- engine.exe is packed with UPX
- HS is packed with Themida
Credits to Kanavel
I've seen numerous people having trouble trying to debug Combat Arms, The issue being it hides itself from the module list making it NOT show up in ollydbg, reclass, mhs, and just about anything else you may wanna use to browse through memory any how i figured i'd show you a bypass so that you can actually debug the game and maybe get your hack going, So far it seems that they load their driver onto your pc via LoadResource, the solution is simple just hook LoadResource, With this snippet Engine.exe will be visible in your module list and you will be able to use ollydbg without getting the "Debugger Found" crash
Code:
typedef HGLOBAL ( WINAPI * tLoadResource )( HMODULE hModule, HRSRC hResInfo );
tLoadResource oLoadResource;
HGLOBAL __stdcall hLoadResource( HMODULE hModule, HRSRC hResInfo )
{
__asm PUSHAD;
{
char szFileName[256] = { 0 };
GetModuleFileName( hModule, szFileName, sizeof( szFileName ));
if ( strstr ( szFileName, "EHSvc" ))
{
hModule = NULL;
}
}
__asm POPAD;
return ( *oLoadResource )( hModule, hResInfo );
}
Then just add the following to DllMain and you should be fine
Code:
DWORD dwLoadResource = ( DWORD ) GetProcAddress ( GetModuleHandle ( "Kernel32.dll" ), "LoadResource" );
oLoadResource = ( tLoadResource ) DetourFunction(( PBYTE ) dwLoadResource, ( PBYTE ) &hLoadResource );
HackShield Information 
Linear Mode
