| View previous topic :: View next topic |
| Author |
Message |
4jax_cheater
Cheater
![]() Reputation: 0
Joined: 14 Apr 2009
Posts: 31
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
 Posted: Sun Jan 23, 2011 9:11 am Post subject: |
 |
|
3: looks like the kernelmode query memory regions isn't enabled or it's having a problem. Check the code for it
4: ce is jumping into a nil pointer. Most commonly caused by an export that has been renamed and not updated in ce
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
4jax_cheater
Cheater
![]() Reputation: 0
Joined: 14 Apr 2009
Posts: 31
|
| Posted: Sun Jan 23, 2011 6:52 pm Post subject: |
|
|
Dark Byte, I did the bypass again, and still the same error "Scan Error: No memory found Redable, I'm using sys and dll source 5.3 on 5.6 ..
fixmemoryacess :
| Code: | oldprocesshandle:=processhandle;
try
loaddbk32;
UseDBKReadWriteMemory;
//query is needed too to scan, but thats up to the user
// ikb:=cefuncproc.processhandle;
// ikb:=newkernelhandler.OpenProcess(PROCESS_ALL_ACCESS,false,GetCurrentProcessID);
//I don't even have to adjust the jxx instructions since all of them point to when it fails, so thats ok
KeAttachProcessAddress:=dword(GetKProcAddress('KeAttachProcess'));
KiAttachProcessAddress:=0;
sl:=tstringlist.Create;
x:=KeAttachProcessAddress;
a:=symhandler.showmodules;
b:=symhandler.showsymbols;
symhandler.showmodules:=false;
symhandler.showsymbols:=false;
sl.Add('Kalloc(mymem,4096)');
sl.add('Kalloc(mymem2,4096)');
sl.add('');
sl.add('mymem2:');
sl.add('');
sl.add('mymem:');
s:='';
while (x<KeAttachProcessAddress+$200) and (s<>'ret 0004') do
begin
// s:=disassemble(x);
s:=copy(s,pos('-',s)+2,length(s));
s:=copy(s,pos('-',s)+2,length(s));
if pos('call 8',s)>0 then
begin
KiAttachProcessAddress:=strtoint('$'+copy(s,pos(' ',s)+1,length(s)));
s:='call mymem2';
end;
sl.Add(s);
end;
//now generate the jumper for KiAttachProcess
if KiAttachProcessAddress=0 then raise exception.Create('No KiAttachProcess call found');
x:=KiAttachProcessAddress;
i:=4;
while (x<KiAttachProcessAddress+5) do
begin
// s:=disassemble(x);
s:=copy(s,pos('-',s)+2,length(s));
s:=copy(s,pos('-',s)+2,length(s));
sl.Insert(i,s);
inc(i);
end;
sl.Insert(i,'jmp '+inttohex(x,8));
DriversKeAttachProcessAddressAddress:=getpeprocess($deadbeef);
if DriversKeAttachProcessAddressAddress=0 then raise exception.Create('sassa!');
sl.Add('');
sl.Add(inttohex(DriversKeAttachProcessAddressAddress,8)+':');
sl.add('dd mymem');
symhandler.showmodules:=a;
symhandler.showsymbols:=b;
// if not autoassemble(sl,false) then raise exception.create('Auto assembler error.');
finally
// ikb:=oldprocesshandle;
end;
end; |
help?
I fixed that error it was giving before, now the scan works best '. "More so than when using the sys and dll ce 5.3 of this error in the scan!
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
| Posted: Sun Jan 23, 2011 9:09 pm Post subject: |
|
|
as shown in the screenshot, you can read memory. It's just that the scanroutine can not enumerate the memory regions
See why it can't do it (didn't you select it, or did you neglect to change the kernelmode query memory region so it used keattach instead of kestackattach ? )
also, look into the virtualpagedir plugin which can also bypass it
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
4jax_cheater
Cheater
![]() Reputation: 0
Joined: 14 Apr 2009
Posts: 31
|
| Posted: Mon Jan 24, 2011 5:20 am Post subject: |
|
|
| Yeah this plugin undetected .. the same problem in the use of this sys and dll 5.3 '. "you know any way to put it to work? I tested here and works fine with other sys and dll .. are not and rev ..
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
| Posted: Mon Jan 24, 2011 8:18 am Post subject: |
|
|
just try to find out why it doesn't work (where exactly it goes wrong, in the code)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
4jax_cheater
Cheater
![]() Reputation: 0
Joined: 14 Apr 2009
Posts: 31
|
| Posted: Mon Jan 24, 2011 1:56 pm Post subject: |
|
|
| Dark byte, I'll check anything I post here ..
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
