Another option would be a selfmade driver. Even tho GG is ring3, we dont rly need to go ring0 ro achieve that, it just makes it being an easy solution without much reversing of GG.
[Windows 7 x64] Gameguard Bypass for CE
10/22/2020 16:56
netHoxInc#46
10/22/2020 22:04
cookie69#47
There is even a better and powerful free tool called Windows Kernel Driver and it works with 32/64 versions from windows Xp to win10:Quote:
the kernel driver is only for w7 x64. u can try it with titanhide but i didnt give support for it.
[Only registered and activated users can see links. Click Here To Register...]
But even after I hided CE, it still get's detected by gg so maybe you need to understand how CE gets detected (maybe a noob window search, a registry search...)
By the way, WKE is detected by antivir but it is false positive as it is using a fake sign certificate which gets detected by most antivir.
[Only registered and activated users can see links. Click Here To Register...]
10/26/2020 02:38
TheAllfather#48
In the past this was the only method that has worked for me and im scared to install a windows 7 version on top of my windows 10. I feel like this is going to break my computer lolz
I have tried editing cheat engine window title, button, process name and rename some buttons to something else but it still got detected.
I have tried editing cheat engine window title, button, process name and rename some buttons to something else but it still got detected.
10/26/2020 12:52
Hömer#49
Just use a Virutal Machine. This is easy to install and to configure.Quote:
I have tried editing cheat engine window title, button, process name and rename some buttons to something else but it still got detected.
If you have Windows 10 Pro - Use Hyper-V.
12/09/2020 02:54
I Feelz I#50
Quote:
[Only registered and activated users can see links. Click Here To Register...]
But even after I hided CE, it still get's detected by gg so maybe you need to understand how CE gets detected (maybe a noob window search, a registry search...)
By the way, WKE is detected by antivir but it is false positive as it is using a fake sign certificate which gets detected by most antivir.
[Only registered and activated users can see links. Click Here To Register...]
did u disable the patchguard from w10 before?
12/15/2021 13:20
Gyakusatsu-#51
everything's fine.
1. PatchGuard disabled (even windows10 (also 17134+))
2. Hidecon -ph /* (PID) CheatEngine (v7.3) */
3. Starting play2bit-deFlyff in Virtualbox without Sound actived ( Warning MSG before GG can start, for (me) more time analysing PID+Attach Neuz.exe )
4. Detecting.
Same Method on patched x64 Windows-10 (also 17134+with UPGDSED)
4. Detected.
Next try: TitanHide (Both x64 Windows-7001 and Windows-10)
1. Until step warning ''no Sound'' so, I have enough time to explore the PID of Neuz and Attach with CE / x64dbg
2. Hiding after Attach via GUI
( 2.5 hiding PID with Hidecon )
3. Detected.
i think there is a system of instant closing after Attach with Debugger
maybe i am using wrong version of CE / 64dbg?
maybe i should attach GameMon.des to hide?
Also i would talk about the code of changing the interface of CE..just as repack.
Here's the code:
1. PatchGuard disabled (even windows10 (also 17134+))
2. Hidecon -ph /* (PID) CheatEngine (v7.3) */
3. Starting play2bit-deFlyff in Virtualbox without Sound actived ( Warning MSG before GG can start, for (me) more time analysing PID+Attach Neuz.exe )
4. Detecting.
Same Method on patched x64 Windows-10 (also 17134+with UPGDSED)
4. Detected.
Next try: TitanHide (Both x64 Windows-7001 and Windows-10)
1. Until step warning ''no Sound'' so, I have enough time to explore the PID of Neuz and Attach with CE / x64dbg
2. Hiding after Attach via GUI
( 2.5 hiding PID with Hidecon )
3. Detected.
i think there is a system of instant closing after Attach with Debugger
maybe i am using wrong version of CE / 64dbg?
maybe i should attach GameMon.des to hide?
Also i would talk about the code of changing the interface of CE..just as repack.
Here's the code:
12/03/2024 12:53
rftech23#52
Quote:
I personally had to re-patch the kernel to be able to use CE again but it is working and it is undetected with Windows 7 x64 bits :)
Hello, nice work here!
So, I was trying to bypass the hackshield on a certain Flyff pserver via reverse engineering its MiniA.exe via x32dbg software. The results got me stuck so below are the steps i did including the results of each.
1st. I did the sunkist method so i can launch the MiniA.exe via shortcut so it looks like i launch it on launcher.
2nd. I attached the MiniA.exe to x32dbg app to reverse the address where 'EHSvc.dll' is located. Did changes i have found on the internet. (changing the memory address of 'EHSvc.dll' to 2 bytes (00 00))
3rd. So, after the modifications, i have patched the MiniA.exe to the game folder but with different name so the original MiniA.exe would be backed up.
4th. Changed the names on the game folder so I would run the MiniA.exe(patched) via MiniA.exe - shortcut.
5th(result1). Right after launching the MiniA.exe - shortcut even in administrator, the process exits immediately. So, attached MiniA.exe(patched) again on debbuger to modify the kernel32.ExitProcess. Locates its address and assembled it to 'ret' so it wont exit.
6th(result2). After doing the first workaround and patched it, i ended up with an .exe that could not be read by the game so i guess that was not the right move, i even did the same modification on kernel32.TerminateProcess but ended up with the same result.
Now i am kinda stuck with this and been searching for workarounds tho. Any clarifications on my steps that made me wrong is highly appreciated!
Thanks guys