Function Bypass in CE 5.6
-Daftar fungsi cheatengine 5.6 yang harus di bypass
-ini hanya untuk cheat engine source code 5.6
-gunakan ASR ( Actual Search Replace ) untuk mengganti fungsi
-setelah fungsi tersebut di ganti, compile DDKKernelnya dan jadilah kernel undetected !
jamu untuk membuat engine :
CreateRemoteAPC = xxx7
DBKDebug_ContinueDebugEvent = xxx8
DBKDebug_GD_SetBroakpoint = xxx9
DBKDebug_GetDebuggerState = xxx10
DBKDebug_SetDebuggerState = xxx11
DBKDebug_StartDebugging = xxx12
DBKDebug_StopDebugging = xxx13
DBKDebug_WaitForDebugEvent = xxx14
DBKResumeProcess = xxx15
DBKResumeThread = xxx16
DBKSuspendProcess = xxx17
DBKSuspendThread = xxx18
dbvm_block_interrupts = xxx19
dbvm_changeselectors = xxx20
dbvm_raise_privilege = xxx21
dbvm_read_physical_memory = xxx22
dbvm_redirect_interrupt1 = xxx23
dbvm_restore_interrupts = xxx24
dbvm_version = xxx25
dbvm_write_physical_memory = xxx26
executeKernelCode = xxx27
GetCR0 = xxx28
GetCR3 = xxx29
GetCR4 = xxx30
GetDebugPortOffset = xxx31
GetGDT = xxx32
GetIDTCurrentThread = xxx33
GetIDTs = xxx34
GetKProcAddress = xxx35
GetKProcAddress64 = xxx36
GetLoadedState = xxx37
GetPEProcess = xxx38
GetPEThread = xxx39
GetPhysicalAddress = xxx40
GetProcessNameFromID = xxx41
GetProcessNameFromPEProcess = xxx42
GetProcessOffset = xxx43
GetSDT = xxx44
GetSDTEntry = xxx45
GetSDTShadow = xxx46
GetSSDTEntry = xxx47
GetThreadListEntryOffset = xxx48
GetThreadsProcessOffset = xxx49
isDriverHandle = xxx50
IsValidHandle = xxx51
KernelAlloc = xxx52
KernelAlloc64 = xxx53
LaunchDBVM = xxx54
MakeWritable = xxx55
NOP = xxx56
OP = xxx57
OT = xxx58
ReadPhysicalMemory = xxx59
RPM = xxx60
RPM64 = xxx61
StartProcessWatch = xxx62
UserdefinedInterruptHook = xxx63
VAE = xxx64
VQE = xxx65
WaitForProcessListData = xxx66
WPM = xxx67
WPM64 = xxx68
WritePhysicalMemory = xxx69
nb : xxx nya bisa diganti dengan kata lainBagaimana cara mengetahui fungsi tersebut dengan mudah ???
nih gw punya triknya
Credit by RCD !!!
Tidak ada komentar:
Posting Komentar