1. is there a way to make MHS detect hidden processes? the game is on but its process is hidden (even with "show all" option), therefore MHS is unusable...
2. all of the MHS versions fail to open the [System Process]. Is there a way to edit the physical memory with MHS? if so, how?
Thanks!
MHS and hidden processes
Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo
7 posts • Page 1 of 1
MHS and hidden processes
by trialusert » Tue Aug 05, 2008 11:11 pm
-
trialusert - NULL
- Posts: 155
- Joined: Tue May 20, 2008 6:19 pm
by L. Spiro » Wed Aug 06, 2008 12:14 am
#1: MHS already detects all processes as long as the kernel driver loads. It will not load on some machines, especially on x64 processors and Windows Server 2003.
#2: No.
L. Spiro
#2: No.
L. Spiro
Our songs remind you of songs you’ve never heard.
-
L. Spiro - L. Spiro
- Posts: 3129
- Joined: Mon Jul 17, 2006 10:14 pm
- Location: Tokyo, Japan
by trialusert » Wed Aug 06, 2008 12:27 am
1. how come it doesn't detect a game process that's hidden by gameguard (no offense, i really want to know that)?
2. will you release a version that does that (open the [System Process])?
2. will you release a version that does that (open the [System Process])?
-
trialusert - NULL
- Posts: 155
- Joined: Tue May 20, 2008 6:19 pm
by spunge » Wed Aug 06, 2008 3:06 am
i'm guessing MHS reads the EPROCESS list. GameGuard unlinks what it's protecting from the EPROCESS list.trialusert wrote:1. how come it doesn't detect a game process that's hidden by gameguard (no offense, i really want to know that)?
2. will you release a version that does that (open the [System Process])?
Or it could just be like a process watch... the only problem is you have to have MHS open before the game hides the module.
- spunge
- NULL
- Posts: 121
- Joined: Sun Jul 27, 2008 4:58 am
- Location: VEH callback
by trialusert » Wed Aug 06, 2008 9:25 am
spunge wrote:i'm guessing MHS reads the EPROCESS list. GameGuard unlinks what it's protecting from the EPROCESS list.trialusert wrote:1. how come it doesn't detect a game process that's hidden by gameguard (no offense, i really want to know that)?
2. will you release a version that does that (open the [System Process])?
Or it could just be like a process watch... the only problem is you have to have MHS open before the game hides the module.
hence, there are processes MHS doesn't read; right?
// (the process is hidden even if MHS is opened before the game)
-
trialusert - NULL
- Posts: 155
- Joined: Tue May 20, 2008 6:19 pm
by L. Spiro » Wed Aug 06, 2008 9:37 am
#1: It can. As long as MHS is open before the target process, it will always see the hidden processes.
There are several ways of preventing this information from reaching the list, however, the first being to block MHS’s communication with the driver, so even though the driver is able to see all processes it does not help MHS.
#2: Not really.
MHS does not read the EPROCESS linked list, and can detect that processes have been removed from that list. As a matter of stability, I have not added a feature that allows putting them back in the list, but it can be done with scripts very easily.
Another reason I do not do it is because it would be a very large clue to the game or anti-cheat that it is being hacked.
You can set all of the AAC knobs to 6 to bypass most nProtect Game Guard hooks, which allows MHS to safely call PsLookUpProcessByProcessId() and other functions that may have been hooked to trigger alarms or to break.
L. Spiro
There are several ways of preventing this information from reaching the list, however, the first being to block MHS’s communication with the driver, so even though the driver is able to see all processes it does not help MHS.
#2: Not really.
MHS does not read the EPROCESS linked list, and can detect that processes have been removed from that list. As a matter of stability, I have not added a feature that allows putting them back in the list, but it can be done with scripts very easily.
Another reason I do not do it is because it would be a very large clue to the game or anti-cheat that it is being hacked.
You can set all of the AAC knobs to 6 to bypass most nProtect Game Guard hooks, which allows MHS to safely call PsLookUpProcessByProcessId() and other functions that may have been hooked to trigger alarms or to break.
L. Spiro
Our songs remind you of songs you’ve never heard.
-
L. Spiro - L. Spiro
- Posts: 3129
- Joined: Mon Jul 17, 2006 10:14 pm
- Location: Tokyo, Japan
by trialusert » Wed Aug 06, 2008 3:13 pm
tried the AAC method, but still couldn't find the process... GOD I HATE GAMEGUARD.
-
trialusert - NULL
- Posts: 155
- Joined: Tue May 20, 2008 6:19 pm
7 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests