L spiro (or anyone who can answer if its common knowledge)
Posted:
Sun Dec 12, 2010 2:42 amby fazer
How can MHS be detected if it has been self modified, how would you go about trying to detect it if its been self modified with values you don't know? Also I've read here
http://www.codeproject.com/KB/security/ ... ering.aspx that there are alot of ways to detect the presence of a debugger, can MHS be detected from attaching itself to a process? Sorry if my questions are basic and I should know this, I've just started getting into this.
Re: L spiro (or anyone who can answer if its common knowledge)
Posted:
Sun Dec 12, 2010 4:53 amby L. Spiro
Even after it has been self-modified there are still strings in it that can be used to detect it. Self-Modify is adaptive; each time they find a string to detect MHS, that string needs to be added to the Self-Modify feature to avoid detection.
I however quit updating MHS, but the source is available.
Other ways to detect MHS involve standard hooks on some kernel functions, but MHS can typically dodge these by recompiling your kernel and using the copied functions instead of the original. L. Spiro Script gives you what you need to find these kinds of hooks and to remove them before attaching to your game.
And you can always compress the MHS executable after using Self-Modify. This helps in hiding it.
L. Spiro