_xeroxz
/
badeye
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
handle elevation using bedaisy. write up can be found here https://back.engineering/21/08/2020/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15 Commits
1 Branch
1 Tag
16 MiB
 
 
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4dcbc06bc0'
${ noResults }
Go to file
xerox 4dcbc06bc0
Update README.md 		4 years ago
badeye added system proc read demo 4 years ago
battleye.8.17.2020 added current battleye + badeye project 4 years ago
README.md Update README.md 4 years ago

README.md

i am writing this atm so come back later

badeye

lsass.exe/csrss.exe

This section will go into detail about what exactly is going on here. csrss.exe/lsass.exe have handles to all processes and since battleye strips the R/W access of the handle that these processes have to the game it can cause system instability. Thus bedaisy writes two pages of shellcode to both processes and inline hooks NtReadVirtualMemory and NtWriteVirtualMemory.

If you run a battleye protected game, open cheat engine, attach to lsass.exe, and navigate to NtReadVirtualMemory/NtWriteVirtualMemory you will see this inline hook...

This inline hook jumps to shellcode that packages all of the parameter values passed to NtReadVirtualMemory into the stack and then jumps to DeviceIoControl...