1 pointI don't think I have posted the source code here? So here. dinput8 It shows how to intercept all winapi calls from a single hook for a wow64 process. It won't work with the current version of blackcipher. For some WinApi like (NtOpenProcess,NtReadVirtualMemory,NtQueryVirtualMemory), it doesn't go through the wow64 callgate anymore (fs:c0), BlackCipher create a 64 bit thread and make it call the native syscall instead. There is 2 ntdll.dll loaded one 32 bit and the other 64 bit for a wow64 process. You now have to hook the 64 bit ntdll now. In Cheat Engine the module symbol "_NtOpenProcess" without the quotes is the 64 bit NtOpenProcess. There is an underscore before the winapi name. I have wrote a wow64 library in 2011 if anyones interested: wow64ext I gave it to my subordinate rewolf and he released it on his github.
1 pointNo aasdf isn’t me. Someone I will not name informed me of this so I had to register as forgot last account. Bye bye until someone mentions this again and I gotta clear up the smoke. I only have a macbook for my work now, I don’t have freetime like aasdf.
1 pointLegit the most misinforming post I’ve ever seen - goes to show just how bad Aasdf really is, when he doesn’t even understand the basics of this 😂 1. fs:0xc0 is not a “TEB hook” - you just hook the KiFastSystemcall. 2. It doesn’t intercept ALL WinAPIs, only the ones that needs to trampoline into a 64-bit environment so they can elevate execution to ring0 (it’s not even that many...) 3. The entire thing you explained about how BlackCipher worked now is straight wrong :s 4. Nice credit leech Imagine spending every single of your woken hours of healthcare provided stability on trying to hack games, and yet, after 12 years of autistic attempting, continue to fail... I feel sad for you, but I suppose we aren’t all meant to succeed... in anything, ever, I guess. 🤔
1 pointI gave it to my subordinate rewolf and he released it on his github" AASDF best coder!
This leaderboard is set to Amsterdam/GMT+01:00