GameGuard Update

[D00MR4ZR]

Due to newest GameGuard update on 22.09.2009. ALL Kernel Hotkey based Rappelz and other games bots by Yorick Jester have been BLOCKED by GameGuard.

This involves (PUBLIC) Gertos'es Bot, Kevzor's Bot and Altaric's Bot. Status for VIP bots is not to be discussed.
Altaric is working on a way to fix that detection so people can bot again. If it will not be possible best way to do it is to crash GameGuard and this is what I will do.

Also I will release full source code of one of the bots to public after I see 50 Thanks here and 20 posts.

PS: to NightDragon : please sticky this on few days so people see it and get informed...

[noob79]

thats what i said in my post

[KentuckyFC]

No you dont^^

[pahntom83]

now we need new Kernel Hotke?

[noob79]

sure, i did^^
look @ my thread. i wrote that kevzor beta is now detected

[KentuckyFC]

that doesnt mean kernel hotkey is detected there are more than one kernel hotkey driver

[jbm97591]

More examples of bots maybe perfect for a future.

cya

[kevzor]

its not the driver thats detected (they just blocked the comunication function to talk to it aka: DeviceIOControl)

[urn357]

And as I have posted on pinnacle sticky thread. Pinnacle is also blocked now also if any are using the "dumb" bot.

[D00MR4ZR]

Yes, well yea source will be released after 50 thanks here...

[Night Dragon]

Quote:

Originally Posted by doomrazr

Yes, well yea source will be released after 50 thanks here...

Please don't start that again Doom.

[D00MR4ZR]

lol its the same as with bot fair...and source pwnz

[RaZoriX]

gogo cry for respect ... and get your thanks ... btw for what? copy kernel driver and say its my own ... no thanks

[Yorick_Jester]

Ans: Kernel Keyboard filter
From: Yorick <уθя¡ςκ@θβƪ¡τΔ.ςθм>
Date: Sat, 11 Jul 2009 14:29:50 -0300
To: Oscar Lain

Hmmm, you are the first one to tell that it's currently not working with gameguard, if the gameguard team is filtering my drivers on kernel32.dll through some detour it's related with the devices created by my drivers, their names and the DeviceIoControl API, CreateFile, etc. As I've shown you, my driver create the devices Keyboard0, Keyboard1, ... and the user mode dlls are plain standard dlls which communicate with this devices through the DeviceIoControl API, CreateFile, etc (e.g. kbd.Write maps to a DeviceIoControl call). So if there is a detour filtering my device names ( Keyboard0, ... ) in kernel32.dll, stoping the communication with them, you may try a simple tweak that may solve this easily. Using a binary editor like HxD you open KernelHotkey.dll and look for the string keyboard0 and change it to another one with the same amount of characters like k3yb04rd0 and save, you must do the same for mouse0. Now, open keyboard.sys and change all the keyboard0 unicode strings to look like the ones from the new KernelHotkey.dll (k3yb04rd0). Do the same with mouse.sys file. This binary edit will propably solve the problem with gameguard if there's such a problem. I've not heard from other sources of such a problem with KernelHotkey till now, good luck and report me whether you achieves success on this on Vista 32 and gameguard.

See Ya.

Oscar Lain wrote:
> Works great on Vista 32bit as expected, but still cant manage to work when funny ass gameguard is running...
> It does some changes/detours up Kerner32.dll.
> Copying Kernel32.dll to application directory gives me ability to write out some keystrokes but after like 10 it hangs up all system...
> Is there a way to bypass kernel32 in whole process?
> Does Write and Read Functions in kernel32.dll calls some other components/dll's?
> When gameguard is running kbd.Read returns null (if i dont put kernel32.dll in application directory) Thanks for you help so far =)
> Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! Try it!

Quote:

Originally Posted by kevzor

its not the driver thats detected (they just blocked the comunication function to talk to it aka: DeviceIOControl)

[D00MR4ZR]

Thanks on nice input Yorick!