From e3f9a751964dc0cacd5938638720682dac48ffa7 Mon Sep 17 00:00:00 2001 From: xerox Date: Mon, 17 Aug 2020 22:31:10 +0000 Subject: [PATCH] Update README.md --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6e6a8ab..39b5338 100644 --- a/README.md +++ b/README.md @@ -19,4 +19,8 @@ This inline hook jumps to shellcode that packages all of the parameter values pa Now that you have a basic understanding of how this system works (and sorta why it is), lets look at what we can do! -To begin we need to extract the driver handle at runtime, this can be done simply by extracting the address of the shellcode out of the inline hook of `NtReadVirtualMemory`. \ No newline at end of file +To begin we need to extract the driver handle at runtime, this can be done simply by extracting the address of the shellcode out of the inline hook of `NtReadVirtualMemory`. Nnow that we have +the handle to the driver we can start sending IOCTL's to BattlEye. The IOCTL data is not encrypted nor complicated... this is what it looks like: + + +