Back online!
0 Members and 1 Guest are viewing this topic.
ok mate , good luck with what your trying to do , im guessing battleyeyou can tell that anti cheat $able in his wisdom made ... to go fuck its self quite easily you know , same method works on vac and punkbuster.
defeat every way it works...your thinking to hard.
uint8_t* virtCurrentEProcess = (addr + x + PoolHeaderDelta - 4);DWORD64 dirbase = *(DWORD64*)(virtCurrentEProcess + DIRBASEOFFSET);_LIST_ENTRY activeProcessList = *(_LIST_ENTRY*)(virtCurrentEProcess + PROCESSLINKSOFFSET); printf("EPROCESS FOUND: %s \n", virtCurrentEProcess + EprocessImageFileName);printf("Flink address %p\n", activeProcessList.Flink);auto cr = memory.TranslateLinearAddress(dirbase, activeProcessList.Flink);auto newProcessName = memory.GetMemory(cr - PROCESSLINKSOFFSET + EprocessImageFileName, 15);printf("new EProcess name %s \n", newProcessName);