_xeroxz
/
amlegit
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
reverse engineering of amlegit/xcheats.cc
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
25 Commits
1 Branch
0 Tags
161 MiB
 
 
 
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Go to file
xerox 8c371e9c9e
Released write up and changed link in readme 		4 years ago
amlegit_cpp Paste V1.3 4 years ago
overview_media 2d box video 4 years ago
reverse_engineered Paste V1.3 4 years ago
LICENSE Add LICENSE 4 years ago
README.md Released write up and changed link in readme 4 years ago
UNTOUCHED.zip Paste V1.3 4 years ago

README.md

amlegit

Reverse Engineering of amlegit/xcheats.cc this p2c sells an internal Apex cheat. Apex is protected by EAC and by the looks of this cheat/spoofer It doesnt even come remotely close to something that can evade a ban.

This cheat is a blatant paste of kdmapper and hwid spoofer using IOCTL hooking of a system driver. If you would like to read more about this scam you can do so here.

Overview

As stated before this cheat uses an IOCTL hook to communicate between its usermode process and its manually mapped driver.

IOCTL codes

0x2248D2 -> Testing communication

0x224DCA -> Read data (MmCopyVirtualMemory)

0x225CC1 -> Write data (MmCopyVirtualMemory)

0x224986 -> Allocate Virtual Memory (MmMapLockedPagesSpecifyCache, ZwOpenProcess, ZwAllocateVirtualMemory)

0x235C42 -> Spoofer (Pasted from hwid)