Memory Hacking Software

Discussions Regarding Memory Hacking Software

Skip to content

MHS & Vista SP1 KB936330

Need Help With an Existing Feature in Memory Hacking Software? Ask Here

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

Post a reply

Postby L. Spiro » Sat Jul 19, 2008 11:11 am

I have already implemented the update from that source and it is ready for the next release.


And just so you know, what he gave me is this:

Code: Select all
Path:     ntkrnlmp.pdb
Version:  7.00
Streams:  18
Unused:   none

TPI Version:  20040203
Index range:  1000..20FE
Type count:   4351

HDR.vers                      = 20040203
HDR.cbHdr                     = 0x00000038
HDR.tiMin                     = 0x00001000
HDR.tiMac                     = 0x000020FF
HDR.cbGprec                   = 0x0004203C
HDR.tpihash.sn                = 0x0011
HDR.tpihash.snPad             = 0xFFFF
HDR.tpihash.cbHashKey         = 0x00000004
HDR.tpihash.cHashBuckets      = 0x00008003
HDR.tpihash.offcbHashVals.off = 0x00000000
HDR.tpihash.offcbHashVals.cb  = 0x000043FC
HDR.tpihash.offcbTiOff.off    = 0x000043FC
HDR.tpihash.offcbTiOff.cb     = 0x00000110
HDR.tpihash.offcbHashAdj.off  = 0x0000450C
HDR.tpihash.offcbHashAdj.cb   = 0x00000000

  1000: 1001 00000038 ???
  1001: 1002 00000044 pointer 00001000
  1002: 1002 00000050 pointer 00001000
  1003: 1505 0000005C struct  00000000 00000000 0000 00000000 00000000 [LIST_ENTRY64]
  1004: 1002 00000080 pointer 00001003
  1005: 1203 0000008C
        150D field  00000000 (00000023) [Flink]
        150D field  00000008 (00000023) [Blink]
  1006: 1505 000000B0 struct  00001005 00000010 0002 00000000 00000000 [LIST_ENTRY64]
  1007: 1505 000000D4 struct  00000000 00000000 0000 00000000 00000000 [LIST_ENTRY32]
  1008: 1002 000000F8 pointer 00001007
  1009: 1203 00000104
        150D field  00000000 (00000022) [Flink]
        150D field  00000004 (00000022) [Blink]
  100A: 1505 00000128 struct  00001009 00000008 0002 00000000 00000000 [LIST_ENTRY32]
  100B: 1001 0000014C ???
  100C: 1002 00000158 pointer 0000100B
  100D: 1201 00000164 arglist 00000002 0000100C 00000075
  100E: 1008 00000174 proc    00000075 0000100D 0002 00
  100F: 1002 00000184 pointer 0000100E
  1010: 1001 00000190 ???
  1011: 1002 0000019C pointer 00001010
  1012: 1201 000001A8 arglist 00000002 00001011 00000075
  1013: 1008 000001B8 proc    00000075 00001012 0002 00
  1014: 1002 000001C8 pointer 00001013
  1015: 1001 000001D4 ???
  1016: 1002 000001E0 pointer 00001015
  1017: 1506 000001EC union   00000000 00000000 0000 [_ULARGE_INTEGER]
  1018: 1203 0000020C
        150D field  00000000 (00000022) [LowPart]
        150D field  00000004 (00000022) [HighPart]
  1019: 1505 00000238 struct  00001018 00000008 0002 00000000 00000000 [<unnamed-tag>]
  101A: 1203 0000025C
        150D field  00000000 (00000022) [LowPart]
        150D field  00000004 (00000022) [HighPart]
        150D field  00000000 (00001019) [u]
        150D field  00000000 (00000023) [QuadPart]
  101B: 1506 000002A8 union   0000101A 00000008 0004 [_ULARGE_INTEGER]
  101C: 1506 000002C8 union   00000000 00000000 0000 [_LARGE_INTEGER]
  101D: 1203 000002E8
        150D field  00000000 (00000022) [LowPart]
        150D field  00000004 (00000012) [HighPart]
  101E: 1505 00000314 struct  0000101D 00000008 0002 00000000 00000000 [<unnamed-tag>]
  101F: 1203 00000338
        150D field  00000000 (00000022) [LowPart]
        150D field  00000004 (00000012) [HighPart]
        150D field  00000000 (0000101E) [u]
        150D field  00000000 (00000013) [QuadPart]
  1020: 1506 00000384 union   0000101F 00000008 0004 [_LARGE_INTEGER]
  1021: 1201 000003A4 arglist 00000000
  1022: 1008 000003AC proc    00000023 00001021 0000 07
  1023: 1002 000003BC pointer 00001022
  1024: 1505 000003C8 struct  00000000 00000000 0000 00000000 00000000 [_TP_CALLBACK_ENVIRON]
  1025: 1002 000003F4 pointer 00001024
  1026: 1505 00000400 struct  00000000 00000000 0000 00000000 00000000 [_TP_POOL]
  1027: 1002 00000420 pointer 00001026
  1028: 1505 0000042C struct  00000000 00000000 0000 00000000 00000000 [_TP_CLEANUP_GROUP]
  1029: 1002 00000454 pointer 00001028
  102A: 1201 00000460 arglist 00000002 00000403 00000403
  102B: 1008 00000470 proc    00000003 0000102A 0002 07
  102C: 1002 00000480 pointer 0000102B
  102D: 1505 0000048C struct  00000000 00000000 0000 00000000 00000000 [_ACTIVATION_CONTEXT]
  102E: 1002 000004B8 pointer 0000102D
  102F: 1505 000004C4 struct  00000000 00000000 0000 00000000 00000000 [_TP_CALLBACK_INSTANCE]
  1030: 1002 000004F0 pointer 0000102F
  1031: 1201 000004FC arglist 00000002 00001030 00000403
  1032: 1008 0000050C proc    00000003 00001031 0002 07
  1033: 1002 0000051C pointer 00001032
  1034: 1205 00000528 bitfield (00000022) 00 : 01
  1035: 1205 00000534 bitfield (00000022) 01 : 1F
  1036: 1203 00000540
        150D field  00000000 (00001034) [LongFunction]
        150D field  00000000 (00001035) [Private]
  1037: 1505 00000570 struct  00001036 00000004 0002 00000000 00000000 [<unnamed-tag>]
  1038: 1203 00000594
        150D field  00000000 (00000022) [Flags]
        150D field  00000000 (00001037) [s]
  1039: 1506 000005B4 union   00001038 00000004 0002 [<unnamed-tag>]
  103A: 1203 000005D0
        150D field  00000000 (00000022) [Version]
        150D field  00000004 (00001027) [Pool]
        150D field  00000008 (00001029) [CleanupGroup]
        150D field  0000000C (0000102C) [CleanupGroupCancelCallback]
        150D field  00000010 (00000403) [RaceDll]
        150D field  00000014 (0000102E) [ActivationContext]
        150D field  00000018 (00001033) [FinalizationCallback]
        150D field  0000001C (00001039) [u]
  103B: 1505 00000694 struct  0000103A 00000020 0008 00000000 00000000 [_TP_CALLBACK_ENVIRON]
  103C: 1505 000006C0 struct  00000000 00000000 0000 00000000 00000000 [_TP_TASK_CALLBACKS]
  103D: 1001 000006EC ???
  103E: 1002 000006F8 pointer 0000103D
  103F: 1505 00000704 struct  00000000 00000000 0000 00000000 00000000 [_TP_TASK]
  1040: 1002 00000724 pointer 0000103F
  1041: 1201 00000730 arglist 00000002 00001030 00001040
  1042: 1008 00000740 proc    00000003 00001041 0002 07
  1043: 1002 00000750 pointer 00001042
  1044: 1201 0000075C arglist 00000002 00001040 00001027
  1045: 1008 0000076C proc    00000003 00001044 0002 07
  1046: 1002 0000077C pointer 00001045
  1047: 1203 00000788
        150D field  00000000 (00001043) [ExecuteCallback]
        150D field  00000004 (00001046) [Unposted]
  1048: 1505 000007BC struct  00001047 00000008 0002 00000000 00000000 [_TP_TASK_CALLBACKS]
  1049: 1203 000007E8
        150D field  00000000 (0000103E) [Callbacks]
  104A: 1505 00000800 struct  00001049 00000004 0001 00000000 00000000 [_TP_TASK]
  104B: 1505 00000820 struct  00000000 00000000 0000 00000000 00000000 [_TP_DIRECT]
  104C: 1002 00000844 pointer 0000104B
  104D: 1505 00000850 struct  00000000 00000000 0000 00000000 00000000 [_IO_STATUS_BLOCK]
  104E: 1002 00000878 pointer 0000104D
  104F: 1201 00000884 arglist 00000004 00001030 0000104C 00000403 0000104E
  1050: 1008 0000089C proc    00000003 0000104F 0004 07
  1051: 1002 000008AC pointer 00001050
  1052: 1203 000008B8
        150D field  00000000 (00001051) [Callback]
  1053: 1505 000008D0 struct  00001052 00000004 0001 00000000 00000000 [_TP_DIRECT]
  1054: 1505 000008F4 struct  00000000 00000000 0000 00000000 00000000 [_LIST_ENTRY]
  1055: 1002 00000918 pointer 00001054
  1056: 1203 00000924
        150D field  00000000 (00001055) [Flink]
        150D field  00000004 (00001055) [Blink]
  1057: 1505 00000948 struct  00001056 00000008 0002 00000000 00000000 [_LIST_ENTRY]
  1058: 1001 0000096C ???
  1059: 1002 00000978 pointer 00001058
  105A: 1505 00000984 struct  00000000 00000000 0000 00000000 00000000 [_SINGLE_LIST_ENTRY]
  105B: 1002 000009B0 pointer 0000105A
  105C: 1203 000009BC
        150D field  00000000 (0000105B) [Next]
  105D: 1505 000009D0 struct  0000105C 00000004 0001 00000000 00000000 [_SINGLE_LIST_ENTRY]
  105E: 1505 000009FC struct  00000000 00000000 0000 00000000 00000000 [_UNICODE_STRING]
  105F: 1002 00000A24 pointer 0000105E
  1060: 1203 00000A30
        150D field  00000000 (00000021) [Length]
        150D field  00000002 (00000021) [MaximumLength]
        150D field  00000004 (00000421) [Buffer]
  1061: 1505 00000A74 struct  00001060 00000008 0003 00000000 00000000 [_UNICODE_STRING]
  1062: 1505 00000A9C struct  00000000 00000000 0000 00000000 00000000 [_STRING]
  1063: 1002 00000ABC pointer 00001062
  1064: 1203 00000AC8
        150D field  00000000 (00000021) [Length]
        150D field  00000002 (00000021) [MaximumLength]
        150D field  00000004 (00000470) [Buffer]
  1065: 1505 00000B0C struct  00001064 00000008 0003 00000000 00000000 [_STRING]
  1066: 1001 00000B2C ???
  1067: 1002 00000B38 pointer 00001066
  1068: 1505 00000B44 struct  00000000 00000000 0000 00000000 00000000 [_LUID]
  1069: 1505 00000B60 struct  0000101D 00000008 0002 00000000 00000000 [_LUID]
  106A: 1505 00000B7C struct  00000000 00000000 0000 00000000 00000000 [_IMAGE_NT_HEADERS]
  106B: 1002 00000BA4 pointer 0000106A
  106C: 1505 00000BB0 struct  00000000 00000000 0000 00000000 00000000 [_IMAGE_FILE_HEADER]
  106D: 1505 00000BDC struct  00000000 00000000 0000 00000000 00000000 [_IMAGE_OPTIONAL_HEADER]
  106E: 1203 00000C0C
        150D field  00000000 (00000022) [Signature]
        150D field  00000004 (0000106C) [FileHeader]
        150D field  00000018 (0000106D) [OptionalHeader]
  106F: 1505 00000C58 struct  0000106E 000000F8 0003 00000000 00000000 [_IMAGE_NT_HEADERS]
  1070: 1001 00000C80 ???
  1071: 1002 00000C8C pointer 00001070
  1072: 1201 00000C98 arglist 00000003 00001071 00000413 00000413
  1073: 1008 00000CAC proc    00000013 00001072 0003 04
  1074: 1002 00000CBC pointer 00001073
  1075: 1505 00000CC8 struct  00000000 00000000 0000 00000000 00000000 [_KPRCB]
  1076: 1002 00000CE8 pointer 00001075
  1077: 1505 00000CF4 struct  00000000 00000000 0000 00000000 00000000 [_KTHREAD]
  1078: 1002 00000D14 pointer 00001077
  1079: 1505 00000D20 struct  00000000 00000000 0000 00000000 00000000 [_KPROCESSOR_STATE]
  107A: 1503 00000D48 array   00000022 00000022 00000040
  107B: 1503 00000D58 array   00000020 00000022 00000002
  107C: 1503 00000D68 array   00000020 00000022 00000050
  107D: 1505 00000D78 struct  00000000 00000000 0000 00000000 00000000 [_KSPIN_LOCK_QUEUE]
  107E: 1503 00000DA0 array   0000107D 00000022 00000188
  107F: 1505 00000DB0 struct  00000000 00000000 0000 00000000 00000000 [_KNODE]
  1080: 1002 00000DD0 pointer 0000107F
  1081: 1503 00000DDC array   00000022 00000022 0000000C
  1082: 1505 00000DEC struct  00000000 00000000 0000 00000000 00000000 [_PP_LOOKASIDE_LIST]
  1083: 1503 00000E18 array   00001082 00000022 00000080
  1084: 1505 00000E28 struct  00000000 00000000 0000 00000000 00000000 [_GENERAL_LOOKASIDE_POOL]
  1085: 1503 00000E58 array   00001084 00000022 00000900
  1086: 1001 00000E68 ???
  1087: 1503 00000E74 array   00000020 00000022 00000034
  1088: 1002 00000E84 pointer 00000003
  1089: 1503 00000E90 array   00001088 00000022 0000000C
  108A: 1201 00000EA0 arglist 00000004 00000403 00000403 00000403 00000403
  108B: 1008 00000EB8 proc    00000003 0000108A 0004 07
  108C: 1002 00000EC8 pointer 0000108B
  108D: 1503 00000ED4 array   00000020 00000022 00000028
  108E: 1002 00000EE4 pointer 00001075
  108F: 1503 00000EF0 array   00000020 00000022 00000038
  1090: 1505 00000F00 struct  00000000 00000000 0000 00000000 00000000 [_KDPC_DATA]
  1091: 1503 00000F24 array   00001090 00000022 00000028
  1092: 1001 00000F34 ???
  1093: 1505 00000F40 struct  00000000 00000000 0000 00000000 00000000 [_KEVENT]
  1094: 1503 00000F60 array   00000020 00000022 00000006
  1095: 1505 00000F70 struct  00000000 00000000 0000 00000000 00000000 [_KDPC]



Although it is very useful, it takes time to create a converter to put this back into structure form for C/C++.


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan
Top

Postby brainz » Sun Jul 20, 2008 6:46 am

Thats extraordinary good news :) ... so when can we expect this new release of epic magnitude? seriously ... slobbering here!!
brainz
I Ask A Lot Of Questions
 
Posts: 12
Joined: Thu Jun 19, 2008 2:21 pm
Top

Postby L. Spiro » Sun Jul 20, 2008 9:17 am

I do not know yet.


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan
Top

Postby brainz » Tue Jul 22, 2008 4:04 am

but doesnt vista sp1 support warrant a release on its own ? :)
brainz
I Ask A Lot Of Questions
 
Posts: 12
Joined: Thu Jun 19, 2008 2:21 pm
Top

Postby L. Spiro » Tue Jul 22, 2008 9:29 am

Not when the last release was only days ago and the next big feature is amost done.


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan
Top

Postby L. Spiro » Wed Jul 23, 2008 10:42 pm

MHS 5.001 has been released with the fix for Windows® Vista® SP1 (untested).


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan
Top

Postby Sychotix » Wed Jul 23, 2008 11:42 pm

works just fine =D (it was working fine for me before). Goodjob.
Image
Sychotix
Been Around
 
Posts: 239
Joined: Wed Mar 05, 2008 4:28 am
Top

Postby brainz » Thu Jul 24, 2008 6:04 am

You are the man!

Confirmed, Vista SP1 support muahahaha
will dig into this one of the coming days :).. let the hacks begin!
brainz
I Ask A Lot Of Questions
 
Posts: 12
Joined: Thu Jun 19, 2008 2:21 pm
Top
Previous
Post a reply

Return to Help

Who is online

Users browsing this forum: No registered users and 0 guests

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group