Hey RE friends.
I recently spent a large amount of time digging inside the US client of AK to understand what makes it different compared to the FR and DE ones, when trying to inject/eject dlls, attach/detach debugger and use breakpoints while in game.
I had some really hard time to figure what was causing this with a nearly identical game.bin, and I finally found what causes this. It appears to be an unknown module (not coming from any dll on your machine) inserted in the game process by an unidentified thread, that will run silently and start another thread when entering in game that will defeat anything stated previously. The thread is then stopped when returning to the char selection.
From what I found over the web it seems to be something similar to what they use in Battlefield 4, named Paladin.
seg000:000C4A58 0000005B C Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
The good news is that it can be defeated by hooking the CreateThread kernel function and making it return when trying to start code at this address (using some patterns to identify the code). The maybe bad one is that it could send any information to the server that could make them suspicious of they are not sent any longer.
And here I am, requesting help to determine wether or not this code can be killed like this without any risk, or find a better solution to nullify it silently. I'd also be curious to know how it is injected in the process.
In any case I add as an attached file the full module dump. Feel free to crush your mind on it too .
edit : the module was @0x2AB50000 and the guilty thread start @0x2ab547ee from 0x2AB548CC