cryptocurrency provider.
Here is the latest example of abuse: https://hexderef.com/images/PP-D-149422468.png
The long story sort:
Initially there was a few days delays in the initial communication because the emails I sent went in the spam folder. A few days after this "customer" contacted me on Discord (I recorded a video proof for the dispute) but I did not linked to the video because the discussion contains his personal information...
I've a feeling the customer refused intentionally the fact (unless there was some kind of language barrier whatsoever) that his order for the software could be approved before 21th of May 2022. I told him on Discord that he need to wait exactly for the day PayPal will release the funds. The next day he disputed the payment. At this point he started to use the dispute system as a support system. I have no time for this when I do code the software, usually the entire day.
Ironically the "security" in PayPal system is actually acting against them. Everyone time is getting wasted and everyone is getting nothing but more frustrated. And if you wished that was all it. I dont think so PayPal dispute team is technically even capable of resolving issues like this in a professional manner.
If they will decide in the favor of the buyer. They will charge the seller for a dispute fee! Can things get more unfair!? Already they charge at the time of this post for a fee of 6.5% from the paid amount.
Finally. Even if you do everything properly and be polite. PayPal tends to decide in favor of the scammer because their dispute team is not either technically capable enough of solving the dispute in a professional manner (no matter how convincing evidence you provided that the client was a scammer) and they will charge the seller for a dispute fee. I have had enough of this unfairness.
Therefore as of this post PayPal will be only available as a payment option only for those with legitimate business accounts who registered with their business email such as payments@yourbusiness.com.
At the time of this post. I will only accept Bitcoin/ETH payments. If you're not able to to pay in cryptocurrency, then the software is not for you. I use coinbase.com as my primary cryptocurrency provider.
| #985 Title: Advanced kernel memory scanning options in HEX DEREF Administrator |
05/17/2022 20:20 - 134 days 10 hours 42 minutes #985 |
Memory scanning is in user mode by default. The process you opened from the process list by left-clicking on the process name. When you scan your PC or laptop physical memory through the kernel driver, there is no need to open a handle to any process.
The options for kernel driver must be initialized and the driver loaded using the KDI before you can scan kernel memory.
KERNEL_MEMORY: The memory allocated by the kernel and the loaded kernel modules is scanned.
KERNEL_MODULES: The kernel and drivers data and discardable sections are checked.
USER_MEMORY: The memory allocated by all user mode processes is checked. Scanning also includes all protected processes.
The above three together are the same as a computer's physical memory. The more narrowed the scan is, the better results you will get and needless to even mention, you get the results you was after faster as well.
The options for kernel driver must be initialized and the driver loaded using the KDI before you can scan kernel memory.
KERNEL_MEMORY: The memory allocated by the kernel and the loaded kernel modules is scanned.
KERNEL_MODULES: The kernel and drivers data and discardable sections are checked.
USER_MEMORY: The memory allocated by all user mode processes is checked. Scanning also includes all protected processes.
The above three together are the same as a computer's physical memory. The more narrowed the scan is, the better results you will get and needless to even mention, you get the results you was after faster as well.
| #986 Title: How to use the kernel driver interface (KDI)? Administrator |
05/24/2022 16:00 - 127 days 15 hours 2 minutes #986 |
Each time you restart your computer or virtual machine (VM).
1) KDI->Initialize
2) KDI->Load the driver
Before you can unload the driver, you have to stop it's system thread.
KDI->Stop thread
KDI->Unload driver
1) KDI->Initialize
2) KDI->Load the driver
Before you can unload the driver, you have to stop it's system thread.
KDI->Stop thread
KDI->Unload driver
