L spiro (or anyone who can answer if its common knowledge)

Discussions Related to Game Hacking and Memory Hacking Software

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

L spiro (or anyone who can answer if its common knowledge)

Postby fazer » Sun Dec 12, 2010 2:42 am

How can MHS be detected if it has been self modified, how would you go about trying to detect it if its been self modified with values you don't know? Also I've read here http://www.codeproject.com/KB/security/ ... ering.aspx that there are alot of ways to detect the presence of a debugger, can MHS be detected from attaching itself to a process? Sorry if my questions are basic and I should know this, I've just started getting into this.
fazer
I Have A Question
 
Posts: 1
Joined: Sat Dec 11, 2010 11:54 pm

Re: L spiro (or anyone who can answer if its common knowledge)

Postby L. Spiro » Sun Dec 12, 2010 4:53 am

Even after it has been self-modified there are still strings in it that can be used to detect it. Self-Modify is adaptive; each time they find a string to detect MHS, that string needs to be added to the Self-Modify feature to avoid detection.
I however quit updating MHS, but the source is available.

Other ways to detect MHS involve standard hooks on some kernel functions, but MHS can typically dodge these by recompiling your kernel and using the copied functions instead of the original. L. Spiro Script gives you what you need to find these kinds of hooks and to remove them before attaching to your game.

And you can always compress the MHS executable after using Self-Modify. This helps in hiding it.


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan


Return to General Related Discussions

Who is online

Users browsing this forum: No registered users and 0 guests