Bypassing Gameguard

Just wondering if anyone's had any luck bypassing gameguard, I've been trying multiple different methods but nothing seems to work for this release.

I've tried OllyDbg but I think I'm having problems because the game is run through a launcher, not sure.

Any help from the gurus over here would be much appreciated.

You can start it via client.exe, you just need the launch parameters. A quick Google will get you them (Im not at a computer to copy them for you sorry)
I didnt remove gg, I just disabled scans of external processes so I could use ce without my game closing. I'm trying to keep minimal invasion in case they add the heartbeat later :p

Thanks for the quick response Izeliae. I've been going at it since, tackling each error at a time.

I'm quite new to OllyDbg and have only used it a handful of times in the past (with the help of some great guides).

The guide I'm currently using as a reference is for another game, so I can safely assume I'm doing something terribly wrong.

I assume the launch parameters you're referencing are as follows :

/LauncherID:"NCWest" /CompanyID:"12" /GameID:"BnS" /LUpdateAddr:"updater.nclauncher.ncsoft.com"

I assume these are to be added to the arguments?

As a side note, I've attempted to load both Client.exe and NCLauncher.exe, NCLauncher I don't receive an error on load, but Client.exe lets me know that the entry point is outside the code. Either way, I can continue.

Now I've run the program and get an access violation, which I promptly Shift + F9 to pass exception and run. Once through passing exceptions, my thread is terminated with exit code 0 (success I believe!).

Now (assuming I haven't already screwed the pooch), this is where I start being confused.

I'm currently toggling a breakpoint on the first RETN below the highlighted lines, but receive the message that the breakpoint is outside the code section, so I assume this is wrong. After setting a memory breakpoint on access for the Client code, I'm also unable to analyze (ctrl+a), and the referenced text strings are all garbage.

I appreciate the help so far, and don't expect to be spoon fed, but any/all help is greatly appreciated. I look forward to sharing my grand plans once they're set in motion :D

Are you using anything like scyllahide to avoid themida anti debugger?

Quote:

Originally Posted by Izeliae You can start it via client.exe, you just need the launch parameters. A quick Google will get you them (Im not at a computer to copy them for you sorry) I didnt remove gg, I just disabled scans of external processes so I could use ce without my game closing. I'm trying to keep minimal invasion in case they add the heartbeat later :p

Could you elaborate on the disabling of external process scanner ?

there is a already a gg killer for bns , works flawlessly.

just google "bns antigg alternative" - reddit post

I'm using both AADP and Olly Advanced (AADP for anti debug and Olly Advanced for 64x support).

I noticed that reddit post sama11, but it's a .dll file that doesn't exist in my folder. I assumed that's only working for the TW version (since their GG doesn't support W10 like ours). Is it somehow working for you?

I tried scyllahide, but I'm receiving the same error. I tried doing a hardware breakpoint instead of a standard INT3 but that didn't work out either.

I'm going to do a big more digging around and see what I can find.

it should work on all BNS localizations except BNS CN,

im actually using his other version of gg killer with injection.
[Only registered and activated users can see links. Click Here To Register...]
1. extract to bin folder
2.start loader.exe /d:antigg.dll client.exe /launchbylauncher /sesskey /CompanyID: "12" /ChannelGroupIndex: "-1" /LoginMode 2 -lang:English -region:1

region:0 - NA
region:1 - EU

Quote:

Originally Posted by sama11 it should work on all BNS localizations except BNS CN, im actually using his other version of gg killer with injection. [Only registered and activated users can see links. Click Here To Register...] 1. extract to bin folder 2.start loader.exe /d:antigg.dll client.exe /launchbylauncher /sesskey /CompanyID: "12" /ChannelGroupIndex: "-1" /LoginMode 2 -lang:English -region:1 region:0 - NA region:1 - EU

tried this, but gameguard still runs, it just bypasses the launcher.

GG is much simpler to bypass than most realize. Try messing with Process Hacker a bit...

It's like people don't even read the posts. Some russian guy already killed GG and there was even a direct link in this thread.

Quote:

Originally Posted by godsblight tried this, but gameguard still runs, it just bypasses the launcher.

You obviously did not tried it.
[Only registered and activated users can see links. Click Here To Register...]

Can confirmed. Gameguard is not present after this. However, I did not stay long to check if I get disconnected due to heartbeat.

Now, let the bot development begin!

Tip: Make a bot that enters a dungeon to kill the boss, take the reward. Get out of the dungeon by reverse reading the waypoint then enters again. ;)
Imagine how many materials you can farm with that!

Worked for me as well. For what I've heard there's no heartbeat present, and I wasn't getting disconnected after a couple hours.

I'm going to try to find an alternate method for this just in case ;P

Good idea killzone, my next step is to find x/y coordinates to make that easier!

Edit : Thanks Sama11

Seems to be fixed with the recent patch, guess back to step one.

What is seems to be patched? The antigg? It still works.

Seems there was an issue of GG detecting Windows Defender, even when using the antigg.

I was receiving the error that a debugger was present on the system and it wouldn't even let me load the game, disabling windows defender and restarting seemed to fix the issue.

Wasn't antigg supposed to disable this scan?