[UPDATE] Memory Hacking Software MHS 5.3 Pro

[L. Spiro]

Introduction:
I am a game programmer (Ghost Recon 2: Online, 187 Ride or Die, etc.) living and working overseas (Thailand, France, Malaysia, etc.)

I have written some software that I thought might be of use to the people on this site.
scruie told me to post it here, so if this is off-topic, blame him.

The tool: Memory Hacking Software
This is a hacking tool similar to Cheat Engine, but with its own set of powerful features.

New update news:

MHS 5.3 Pro has been released with the following updates:
1: The RAM Watcher can now be set on top of all other windows.
2: Fixed the Assemble bug related to miscounting the number of instructions that need to be NOP’ed when overwritting things. Bug was not related to Auto-Assemble not the Injection Manager.
3: Fixed a bug related to the mapping of dynamic templates which caused misalignment in nested dynamic arrays.

DOWNLOAD

L. Spiro

Just out of the hospital and got a few changes into MHS.


This should help bypass more things, especially Xtrap.
And it increases compatibility with Auto-Assembler scripts from Cheat Engine, adding RegisterSymbol, etc.

DOWNLOAD

L. Spiro

The previous 4.0.0.13 had a kernel problem related to multi-processor computers on Windows XP and below causing system lock-ups.

This has finally been fixed in this very important update.
If you had any problems with the previous release, redownload.
This also adds fuctions on Windows Vista that was previously only on Windows XP and below.

Download: LINK

L. Spiro

There has been a long wait for this release but it is finally here.

MHS 4.0.0.13 has very advanced anti-anti-cheat implementations and very advanced process-detection routines; it can see, open, and modify Cheat Engine even when it hides itself in both kernel and user-mode.


// == Process Detection == //

It can see “full stealth” Cheat Engine as well as processes hidden by at least nProtect Game Guard (all versions) and XTrap (all versions). Most likely all other anti-cheat software are covered but only these two have been officially tested.



// == Anti-Cheat Detection Avoidance == //

MHS now has a feature that allows you to dynamically change its file size, CRC, window titles, file name, and everything else anti-cheats would use to try to detect it.
You can add any title to your windows you want, and rename it to anything you want. Every copy of MHS can be unique, like a whole new process.
Other software would have you pay $49.90 (http://www.artmoney.ru/e_register.htm) for the same feature, but with MHS you can do it as many times as you like and it is—and will always be—free.


// == General Anti-Anti-Cheat == //

MHS now comes with a very powerful and generalized anti-anti-cheat, as well as new script features that allow users to extend the existing anti-anti-cheat or to add their own. Extendibility via scripts implies an anti-anti-cheat that can evolve and continue working forever into the future, even if I ever stop working on this project.


// == Improved Compatibility on Vista == //

The MHS kernel now works on Windows® Vista as well as it does on Windows® XP. The MHS kernel is known to be very stable in comparison to the kernels in Cheat Engine, Sora Engine, Moonlight Engine, etc., which instantly blue-screen under some circumstances, such as running on Windows® Vista, running on a multi-processor machine, or if the target process closes at just the wrong time. I think Cheat Engine 5.4 has improved its kernel a lot though (but I have not tested it yet).
DISCLAIMER: This version of MHS introduces some new components to the kernel which have been heavily tested on my own but have yet to stand the trials of thousands of users.


// == Other == //

The Disassembler looks much nicer now and has extra information. Other tweaks have been made and bugs have been fixed.






Because of the advanced anti-anti-cheat features in this version, which extend into the kernel, I want to stress that if anyone has any problems with this version then he or she should e-mail me with the problem or post it on my forum.


L. Spiro

Many versions have passed since the last update here.


MHS 4.0.0.12 is heavily advanced over MHS 4.0.0.7.


Here is the full list of changes since then:
Version 4.0.0.12 (12:28 PM 12/28/2007)
1: Advanced Speed Hack to work on more games.
2: Added snippets to the Auto-Assembler.
3: Added the OpenProcess function to the scripts.
4: Fixed the OpenThread description in the help file.
5: The OpenThread script function is now memory-managed (the HANDLE returned will be cleaned up automatically when the script set is destroyed, if left open).
6: The Hex Editor no longer locks files while editing them.
7: The Hex Editor now detects when files are modified externally and prompts to reopen them.
8: Fixed the error message shown when attempting to use [ENABLE] or [DISABLE] in the main Auto-Assemble window.
9: Fixed the version of the .EXE file.
10: Added the Set CF, Set PF, Set AF, Set ZF, Set SF, and Set OF functions to breakpoints.
11: Updated the help file regarding breakpoint features.
12: Registers can now be modified from the Disassembler.

Version 4.0.0.11 (3:37 PM 12/17/2007)
1: Fixed the crash related to clicking an Auto-Hack entry while no Disassembler tabs are shown.
2: The Hex Editor now updates its status when MHS detaches.
3: Added Speed Hack.
4: Added the ability to preprocess files as C (__cplusplus not defined).
5: Fixed the bug related to modifying Stored Values that do not have Auto-Assemble scripts.
6: Fixed the loading of the Use Complex Address setting on Stored Values.

Version 4.0.0.10 (10:52 PM 12/9/2007)
1: Auto-Assemble templates created with right-clicks in the Disassembler are now added to the already-open Auto-Assemble window (if it is open already).
2: Auto-Assemble added to Stored Addresses (values added to the main list). Addition includes the [ENABLE], [DISABLE], and [GLOBAL] optional tags.
3: Auto-Assembler parser is now more advanced and allows module:function to be used anywhere.
4: db commands in the Auto-Assembler are no longer restricted to one type of data (string, Unicode string, or hex string). db commands can now include any mixture of any types of data and now including labels and module:function types.
5: rep, repe, repz, repne, repnz, loop, loope, loopz, loopne, loopnz, pushad, popad, pushfd, popfd, iretd, pusha, popa, pushf, popf, iret, db, dw, dd, and dq are now highlighted in the Auto-Assembler editor.
6: dw, dd, and dq added to the Auto-Assembler.
7: API Hook template added to the Auto-Assembler.

Version 4.0.0.9 (12:34 PM 12/5/2007)
1: Kernel function addresses now shown in the Disassembler Helper tab.
2: Added the CreateDisObj, DestroyDisObj, and Disasm functions to the scripts.
3: Added the MHSAssembly page to the help file.
4: Fixed the Predefined Enums page in the help file.
5: Fixed a compilation bug in the scripts.
6: Single-stepping now highlights the current function.
7: Added the ability to select functions.
8: Fixed a bug in the Assembler related to unary + and - operators.
9: The Disassembler now allows copying selected addresses as Auto-Assembler strings.
10: Fixed the Hex Editor crash related to modifying values with the Modify Value command.
11: Fixed the token-replacing bug in the Auto-Assembler.
12: The kernel ReadProcessMemory() and WriteProcessMemory() are now disabled by default on Windows® Vista.
13: The Group search is fixed.

Version 4.0.0.8 (11:23 AM 12/1/2007)
1: Scrollbars added to the edit controls in the ASM Preview dialog.
2: The Auto-Assembler is now accessible from the Disassembler.
3: Injection template added to the Auto-Assembler.
4: Fixed the allocation problems in the Auto-Assembler (closing the dialog would not free allocations made by previews, and previewing, injecting, and then previewing again would deallocate the code from the injection).
5: The Properties window is now much faster to load.
6: The Properties window now allows changing the properties of the chunks.
7: The Expression Evaluator no longer treats some hex numbers as floats when input is meant to be hex by default.
8: The Disassembler can now show code in kernel RAM.
9: Fixed the SHL and POR bugs in the Disassembler.
10: Added the ZLib entry to the Script Function Reference in the help file.





The community has become much more active and more tutorials are available, written by community member(s).
Here are a few that demonstrate some of the power behind MHS:
http://memoryhacking.com/forums/viewtopic.php?t=403 => 3 Ways of Slowing Minesweeper.
http://memoryhacking.com/forums/viewtopic.php?t=440 => A Custom Packet Sniffer/Editor




I have Windows® Vista® on a dual core and get no problems running MHS. I have thouroughly hacked some games on it—in fact in some cases it works better on Windows® Vista®.
MHS automatically detects if you are running Windows® Vista® and adjusts some minor options to grant better stability.



MHS bypasses GameGuard and apparently other anti-cheats, making it work on games such as MapleStory and Legend of Ares.


Huge updates are coming soon, including StructBuilder functionality and the long-awaited trainer maker (create your own stand-alone kernel-enabled trainers that have the same undetectability as MHS has!).


L. Spiro

I have posted the most recent version as an attachment, but it is updated often, so it may become outdated quickly.
For that reason, I will also submit my homepage where new updates for the software can always be found:
Memory Hacking Software

I hope to hear any feedback from anyone, good or bad.

Thank you,
L. Spiro


GMoD Notes: added the latest news and version of the software @ 24/01/2008 - scruie

Hey L. Spiro.. Need a little assist on this.

Maybe the 0.16 does bypass X-Trap but it is weird.

1. I can attach the files. When i try to load the speed hack, it says failed.
2. I can search for the address, but freezing them makes no effects (or maybe i just went thru the wrong step.)
3. When I attach on the exe, it says its not for debugging, obviously it must be blocked by X-Trap. So i guess its normal that I cant view anything in Disassembler.

I just need to clarify if all these are the root cause of X-Trap? Speedy wont load, address value wont change, Disassembler no effects...

If so, is there any way to just disable X-Trap? Well this is free to discuss, cause I'm able to attach X-Trap, maybe we can just dig a small hole in X-Trap with Disassembler and get things work?

http://memoryhacking.com/forums/viewtopic.php?t=2272



MHS 4.018 is available on the download page.

#1: The Go To dialog for the Disassembler has been fixed.
#2: The UDD path is now correctly reset when invalid upon loading of MHS.
#3: Fixed capitalization errors in function descriptions in the help file and Code Window.
#4: Fixed the Expression Evaluator bug related to placing a | directly after a number (previously treated the number as being in hexadecimal format).
#5: Fixed a crash related to bad timing when closing other processes while MHS is closing.
#6: Fixed the assembler. Previously unable to compile certain commands with multiple registers or produced incorrect machine code.
#7: Added Code Filter.
#8: Postfixing octal numbers with U or L in the Expression Evaluator no longer results in 100% 0 values.
#9: The buttons on the Auto-Assemble dialog no longer remain distorted after normalizing the window from a full-screen state.


L. Spiro

[T0m]

wow!

this is pretty much awesome. Ive been able to find diffrent programs that do all this, but now i got ONE that does it all.

thanx man, i look forward to your updates.

btw: what are you calling your new language? and what other language(s) is your language similar too?

Edit: In the main folder that is created after the initial extraction there is a file called "Templates"

what exactly is this file for? When i try to open it up i get this error, "unable to load graphics conversion filter...."

any idea whats going on there?

[Faulrn]

lord, this is one of the biggest releases since cheat engine. Well i say it IS the biggest release. I hope your prepared to update this quite a bit, it will continously be patched and patched. It is quite a release and i must applaud you. This is not an easy task.

[L. Spiro]

what are you calling your new language? and what other language(s) is your language similar too?

For the purposes of Memory Hacking Software, it is called L. Spiro Script and uses .lss txt files. There is nothing special about the .lss file format; it is just the code your wrote in text form, so you can modify the script files in any environment or even notepad (as with any language file).
As a whole, it is similar to Java, C, and C++ mixed together, but syntactically speaking, it is almost exactly C.

• Like Java:
  • Compiled into byte code. Run through a virtual machine.
  • Functions/globals declared in any order.
• Like C:
  • Nearly exact C syntax. See Like C++ for the changes.
  • Structures, unions, enums, and typedefs.
• Like C++:
  • Declare local variables anywhere inside functions.
  • Declare variables in for () loops.

Basically, if you know C, you know L. Spiro Script. I just removed some of the headaches from C to make life easier.

Edit: In the main folder that is created after the initial extraction there is a file called "Templates"

what exactly is this file for? When i try to open it up i get this error, "unable to load graphics conversion filter...."

Templates are used to map structures in the RAM of the target process, but I will be removing them and remaking them from scratch, integrating them with the scripting system for more power.
A folder called “Templates” is created automatically to store them if you ever make them.
As for why you would get an error trying to open the folder, it must be some program running on your computer that has decided folders named “Templates” has special meaning, and therefore tried to open it expecting something to be inside.
Some of my file extensions are already used by Windows for some purpose or another, so double-clicking them uses the wrong program to open them, causing errors.
These can be safely ignored, since the only thing that matters is whether Memory Hacking Software can open them.


I despise spyware or programs that do anything they don’t need to be doing, so there is nothing of the sort in my own software.
Everything it does it does in its own folder and nowhere else, so you never need to worry about it cluttering up your system.

this is pretty much awesome. Ive been able to find diffrent programs that do all this, but now i got ONE that does it all.

thanx man, i look forward to your updates.

Thank you.

There is a lot coming in future releases.
I think in the next release there will be a major addition to the script API, which will include a full set of window/GDI functions.
There will be functions for easily creating dialogs, placing buttons, etc., for making your own trainers and things.


L. Spiro

[Faulrn]

I have sent you a PM. If you wouldn't mind reading it, that would be great.

As i said before, if your prepared to update it you will hailed as a God here. Nevertheless a God you are atm.

[L. Spiro]

Thank you for your enthusiasm.
I have read your PM’s.

The answer to your second PM will be posted here, because it also details the future of the project.

I have already begun a kernel-mode driver to begin working under the system.
The driver is planned to offer hidden ways to read/write process memory to avoid common detections, hide MemHack.exe from the process list, find all hidden processes (relates to your problem), and ring-0 debugging.

But as you can see, I have my hands quite full with the current features, so the development of the driver takes a lot longer.


I mentioned before that the script will be exportable to a stand-alone .EXE trainer.
During exporting, I plan for the trainer to inherit a lot of the properties of Memory Hacking Software, such as those that come with this driver when done.
In other words, your trainers would automatically be able to hide themselves and use “hidden” methods for reading/writing to the target process which won’t be detactable by normal means.


Anyway, this is all still a ways off; I need to finish the script API and make it fully rounded to suit all general needs hackers may have.

The driver is coming along in the background whenever I want to take a break from the current additions, but unfortunately I can’t say exactly when it will be done, and the current additions (script API, new debugger/disassembler, new template system) take priority for now.


I am, however, definitely open to suggestions for the script API.
If there are any functions, for example from the Win32 API, that you would feel are useful for hacking, feel encouraged to list them.

Next release will have the dialog/GDI functions as well as mouse_event(), etc.


Thank you,
L. Spiro

[T0m]

whoah you know what i jsut realised, i think over in one of the game hacking sections here, if it isnt, its very similar.

If you wanna check it out, go to the Americas Army section and look at the Sticky threads in the coding section.

[L. Spiro]

In fact they are talking about Lua Script, which they shorten to LScript, which does indeed look similar to my name and my script, but it’s unfortunately not the same.

They may want to look into L. Spiro Script though; soon it will be doing quite a bit.


I had to make an update before I added the dialog/GDI features.
This one removes debugging code that was slowing scripts down a lot.
QSort() and BSearch() are now 65 times faster and I can now begin on the dialog/GDI features, since they will work the same way as QSort() and BSearch().


Update on the page.
Memory Hacking Software


L. Spiro

[Shard]

I've been using Memory Hacking Software for ages now, since you released it on Game-Deception a while ago, and it really is by far the best memory editor I've used. It offers so many more features than others, which only seem to be growing in number and efficiency.
Keep up the good work, and I'm looking forward to the kernel-mode driver you are developing which will make it so much easier to hack NProtect games.

[alaxul]

This is amazing, please setup a website where we can keep up to speed and grab new updates as they are released. Cheers!

[Shard]

he has done, he even linked to it in a couple of his posts here lol
www.memoryhacking.com

[BlackDove]

I've been using it as my primary memory searcher and TSearch as my memory editor for a couple reasons:

- There is no Ctrl+A Select All / Delete or even a clear feature to remove offsets from any of the lists.

- The memory editor cannot be scrolled as easily as in TSearch.

- TSearch can make compile code in assembly which can be patched into any game without the need of a third-party dll.

- TSearch does not have an offset range search like L. Spiro's does.

- L. Spiro's searches are many times faster.

L. Spiro's is still the best software for memory hacking considering the recent updates (and TSearch is discontinued).

[L. Spiro]

There is no Ctrl+A Select All / Delete or even a clear feature to remove offsets from any of the lists.
Which lists?
Address lists?
Those are going to be redone in the future; I am going to redefine the standard file format for the addresses stored so they can be more dynamic (yet simple), and will be redoing the controls for the main list at the same time.
This is why it isn’t in the help file yet (though I should put at least something there).


The memory editor cannot be scrolled as easily as in TSearch.
How is it scrolled?


TSearch can make compile code in assembly which can be patched into any game without the need of a third-party dll.
See my Injection Suite.
It automatically finds/creates your code cave, adds the JMP to it, adds the overwritten code to it (refactors the code to ensure moved JMPs still jump to the correct addresses), adds the JMP back, and can be set to load each time the process is opened, etc.
Soon this will be part of the script as well, so you can inject from scripts.


Thank you all for your support; it makes me happy to continue working on my software.
Things are looking good for the dialog/GDI release this weekend.


L. Spiro

[T0m]

They may want to look into L. Spiro Script though

heh, we would need an sdk

[phubandit]

no good for maple mah comp restart XD

but god program 10/10