# amlegit

Reverse Engineering of amlegit/xcheats.cc this p2c sells an internal Apex cheat. Apex is protected by EAC and by the looks of this cheat/spoofer It doesnt even come
remotely close to something that can evade a ban.

This cheat is a blatant paste of [kdmapper](url) and [hwid spoofer](https://github.com/btbd/hwid) using IOCTL hooking of a system driver. If you would like to read
more about this scam you can do so [here](https://ligma.vip/posts/2020/3/10/).

# Overview 

As stated before this cheat uses an IOCTL hook to communicate between its usermode process and its manually mapped driver.
<center><img src="https://git.hacks.ltd/xerox/amlegit/raw/master/overview_media/imgs/overview.png" height="550" width="572"/></center>

# IOCTL codes

0x2248D2 -> Testing communication

0x224DCA -> Read data (MmCopyVirtualMemory)

0x225CC1 -> Write data (MmCopyVirtualMemory)

0x224986 -> Allocate Virtual Memory (MmMapLockedPagesSpecifyCache, ZwOpenProcess, ZwAllocateVirtualMemory)

0x235C42 -> Spoofer (Pasted from [hwid](https://github.com/btbd/hwid))