Source Code IDA scripts for analyzing BattlEye

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,187
19,938
76
A little python script I put together to fight against battleye's updates, I've excluded most of my private vital stuff (don't be hatin'), but this should still provide some insight on automating things for IDA.

C++:
import idautils
import idaapi


Message("\n===================\n")
Message("BattlEye Analyst 0.1\n")

for x in idautils.Functions() :
    funcName = GetFunctionName(x)
    if funcName == "GetVer" :
        print("BattlEye version: %d " % Byte(int(x) + 1))   
       
Message("\n===================\n")

#
       
Message("Main exports:\n")       
       
for x in idautils.Functions() :
    funcName = GetFunctionName(x)
    if funcName == "GetVer" :
        print("GetVer: %s " % hex(x))
    elif funcName == "Init" :
        print("Init: %s " % hex(x))
    elif funcName == "StartAddress" :
        print("StartAddress: %s " % hex(x))
       
#
       
Message("\n")       
Message("Improtant imports: \n")

# find main imports (APIs) #
ValuableImports = ["OpenProcess","ReadProcessMemory","VirtualQuery","VirtualQueryEx", "GetThreadContext"]

def imp_cb(ea, name, ord):
    if name:
        for i in ValuableImports:
            if i == name:
                print "%s: %x" % (name, ea)

    return True

nimps = idaapi.get_import_module_qty()

for i in xrange(0, nimps):
    name = idaapi.get_import_module_name(i)
    if not name:
        continue

    idaapi.enum_import_names(i, imp_cb)
   
#
   
Message("\n")
Message("Main scan routines: \n")


segments = dict()

for seg_ea in Segments() :
    data = []
   
    for ea in range(seg_ea, SegEnd(seg_ea)) :
        data.append(chr(Byte(ea)))

    segments[SegName(seg_ea)] = ''.join(data)


# .text start and end address   
Start = 0x10001000
End = 0

for seg_name, seg_data in segments.items() :
    if (seg_name == ".text") :
        End = 0x10001000 + len(seg_data)
   
# find pattern function       
def findPattern(current, pat, mask):
    Index = 0
    for x in pat :
        if mask[Index] == "?" :
            Index = Index + 1
            continue
        if x != Byte(current + Index) :
            return 0
        else :
            Index = Index + 1   
    return current
   
# some patterns
VirtualQueryScanPat = [0x55, 0x8B, 0xEC, 0x6A, 0xFE, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, 0x64, 0xA1, 0x00, 0x00, 0x00, 0x00, 0x50, 0x83, 0xEC, 0x30, 0x53, 0x56, 0x57]
VirtualQueryMask = "xxxxxx????x????xxxxxxxxxxxxx"
   
ProcessScanPat = [0x81, 0xEC, 0x4C, 0x02, 0x00, 0x00, 0xA1, 0x58, 0x94, 0x01, 0x10, 0x33, 0xC4]
ProcessScanMask    = "xxxxxxxxxxxxx "

MainScanThreadPat = [0x55, 0x8B, 0xEC, 0x6A, 0xFE, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, 0x64, 0xA1, 0x00, 0x00, 0x00, 0x00, 0x50, 0x81, 0xEC]
MainScanThreadMask = "xxxxxx????x????xxxxxxxxx"

n = Start
while n < End :
    if findPattern(n, MainScanThreadPat, MainScanThreadMask) != 0 :
        print("Main scan thread: 0x%x" % n)
    n = n + 1

# find patterns / scans   
n = Start
while n < End :
    if findPattern(n, VirtualQueryScanPat, VirtualQueryMask)  != 0 :
        print("VirtualQuery scan: 0x%x" % n)

    if findPattern(n, ProcessScanPat, ProcessScanMask) != 0 :
        print("ProcessScan 1: 0x%x" % n)
       
    n = n + 1
   
   
Message("\n==== Complete! ====\n")
Don't be harsh on my python skills, I've been learning it for just 2 hours lol

https://guidedhacking.com/threads/anticheat-battleye-bypass-overview.11602/
 
Last edited by a moderator:

bryant143

Newbie
Oct 4, 2013
2
172
0
sir i dont know what its the IDA -_- Im only a computer technician but i dont know what its CC++ and u mean -_- do you have software only can run or click only ,.,.
PLss sir help me to hack mornia online any cheat :D








the body said its Yes BUT the brain said its No ,.,
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods