You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
24 lines
969 B
24 lines
969 B
# amlegit
|
|
|
|
Reverse Engineering of amlegit/xcheats.cc this p2c sells an internal Apex cheat. Apex is protected by EAC and by the looks of this cheat/spoofer It doesnt even come
|
|
remotely close to something that can evade a ban.
|
|
|
|
This cheat is a blatant paste of [kdmapper](url) and [hwid spoofer](https://github.com/btbd/hwid) using IOCTL hooking of a system driver. If you would like to read
|
|
more about this scam you can do so [here](url).
|
|
|
|
# Overview
|
|
|
|
As stated before this cheat uses an IOCTL hook to communicate between its usermode process and its manually mapped driver.
|
|
<img src="https://git.hacks.ltd/xerox/amlegit/raw/master/overview.png"/>
|
|
|
|
# IOCTL codes
|
|
|
|
0x2248D2 -> Testing communication
|
|
|
|
0x224DCA -> Read data (MmCopyVirtualMemory)
|
|
|
|
0x225CC1 -> Write data (MmCopyVirtualMemory)
|
|
|
|
0x224986 -> Allocate Virtual Memory (MmMapLockedPagesSpecifyCache, ZwOpenProcess, ZwAllocateVirtualMemory)
|
|
|
|
0x235C42 -> Spoofer (Pasted from [hwid](https://github.com/btbd/hwid)) |