In .NET you just called WinAPI's OpenProcess and Read/WriteMemoryProcess functions, but HackShield hooks them (I think they actually hook some underlying functions with their driver, but I'm too lazy to check that out now) and makes them unusable.
In .NET you just called WinAPI's OpenProcess and Read/WriteMemoryProcess functions, but HackShield hooks them (I think they actually hook some underlying functions with their driver, but I'm too lazy to check that out now) and makes them unusable.
Actually it's some SSDT modifications/hooks detecting any call to those function on a system-wide level. The underlying functions are from ntdll.dll.
The way it works:
.NET marshals to Win32 API which calls the underlying NT functions which are hooked by Hackshields driver. There is a nice article about kernel-level SSDT hooks over .
Okay, can anyone PM me the current base address and coordY offset? I wanna try a function. As far as I could gather from info you supplied, the function should work.
Also, does the HS detect if you are reading the memory of War Rock or is only the memory writting stuff detected? If reading the memory isn't, it would be simple to make a memory aimbot with .NET, I guess?
It's entirely impossible without applying a driver unhooking the kernel-level SSDT hooks. That's why you'd need to inject a native DLL in the process: You don't really want to do that because it's a ******* mess.
An aimbot from an external program is not just almost impossible to do, but is gonna lag the sh*t out of you. Have fun trying that.
.
