Upcoming Features/To Do

Discussions Related to Game Hacking and Memory Hacking Software

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

Upcoming Features/To Do

Postby L. Spiro » Sun Oct 21, 2007 11:33 am

Dll Injector

This allows you to inject any DLL’s and then call any functions from those DLL’s.
While DLL injectors are common, I believe none allow calling any function this way.


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

To Do

Postby L. Spiro » Sun Nov 11, 2007 8:32 pm

This is a To Do list of features planned for some time in the future, either soon or far.

I will update this list periodically, posting a reply as well to give the topic new posts.

Features may be requested here, but there is already a section in the forums for that.
When features are finished, they will be removed from the list.



To Do
High Priority
  • Ability to move functions. This will allow you to take a function in the target process and simply move it to a new location, recompiling it, etc. This requires ASM labels to be finished. This will be a function available in the scripts as well.
  • Pure lock. This will inject code that prevents the target process from updating values in your stored address list, giving you a much purer lock on values. Currently, all memory searchers (TSearch, ArtMoney, Cheat Engine, and MHS) use timers to lock values. This feature requires ASM labels to be finished.


Medium Priority
  • Wizard for making dialogs for scripts.
  • Trainer exporter.
  • StructBuilder functionality.
  • Expose kernel-mode functions to the scripts.
  • Toolbar for the Disassembler.
  • Plug-in system.


Low Priority
  • Byte-swapped searching.




L. Spiro
Last edited by L. Spiro on Mon Feb 04, 2008 1:12 pm, edited 4 times in total.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Postby L. Spiro » Wed Nov 28, 2007 9:22 am

Auto-Assembler removed from the list, added in MHS 4.0.0.7.
Alternative ReadProcessMemory() and WriteProcessMemory() functions are already written but there is not yet an option to switch between them.

Since many of the features needed the Auto-Assembler I can start knocking up—err, off—more of these features.


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Postby L. Spiro » Wed Dec 26, 2007 10:40 am

Added the CRC modifier, which will dynamically modify the .EXE directly in ways that thwart standard detection routines.



The struct/union/enum/typedef/function database is coming along very well, especially since last night.

I originally tried to overdo things by scanning C++ files, hoping to extract class information as well.
I tried a Flex/Bison grammar for C++ but compiling it was simply impossible because it would not compile until every rule was handled (there are maybe 500-800 rules).
I switched to another Flex/Bison grammar because it would allow me to add one rule at a time, and even though I was able to parse a percentage of the way down some .CPP files, the grammar had a few errors that could not be fixed without a huge amount of work.
Finally, I turned my focus to the DIA library provided with every copy of Visual Studio. The PDB files contain debug information for use with Visual Studio, and they can be fully parsed with the DIA library. But it had too much data, and wading through what I needed and what I did not was horrible. It also did not offer a good way to store the information into my own custom format.



Enough parsing C++.
I added the feature to preprocess files as C (in the last release) so I could switch to a C parser and get the data my way—a C parser is simple enough to write easily and get results quickly.
I went back to Flex/Bison, this time with a C grammar, and it works fine.
It can parse the entire Windows.h file (after being preprocessed of course) with only a few small modifications.
At 50% through the files, it parses (and stores) 4,504 typedefs, 1817 structs/unions, and 119 enums. Functions are parsed but not stored yet.


All that remains is to finish loading the rest of the data (simple), store it all to a binary file, and then add support for MHS to use all that data in every way it can.


Currently the Disassembler shows kernel32.dll:ReadProcessMemory().
When this database is done it will show:
kernel32.dll:ReadProcessMemory( HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead )
And when any of the parameters here are accessed inside the function it will show them by name and decode their values by type.
It will also show these parameters by name and type when they are pushed to call this function.



The Hex Editor will also use the struct/union/typedef/enum data, allowing you to place structs/unions over the RAM and see each member by name and value.


Finally, templates will be added again in a new dynamic format, allowing for Struct Builder functionality and more. They will be easier to edit and easier to use.


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Postby noLimit » Wed Dec 26, 2007 5:10 pm

a very good progress on this...

hoping to see this in the future...

good luck and take care!
noLimit
I Have A Few Questions
 
Posts: 8
Joined: Wed Nov 28, 2007 5:16 pm

Postby GRB » Thu Dec 27, 2007 3:23 am

L. Spiro Really thanks for ur hard work, and making us happy!
User avatar
GRB
Acker
 
Posts: 88
Joined: Mon Dec 24, 2007 10:05 am
Location: 127.0.0.1 --> localhost

Postby L. Spiro » Tue Aug 12, 2008 1:40 pm

MHS finally uses the function/structure/typedef/enum database and the upcoming release lets you add your own custom ones as well.


Here, a custom structure/template has been mapped over RAM in the Hex Editor.
Clicking on the members in the dockable window at the bottom highlights it in the Hex Editor.
You can easily see the types and values of all members.
Image

The structures/templates are dynamic as well. In a .EXE file there is a pointer to the PE header. My structure uses a dynamic array to fill the gap from the initial header to the _IMAGE_NT_HEADERS highlighted in the picture. The gap changes size on every .EXE file, but so does the size of the dynamic array, allowing the same template to map all .EXE files.


The editor is now more compact, faster, and easier to use.
Image

Here I have 2 members with dynamic array sizes: Pad, with an array size of (AddressOfNewExeHeader-40h) fills the space from the DOS header to the NT header.
SectionTable, with an array size of (NtHeader::FileHeader::NumberOfSections) correctly maps the number of sections in the image.


There are over 1,800 predefined structures and over 4,500 predefined typedefs, so you don’t have to remake common structures. You can override predefined structures with your own as well (if you ever delete yours, the predefined one will still be there).



The Future:
As noted above, the Disassembler currently shows parameter types and names.
The next step is to take these dynamic templates and map them automatically as they are encountered while single-stepping through code.
As you step through with the Disassembler, the parameters of the current function will be mapped to RAM and the values of all of their members will be shown clearly.
Furthermore, statements such as MOV EAX, [EBP-4] may be replaced with MOV EAX, [rRect.width], optionally of course.


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

MHS on Vista SP2

Postby Johannrek » Sun Sep 20, 2009 1:50 am

Hello L. Spiro, i have an very important question and sorry if I'm not allowed to post here but its important.

Well everybody who has vista on SP2 knows that MHS 5.xx versions dont work. Only MHS 4.017 No Kernel works. But it has all old bugs and lots of functions, that are only in the new versions of MHS. So I would like to ask you, if you could do an MHS 5.010 with vista sp2 compability?

I was using Windows Update and there was an SP2 update. I always update my vista to be shure that no hacker can break my pc and no (or less) viruses can damage my pc. And now MHS is not working, please do something about this, you should write it on your list on "High Priority".

Thanks for reading!
Johannrek
I Have A Question
 
Posts: 1
Joined: Sun Sep 20, 2009 1:39 am

Postby L. Spiro » Sun Sep 20, 2009 9:11 am

MHS works properly when you disable kernel functions in the Options dialog.

It will not bypass all anti-cheats, but the kernel functions already do not bypass all anti-cheats.
So mainly you only lose the ability to read/write kernel RAM.


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan


Return to General Related Discussions

Who is online

Users browsing this forum: No registered users and 0 guests