How to watch processes

Need Help With an Existing Feature in Memory Hacking Software? Ask Here

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

How to watch processes

Postby Webtijn » Sun Jun 17, 2007 1:19 am

Hi,

How can I watch a process like CE can do?

Thnx
Me
Webtijn
I Have A Question
 
Posts: 1
Joined: Sun Jun 17, 2007 1:10 am

Postby L. Spiro » Sun Jun 17, 2007 10:16 pm

You will probably need to provide some more information.

What do you mean by “watching” processes?
Do you want to know how to code something that watches processes, or to use a tool that watches processes?
How does Cheat Engine watch processes? Does it do something that my software doesn’t?


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Postby gorilla » Mon Jun 25, 2007 3:06 am

I think I know what he means... lol

He's trying to hook a process into MHS.

Well, I have questions too for you.
I'm trying to hook a game which is GameGuard protected, and since it's hided by GG, I have tick <Show All> after File>Open Process...
I managed to find the .exe, and selected it then pressed OK.

Problems when I opened the RAM Watcher or the HEX Editor, I found nothing as if the .exe never got hooked.

Help is appreciated , thank you.
gorilla
I Have A Few Questions
 
Posts: 3
Joined: Mon Jun 25, 2007 2:49 am

Postby L. Spiro » Mon Jun 25, 2007 1:33 pm

Usually processes only appear in one list and not both because their exit flag has been set and in which case reading operations on those processes fail.

So usually if a process appears in only the All list, it isn’t usable anyway.


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Postby gorilla » Mon Jun 25, 2007 4:28 pm

Sorry, ... don't get it.
The process only appreared once in the All list, and not in the Main list.
I thought you intended to force the hidden/ faked processes to show up in the All List so that we could hook it somehow.

I kinda remember somewhere in the forum you talked about dbk32.sys and windows kernel. Is this failure has something to do with it ?
gorilla
I Have A Few Questions
 
Posts: 3
Joined: Mon Jun 25, 2007 2:49 am

Postby L. Spiro » Mon Jun 25, 2007 7:21 pm

The process only appreared once in the All list, and not in the Main list.

Correct. It appears in one list and not both.


I kinda remember somewhere in the forum you talked about dbk32.sys and windows kernel. Is this failure has something to do with it ?

There is no failure.
The process can not be opened because it has its exit flag set which means it is closing.
And I use my own kernel-mode driver, not dbk32.sys.


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Postby gorilla » Tue Jun 26, 2007 6:01 pm

There is no failure.
The process can not be opened because it has its exit flag set which means it is closing.

This is not the case when we use CE's Process Watcher. Processes that are not listed in Process List can be found in Process Watch List.
That's the original thread question :

Hi,

How can I watch a process like CE can do?

Thnx
Me



If, say, I use script utilizing On_StartUp( HWND hWnd ), GetProcessByName(), OpenProcessByName() to hook the process at MHS startup, is there anything I should add to the GetProcessByName() routine?

Thanks for your time.
gorilla
I Have A Few Questions
 
Posts: 3
Joined: Mon Jun 25, 2007 2:49 am

Postby L. Spiro » Tue Jun 26, 2007 10:04 pm

is there anything I should add to the GetProcessByName() routine?

I don’t know what you would need to add. If it can find the process, even though it does not display in the main list, you can open it manually (OpenProcess(), not LoadProcess()) and use your own HANDLE object inside the script to work with it.

My software checks the exit flag on processes because it prevents a few bugs, and especially prevents blue screens of death on the kernel-mode ReadProcessMemory() routine.

I would need to fix these issues before I could make MHS be able to load and work on a process that does not appear in the main list.


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan


Return to Help

Who is online

Users browsing this forum: No registered users and 0 guests

cron