My Frist Suggestion.

Find a Bug? Have a Problem? Like to Suggest a Feature? Do it Here

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

My Frist Suggestion.

Postby x4NG3L » Mon Nov 23, 2009 7:19 pm

Hi L. Spiro, Thanks for Great Work!
The Self Modifyng of this soft is great ^^

I'm started in forum now.
and i'm here for my frist sugestion...

Is This:

-Unhook Api calls in Kernel mode. (Like SDDT Restore)

For example, xTRAP hook apis call for block some funntions in system.
For exemplo Keyboard events in user32, libs.
U Can Unhook this calls, int ring0, using one DRIVER/Rootkit. its great.
A Have code examples IF u need. only PM.

Thakns for great work!
Knowledge is evolving.
User avatar
x4NG3L
Sir Hacks-A-Lot
 
Posts: 31
Joined: Fri Nov 20, 2009 5:20 am

Re: My Frist Suggestion.

Postby L. Spiro » Tue Nov 24, 2009 8:22 am

MHS already gives you the tools you need to find and remove hooks.
The hooked SSDT/SDT functions are shown for you in the Disassembler Helper window and scripts can be used to restore them and any other hooks in place.


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Re: My Frist Suggestion.

Postby x4NG3L » Tue Nov 24, 2009 8:59 am

Thanks!
I Go read about the scripts.

I'm seeing WriteVirtualMemory, and ReadVirtualMemory hooked....
This is probably used by MHS....
It Hooks if before anti-cheat try to hook?
If Yes, can u say to me a list of hooked by MHS and when?

ps: only for don't unhook wrong calls... =P
Knowledge is evolving.
User avatar
x4NG3L
Sir Hacks-A-Lot
 
Posts: 31
Joined: Fri Nov 20, 2009 5:20 am

Re: My Frist Suggestion.

Postby L. Spiro » Tue Nov 24, 2009 4:23 pm

MHS does not hook anything.
Any hooks you see are caused by other software.


Use ReadLocalMemory() and WriteLocalMemory() to read and write kernel RAM without being stopped by anti-cheat hooks.


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Re: My Frist Suggestion.

Postby x4NG3L » Wed Nov 25, 2009 11:27 am

Great.
I Have one exemple of script code to unhook calls of anti-cheats?

Currently, i'm trying to use one SendKeys() Function with XTRAP opened.
I Cant unpack it, my asm knowledge is low to unpack themida ¬¬
Trying to Bypass hooks. for exemple to use this funciton.
If u have one script code exemple to uses as referente will be welcome

^^
Knowledge is evolving.
User avatar
x4NG3L
Sir Hacks-A-Lot
 
Posts: 31
Joined: Fri Nov 20, 2009 5:20 am

Re: My Frist Suggestion.

Postby L. Spiro » Wed Nov 25, 2009 2:08 pm

There is a script in the help file that lists all hooks outside of the SSDT/SDT.

Once you find a hook, either in the SSDT/SDT using the Disassembler or anywhere else in kernel using the script, you can make note of the actual bytes that should be there when the hook does not exist.

You can patch the hook by writing the original bytes over the hook.
There is no need for an example for this. It is a simple WriteLocalMemory() call.


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Re: My Frist Suggestion.

Postby x4NG3L » Thu Nov 26, 2009 2:49 am

Great, problem solved!
I can do this now. :mrgreen:



TY 8)
Knowledge is evolving.
User avatar
x4NG3L
Sir Hacks-A-Lot
 
Posts: 31
Joined: Fri Nov 20, 2009 5:20 am


Return to Bugs/Problems/Suggestions

Who is online

Users browsing this forum: No registered users and 0 guests

cron