Ahnlab Hackshield

A system that has a weak Windows login password or has not installed the security patches will be needlessly exposed to malicious codes or hacking attacks. Not only that, but even if the malicious codes are deleted using a vaccine loaded with the latest engine, the malicious codes can attack system vulnerabilities again to re-infect and damage the system. Therefore, in order not to be infected with malicious codes spreading through vulnerabilities in the system, please make sure that the latest security patches are applied, and that the password for the Windows login account cannot easily be discovered.

1. Password Settings for the Windows Login Account (Windows 7)

#define ahnhsdisplayhackshieldtrayicon 0x4000000 #define AHNHSCHKOPTDETECTVIRTUALMACHINE 0x8000000 #define AHNHSCHKOPTUPDATEDFILECHECK 0x10000000. Bit Defender - Moderate chance - Hackshield cannot load until BitDefender is disabled and in rare cases until it is completely uninstalled; AVG - Low chance - Hackshield cannot load until AVG is disabled. Disabling Resident Shield and active protection for 5 minutes prior to launching a game appears to work. AhnLab V3 Internet Security For Windows Features. Promotes vibrant protection of the computer system against prevalent viruses and other malicious software like spyware, worms and Trojan horses. Enhances network security through the use of its two-way personal firewall that forestalls unauthorized access. The contents of the HackShield page were merged into AhnLab, Inc. For the contribution history and old versions of the redirected page, please see its. Text and/or other creative content from HackShield was copied or moved into AhnLab Inc with this edit.The former page's history now serves to provide attribution for that content in the latter page, and it must not be deleted so long as the latter page exists.

  • 1. Select Windows [Start] > [Control Panel] > [User Account]
  • 2. Select the account used.
  • 3. Select [Change My Password] and replace the existing password by a new one which cannot be guessed easily. Please note that the new password should be a combination of letters, numbers and special characters so that your system cannot be easily infected with malicious codes, which can spread if the password is vulnerable.
Ahnlab

2. Apply Security Patches using Windows Update

  • 1. Select Windows [Start] > [All Programs] > [Windows Update]. Please note: When the Windows Update Page is connected and the “Security Alert” window pops up, select “Yes”. The “Security Alert” window will not pop up for users who have already applied Windows Update.
  • 2. Click “Install updates” to update your system.
  • 3. In some cases, a system restart may be required. If a message is displayed to tell you that the system needs to be restarted, please reboot, because the patches for security vulnerabilities will be implemented only after system rebooting.

In this series i will keep sharing some of the hackshield sdk info a reverser should know before laying his hand over hackshield. It will be a long series.

DISCLAIMER : I & ANY OTHER 3RD PARTY ARE NOT AFFILIATED ANYWAY WITH AHN LAB ,INC. YOU ARE ONLY ALLOWED TO UTILIZE THE KNOWLEDGE IN A WAY THAT WONT HARM/INVALIDATES ANY COMPANY POLICY AND IN EVENT OF ANY LOSS YOU AND ONLY YOU WILL BE THE ONE TO BE BLAMED.

Ahnlab Hackshield

Why this disclaimer, Ahn Lab doesn’t allow anyone except their clients to peek into their protection features and other details. But we are doing it only for learning process right?

Features of HackShield Pro:

Memory-access block
“Blocks memory access through Windows API (OpenProcess, Read/WriteProcessMemory and etc.). It protects memory in kernel level to block hack attacks that manipulate executable codes or return values.” This thing a bitch, patches critical kernel apis to stop peeking inside the game client

Speed Hack block:
Speed Hack is a program that controls time to arbitrarily speed game up or slow game down by using the Windows time functions or timer processing microprocessor. To block Speed Hack, HackShield frequently monitors the difference between the system time and logical time of the operating system in the microprocessor level. If the difference exceeds a certain value, this could be considered as a speed hack.Note that the detection speed could differ according to the user system, operating system or game type.

Ahnlab Hackshield Pro

Enhanced auto-mouse detection *
Detects auto-mouse to prevent server overload and arbitrary control of the game. A new feature of detecting auto-mouse that runs as a hardware such as USB, has been added to HackShield 2.0 as well as automouse that runs as a program.

File manipulation detection
Checks the integrity of HackShield files when HackShield is initialized and/or when a game is running to make sure the files are the ones initially distributed. It also detects if the files have been modified or if the file names have been changed.In simpler words client crc checks

Debugging detection
Detects all debugging tracing to prevent games from being debugged. If any debugger, such as SoftICE, is detected when initializing HackShield, then HackShield returns an error to block it.

Signature-based detection
Provides signatures-based detection. If a hacking tool is detected using a predefined signature, an error message with the path of the program is displayed.

Server-side detection *
Interoperates with the server to monitor manipulation of executable files and memory in real time and check HackShield operation status. In HackShield Pro, it was inconvenient to manage the file/memory CRC of the client in the server. So, a new Artificial Intelligence (AI) feature that automatically manages the file/memory CRC in the server has been added to HackShield 2.0.

Data file/message encryption
Encrypts important data files and messages sent and received between the server and the client, to secure data even when they are exposed.

Memory heuristic detection *
Memory heuristic detection has been added: it identifies the characteristics of hacking tools in the memory to counter new hack attacks in which no signature exists yet. When a hacking tool is detected by the memory heuristic detection engine, an error message “Unknown: error code” will be displayed.

HackShield update *
When HackShield update is available, it is updated through the HackShield Update server.

HackShield hacking monitoring system *
Monitors hack attacks and errors occurred in the game client in real time. You can access the HackShield hacking monitoring system through the web, and generate various reports.

* features are either enhanced from previous generation or newly added

Client File Types

There are other files which come with the sdk but those are for server only and doesnt required

next i will keep describing hackshield driver exceptions which can occur during startup

Ahnlab Hackshield Download

HackShield Driver Error
[ErrorCode: 0x00000102] Failed to initialize HackShield driver
Symptoms
1. An error message (Error Code: 0x00000102) occurs, and the game does not run.
Cause
 An error occurred when the HackShield driver is initialized.
 There could be a program that might prevent the driver from being initialized

Ahnlab Hackshield

Solution
1. It could be a temporary error, restart the game.
2. There could be a program that might prevent the driver from being initialized. Restart the computer
and then run the game again.
If the error persists after following the above procedure, perform the step below:
 Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].
[ErrorCode: 0x00000108] Failed to initialize HackShield module
Symptoms
1. An error message (Error Code:0x00000108) occurs, and the game does not run.
Cause
 An error occurred as HackShield is not compatible with Symantec’s EndPoint Protection.
 This error does not occur in EndPoint Protection version released from 2010.
Solution
 Visit Symantec website, and download the latest EndPoint Protection and reinstall it
If the error persists after following the above procedure, perform the step below:
 Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].

[ErrorCode: 0x00000203 – 4] Failed to start HackShield driver
Symptoms
1. An error message (Error Code: 0x00000203 or 0x00000204) occurs, and the game does not run.
Cause
 An error occurred when the HackShield driver is loaded.
 There could be a program that might prevent the HackShield driver from being loaded.
Solution
1. It could be a temporary error, restart the game.
2. There could be a program that might prevent the driver from being initialized. Restart the computer
and then run the game again

If the error persists after following the above procedure, perform the step below:
 Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].
[ErrorCode: 0x00010301] Hooking Detection
Symptoms
1. An error message (Error Code: 0x00010301) occurs, and the game is terminated.
Cause
 Hooking has been detected in a system file or HackShield file.
 There could be a conflict with a program installed on your PC.
 (HackShield 5.3.7.1 version may detect steam programs.)
Solution
A. Terminate the Steam program. Or, remove the program.
If hacking attacks keep on being detected after following the above procedure, perform the step below:
 Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].
[ErrorCode: 0x00010302] Failed to load HackShield driver
Symptoms
1. An error message (Error Code: 0x00010302) occurs, and the game is terminated.
Cause
 The HackShield driver has not been properly loaded.
 There could be a program that might prevent the HackShield driver from being loaded.
Solution
1. It could be a temporary error, restart the game.
2. There could be a program that might prevent the driver from being initialized. Restart the computer
and then run the game again.
If the error persists after following the above procedure, perform the step below:
 Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].

[ErrorCode: 0x00000203 – 4] Failed to start HackShield driver
Symptoms
1. An error message (Error Code: 0x00000203 or 0x00000204) occurs, and the game does not run.
Cause
 An error occurred when the HackShield driver is loaded.
 There could be a program that might prevent the HackShield driver from being loaded.
Solution
1. It could be a temporary error, restart the game.
2. There could be a program that might prevent the driver from being initialized. Restart the computer and then run the game again.

If the error persists after following the above procedure, perform the step below:
 Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].
[ErrorCode: 0x00010301] Hooking Detection
Symptoms
1. An error message (Error Code: 0x00010301) occurs, and the game is terminated.
Cause
 Hooking has been detected in a system file or HackShield file.
 There could be a conflict with a program installed on your PC.
 (HackShield 5.3.7.1 version may detect steam programs.)
Solution
A. Terminate the Steam program. Or, remove the program.
If hacking attacks keep on being detected after following the above procedure, perform the step below:
 Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].
[ErrorCode: 0x00010302] Failed to load HackShield driver
Symptoms
1. An error message (Error Code: 0x00010302) occurs, and the game is terminated.
Cause
 The HackShield driver has not been properly loaded.
 There could be a program that might prevent the HackShield driver from being loaded.
Solution
1. It could be a temporary error, restart the game.
2. There could be a program that might prevent the driver from being initialized. Restart the computer and then run the game again.
If the error persists after following the above procedure, perform the step below:
 Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].

Ahnlab Hackshield Metin2

[ErrorCode: 0x00000004] Application compatibility error when initializing HackShield
Symptoms
1. An error message (Error Code: 0x00000004) occurs, and the game is terminated.
Cause
 The game client has been executed in Windows Compatibility Mode.
Solution
2. Right-click on the game icon, and select Properties.
3. Select the Compatibiltiy tab as the picture below.
4. Check whether compatibility mode is enabled. Disable it.
If the error persists after following the above procedure, perform the step below:
 Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].

Ahnlab Hackshield

This is the possible external HS errors which can occur and will be visible to the end user, on next part we will focus on internal exceptions that can occur during gameplay