成品:123网盘 百度网盘
解压使用"\Cheat Engine\bin\uxeatengine-x86_64.vmp.exe"或"\Cheat Engine\bin\uxeatengine-x86_64.exe"
对CE的修改
更改了驱动名字
修改了名字和图标,修改了字符串
使用vmp3.X进行混淆和保护
编译了访问内核的驱动程序(要使用内核驱动程序请配合https://github.com/Mattiwatti/EfiGuard/releases/tag/v1.2.1)需要一个U盘
执行下面这个lua脚本即可
[Lua] 纯文本查看 复制代码symbols = createSymbolList();
symbols.register();
function onOpenProcess(pid)
symbols.unregister();
symbols = createSymbolList();
symbols.register();
reinitializeSymbolhandler();
if (pid == 4) then
return;
end
local proc = dbk_getPEProcess(pid);
--printf("proc: %08X", proc);
local peb = readQword(proc + 0x550);
--printf("peb: %08X", peb);
local ldr = readQword(peb + 0x18);
--printf("ldr: %08X", ldr);
local index = readQword(ldr + 0x10);
--printf("index: %08X\n", index);
while (index ~= ldr + 0x10) do
local mod = readQword(index);
--printf("mod: %08X", mod);
local name = readString(readQword(mod + 0x58 + 0x8), readSmallInteger(mod + 0x58), true);
--printf("name: %s", name);
local base = readQword(mod + 0x30);
--printf("base: %08X", base);
local size = readInteger(mod + 0x40);
--printf("size: %04X\n", size);
symbols.addModule(name, "", base, size, true);
index = readQword(mod);
end
local name = readString(proc + 0x5A8, 15);
--print("name:", name);
local base = readQword(proc + 0x520);
--printf("base: %08X", base);
local size = readQword(proc + 0x498);
--printf("size: %04X", size);
symbols.addModule(name, "", base, size);
reinitializeSymbolhandler();
--print("finished!");
end
这个程序并不完善,特别是内核部分
不过一般的检测应该是没有问题的
修复了前面版本开始的字符报错
