Thread: Hack Detection

Page 2 of 2 FirstFirst 12
Results 16 to 16 of 16
  1. 06-19-2011 #16
    Jason
    Jason is offline
    Hung like a rabbit
    Former Staff
    Jason's Avatar
    Join Date
    Apr 2010
    Gender
    male
    Location
    /dev/null
    Posts
    5,704
    Reputation
    918
    Thanks
    7,676
    My Mood
    Mellow
    Send a message via Birdie™ to Jason Australia
    They could easily detect most unwanted modules, that would at least eliminate 98% of injectors (which all use the standard LoadLibrary injection method), either by hooking their own LoadLibrary function, or just periodically scanning game modules every now and then, much easier to compare their 20 or so approved modules than 50,000 hashes every time lol. Of course, this wouldn't stop manually mapped modules being injected, but as SCHiM said, just check common memory regions (recoil/reload...etc) for unexpected values (0x90). Really lazy of them, obviously some hacks are going to get through, but at least it makes it harder (especially the LoadLibrary one as the hacker would either have to write their own manualmap injector, or make sure everyone uses it)

    Quote Originally Posted by Jeremy S. Anderson
    There are only two things to come out of Berkley, Unix and LSD,
    and I don’t think this is a coincidence
    You can win the rat race,
    But you're still nothing but a fucking RAT.

    ++Latest Projects++
    [Open Source] Injection Library
    Simple PE Cipher
    FilthyHooker - Simple Hooking Class
    CLR Injector - Inject .NET dlls with ease
    Simple Injection - An in-depth look
    MPGH's .NET SDK
    eJect - Simple Injector
    Basic PE Explorer (BETA)
    Reply With Quote Reply With Quote

  2. The Following User Says Thank You to Jason For This Useful Post:

    [MPGH]AVGN (06-20-2011)
Page 2 of 2 FirstFirst 12
« Previous Thread | Next Thread »