[request] help bypass gameguard?

aterimperator · 02/20/2009, 04:12

EDIT for newcomers: post #7 has details on a way to memory scan and active debug rohan without ever disabling gameguard. This post show now continue in its entirety unmodified:

I'm basically stuck bypassing gameguard, primarily because I don't understand how to use olly (I understand what I want to do with it, I just don't understand Olly's interface).

If anyone can essentially tutorial me through bypassing gameguard, I would be very grateful, as well as I will share whatever I actually manage to get done (likely nothing, but I'd like to try anyway (I know what things can be done, I just don't know if I can do them)).

jra64 · 02/20/2009, 15:47

Hey aterimperator! I know an easy way to bypass or run Rohan without GG, which is to run it with the Rohan bot (white finger) program. I hope this helps!

aterimperator · 02/20/2009, 18:49

Unfortunately I don't feel like paying $8 for white finger to work.

jra64 · 02/20/2009, 23:46

Nono, you don't have to pay anything (I didn't). Just run the program and it won't be able to connect to the servers, but it WILL still bypass gameguard. See for yourself =). I'm sure you will know if there is a virus or not, because you seem like a knowledgeable guy. Also, make sure you get RohanBotEn1.0.27 because that's the only one that has worked for me.

malware666 · 02/21/2009, 11:37

above method wont last because the game will dc in approx. 2-5mins. therefore it is useless to use that method.

jra64 · 02/22/2009, 05:17

It will? I didn't test thoroughly, so this may be the case. But I'm pretty sure it lasted more than 2 min, but I will have to test for you guys.

aterimperator · 02/23/2009, 14:16

Well, I found a way to beat gameguard without disabling it. L. Spiro's program MHS (version 5 now), has a way to obscure itself. At first I didn't think it worked, but it turns out that when obscuring itself the "other" checkbox is the most important. If you change everything in order to obscure it, it'll take about 20 minutes in which it essentially recompiles itself (don't close the DOS window that pops up), and then gameguard won't bother you when you use it to memory scan or even debug (I have yet to code inject). Also MHS seems to be completely malware free, details here (in the 3rd post):

I'm releasing this primarily because I am having some difficulty locating some values and am looking for the processes required to find them. Here's a few I know are client sided:
~GM permissions (allowing you to use a variety of GM commands that run client side)
~Location (allowing you to easily teleport with some code injection)
~Reattack (if you disable casting animation you can up the speed at which you attack, and it acts similarly to multiplying your damage)
~Gameguard (obviously. You can disable this client side, this might be important later)
~Client side permissions to see player and monsetr's levels, hp, mana, etc. (turns out your client knows these values it simply doesn't tell you)
~Permissions to see Dhan/Dekan names while in assassination mode (again, your client apparently knows, or is perhaps able to query the server, it just doesn't tell you)
~Permissions to see all player names while YOU are in assassination mode (see above)
~Skill cooldowns (this will require some code injection to use well)
~It is possible to "cast spells while moving", I assume this means that casting animation is what stops you from moving, so if we can find what calls the casting animation we simply remove that (probably with a little bit of code injection, but could be avoidable).
~It is possible to remove the chat filter, again turns out the client knows it just doesn't bother to tell you.

Essentially I'm releasing this with an "all I ask is that you share what you found with me in PMs".

aterimperator · 02/23/2009, 14:45

I'm going to double post because my last post was large and these posts are mostly unrelated, I hope this board doesn't auto edit it together...

Anyway, while the above allows us to pretty much do what we want, it's possible that we won't be able to code inject or something like that later. As far as actually bypassing gameguard here is where I am:

On the cheat engine forums there are two posts that when combined should detail how to beat gameguard. Unfortunately, they don't work. There are a few ways to stop gameguard by assembly editing the file (primarily by using OllyDBG): denying gameguard the right to gain a handle on rohan.exe (through create processA modifications), stopping gameguard from launching at all, and I'm drawing a blank on the others at the moment.

The problem with all of these methods (most bypassers will use multiple fixes), is that the server queries your client for gameguard, and if it does not see the proper response it will not let you enter the server (i.e. you can get to the character selection screen, that's where it queries your client, if the query fails you will not be able to click the "Start" button that lets you play on the server). Supposedly changing the assembly command from MOV EAX,262 to MOV EAX,755 is meant to fix this and report correctly to the server, however this fix did not work for me. Details here (note the first post is a compilation of several ways to do the disable):

vegetaz · 02/24/2009, 19:06

My *** aterimperator you are soon going to be better than Sorien himself !!!! I will search for any ways to deleat game gard. ROHAN HERE WE COME.

aterimperator · 02/25/2009, 04:06

I can't be as good as Sorien because my progress borrows extremely heavily from Sorien's work. On top of that, I'm likely to stop trying, I allow myself 1 hacking project a year so as to avoid having an obsession eat up too much time, and the time I allow myself is almost up.

I also found a guild that actually makes the game fun (I usually hack MMORPGs because I don't actually tend to enjoy them (particularly free ones)), and I believe it would be unfair for me to associate with them while hacking, and as such I'm probably going to give up hacking and join that guild and have fun.

Besides, I'm pretty sure this project has already taught me the majority of what I can learn from it, and that's the only reason I hack in the first place.

fusionbreak · 06/27/2009, 18:51

I've finally done it. The gameguard finally cannot detect the MHS.exe but the problem is the speed hack doesnt work for rohan.exe which is in hidden mode in the process...T_T.
CAn you please send some examples of codes to be injected to it, will help me a lot..

fusionbreak · 06/27/2009, 18:52

Thank you very much ...

trigoprog · 06/28/2009, 08:30

Quote:

Originally Posted by aterimperator

I'm going to double post because my last post was large and these posts are mostly unrelated, I hope this board doesn't auto edit it together...

Anyway, while the above allows us to pretty much do what we want, it's possible that we won't be able to code inject or something like that later. As far as actually bypassing gameguard here is where I am:

On the cheat engine forums there are two posts that when combined should detail how to beat gameguard. Unfortunately, they don't work. There are a few ways to stop gameguard by assembly editing the file (primarily by using OllyDBG): denying gameguard the right to gain a handle on rohan.exe (through create processA modifications), stopping gameguard from launching at all, and I'm drawing a blank on the others at the moment.

The problem with all of these methods (most bypassers will use multiple fixes), is that the server queries your client for gameguard, and if it does not see the proper response it will not let you enter the server (i.e. you can get to the character selection screen, that's where it queries your client, if the query fails you will not be able to click the "Start" button that lets you play on the server). Supposedly changing the assembly command from MOV EAX,262 to MOV EAX,755 is meant to fix this and report correctly to the server, however this fix did not work for me. Details here (note the first post is a compilation of several ways to do the disable):

i dont have that much exp in hacking with olly but with basic logic could you use olly to edit the client so that the start button will stay up? or couldn't you just use WPE to get the packet of what happens when you press start in the normal client with the botsmall bot temporary bypass and then use that same packet and send it to the server when you get to the start screen? i hope u get what im trying to say clearly i hope it works