HOT My solution to Kill GameGuard

DamoniousB · 03/07/2006, 18:32

lets just hope we dont have to wait very long ^^

the glass is half full :P

~~matty87~~ · 03/07/2006, 18:32

@Khyl

maybe your bot collected it and dropped it into the storage

grishathebest · 03/07/2006, 22:48

I am guessing that jMerlin can help us out with this- if i am correct, you need to make a small emulator that will send the packet saying that GG is running to the server.

Sorry if im wrong in advance >.<

~~jMerliN~~ · 03/07/2006, 23:39

On the contrary I'm working on a fix that will run SROBot with the gameguard version intact =).

Basically silkbot.exe is just a generic loader that sits and waits for sro_client.exe to be loaded ( copy your notepad.exe and rename the copy to 'sro_client.exe' then execute it and attach ollydbg to it and you'll see that silk.dll is injected ). Basically there's 2 circumstances. Gameguard is pre-empting it and loading before it can inject its code.. thus hiding it from the process list ( like I said a loader made using windows would be more efficient since hiding the window would prevent the game from drawing ), however there's one other thing that could be happening. Silkbot is injecting silk.dll when sro_client.exe is loaded ( it can happen since sro_client.exe executes gameguard.des, which means it's 100% loaded and mapped into memory first.. ) and gameguard is unloading the module from memory.

I'm banking on the second one since gameguard is lame as hell. Since I know that silkbot.exe simply injects silk.dll ( that's it ) into sro_client, I'm going to simply make an injector similar to my gunbound one that will inject through gameguard into sro_client. The source-code will be posted along with the binary and the bot will run with gameguard intact.

There's also 1 other thing:

Reading into sro_client.exe ( the dumped one.. i TOLD you I had the source now since I have the ASM which means I can patch gameguard checks ).. I found that the source of this error:

sro_client.exe(3644) - Unhandled Exception ACCESS_VIOLATION (0xc0000005) at address 0x00550a62
in module C:\Program Files\Silkroad\sro_client.exe(2006-03-07:10-28-12).
Registers:
EAX 00000000 EBX 00000000 ECX 01F23E08
EDX 012869D8 ESI 00000000 EDI 00000011
CS:EIP 0000001B:00550A62 SS:ESP 00000023:0012D648 EBP 00000023
C:\Program Files\Silkroad\sro_client.exe at address: 550a62
C:\Program Files\Silkroad\sro_client.exe at address: 559b19

Is caused by a mov operation following a conditional jump that is not taken resulting in an unhandled exception which effectively kills the process. So simply put, patching this mov statement ( it's a jnz, mov, retn.. so the mov does nothing important ) may disable the need to run gameguard to continue playing. We shall see, as I am patching my client at this very moment to see if the more simplistic solution works.

00550A62 C605 00000000 00 MOV BYTE PTR DS:[0],0

As you can see.. that's redundantly stupid.. mov [0],0 is a sure-fire crash. I'll patch it with NOPs and see what happens.

~~jMerliN~~ · 03/08/2006, 00:00

Quote:

Originally posted by Makaveli@Mar 7 2006, 03:24
oh, yeah i've noticed this too now, i'll search for the problem

I've added a link to the original sro_client.exe to my first post

btw the coders of the SROBot already working on a GameGuard proof version

If they e-mailed me the source to their loader I could have it gameguard proof in like 10 minutes because I've done it before -_-

HamHamMan · 03/08/2006, 01:33

Do you think you could try the same concept with this gameguard bypass in Maple Story? I've been trying to make a hack for maple and I'm too lazy to get Apache to work for me. Thanks

~~jMerliN~~ · 03/08/2006, 01:38

It's not really a bypass...

Your client will run until the next gg heartbeat and then poof. It dies.

You would need to have a very simple packet intercepting program monitoring packets to and from the client.. and when an incoming gg heartbeat comes, respond with the correct data without sending it to the client.. then you could run a non-gg client with a gg server.

grishathebest · 03/08/2006, 02:20

Cant wait for you to crack it fully

I think i undertand your post, but if u decide to keep gg intact then wont it still monitor the keyboard/mouse moevements so the macro wouldnt work?

Your last post sounds good though

~~jMerliN~~ · 03/08/2006, 02:32

Nah gameguard doesn't monitor anything lol.. it just prevents intrusions in the protected game =).

grishathebest · 03/08/2006, 02:47

O.O Someone posted before that it did >.<

naruto01 · 03/08/2006, 04:58

does anyone know this kind of spyware...
after this spyware got to my comp. my destop crewup and i can't change desktop background anymore...
and it keep telling me to get AdwareSheriff.....
plz help me out.....

skilled · 03/08/2006, 05:18

wrong topic o0

~~jMerliN~~ · 03/08/2006, 05:54

Well I got the bot to load around gameguard ( yes that image is with gamegaurd running )...

But apparently it needs its client running because it can't "login" or whatever...

The autopotting doesn't work.. if I hit Insert/Home/End it gives me that "Bot Login Failure" error and disconnects me from the server. So I'm gonna need to figure out why the hack does that ( I need to unpack the actual hack and the silkbot loader ).

But the good news -- I can inject past gameguard.

skilled · 03/08/2006, 06:01

Yay

Great news.. keep it up!!

2wire · 03/08/2006, 06:32

whoa, nice job on the bypass
and also you're hella high lvl, what server do you play in?!
nice job again

*HOT* My solution to Kill GameGuard

HOT My solution to Kill GameGuard