2017-12-13 23:48 CET

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0000458Cheat Engine(No Category)public2016-03-04 15:20
Reporterpausebreak7 
Assigned To 
PriorityhighSeverityminorReproducibilityN/A
StatusnewResolutionopen 
PlatformwindowsOS64bitOS Version
Summary0000458: hi db obregistercallbacks xenos injection code add possible?
Descriptionhttps://github.com/DarthTon/Xenos

https://github.com/DarthTon/Xenos/blob/55756c10d4aa270e71e5ccf4c4e3f90519a6db3a/src/InjectionCore.cpp#L117

Xenos injection Obregistercallback openprocess block bypass code

PROCESS_QUERY_LIMITED_INFORMATION?

// Escalate handle access rights through driver

Esclate handle access -> Obregistercallbacks Block Bypass -> injection Success




Steps To ReproduceXenos injection Code Cheat Engine Add Possible?

Obregistercallbacks Handle Block Bypass

Cheat Engine Option

---Obregistercallbacks bypass--
1.Enumerate Dll's

2.Add Address Code test.exe+1000 -> View Possible?

Thank you DB


TagsNo tags attached.
Attached Files

-Relationships
+Relationships

-Notes

~0001025

pausebreak7 (reporter)

Case IOCTL_CE_ENUMACCESSEDMEMORY:
            {
                struct input
                {
                    UINT64 ProcessID;
                } *inp;
                PEPROCESS selectedprocess;

                PVOID BaseAddress;
                SIZE_T RegionSize;

                inp = Irp->AssociatedIrp.SystemBuffer;
                //dbgprint("IOCTL_CE_ENUMACCESSEDMEMORY(%d)\n", inp->ProcessID);


                ntStatus = STATUS_UNSUCCESSFUL;

                if (PsLookupProcessByProcessId((PVOID)(UINT64)(inp->ProcessID), &selectedprocess) == STATUS_SUCCESS)
                    *(int *)Irp->AssociatedIrp.SystemBuffer=enumAllAccessedPages(selectedprocess);

                ntStatus = STATUS_SUCCESS;
                break;

Driver IOCTL_CE_ENUMACCESSEDMEMORY

Module Information View?

~0001026

pausebreak7 (reporter)

https://github.com/DarthTon/Blackbone

Xenos Driver BlackNone Github Source
+Notes

-Issue History
Date Modified Username Field Change
2016-03-04 14:13 pausebreak7 New Issue
2016-03-04 14:18 pausebreak7 File Added: bypass...png
2016-03-04 14:21 pausebreak7 Note Added: 0001025
2016-03-04 15:20 pausebreak7 Note Added: 0001026
+Issue History