Compiled-Code/be-injector Compiled-Code/be-injector

  • Stars
    star
    208
  • Rank 185,029 (Top 4 %)
  • Language
    C++
  • Created about 2 years ago
  • Updated about 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
Compiled-Code/be-injector
github

Compiled-Code

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

be-injector

How it works?

This works by abusing how Windows saves memory by re-using pages if they have not been modified, known as Copy on Write. To evade Copy on Write, we obtain the physical address of the pages within the code section of the signed module, and patch directly to that. When Windows loads the dll into the game, no Copy on Write violation would have taken place, thus it would load the dll with our patches

How does this evade BattlEye?

BattlEye does not verify the integrity of the modules within the game. PUBG, on its own, verifies the integrity of various system modules, but not loaded modules by the user. Because the module we are loading is signed, BattlEye will blindly accept it.

What doesit bypass?

  • Thread checks
  • Windows function calls
  • Signature Scans

Note

For this example, just the code section is mapped within the game.

show

Credits

  • Xerox for VDM

More Repositories

1

eac-mapper

undetected eac mapper
C++
159
star
2

external-il2cpp

External Il2Cpp Framework
C++
58
star
3

StudioLuauCompiler

Studio Luau Compiler POC
C++
3
star
4

rust-dumper

rust static class offset dumper
C++
3
star
5

rust-offset-code-generator

generate struct offset codes
Lua
3
star
6

interactive-mono-dissector

interactive mono dissector utility
C++
1
star