MHS start bug
Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo
68 posts • Page 3 of 5 • 1, 2, 3, 4, 5
by mezzo » Thu Jan 24, 2008 3:10 pm
the reuploaded 13 crashes instantly... no task manager activity from the start and it stays like that forever, I'm going to try the other one now (the MHS one)
- No thanks, I already have a penguin -
-
mezzo - El Mariachi
- Posts: 739
- Joined: Mon Apr 30, 2007 10:27 pm
- Location: Antwerp
by mezzo » Thu Jan 24, 2008 3:26 pm
the MHS one looked very promising! I started it and I still had control of my PC while it was starting.. the HD activity led was happily flashing (I even started fireforx during the MHS launch)
After 20 seconds or so, the mouse and keyboard dropped out, but my PC hadn't crashed, because I could still see the ethernet icon in the systray blink as in network activity... the strange thing is, the startup of MHS seemed to have killed my network connection too, as I noticed that skype was disconnected and trying to reconnect, but apparently I didn't succeed, so I'm guessing that whatever is happening in the kernel killed my PC's ability to get an IP from my router. (the network blinky icon was one way only, so only sending)
Hope this helps in figuring out what is going wrong.. if it helps, I'm more then willing to run debug versions that generate kernel dumps or whatever.. I've got the idea that this is the nicest MHS version yet and i would hate to miss out because my pc/windows is being a pain
(oh and sorry for the double post, just wanted to make sure that you saw the update)
After 20 seconds or so, the mouse and keyboard dropped out, but my PC hadn't crashed, because I could still see the ethernet icon in the systray blink as in network activity... the strange thing is, the startup of MHS seemed to have killed my network connection too, as I noticed that skype was disconnected and trying to reconnect, but apparently I didn't succeed, so I'm guessing that whatever is happening in the kernel killed my PC's ability to get an IP from my router. (the network blinky icon was one way only, so only sending)
Hope this helps in figuring out what is going wrong.. if it helps, I'm more then willing to run debug versions that generate kernel dumps or whatever.. I've got the idea that this is the nicest MHS version yet and i would hate to miss out because my pc/windows is being a pain
(oh and sorry for the double post, just wanted to make sure that you saw the update)
- No thanks, I already have a penguin -
-
mezzo - El Mariachi
- Posts: 739
- Joined: Mon Apr 30, 2007 10:27 pm
- Location: Antwerp
by wrzecion » Thu Jan 24, 2008 3:50 pm
After restart my computer (when it freez) in MHS folder is a file with strange name like DRMDNMPQ or MZOGIN (everytime name of file is other). This file have 34KB(ever) and when I open it in notepad i have a lot of " " - space.
- wrzecion
- I Ask A Lot Of Questions
- Posts: 15
- Joined: Sat Jan 05, 2008 10:03 pm
- Location: Poland, Bydgoszcz
by L. Spiro » Thu Jan 24, 2008 3:56 pm
These files are normal.
Delete them.
And if you get these files it means it was able to finish the dangerous initialization things, but failed at some point afterwards.
As for mezzo, SURPRISE!!!
This version does nothing with the kernel during startup. The dangerous stuff was removed, working only in user-mode, and yet it was apparently still able to screw you over.
That tells me a lot. E-mail me your kernel32.dll, gdi32.dll, user32.dll, and ntdll.dll from youe Windows/System32 directory.
L. Spiro
Delete them.
And if you get these files it means it was able to finish the dangerous initialization things, but failed at some point afterwards.
As for mezzo, SURPRISE!!!
This version does nothing with the kernel during startup. The dangerous stuff was removed, working only in user-mode, and yet it was apparently still able to screw you over.
That tells me a lot. E-mail me your kernel32.dll, gdi32.dll, user32.dll, and ntdll.dll from youe Windows/System32 directory.
L. Spiro
Last edited by L. Spiro on Thu Jan 24, 2008 3:58 pm, edited 1 time in total.
-
L. Spiro - L. Spiro
- Posts: 3129
- Joined: Mon Jul 17, 2006 10:14 pm
- Location: Tokyo, Japan
by mezzo » Thu Jan 24, 2008 3:56 pm
same here (from what L.Spiro told in the other thread it is supposed to be the
database for the structure/enum thingies)
Also, I tried MHS2, that you posted in the LoA thread..
see comments here.
(BTW, MHS2 doesn't seem to generate those files)
database for the structure/enum thingies)
Also, I tried MHS2, that you posted in the LoA thread..
see comments here.
(BTW, MHS2 doesn't seem to generate those files)
- No thanks, I already have a penguin -
-
mezzo - El Mariachi
- Posts: 739
- Joined: Mon Apr 30, 2007 10:27 pm
- Location: Antwerp
by L. Spiro » Thu Jan 24, 2008 4:38 pm
mezzo wrote:shweet
(just out of curiosity, how come that I don't see nops but int3's above the NtOpenprocess)
Because your build is different and that is why you and a select few other people get these problems.
Are you keeping up with security updates and Windows® patches?
And this is why I need to see your files.
By the way, the current version of MHS has a way to bypass these problems using scripts to change which files are used by MHS for the opening phase.
Which means I could give you my files and a script file and it would most likely work.
But I will have to see the differences between our files to be sure.
My e-mail address is all over the site, especially at the bottom of the main page.
L. Spiro
-
L. Spiro - L. Spiro
- Posts: 3129
- Joined: Mon Jul 17, 2006 10:14 pm
- Location: Tokyo, Japan
by mezzo » Thu Jan 24, 2008 4:58 pm
mailed them too, just in case you don't trust d/l's from sites.
and yes, I do keep my Windows patched.. then only patch I only installed this morning is a .net patch.
I need to pop out for a few hours, will be back soon if you need any other info. Thanks a bunch for your patience and willingness to sort this out for us.
Try and get that kind of support from any other developer without paying lots of cash up front. Expect a semi-retail donation on paypal from me soon!
and yes, I do keep my Windows patched.. then only patch I only installed this morning is a .net patch.
I need to pop out for a few hours, will be back soon if you need any other info. Thanks a bunch for your patience and willingness to sort this out for us.
Try and get that kind of support from any other developer without paying lots of cash up front. Expect a semi-retail donation on paypal from me soon!
- No thanks, I already have a penguin -
-
mezzo - El Mariachi
- Posts: 739
- Joined: Mon Apr 30, 2007 10:27 pm
- Location: Antwerp
by L. Spiro » Thu Jan 24, 2008 6:37 pm
Your Kernel32.dll and User32.dll are different from mine, even though they have the same version numbers.
http://www.memoryhacking.com/Misc/system32.rar
If you are feeling up to it, you can rename your files and use these instead. I am fairly certain it is safe to make these replacements, but obviously back up your old files.
In the meantime, I will be using your files to see exactly what is causing the distress.
L. Spiro
http://www.memoryhacking.com/Misc/system32.rar
If you are feeling up to it, you can rename your files and use these instead. I am fairly certain it is safe to make these replacements, but obviously back up your old files.
In the meantime, I will be using your files to see exactly what is causing the distress.
L. Spiro
-
L. Spiro - L. Spiro
- Posts: 3129
- Joined: Mon Jul 17, 2006 10:14 pm
- Location: Tokyo, Japan
by mezzo » Thu Jan 24, 2008 7:47 pm
okay, now it's getting REAL funky
Thanks for the dll's. I put them in place.. but I don't quite understand what happens next:
* I start MHS
* I see MHS in my processes list in taskmanager, again taking up an entire core
* Nothin else happens... 5 minutes after starting, still no window, still taking 100% of one core
* I think okay, maybe I took the wrong MHS13 rar, so I delete all the files in the MHS program directory..
* He doesn't want to delete mhs.exe and the zlib dl because they are in use (fair enough)
* BUT THEN... I accidentally click on MHS.exe after I deleted all the files except for the exe and the DLL and all of a sudden mhs starts and asks me if I want to modify stuff for anti cheat detection... (but all the while the original MHS process is still running taking up the 1 core)
So now I don't get it anymore I will reboot to kill the initial MHS, and try again, but this is looking more weird by the minute
UPDATE: Okay, still playing with MHS13 that I initially downloaded, and it seems to want to start only after I have already launched MHS once.. so I see 2x MHS.exe in my process list. FYI: the anti-anti cheat doesn't succeed in running the very first command of TU.bat... ie the SY.exe just sits there in a DOS box, doing nothing. Will redownload MHS4.0.0.13 from the site and trying it again.
Oh ye, the initial MHS process cannot be killed and it prevents my PC form shutting down.. so even though the PC is not crashing and I can use MHS now (by starting it twice), I still need to press reset button to stop MHS.
BTW: the starting MHS is still not the version 13 from on the main site, it's the MHS2 one you posted..
UPDATE2: Okay, i tried to reproduce the above and I couldn't :\
Then I noticed that there were a couple of processes running that weren't before.. I need to close ALL of these or MHS2 won't work:
skype, Kaspersky antivirus, Soundmax config manager and keepass.
I was thinking the problem was related to one of these, but no, all of these seem to be doing things that stop MHS2.rar from running. I closing all the above and trying it again with MHS4.0.0.13 but no cigar.
(Oh BTW, I also need to delete DefProd.ini every time, or it crashes too).
If you want, I made a rar of all the files in the dir atm when it is working...
(still with MHS.exe running twice though and trying to use the 'cloaking' function doesn't work, because mhs.exe is in use, so it can't write to it).
After my previous reboot, I could run TU.bat, and the SY.exe did run, so now I'm using pinecone.exe all windows open and I can use it.. But after a reboot I still need to shutdown all the above mentioned programs and delete the DefProf.ini file or it won't work again.
Just wandering, what is different between MHS2.rar and the regular 4.0.0.13 version ? Is that the version without the kernel stuff ?
Thanks for the dll's. I put them in place.. but I don't quite understand what happens next:
* I start MHS
* I see MHS in my processes list in taskmanager, again taking up an entire core
* Nothin else happens... 5 minutes after starting, still no window, still taking 100% of one core
* I think okay, maybe I took the wrong MHS13 rar, so I delete all the files in the MHS program directory..
* He doesn't want to delete mhs.exe and the zlib dl because they are in use (fair enough)
* BUT THEN... I accidentally click on MHS.exe after I deleted all the files except for the exe and the DLL and all of a sudden mhs starts and asks me if I want to modify stuff for anti cheat detection... (but all the while the original MHS process is still running taking up the 1 core)
So now I don't get it anymore
I will reboot to kill the initial MHS, and try again, but this is looking more weird by the minute
UPDATE: Okay, still playing with MHS13 that I initially downloaded, and it seems to want to start only after I have already launched MHS once.. so I see 2x MHS.exe in my process list. FYI: the anti-anti cheat doesn't succeed in running the very first command of TU.bat... ie the SY.exe just sits there in a DOS box, doing nothing. Will redownload MHS4.0.0.13 from the site and trying it again.
Oh ye, the initial MHS process cannot be killed and it prevents my PC form shutting down.. so even though the PC is not crashing and I can use MHS now (by starting it twice), I still need to press reset button to stop MHS.
BTW: the starting MHS is still not the version 13 from on the main site, it's the MHS2 one you posted..
UPDATE2: Okay, i tried to reproduce the above and I couldn't :\
Then I noticed that there were a couple of processes running that weren't before.. I need to close ALL of these or MHS2 won't work:
skype, Kaspersky antivirus, Soundmax config manager and keepass.
I was thinking the problem was related to one of these, but no, all of these seem to be doing things that stop MHS2.rar from running. I closing all the above and trying it again with MHS4.0.0.13 but no cigar.
(Oh BTW, I also need to delete DefProd.ini every time, or it crashes too).
If you want, I made a rar of all the files in the dir atm when it is working...
(still with MHS.exe running twice though and trying to use the 'cloaking' function doesn't work, because mhs.exe is in use, so it can't write to it).
After my previous reboot, I could run TU.bat, and the SY.exe did run, so now I'm using pinecone.exe
all windows open and I can use it.. But after a reboot I still need to shutdown all the above mentioned programs and delete the DefProf.ini file or it won't work again.
Just wandering, what is different between MHS2.rar and the regular 4.0.0.13 version ? Is that the version without the kernel stuff ?
- No thanks, I already have a penguin -
-
mezzo - El Mariachi
- Posts: 739
- Joined: Mon Apr 30, 2007 10:27 pm
- Location: Antwerp
68 posts • Page 3 of 5 • 1, 2, 3, 4, 5
Return to Bugs/Problems/Suggestions
Who is online
Users browsing this forum: No registered users and 0 guests