Its not a PE when its decrypted either, while It still has exports and an IAT they can't be changed by the normal methods, but you can still alter them and check if they are valid, its just a lot harder, but if you do patch the process after its started it will be detected, and stopped..
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Michael A. Hobson Sent: Friday, 26 April 2002 3:21 PM To: [EMAIL PROTECTED] Subject: [hlcoders] Re: hlcoders digest, Vol 1 #441 - 14 msgs James, IAT redirecting and hooking is not affected at all by encrypting the DLL file. It has to be decrypted to run. At that point, it must be vulnerable to IAT hooking. At 08:10 PM 04/25/2002 -0700, you wrote: >From: "James Mitchell" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Subject: RE: [hlcoders] Anti-cheat code in mods >Date: Fri, 26 Apr 2002 13:26:33 +1000 >Reply-To: [EMAIL PROTECTED] > >Yes, but there is very minor detection in the engine dll(hw.dll, and >sw.dll) that will detect a certain method of modification...Although >the new PE Replacement is a standstill for cheating, and the methods >being used of IAT Redirecting and hooking won't be used on the >encrypted Pes, although they can still be used on non-encrypted >dlls..but im sure that's soon to change.. Michael A. Hobson Web Programmer IBRC, Inc. email: [EMAIL PROTECTED] phone: (310) 338-9719 (home office - vm) (310) 560-9968 (cell) _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders
