方向个过保护的方法

the kernel function MiReadWriteVirtualMemory call ObReferenceObjectByHandleWithTag to check the privilege. so hooking ObReferenceObjectByHandleWithTag can let Cheat Engine acess any process despite proctection.

__int64 __fastcall MiReadWriteVirtualMemory(
HANDLE Handle,
char *a2,
char *a3,
size_t a4,
unsigned __int64 a5,
ACCESS_MASK DesiredAccess)
{
__int64 v9; // rsi
struct _KTHREAD *CurrentThread; // r14
KPROCESSOR_MODE PreviousMode; // al
_QWORD *v12; // rbx
__int64 v13; // rcx
NTSTATUS v14; // edi
_KPROCESS *Process; // r10
PVOID v16; // r14
char *v17; // r9
_KPROCESS *v18; // r8
char *v19; // rdx
_KPROCESS *v20; // rcx
NTSTATUS v21; // eax
int v22; // r10d
KPROCESSOR_MODE v24; // [rsp+40h] [rbp-48h]
__int64 v25; // [rsp+48h] [rbp-40h] BYREF
PVOID Object[2]; // [rsp+50h] [rbp-38h] BYREF

[培训]科锐逆向工程师培训第53期2025年7月8日开班！