HEX DEREF SUPPORT
| #983 Title: How to / Terminology in the software Administrator |
04/01/2022 23:39 - 748 days 23 hours 24 minutes #983 |
Kernel mode (KM)
Kernel driver interface (KDI)
How to use the handle elevation DKOM feature with a game that's protected by a kernel level anti-cheat?
1) Enter the process names in the fields. If you want to elevate a handle for Cheat Engine (CE). Enter "cheatengine-x86_64-SSE4-AVX2.exe" in the "Elevate handle from process" field. Then you enter the executable name of the game in the field below.
https://hexderef.com/images/HEX_DEREF_v110_HANDLE_DKOM_EAC_BE_UNDETECTED_POC.png
2) KDI->Load
3) KDI->Hide driver
3) Start a game that's protected by a kernel level anti-cheat
4) Right-click to elevate the handle or use the KDI->Elevate the handle
The handle will be elevated with all possible access rights for a process object (PROCESS_ALL_ACCESS 0x1FFFFF).
Once you've elevated the handle. Do the following:
KDI->Unhide driver
KDI->Unload
How to hide the process?
1) KDI->Load the driver
2) Left-click on the process you want to hide. The selected process is highlighted
3) Right-click to hide the process
Every time when you reboot your computer or VM. Before you can browse the kernel memory. You need to enable KM in the settings and load the driver.
Kernel driver interface (KDI)
How to use the handle elevation DKOM feature with a game that's protected by a kernel level anti-cheat?
1) Enter the process names in the fields. If you want to elevate a handle for Cheat Engine (CE). Enter "cheatengine-x86_64-SSE4-AVX2.exe" in the "Elevate handle from process" field. Then you enter the executable name of the game in the field below.
https://hexderef.com/images/HEX_DEREF_v110_HANDLE_DKOM_EAC_BE_UNDETECTED_POC.png
2) KDI->Load
3) KDI->Hide driver
3) Start a game that's protected by a kernel level anti-cheat
4) Right-click to elevate the handle or use the KDI->Elevate the handle
The handle will be elevated with all possible access rights for a process object (PROCESS_ALL_ACCESS 0x1FFFFF).
Once you've elevated the handle. Do the following:
KDI->Unhide driver
KDI->Unload
How to hide the process?
1) KDI->Load the driver
2) Left-click on the process you want to hide. The selected process is highlighted
3) Right-click to hide the process
Every time when you reboot your computer or VM. Before you can browse the kernel memory. You need to enable KM in the settings and load the driver.
