i have all the SSDT hook addresses from the anti-cheat program at a game

Question

0

Asked: June 7, 20262026-06-07T18:43:09+00:00 2026-06-07T18:43:09+00:00

i have all the SSDT hook addresses from the anti-cheat program at a game

0

i have all the SSDT hook addresses from the anti-cheat program at a game (from kernel detective). but my code doesn’t seem able to change the address hex contents. please help. thanks.

Address to be hooked:

Address             : 0x805D2C44
Location            : ntkrnlpa.exe [PAGE]
Len                 : 5
State               : Relative Call :: call 0x8931C5B0
Current Value       : E8 67 99 D4 08 
Original Value      : E8 95 88 FE FF 
Destination Module  : 0x8931C5B0 :: -

Code:

#define NTKRNLPA01 0x805D2C44
...
MemRelace((void *)(NTKRNLPA01), (void *)"\xE8\x95\x88\xFE\xFF", 5)

MemReplace function:

bool MemReplace(VOID *lpMem, VOID *lpSrc, DWORD len)
{
  DWORD lpflOldProtect, flNewProtect = PAGE_READWRITE;

  unsigned char *pDst = (unsigned char *)lpMem, 

  *pSrc = (unsigned char *)lpSrc;

  if (VirtualProtect(lpMem,len,flNewProtect,&lpflOldProtect))
  {
      while(len-- >0) *pDst++ = *pSrc++;
      VirtualProtect(lpMem,len, lpflOldProtect,&lpflOldProtect);
      FlushInstructionCache(GetCurrentProcess(), lpMem, len);
      return 1;
  }

  return 0;
}

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-07T18:43:11+00:00

Editorial Team

2026-06-07T18:43:11+00:00Added an answer on June 7, 2026 at 6:43 pm

that address resides in kernel address space, you won’t be able to touch it without being in kernel land yourself (ie: without a ring0 driver, this task is not possible).

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

i have all the SSDT hook addresses from the anti-cheat program at a game

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply