Results 1 to 7 of 7
  1. #1
    Customer Edward's Avatar
    Join Date
    Oct 2011
    Location
    Germany
    Posts
    344
    Thanks
    164
    Thanked 74 Times in 54 Posts

    Hide Driver and Process

    Hi actually i still learning C++ and HTML/CSS.

    At the moment still for myself.

    And i found at my research to make cheats undetected a very usefull Sourcecode.

    (Actually i dont planning to make a cheat or something)

    http://www.codeproject.com/Articles/...sses-and-Files

    But i want to understand how pogramms work. And after i found this usefull post i thought....

    I had already read something like this...

    And thought i ask DC someting in terms of the articel.
    Do you use this for your cheat?
    Or can a coder use this to hide his cheat/driver after he converted his cheat to a driver?

    Best regards Edward

  2. #2
    Moderator
    Join Date
    Jan 2013
    Location
    Hungary
    Posts
    757
    Thanks
    7
    Thanked 409 Times in 277 Posts
    Quote Originally Posted by Edward View Post
    Hi actually i still learning C++ and HTML/CSS.

    At the moment still for myself.

    And i found at my research to make cheats undetected a very usefull Sourcecode.

    (Actually i dont planning to make a cheat or something)

    http://www.codeproject.com/Articles/...sses-and-Files

    But i want to understand how pogramms work. And after i found this usefull post i thought....

    I had already read something like this...

    And thought i ask DC someting in terms of the articel.
    Do you use this for your cheat?
    Or can a coder use this to hide his cheat/driver after he converted his cheat to a driver?

    Best regards Edward
    Most of DC's hack are internal and this driver is only useful for external cheats, which are running in a separate overlay-process.
    Simple answer for the first question: No, and it is disturbing how you think that DC would C&P a driver which is public.

    You cannot convert a cheat to a driver. You have to completly rewrite your cheat AS a driver, which is a really hard task and cannot be achieved easily/requires lots of knowledge of driver developing. If your cheat is in ring0, you don't have to hide anything, couse ring3 programs cannot even touch it. As far as ring0 ACs are concerned (ESEA, etc) they showed it not once that detecting public hiding methods are not hard for them.
    Simple answer for the second question: It's a silly idea.

  3. The Following User Says Thank You to [MOD]ponies For This Useful Post:

    Afonso (09-22-2014)

  4. #3
    Junior Member
    Join Date
    Oct 2014
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by [MOD]ponies View Post
    If your cheat is in ring0, you don't have to hide anything, couse ring3 programs cannot even touch it.
    Isnt this just partly true? The Cheat - is ring0 afaik, but the game is in ring3. so from my understanding (pls tell me im wrong) - you inject code into ring3 layer right?

  5. #4
    Customer Ryanrenesis's Avatar
    Join Date
    Jul 2011
    Location
    Islander
    Posts
    282
    Thanks
    39
    Thanked 74 Times in 48 Posts
    Quote Originally Posted by synonym View Post
    Isnt this just partly true? The Cheat - is ring0 afaik, but the game is in ring3. so from my understanding (pls tell me im wrong) - you inject code into ring3 layer right?
    There are pure ring0 cheats that only run in ring0 and then there are ring3 cheats that use a ring0 driver layer.

    I believe DC's cheats are ring3 that use a ring0 driver layer.

  6. #5
    Administrator&Coder #DC's Avatar
    Join Date
    Jan 2011
    Location
    Everywhere
    Posts
    8,820
    Thanks
    1,386
    Thanked 5,486 Times in 2,506 Posts
    even with pure ring0 cheats you need some kind of loader and if you dont take care of it, it'll get detected sooner or later ( many cheat providers examples around ), there are really no differences between the two...just the downside features the pure kernel cheat can provider compared to the other one.



    It is all about 1 step forward the anticheat...
    We currently supports:

    PunkBuster | VAC3 | EasyAntiCheat 3 | ESLWireAC | TZAC V2 | CMN3 | UAC3 | Libra3 | SGLAC | AltPUG | CGAC | Paladin CEVO and more.

    Check our daily cheats status HERE.

    Get your Subscription HERE.


    www.Deadc0deshop.net the safest way to cheat on online games.

    Best Regards, Deadc0de-Shop Admin.

    DDoS attack?


  7. The Following User Says Thank You to #DC For This Useful Post:

    RunWithFear (06-21-2015)

  8. #6
    Banned
    Join Date
    Oct 2016
    Posts
    54
    Thanks
    4
    Thanked 12 Times in 11 Posts
    Quote Originally Posted by #DC View Post
    even with pure ring0 cheats you need some kind of loader and if you dont take care of it, it'll get detected sooner or later ( many cheat providers examples around ), there are really no differences between the two...just the downside features the pure kernel cheat can provider compared to the other one.
    It is all about 1 step forward the anticheat...
    Define pure ring0 cheats, if you mean cheats that are utilizing routines only to do specific task/routine then sure that's the case.
    It's all about preventing anti-cheat administrators to blacklist signature in your application while debugging it.
    The limit of access prevents different attack vectors, which is the best way to prevent detections.

    Or you could write a Hypervisor that would have a tampered way of handling memory, i.e. splitting the TLB and VAD/run-time cloak the driver.
    Pure kernel cheats would be something like a hardware mapped device that does not use anything else than routines.

    I'd assume that kernel cheats are generally slower due to the execution layer. Doing the context switch from r3 to r0 and editing the CR3 to CR0 and write would cause microseconds of delay.
    Comparison to a direct I/O call, which isn't allowed as devices have to be validated due to Windows having the "Protected" mode which prevents users from accessing devices directly.

    From what I've observed, Deadc0de does heavy DKOM, editing various of system tables and cleaning/erasing out various of information that is static in the client.
    Also, mapping the cheat code onto the game through the Deadc0de system-driver, which has its own way of mapping itself (santized headers, etc).

    So yeah, deadc0de is the most secure "paid-cheat" there is due to the nature of the system driver.

  9. #7
    Junior Member
    Join Date
    Mar 2017
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Nice thread

    Thanks, nice to read it! #mmmm1297

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •