FOREWORD
Not long before a BMR patch was out, a clientless bot called TzPhQy sailed over internet.Many people beleive it to have malicious functions to stole your accounts, so to clear this out (i'm also using it, and don't want to lose my accounts ) i started my IDA and loaded bot's GameMon.des into it. After all weeks of study in disassembler i haven't found any evidence of it being a trojan or how most people prefer to call it "keylogger", but studied alot about how it works.How it connects to server, decrypts and encrypts packets, how it emulates GameGuard in order to stay connected. The most amazing thing that the used approach is actually very easy and can be appiled for original client as well, i even wonder why no one have done it before (or does it stays in UG?) Anyway, i have done it and now releasing this to public. Enjoy!
Note:This is complete bypass, NOT some kind of "downgrade".It brings down all GameGuard's security measures (rootkit,Tychoon AV,client process protection,CRC checks,API hooks,and so on).This way, it allows you to:
* Use any kind of packet sniffers (WPE,...)
* Use any kind of scripts or pixel/memory based bots (2MBot,AutoIt scripts,...)
* Use any kind of memory-based hacks (UCE, Rev.Engine,...)
* Attach a debugger to client process
* Run unpacked or modified client exectuable
* Run multiple clients at the same time without any hassle
* Avoid all common errors related to GameGuard
===== HOW TO USE =====
1) Backup your bin\GameGuard folder (this is optional.If something goes wrong, you could always restore your working client)
2) Extract attached archive to bin folder, make sure to overwrite 2 files - GameGuard\GameMon.des and GameGuard\npggNT.des
3) Purely optional : copy launcher.exe to any desired location. You may as well leave it in bin folder and create a shortcut to it.Launcher does not have to be in the same folder with client exe.
4) Start launcher.exe - a window will appear:
Following things are available to change here:
* "Game path" - enter client exetuable name and path here.You may specify only exe-name without path, if launcher is located in the same folder with client.You may also to press "..." button to bring up file selection dialog.
* "..." button allows you to select game exectuable
* "Process write address" - Address used for DLL injection.If you experiencing client crash right after pressing "Launch" button, try changing it. However, the default value should be OK in most cases.
* "Autoclose launcher" - self explanatory
* "Launch" button - press to start client with GameGuard bypass
Notes:
- You may select either dekaron.exe or dekaron_nsse.exe
- It WILL work even with unpacked (y0da crypter/ASProtect or both is removed) client exe, but it MAY NOT work properly if you have altered client code, related to GameGuard.
5) Press "Launch" button. In case of success, client loading screen will appear, you will NOT see GameGuard upgrading, and inversed shield icon in system tray will appear
Good luck and have fun
Command line syntax for launcher
You can use command line argumanets .Arguments can be placed in any order and should be separated by whitespace.All parameters are optional (if particular parameter is not specified, a default value will be used).If command line arguments is used, launcher window will not appear.
/A:<write_addres> (deafult : "60000000" )
/P:<game_exe_path> (default "dekaron.exe")
/C:<client_command_line> (default: " ,preceding")
Example: "launcher.exe /P:C:Program Files\Accalim\2moons\bin\dekaron.exe"
This version doesn't work for Dekaron-EU
If it doesn't work for you, please don't just post "ZOMG IT DUN WORK", no one will be able to help.Post what kind of OS (WinXP,Vista,...) and game (2Moons,Dek-EU,..) you trying to run this on, with detailed explanation of problem! I also suggest you to include contents or attach log file"killer.log" which is created in bin folder when you run this program.
----------- 22.08.2008 : updated to v1.2 ---------------
+ Update with GameGuard Revision 1222
IMPORTANT: If you're experiencing emulator error (with subsequent DC) within ~9 minutes after login, try to delete (or move) files gameguard.des in GameGuard and bin folders.
----------- 30.07.2008 : updated to v1.1 ---------------
+ Fixed stupid "mfc.dll not found" error for some people
+ Fixed "killer.log" being messed up if you have multiple clients running
+ Fixed GameGuard emulation - this should help people who experience DC ~3min after loggin to game
+ Added command line support for launcher. See above for syntax.
+ Minor fixes