There is a game called WonderKing that me and my friend are trying to hack which uses the anti-hack called Hack Shield. As many know Hack shield is packed with Themida which makes it very hard to attack directly so instead we unpacked the game executable(packed with UPX lol) and removed the check which decides whether to display the "hacking program detected at:%s" and closes the program. So now MHS and CE no longer cause the game to get shutdown.
Unfortunately this was not the last of our worries. Last time i was using MHS on WonderKing it allowed me to Open the process and read/write to memory. Now it appears there has been some HS update and when i open the process normally i get "Cannot open process" only way it will open is in "restricted mode" where it seems to open but when doing a search i automatically get "no results."
This question is directed at L.Spiro because i think only he will be able to fully help me. I'm guessing Hack shield hooks some new APIs(ring0 maybe?) and detects when the process is being open. I would like to know what MHS uses to Open the Process and read/write to memory and any suggestions on how Hack Shield stops this/ How to Get Around it?
Edit: My OS is Windows 7 32 bit If that helps.