NHA DSE Bypass

1.  <CheatEntry>
2.       <ID>0</ID>
3.       <Description>"Disable DSE"</Description>
4.       <LastState/>
5.       <VariableType>Auto Assembler Script</VariableType>
6.       <AssemblerScript>{$lua}
7. --[[
8. Updated DSE Bypass By: dr NHA,
9. The Original Was Quite Slow As We Wasnt Being Smart And Scanning A Bunch Of Stupid Memory,
10. Now Its Updated Its Almost 1-1 With The DSE Patcher Application!
11.  
12. Requires DBVM Or Youll Have To Use Another Driver And Recode This In Another Language,
13. May Not Work On All Versions Of Windows,
14. Only Tested On Windows 10 But Should Work On Majority If Not All Windows 11 Builds!
15. ]]
16.  
17. --Cbuff From One Address To A Static Call Load Or Other Static Address
18. CBUFF=function(Base,C)
19. local AdditionBytes=ReadBytes(Base+C,4,true);
20. if AdditionBytes==nil then;return nil;end;
21. --Force Signed As Otherwise Ce Will Unsign The Address Making It Impossible To Work With For Math
22. local Addition= byteTableToDword(AdditionBytes,true);
23. if Addition==nil then;return nil;end;
24. local O=Base+(C+4)+Addition;
25. return O;
26. end
27.  
28. --Return A Value As Hex
29. AsHex=function(value);return string.format('%X',getAddress(value));end;
30.  
31. --Memscan Setup
32. MemScan=function(ValueToScan,vtValueType,Protection,OnlyOneResult,RegionBase,RegionEnd)
33. if RegionBase==nil then
34. RegionBase=getAddress(process);
35. RegionEnd=RegionBase+getModuleSize(process);
36. end
37. local ms = createMemScan()
38. if OnlyOneResult==nil then;OnlyOneResult=false;end;
39. ms.OnlyOneResult=OnlyOneResult;
40. ms.firstScan(soExactValue, vtValueType, nil, ValueToScan, nil, RegionBase, RegionEnd,Protection, nil, nil ,--[[isHexadecimalInput]] true, nil, nil, nil)
41. ms.waitTillDone()
42. if ms.OnlyOneResult then;
43. local O=ms.result;
44. ms.destroy();
45. return O;
46. else;
47. local found = createFoundList(ms)
48. found.initialize()
49. local Values={};
50. if found.Count&gt;0 then;
51. for ind=0,found.Count-1,1 do
52. Values[#Values+1]=found[ind];
53. end
54. end
55. ms.destroy();
56. found.destroy();
57. return Values;
58. end;
59. end
60.  
61.  
62. --Unique Scan Setup From The Mem Scan Setup
63. UniqueScan=function(Signature,RegionBase,RegionEnd);
64. return MemScan(Signature,vtByteArray,"*X*C*W",true,RegionBase,RegionEnd);
65. end;
66.  
67. --[[
68. NHA's DSE Bypass Functions
69. ]]
70. if NHADSEBP==nil then;
71. --Base Variable To Store All My Goodies
72. NHADSEBP={
73. CiInitialize=0,
74. CipInitialize=0,
75. CipInitializeCiOptions=0,
76. g_CiOptionsAddress=0,
77. g_CiOptionsValue=0,
78. };
79.  
80. --Print The Addresses Used For Getting To And The CiOptions Value Itself
81. NHADSEBP.Print=function()
82. print("CiInitialize: "..AsHex(NHADSEBP.CiInitialize));
83. print("CipInitialize: "..AsHex(NHADSEBP.CipInitialize));
84. print("CipInitialize: "..AsHex(NHADSEBP.CipInitialize));
85. print("g_CiOptionsAddress: "..AsHex(NHADSEBP.g_CiOptionsAddress));
86. print("g_CiOptions: "..readByte(NHADSEBP.g_CiOptionsAddress));
87. print("g_CiOptionsOriginal: "..NHADSEBP.g_CiOptionsValue);
88. end;
89.  
90. --The Setup Function To Allow You To Write To System And Also Find CiOptionsAddress Via My Algo
91. NHADSEBP.Setup=function()
92. --Allow DBK
93. if not dbk_initialize() then;
94. print("Unable To Use DBK!");
95. return;
96. end;
97. --Allow DBK To Be Used Inplace Of The Winapi
98. dbk_useKernelmodeOpenProcess();
99. dbk_useKernelmodeProcessMemoryAccess();
100. dbk_useKernelmodeQueryMemoryRegions();
101.  
102. --Connect To System
103. if getOpenedProcessID()~=4 then
104. openProcess(4);
105. end
106. --Ensure We Are Connected Else Return
107. if getOpenedProcessID()~=4 then
108. return;
109. end
110.  
111. NHADSEBP.CiInitialize=getAddressSafe("CI.CiInitialize");
112. if NHADSEBP.CiInitialize==nil then;
113. print("Cannot Find CiInitialize!");return;end;
114.  
115. NHADSEBP.CipInitialize=NHADSEBP.CiInitialize+0x10;
116. NHADSEBP.CipInitialize=UniqueScan("8B CD E8 ?? ?? ?? ?? 48",NHADSEBP.CipInitialize,NHADSEBP.CipInitialize+0x100);
117. if NHADSEBP.CiInitialize==nil then;
118. print("Cannot Find CipInitialize!");return;
119. elseif NHADSEBP.CiInitialize==0 then;
120. print("Cannot Find CipInitialize!");return;end;
121. --[[
122. CI.CiInitialize+52 - 8B CD                 - mov ecx,ebp
123. CI.CiInitialize+54 - E8 ?? ?? ?? ??           - call CI.CiInitialize+A04
124. CI.CiInitialize+59 - 48 8B        - mov rbx,[rsp+30]
125. 8B CD E8 ?? ?? ?? ?? 48
126. ]]
127. NHADSEBP.CipInitialize=NHADSEBP.CipInitialize+2;
128. NHADSEBP.CipInitialize=CBUFF(NHADSEBP.CipInitialize,1);
129.  
130. --CI.CiInitialize+A1F - 89 0D 1346FFFF        - mov [CI.dll+3A438],ecx { (6) }
131.  
132. NHADSEBP.CipInitializeCiOptions=UniqueScan("89 0D",NHADSEBP.CipInitialize,NHADSEBP.CipInitialize+0x1000);
133. if NHADSEBP.CipInitializeCiOptions==nil then;
134. print("Cannot Find CipInitializeCiOptions!");return;
135. elseif NHADSEBP.CipInitializeCiOptions==0 then;
136. print("Cannot Find CipInitializeCiOptions!");return;end;
137.  
138. NHADSEBP.g_CiOptionsAddress=CBUFF(NHADSEBP.CipInitializeCiOptions,2);
139. local T=readByte(NHADSEBP.g_CiOptionsAddress);
140. if T~=0 then;
141. NHADSEBP.g_CiOptionsValue=T;
142. elseif NHADSEBP.g_CiOptionsValue==0 then
143. NHADSEBP.g_CiOptionsValue=6;
144. end;
145. end
146.  
147.  
148. --Set The State Of DSE
149. NHADSEBP.SetDSEState=function(Enabled)
150. --One Time Setup
151. if NHADSEBP.g_CiOptionsAddress==nil then;
152. return;--Something Went Wrong!
153. end
154. --Setup If Nothing Went Wrong Above
155. if NHADSEBP.g_CiOptionsAddress==0 then;
156. NHADSEBP.Setup();
157. end
158.  
159. if NHADSEBP.g_CiOptionsAddress~=0 then;
160. if not Enabled then;
161. writeByte(NHADSEBP.g_CiOptionsAddress,0);
162. else
163. writeByte(NHADSEBP.g_CiOptionsAddress,NHADSEBP.g_CiOptionsValue);
164. end;
165. NHADSEBP.Print();
166. end;
167. end;
168.  
169. end;
170.  
171. --Self Explanitory
172. [ENABLE]
173. NHADSEBP.SetDSEState(false);
174.  
175. [DISABLE]
176. NHADSEBP.SetDSEState(true);
177.  
178. </AssemblerScript>
179.     </CheatEntry>