by L. Spiro » Mon Feb 11, 2008 2:25 pm
This was quite annoying.
A month ago I took a quick look at their protections and thought, “Okay, this will be easy.”.
I made the bypass and tested it. Blue screen. I changed my method, tested, failed (but no blue screen).
I kept thinking about why it wasn’t working, looking deeper and deeper for hooks, and made a hook-detection library for MHS.
But on my lunch break I took a look at my code in my driver.
That blue screen caused me to lose a bit of very important code.
Adding the code back and testing revealed my methods were working from the start.
How annoying. It was a 5-second job to bypass those protections spread out over a month of confusion when all it was was some lost data in my driver causing it not to use the bypasses I have been implementing for the last month.
The hooks that were preventing MHS from reading the RAM of nProtect Game Guard games are bypassed (as they should have been the day after I glanced at their protections).
After noticing this I whipped up the bypass on my lunch break.
Don’t get too excited. MHS can go into the target process and read the RAM, probably even lots more, but there is a loose end somewhere that allows the game to detect that its RAM is being read and it closes after a while.
This is just a matter of figuring out how it detects that and then just bypassing that. Bypassing is easy. Searching is not.
I will release the next version soon with all the features needed to locate and study their hooks and to make custom bypasses. Having many people searching for the problem should speed things along and adding custom bypassing allows it to work forever.
L. Spiro