From 675960270f42924e5d3c698bf7851d9228fc0114 Mon Sep 17 00:00:00 2001 From: xerox Date: Mon, 17 Aug 2020 22:21:32 +0000 Subject: [PATCH] Update README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d745632..979877c 100644 --- a/README.md +++ b/README.md @@ -8,4 +8,6 @@ # lsass.exe/csrss.exe This section will go into detail about what exactly is going on here. csrss.exe/lsass.exe have handles to all processes and since battleye strips the R/W access of the handle that these processes have -to the game it can cause system instability. Thus bedaisy writes two pages of shellcode to both processes and inline hooks `NtReadVirtualMemory` and `NtWriteVirtualMemory`. \ No newline at end of file +to the game it can cause system instability. Thus bedaisy writes two pages of shellcode to both processes and inline hooks `NtReadVirtualMemory` and `NtWriteVirtualMemory`. + +If you run a battleye protected game, open cheat engine, attach to `lsass.exe`, and navigate to `NtReadVirtualMemory`/`NtWriteVirtualMemory` you will see this inline hook... \ No newline at end of file