by L. Spiro » Wed Aug 06, 2008 9:37 am
#1: It can. As long as MHS is open before the target process, it will always see the hidden processes.
There are several ways of preventing this information from reaching the list, however, the first being to block MHS’s communication with the driver, so even though the driver is able to see all processes it does not help MHS.
#2: Not really.
MHS does not read the EPROCESS linked list, and can detect that processes have been removed from that list. As a matter of stability, I have not added a feature that allows putting them back in the list, but it can be done with scripts very easily.
Another reason I do not do it is because it would be a very large clue to the game or anti-cheat that it is being hacked.
You can set all of the AAC knobs to 6 to bypass most nProtect Game Guard hooks, which allows MHS to safely call PsLookUpProcessByProcessId() and other functions that may have been hooked to trigger alarms or to break.
L. Spiro
Our songs remind you of songs you’ve never heard.