[MPGH]AVGN (06-20-2011)
They could easily detect most unwanted modules, that would at least eliminate 98% of injectors (which all use the standard LoadLibrary injection method), either by hooking their own LoadLibrary function, or just periodically scanning game modules every now and then, much easier to compare their 20 or so approved modules than 50,000 hashes every time lol. Of course, this wouldn't stop manually mapped modules being injected, but as SCHiM said, just check common memory regions (recoil/reload...etc) for unexpected values (0x90). Really lazy of them, obviously some hacks are going to get through, but at least it makes it harder (especially the LoadLibrary one as the hacker would either have to write their own manualmap injector, or make sure everyone uses it)
You can win the rat race,Originally Posted by Jeremy S. Anderson
But you're still nothing but a fucking RAT.
++Latest Projects++
[Open Source] Injection Library
Simple PE Cipher
FilthyHooker - Simple Hooking Class
CLR Injector - Inject .NET dlls with ease
Simple Injection - An in-depth look
MPGH's .NET SDK
eJect - Simple Injector
Basic PE Explorer (BETA)
[MPGH]AVGN (06-20-2011)