HEX DEREF SUPPORT

#983
Title: How to / Terminology in the software
Administrator
04/01/2022 23:39 - 180 days 9 hours 19 minutes
#983
Kernel mode (KM)
Kernel driver interface (KDI)

How to use the handle elevation DKOM feature with a game that's protected by a kernel level anti-cheat?

1) Enter the process names in the fields. If you want to elevate a handle for Cheat Engine (CE). Enter "cheatengine-x86_64-SSE4-AVX2.exe" in the "Elevate handle from process" field. Then you enter the executable name of the game in the field below.

https://hexderef.com/images/HEX_DEREF_v110_HANDLE_DKOM_EAC_BE_UNDETECTED_POC.png

2) KDI->Load
3) KDI->Hide driver
3) Start a game that's protected by a kernel level anti-cheat
4) Right-click to elevate the handle or use the KDI->Elevate the handle

The handle will be elevated with all possible access rights for a process object (PROCESS_ALL_ACCESS 0x1FFFFF).

Once you've elevated the handle. Do the following:

KDI->Unhide driver
KDI->Unload

How to hide the process?

1) KDI->Load the driver
2) Left-click on the process you want to hide. The selected process is highlighted
3) Right-click to hide the process

Every time when you reboot your computer or VM. Before you can browse the kernel memory. You need to enable KM in the settings and load the driver.

Post a comment

Registered users do not have to enter captcha. A line in the code tag is currently limited to maxium of 160 characters.
Posting guidelines: You may not post any personal information. When you report an issue: Always mention which version and operating system and briefly describe the issue. Any support request post that does not include this information will be removed as spam without a reply.
Title
Tags You may use the following tags: [QUOTE] [/QUOTE] [B] [/B] [URL] [/URL] [CODE] [/CODE]
Captcha Please enter the text you see (case insensitive). The listed characters must be entered clockwise starting from twelve o'clock.
Comments are moderated Y