|
|
@ -10,3 +10,15 @@ more about this scam you can do so [here](url).
|
|
|
|
|
|
|
|
|
|
|
|
As stated before this cheat uses an IOCTL hook to communicate between its usermode process and its manually mapped driver.
|
|
|
|
As stated before this cheat uses an IOCTL hook to communicate between its usermode process and its manually mapped driver.
|
|
|
|
<img src="https://git.hacks.ltd/xerox/amlegit/raw/master/overview.png"/>
|
|
|
|
<img src="https://git.hacks.ltd/xerox/amlegit/raw/master/overview.png"/>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# IOCTL codes
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x2248D2 -> Testing communication
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x224DCA -> Read data (MmCopyVirtualMemory)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x225CC1 -> Write data (MmCopyVirtualMemory)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x224986 -> Allocate Virtual Memory (MmMapLockedPagesSpecifyCache, ZwOpenProcess, ZwAllocateVirtualMemory)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x235C42 -> Spoofer (Pasted from [hwid](https://github.com/btbd/hwid))
|