Closed itsRythem closed 1 month ago
this would be an easy way:
const char* image_name = "r5apex.exe";
LOG("name_hash: %p\n", *(QWORD*)(image_name));
that appears to give a different result as the value that is returned for apex is 0x7265726f6c707865 while what you provided gives 7290897223831860594
Try a little harder, please
const char* image_name = "r5apex.exe";
LOG("name_hash: %llx\n", *(QWORD*)(image_name));
correction: %llx
apex is: 0x652e786570613572
ty
The EFI cheat uses PsGetProcessImageFileName to get "image file names" and checks if the process is running i think? However i want to expand this for other games, but i cannot seem to find where these values are obtained. In the apex cheat, it checks for "0x7265726f6c707865" where did you obtain this? Dumping the value of all processes with the win api function GetProcessImageName returns the games path. Please help, thank you.