Memory Hacking Software

Discussions Regarding Memory Hacking Software

Skip to content

MHS can't attach to any processes

Find a Bug? Have a Problem? Like to Suggest a Feature? Do it Here

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

Post a reply

MHS can't attach to any processes

Postby Johnson » Mon Apr 28, 2008 6:40 pm

Hi,

I've tried a few different versions and MHS will not attach to _any_ process, even notepad. I've been dying to try out this scripting ft. - im fluent in C and I want a change from doing assembly et cetera.

:evil:

Seriously ...... Why?

Btw, I'm running an up-to-date Windows 2003. 8)

Edit: IDA failed to let me debug MHS, thus I couldn't figure out much, but using olldy (which I suck at) I halted the code when it was executing the 'Unable to open process' error and found that the LastErr was set to ERROR_NOACCESS :/
Johnson
I Ask A Lot Of Questions
 
Posts: 19
Joined: Mon Apr 28, 2008 6:33 pm
Top

Postby L. Spiro » Mon Apr 28, 2008 9:11 pm

It does not work on Windows 2003.
http://mhs.mpcforum.com/MHS%204.017%20No%20Kernel.rar


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan
Top

Postby Johnson » Tue Apr 29, 2008 6:01 am

This MHS seems to work, thanks.

What is different in this version and why does MHS not work on Windows 2003?
Johnson
I Ask A Lot Of Questions
 
Posts: 19
Joined: Mon Apr 28, 2008 6:33 pm
Top

Postby L. Spiro » Tue Apr 29, 2008 9:58 am

This version has no kernel driver.
Which means no protection against detection.


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan
Top

Postby Johnson » Tue Apr 29, 2008 11:44 am

Why is there no working kernel driver for windows 2003?
Johnson
I Ask A Lot Of Questions
 
Posts: 19
Joined: Mon Apr 28, 2008 6:33 pm
Top

Postby L. Spiro » Tue Apr 29, 2008 1:33 pm

Because I do not have Windows® 2003 and I have no idea what to change to make it work on that operating system.


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan
Top

Postby Johnson » Tue Apr 29, 2008 2:13 pm

Wouldnt it be possible to find the API failing and then make it compatible?

Does it have anything todo with the EPROCESS structure?
Johnson
I Ask A Lot Of Questions
 
Posts: 19
Joined: Mon Apr 28, 2008 6:33 pm
Top

Postby L. Spiro » Tue Apr 29, 2008 3:19 pm

Finding the offending API would of course be the natural way to solve the problem.
But as I said, I do not have Windows® 2003, so how can I find the offending API?

And I don’t know if it has to do with EPROCESS; I have definitions for all versions of Windows® except Windows® Vista® SP1. And you said it does not open the process, not that it can not stay open. If it can not open the process, it has to do with NtOpenProcess() or something close.


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan
Top

Postby Johnson » Tue Apr 29, 2008 3:59 pm

Couldn't you just add code so that if it fails, it would output an error message specific to the API which wasn't successful?
Johnson
I Ask A Lot Of Questions
 
Posts: 19
Joined: Mon Apr 28, 2008 6:33 pm
Top

Postby L. Spiro » Wed Apr 30, 2008 9:55 am

My reply was lost.

I said that it is not easy to print messages from kernel mode and if it is the API I think it is then failure is a valid return; it tells me the process is closing, which in return prevents MHS from attaching to it, which may be the problem.

Anyway I would still need Windows® 2003 myself, or someone with good debugging tools. Catching kernel messages requires specific tools.
If you are willing to get these tools or if you have them already and you want to find out what the problem is then you can add me on MSN.


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan
Top

Postby Johnson » Sat Jun 14, 2008 8:50 am

Could you upload the latest version of MHS without the kernel, I would like to use this new code filter function.
Johnson
I Ask A Lot Of Questions
 
Posts: 19
Joined: Mon Apr 28, 2008 6:33 pm
Top

Postby L. Spiro » Sat Jun 14, 2008 12:02 pm

http://mhs.mpcforum.com/MHS%204.019%20No%20Kernel.rar


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan
Top

Postby Johnson » Fri Jul 25, 2008 11:05 am

i await MHS v5 No Kernel :(
Johnson
I Ask A Lot Of Questions
 
Posts: 19
Joined: Mon Apr 28, 2008 6:33 pm
Top

Postby L. Spiro » Fri Jul 25, 2008 6:43 pm

http://mhs.mpcforum.com/MHS%205.001%20No%20Kernel.rar


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan
Top
Post a reply

Return to Bugs/Problems/Suggestions

Who is online

Users browsing this forum: No registered users and 0 guests

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group