Quote:
Originally Posted by byte[]
Hackshield detects things not by HOW IT HOOKS, but how it "looks". It has a database file that contains signatures of things like WPE(/rPE) and Mabipake and perpetually scans the memory for such signatures.
I've hooked tons of my own little creations and none of them were detected only because Hackshield didn't have a signature of it that would mark it as a target.
|
Not claiming to be a HS expert here, so correct me if I'm wrong.
I believe this was just one part of the HS module. It scans for known engine signatures. However, other modules (originally eagleNT I believe... but now I'm really going into the realm of I don't know what the **** I'm talking about) look for hooks done via certain methods (WriteProcessMemory being one of them).
Also, I believe that HS doesn't detect stuff injected via the PerX injector. How to fully take advantage of that, I'm not sure about...
<offtopic> Byte, your signature's obsolete. Who uses ASCII nowadays? =D