amlegit/README.md

# amlegit

Reverse Engineering of amlegit/xcheats.cc this p2c sells an internal Apex cheat. Apex is protected by EAC and by the looks of this cheat/spoofer It doesnt even come
remotely close to something that can evade a ban.

This cheat is a blatant paste of [kdmapper](url) and [hwid spoofer](https://github.com/btbd/hwid) using IOCTL hooking of a system driver. If you would like to read
more about this scam you can do so [here](https://ligma.vip/posts/2020/3/10/).

# Overview 

As stated before this cheat uses an IOCTL hook to communicate between its usermode process and its manually mapped driver.
<center><img src="https://git.hacks.ltd/xerox/amlegit/raw/master/overview_media/imgs/overview.png" height="550" width="572"/></center>

# IOCTL codes

0x2248D2 -> Testing communication

0x224DCA -> Read data (MmCopyVirtualMemory)

0x225CC1 -> Write data (MmCopyVirtualMemory)

0x224986 -> Allocate Virtual Memory (MmMapLockedPagesSpecifyCache, ZwOpenProcess, ZwAllocateVirtualMemory)

0x235C42 -> Spoofer (Pasted from [hwid](https://github.com/btbd/hwid))
Initial commit 4 years ago			`# amlegit`

Update README.md 4 years ago			`Reverse Engineering of amlegit/xcheats.cc this p2c sells an internal Apex cheat. Apex is protected by EAC and by the looks of this cheat/spoofer It doesnt even come`
Update README.md 4 years ago			`remotely close to something that can evade a ban.`
Update README.md 4 years ago
Update README.md 4 years ago			`This cheat is a blatant paste of [kdmapper](url) and [hwid spoofer](https://github.com/btbd/hwid) using IOCTL hooking of a system driver. If you would like to read`
Released write up and changed link in readme 4 years ago			`more about this scam you can do so [here](https://ligma.vip/posts/2020/3/10/).`
Update README.md 4 years ago
			`# Overview`

			`As stated before this cheat uses an IOCTL hook to communicate between its usermode process and its manually mapped driver.`
Update README.md 4 years ago			`<center><img src="https://git.hacks.ltd/xerox/amlegit/raw/master/overview_media/imgs/overview.png" height="550" width="572"/></center>`
Update README.md 4 years ago
			`# IOCTL codes`

			`0x2248D2 -> Testing communication`

			`0x224DCA -> Read data (MmCopyVirtualMemory)`

			`0x225CC1 -> Write data (MmCopyVirtualMemory)`

			`0x224986 -> Allocate Virtual Memory (MmMapLockedPagesSpecifyCache, ZwOpenProcess, ZwAllocateVirtualMemory)`

			`0x235C42 -> Spoofer (Pasted from [hwid](https://github.com/btbd/hwid))`