Page 2 of 2 FirstFirst 12
Results 16 to 17 of 17
  1. #16
    mmbob's Avatar
    Join Date
    Dec 2009
    Gender
    male
    Location
    ja
    Posts
    655
    Reputation
    70
    Thanks
    1,156
    My Mood
    Bitchy
    Quote Originally Posted by Departure View Post
    Exactly Master131, @mmbob This is not restricted to windows mobile, better check your info again before you post

    While you are right I did post the windows mobile msdn page by mistake, The concept is the same for any windows systems, Also while it does inject into every process(as every process must use kernel32.dll) you can do what master131 has shown as an example to make sure your only running your code in Combat Arms.
    HKEY_LOCAL_MACHINE\SYSTEM\KERNEL does not exist on a desktop environment. master131 has the right registry key. You do not. @Departure

    Edit: It appears that the key is not populated by default on Windows Mobile so it may or may not work on desktop. If it does, it's still undocumented and the user dll injection posted by master131 should be used instead. (The reason you posted the Windows Mobile page is because there is no desktop version of the page)
    Last edited by mmbob; 04-26-2011 at 02:34 PM.

  2. #17
    Departure's Avatar
    Join Date
    Nov 2010
    Gender
    male
    Posts
    818
    Reputation
    125
    Thanks
    1,785
    My Mood
    Doh
    I am not going to argue the point, but yeah it works on Desktop versions of windows, And yes there seems to be no Desktop page for those reg keys, I tried to find some documentation about the desktop working with these reg keys but didn't find any at all. Its a common known reg key in the malware scene but most anti hack programs check for these keys anyway so pointless to use it, My original point was there are many ways to inject, using the registry(2 different registry keys) is just one way but mostly detected.

    Also using undocumented API's really does help you advoid detection ingame, IF there is undocumented API which does the same job, Then I will always use the undocumented version...

    check some of them out here
    :: The Undocumented Functions by NTinternals ::

Page 2 of 2 FirstFirst 12