Memory Hacking Software

[cobr_h]

I don't understand one thing on MHS. For cabal, for example. When the game is loaded on memory and I attach MHS to it, I am supposed to see no crypted data, am I? Well, fact is I was messing up around on a cabal client. I could hack, and see values and such. If I searched for my char's name, I could not only find it but also change on-fly as the memory hacking software is supposed to do.

Trying another client, having x-trap not detecting it and such, I simply couldn't find any values, even if I made broader the address search range (from 00000000 to FFFFFFFF) I couldn't find, for example, my stats and my char's name, as it weren't on the 'cabalmain' process. Did I skip something? Opened the process using restricted mode, which worked on the other client. What could lead to a process being 'unreadable'?

Other thing, I was trying to experiment things on good old starcraft. Searched for the money, gathered more money, found the address. But when I changed the value, the change made did not reflect on the game itself. The value kept the same, and increasing/decreasing but since I changed it, it no longer was changed in the same memory position (neither somewhere else). Could that be that the game, finding that the value has been changed, have allocated another memory space to allocate the value of money, or what? It is starcraft, the old starcraft 1.

[L. Spiro]

Some anti-cheats are stronger than others. You can not have two MHS clients active at once and using kernel mode. This will automatically prevent the reading of the target process even if it has no anti-cheat (unless you disable kernel functions).


In Starcraft you may have found a dummy value that triggers a re-allocation of the data.
You just have to keep working and finding another value that works.


L. Spiro

[cobr_h]

Hmmm... I always used just one instance of MHS at once.

I thought it was strange to not see the values cause they were the same cabal clients, just different versions. Both using x-trap. The 'open' client was for the official brazillian cabal, the other was an (probably) unpacked client for 'cabal orixás' brazillian server as well. At least the pirate server's client was almost as double the size of the official's.

But as the pirate client is not based directly on the official client (but from one like NA/EU/whatever which probably has been depacked) there is still the chance for this other client being able to be crypted in memory, although the pirate is: older, already hacked, based on the same ESTSoft game. In the end I really doubt the one who made up the client and patches unpacked the binaries, changed their values and issued to the resulting client a cryptography which could sneak values from the memory itself. That is why I found that strange.

I will try further with starcraft. But I am pretty sure there were no other occurrence of the value (money gathered) in the memory. Maybe in another format.

[Cookie]

Each cabalmain.exe is packed with something,unless you unpack it right ,1 by 1 packer ,and fix the IAT and get it running using the unpacked launcher, you cant view the data uncrypted.
Remember,cabalmain exe is packed with more packers,not just one.

[cobr_h]

yes... I have this in mind. Now that MHS is back working and I have a copy of cabal, fooling current update and also fooling x-trap updates, I can get deeper on this. Maybe now I can get to find and dump the unpacked binary. If there goes any update I can now keep a "working" copy of the game to be able to study its code.

[brunotacca]

yes... I have this in mind. Now that MHS is back working and I have a copy of cabal, fooling current update and also fooling x-trap updates, I can get deeper on this. Maybe now I can get to find and dump the unpacked binary. If there goes any update I can now keep a "working" copy of the game to be able to study its code.

How u put MHS on? kernel mode? x-trap don't crash the game when u search a value?

Thx

[cobr_h]

oh es, I had all addresses saved so it worked just fine. When I started trying to do searches, x-trap noticed MHS and killed the game process. It seems I am able to lock addresses but unfortunately it is quite hard to search for new ones and make new attempts.

[brunotacca]

oh es, I had all addresses saved so it worked just fine. When I started trying to do searches, x-trap noticed MHS and killed the game process. It seems I am able to lock addresses but unfortunately it is quite hard to search for new ones and make new attempts.

When u lock the address x-trap dont kill the game after few minutes?
After the "Change UP" update, all address has been changed, i lost my all issets. =/
in cobr, we can make combo, no delay, mapa hack...
i try to make party buff hack, but this need to froozen a pointer (distance from near player, to cast the party buff)

What numbers are u using on ACC Layer? Can u share any information? thx.

[cobr_h]

well, it seems for some reason it worked once I installed it, but no longer works. I have assured no new x-trap versions come up without my approval. After the update the client's checksum (at least the part x-traps looks into) is the same as x-trap does not kill cabal after some time even without using any appz or dbgz. It must have been just coincidence but x-trap is really picking up MHS. Even without searches.

Addresses have as well changed here... anyway, x-trap is still being able to detect MHS intrusion even in 6.1 version.

EDIT: by the way, do not throw out your saved addresses, you can still use them after a breach is found. You need then to find one of the addresses you have saved and then calculate the shift (how far forward or behind the resulting address values are).