Page 1 of 3 123 LastLast
Results 1 to 15 of 40

Thread: MHS 4.0.0.0: Search/Hex Edit/Disassemble/Debug/Inject/More

  1. #1

    MHS 4.0.0.0: Search/Hex Edit/Disassemble/Debug/Inject/More

    MHS 4.0.0.0 (http://memoryhacking.com) has just been released with heavy improvements.

    • Searching
      • Data-Type Searches
        • Extremely fast and efficient.
        • Many search types.
          • Exact Value
          • Not Equal To
          • Range
          • Lower Than
          • Greater Than
          • Unknown
        • Improved and intuitive interface.
        • Epsilon and Smart Epsilon for floating-type searches.
      • Pointer Searches
        • Find pointers fast. Static and otherwise.
      • String Searches
        • Many types of useful searches.
          • ASCII: A normal string of text.
          • Unicode: A normal Unicode string.
          • Hex String: A raw sequence of bytes.
          • Wildcard: Search with wildcard tokens * and ?.
          • Regular Expression: Full regular-expression searches. The most dynamic string searches available.
      • Group Searches
        • Find sets of data near each other in any order, in exact order, or by count.
        • Find sequential data based off how each element relates to the previous element. Especially useful for finding tilemaps.
      • Script Searches
        • The end-all-be-all in searching. You define the criterion for what is found and what is overlooked. Fully documented.
    • Real-Time Hex Editor
      • The only real-time hex editor available. Shows RAM as it changes and highlights the changed values for ease in spotting.
      • Works on RAM and files. Opens any size of file quickly with no slow-down and little RAM consumption.
      • Tons of features and a professional feal.
    • RAM Watcher
      • View RAM in real-time with many interpretations of the data.
    • Real-Time Expression Evaluator
      • All C/C++ mathematical operators are recognized.
      • New [ ] operator allows reading RAM of the target process, and reading is done in real-time to give you up-to-date evaluations.
    • Hotkeys
      • Many assignable functions.
      • Attach scripts to Hotkeys to perform any operation at the touch of a button.
      • Two modes for Hotkey processing.
    • Disassembler
      • JMP/CALL highlighting with mouse-over.
      • Names of recognized functions displayed.
      • ASM tips explain the current command and show the results after the command is executed.
      • Improved Auto-Hack.
      • Useful color-coded stack display.
    • Debugger
      • Breakpoints with selectable functions.
      • Scripts can be called when breakpoints are hit to allow you to easily perform any operations you desire. Easily hook the target process.
      • Much faster than before. Perfect stability.
    • Injection Suite
      • Finds or allocates code caves for you, or select your own.
      • Automatically creates the jump gate from the original code to your new code.
      • Automatically adds the code overwritten by the jump gate to your new code, before or after.
      • Automatically adds the jump back to the original code from your new code.
      • Injections can be set to automatically inject when the target process is loaded.
    • Scripts
      • A full programming language (L. Spiro Script) is integrated, complete with an environment, compiler, and a full set of documented API functions.
      • Language syntax matches C/C++, so there is no need to learn a new language. C/C++ programmers are ready to go.
      • New extern feature makes it easy to work with the RAM in the target process. Fully documented with examples.
      • API for sending mouse clicks and keyboard strokes make it idea for creating bots.
    • Kernel-Mode
      • A kernel-mode driver provides undetected access to many protected games, and MHS is not detected by Game Guard.
    • Stability
      • MHS is extremely stable. There is only one known issue with the Hex Editor (though exceptionally rare, making it difficult to track), and all other areas of the software are considered 100% stable.
    • Extensive Documentation
      • The included documentation is professional in design and covers every subject extensively.


    A growing forum offers full support and many updates and features are still to come.

    Get it while it’s now!


    L. Spiro
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Despite the lack of enthusiasm shown for my release above, I am happy to present a powerful new feature in the latest release, which I believe you can not find anywhere else (correct me if I am wrong).



    Among many other additions, MHS 4.0.0.4 (http://memoryhacking.com/) now sports a DLL Injector (Ctrl-J).
    Such a feature is common, and MHS has been long overdue for one itself, but this DLL Injector comes with some useful extras.

    After injecting your DLL, the DLL Injector allows you to call any of your DLL functions by name, allowing you to pass any number of full-expression parameters and with __cdecl or __stdcall calling conventions.

    The function is called remotely within the DLL in the target process, in the context of the target process.

    The DLL Injector shows the return value from the function called in the target process.

    This page (http://www.memoryhacking.com/Misc/Tut/DLL%20Injector.htm) explains it in more detail.


    A single parameter can be any expression, and an expression can be made with any C operators, including <<, &, ||, &&, !, ~, etc. These are explained in the Expression Evaluator (http://www.memoryhacking.com/Misc/Tut/Expression%20Evaluator.htm) page.




    The utility for calling functions in the target process is not limited only to the DLL Injector. In the Disassembler (Ctrl-D), you can right-click any address and select the Call Function menu item to call that address as a function (again with any parameters you please, and with the return value pesented after the call).
    Furthermore, you can go to the Imports or Exports tab in the Helper window and right-click any function from those lists and have them called.

    The remote functions are called within a stable environment so the risk of crashing MHS or the target process (by passing bad arguments, calling it incorrectly, or even calling addresses that aren’t functions) is relatively little, making it very friendly to use.


    This is a useful feature I believe no other software offers, though if I am wrong, at least here is an alternative.




    A lot of issues were solved that were causing people problems in MHS 4.0.0.0, so if you didn’t like that version give this one a shot anyway.



    L. Spiro

    * MHS uses a kernel-mode driver for opening the target process, checking if the target is closing, and reading the RAM of the target process.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    I apologize for myself for not stating the obvious L. Spiro: your Tool is unique, swiss army like, and exceedingly cool.
    Thank you again

  4. #4
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Hey L. Spiro, your software is extremely cool, and I'm sure it's just a coincidence that noone has replied to your thread. I actually had a look at it just yesterday, and though "damn that looks like a really cool and complex piece of software, I really hope I'll have the time to play around with it some day". Maybe it's just that, that the massive complexity and competence of it scares people away from "just a quick look"?

    Keep up the good work anyway, and please let us know about any future versions here!
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  5. #5
    I really like this. Thanks L. Spiro

  6. #6
    Thank you everyone.

    I will let you know about any big new features, and I am also open to reasonable requests.
    Also feel encouraged to report any issues you may discover (except those damn blanking-out dockable windows) as I am very focused on keeping it as stable and issue-free as possible.


    L. Spiro
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    Good job.I like it.

  8. #8
    Pietsnol
    Guest
    Thanks for the handy program.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    Add a (basic) Asm->C decompiler and then it'll really be complete

  10. #10

    MHS 4.0.0.13

    There have been many versions since my last post; I wanted to make sure the next post would have enough content to make it worth having a new post.
    I think it has advanced enough now.

    http://www.memoryhacking.com/

    You can tell the software is primarily aimed at games, but it is useful for general software as well, and with its new process detection it can be useful for finding hidden processes as well.

    Scripts are even more powerful than before and disassembling/reassembling can be automated with scripts as well. We use it a lot at work to make various useful tools, especially for converting some data format to something we can use in our games (I am a video-game programmer/designer by profession).

    The community has become much more active and more tutorials are available, written by community member(s).
    Here are a few that demonstrate some of the power behind MHS:
    http://memoryhacking.com/forums/viewtopic.php?t=403 => 3 Ways of Slowing Minesweeper.
    http://memoryhacking.com/forums/viewtopic.php?t=440 => A Custom Packet Sniffer/Editor.



    MHS 4.0.0.13 has very advanced anti-anti-cheat implementations and very advanced process-detection routines; it can see, open, and modify Cheat Engine even when it hides itself in both kernel and user-mode.


    // == Process Detection == //

    It can see “full stealth” Cheat Engine as well as processes hidden by at least nProtect Game Guard (all versions) and XTrap (all versions). Most likely all other anti-cheat software are covered but only these two have been officially tested.



    // == Anti-Cheat Detection Avoidance == //

    MHS now has a feature that allows you to dynamically change its file size, CRC, window titles, file name, and everything else anti-cheats would use to try to detect it.
    You can add any title to your windows you want, and rename it to anything you want. Every copy of MHS can be unique, like a whole new process.
    Other software would have you pay $49.90 (http://www.artmoney.ru/e_register.htm) for the same feature, but with MHS you can do it as many times as you like and it is—and will always be—free.


    // == General Anti-Anti-Cheat == //

    MHS now comes with a very powerful and generalized anti-anti-cheat, as well as new script features that allow users to extend the existing anti-anti-cheat or to add their own. Extendibility via scripts implies an anti-anti-cheat that can evolve and continue working forever into the future, even if I ever stop working on this project.


    // == Improved Compatibility on Vista == //

    The MHS kernel now works on Windows® Vista as well as it does on Windows® XP. The MHS kernel is known to be very stable in comparison to the kernels in Cheat Engine, Sora Engine, Moonlight Engine, etc., which instantly blue-screen under some circumstances, such as running on Windows® Vista, running on a multi-processor machine, or if the target process closes at just the wrong time. I think Cheat Engine 5.4 has improved its kernel a lot though (but I have not tested it yet).
    DISCLAIMER: This version of MHS introduces some new components to the kernel which have been heavily tested on my own but have yet to stand the trials of thousands of users.


    // == Other == //

    The Disassembler looks much nicer now and has extra information. Other tweaks have been made and bugs have been fixed.


    Because of the advanced anti-anti-cheat features in this version, which extend into the kernel, I want to stress that if anyone has any problems with this version then he or she should e-mail me with the problem or post it on my forum.


    L. Spiro
    Last edited by L. Spiro; January 20th, 2008 at 14:12.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Very nice as usual, your tool is indeed undoubtedly the king of memory hacking software.

    I've updated its CRCETL entry, but you are very welcome to add a better and more complete description of it there too:

    http://www.woodmann.com/collaborative/tools/index.php/Memory_Hacking_Software
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  12. #12
    And, as usual, we appreciate your continuing to share your quality efforts with our readers.

    Regards,
    JMI

  13. #13
    Thank you everyone.
    An issue was discovered that only effects some people (the only common trait I can see between them is AMD + multiple cores, but this may not be related) and has been patched with a new 4.0.0.13 uploaded over the old one.
    Furthermore another version will probably be posted tonight with a small-but-helpful addition.

    I can not edit the CRCETL entry. It says it will update the fields (after clicking the edit button) but never does.
    That’s okay though. The description is fine with me; I would only edit the link to point to 4.0.0.13 instead of 4.0.0.12. Maybe someone else can do that until it starts working for me.

    Nice library by the way.


    L. Spiro
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  14. #14
    Hi L. Spiro:

    I don't know what the problem may be that would allow you to edit the version number, but not the link to the new version. Anyway, I have updated your link to the software in the CRCETL to read:

    http://www.memoryhacking.com/MemHack/MHS4.0.0.13.rar

    Thanks again for sharing your great tool with our readers.

    Regards,
    JMI

  15. #15
    May i join,late,the thread to say that your tool is a really nice toy,probably the best with CE!

    congrats for the work and to let it be free,until new agreements

    greets!

Similar Threads

  1. How to Disassemble vxworks System?
    By wsgtrsys in forum Linux RCE
    Replies: 8
    Last Post: September 4th, 2007, 06:26
  2. LINK: Three Ways to Inject Your Code into Another Process
    By Kayaker in forum Advanced Reversing and Programming
    Replies: 15
    Last Post: June 29th, 2004, 01:54
  3. Cool Edit Pro Demo?? or Cool Edit???
    By crUsAdEr in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: February 14th, 2002, 16:57
  4. Help with Ultra Edit ver 7.20a
    By xOptiMus in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: December 15th, 2000, 12:23
  5. Help with Ultra Edit ver 7.20a
    By xOptiMus in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: December 14th, 2000, 18:43

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •