Bypassing and hooking GameGuard

[umbraga01]

There are 2 ways to bypass GameGuard

this is the 1st one..
To bypass SSDT hook, you do it by allocating a section of memory to the size of KeServiceDescriptorTable->TableSize*4. TableSize returns the number of entries and you multiply that by four because each entry is 4 bytes long. So anyway, once you've got your memory allocated you copy the original table into the new table and then change the tables base address to that of the new address. And you do the same for the shadow table.
https://img266.imageshack.us/img266/2141/6d387684pp3.png

If GameGuard is so arrogant on the address of ServiceTable base address, we can change it, without them knowing. So this is what I will do:

1. Allocate KeServiceDescriptorTable->TableSize*sizeof( PVOID ) byte of memory

2. Copy KeServiceDescriptorTable->ServiceTable into the memory

3. Set KeServiceDescriptorTable->ServiceTable to point to the memory.

4. Wait for GameGuard to load, they will hook the memory allocated instead of the real SSDT

5. Restore KeServiceDescriptorTable->ServiceTable with the original address.

6. Do the same to KeServiceDescriptorTableShadow….

Ok thats what i got soo far:

Code:

ULONG size;

unsigned realTable;

NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)

{

DbgPrint("Driver Loaded!");

PVOID *faekTable; size = KeServiceDescriptorTable->TableSize*4;

realTable = (unsigned)KeServiceDescriptorTable->ServiceTable;

faekTable = ExAllocatePoolWithTag(0, size, 0x31323334);

memcpy(faekTable, KeServiceDescriptorTable->ServiceTable, size);

(unsigned)KeServiceDescriptorTable->ServiceTable = (unsigned)&faekTable; //Found GG //Sleep(20000); (unsigned)KeServiceDescriptorTable->ServiceTable = realTable;

return STATUS_SUCCESS;

}

credits: the_undead, ******ph and Surpintine

Another way..

Now on to what you've been waiting for
Here goes:
==========================
1) Download the Old GG Version
to get old GG you will have to redownload rakion and get the GG files BEFORE you update the game.

2) Extract the old GG files to the GameGuard Folder (NOTE: don't forget to back-up, just in case)

3) Select all GG files in the folder (including the hidden one)

4) Right-Click on any of the files-> Then click Properties

5) Select Read Only, then hit OK

6) Download PC Protect

7) Install (if you haven't done so already) PC Protect

8) (-=OPTIONAL=-)Patch PC Protect to unlock full version

9) Select all the GG files

10) Right Click on any of the files-> Mouse over PC Protect (this is only available after you install PC Protect) ->Click on Lock (in all 3 tabs select "Read-only") and hit OK


What all this does:
With the locked in files, GameGuard will try to update by downloading the files, however since all the files are read-only locked and cannot be overwritten, the Gameguard will just download the files and not do anything with them. However since the GG files are still considered to be proper, gameguard will consider them as the new ones. Now the only way they can stop this is to literally introduce a new version of the game

A few things I have noticed:
-------------------------
Occasionally you will notice that the game will exit saying something about the GameGuard folder, contact your administrator, bla bla bla.... Now unless you want to contact the GM and tell him that you're Bypassing Gameguard, preventing Gameguard from updating, hacking, and modifying the game, I suggest you just ignore this warning. It doesn't affect your gameplay at all (besides the fact you gotta re-load MU again)
--------------------------

You must have PC Protect running at all times, or the game will say "Gamehack detected" and boot you out of the game. This is why I recommend updating the Optional step 8 so that the program will always work (instead of expiring after 30 days)

just got this from other sites, (i hope im not breaking any rules here)
credits: romerdir047

https://www.virustotal.com/file-scan/...97a-1298082621
pcprotect.rar - Jotti's malware scan

[Alen]

Add scans for the attachment, nice of you to give credits lol. And no, you're not breaking any rules as long as you don't advertise the other sites

[umbraga01]

Add scans for the attachment, nice of you to give credits lol. And no, you're not breaking any rules as long as you don't advertise the other sites

okay sir! hehe

[icebox346]

There are 2 ways to bypass GameGuard

this is the 1st one..
To bypass SSDT hook, you do it by allocating a section of memory to the size of KeServiceDescriptorTable->TableSize*4. TableSize returns the number of entries and you multiply that by four because each entry is 4 bytes long. So anyway, once you've got your memory allocated you copy the original table into the new table and then change the tables base address to that of the new address. And you do the same for the shadow table.
https://img266.imageshack.us/img266/2141/6d387684pp3.png

If GameGuard is so arrogant on the address of ServiceTable base address, we can change it, without them knowing. So this is what I will do:

1. Allocate KeServiceDescriptorTable->TableSize*sizeof( PVOID ) byte of memory

2. Copy KeServiceDescriptorTable->ServiceTable into the memory

3. Set KeServiceDescriptorTable->ServiceTable to point to the memory.

4. Wait for GameGuard to load, they will hook the memory allocated instead of the real SSDT

5. Restore KeServiceDescriptorTable->ServiceTable with the original address.

6. Do the same to KeServiceDescriptorTableShadow….

Ok thats what i got soo far:

Code:

ULONG size;

unsigned realTable;

NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)

{

DbgPrint("Driver Loaded!");

PVOID *faekTable; size = KeServiceDescriptorTable->TableSize*4;

realTable = (unsigned)KeServiceDescriptorTable->ServiceTable;

faekTable = ExAllocatePoolWithTag(0, size, 0x31323334);

memcpy(faekTable, KeServiceDescriptorTable->ServiceTable, size);

(unsigned)KeServiceDescriptorTable->ServiceTable = (unsigned)&faekTable; //Found GG //Sleep(20000); (unsigned)KeServiceDescriptorTable->ServiceTable = realTable;

return STATUS_SUCCESS;

}

credits: the_undead, ******ph and Surpintine

Another way..

Now on to what you've been waiting for
Here goes:
==========================
1) Download the Old GG Version
to get old GG you will have to redownload rakion and get the GG files BEFORE you update the game.

2) Extract the old GG files to the GameGuard Folder (NOTE: don't forget to back-up, just in case)

3) Select all GG files in the folder (including the hidden one)

4) Right-Click on any of the files-> Then click Properties

5) Select Read Only, then hit OK

6) Download PC Protect

7) Install (if you haven't done so already) PC Protect

8) (-=OPTIONAL=-)Patch PC Protect to unlock full version

9) Select all the GG files

10) Right Click on any of the files-> Mouse over PC Protect (this is only available after you install PC Protect) ->Click on Lock (in all 3 tabs select "Read-only") and hit OK


What all this does:
With the locked in files, GameGuard will try to update by downloading the files, however since all the files are read-only locked and cannot be overwritten, the Gameguard will just download the files and not do anything with them. However since the GG files are still considered to be proper, gameguard will consider them as the new ones. Now the only way they can stop this is to literally introduce a new version of the game

A few things I have noticed:
-------------------------
Occasionally you will notice that the game will exit saying something about the GameGuard folder, contact your administrator, bla bla bla.... Now unless you want to contact the GM and tell him that you're Bypassing Gameguard, preventing Gameguard from updating, hacking, and modifying the game, I suggest you just ignore this warning. It doesn't affect your gameplay at all (besides the fact you gotta re-load MU again)
--------------------------

You must have PC Protect running at all times, or the game will say "Gamehack detected" and boot you out of the game. This is why I recommend updating the Optional step 8 so that the program will always work (instead of expiring after 30 days)

just got this from other sites, (i hope im not breaking any rules here)
credits: romerdir047

VirusTotal - Free Online Virus, Malware and URL Scanner
pcprotect.rar - Jotti's malware scan

Very old actually... Nice find anyway.

[CAFlames]

this could be good if I didnt find it posted on another site in 2004.

[Alen]

this could be good if I didnt find it posted on another site in 2004.

He said he took it from elsewhere...

[n4n033]

Copy and paste from another forum , give credits

[Alen]

Copy and paste from another forum , give credits

He did

[umbraga01]

Copy and paste from another forum , give credits

i already give credits..

[windowsxp925]

There are 2 ways to bypass GameGuard

this is the 1st one..
To bypass SSDT hook, you do it by allocating a section of memory to the size of KeServiceDescriptorTable->TableSize*4. TableSize returns the number of entries and you multiply that by four because each entry is 4 bytes long. So anyway, once you've got your memory allocated you copy the original table into the new table and then change the tables base address to that of the new address. And you do the same for the shadow table.
https://img266.imageshack.us/img266/2141/6d387684pp3.png

If GameGuard is so arrogant on the address of ServiceTable base address, we can change it, without them knowing. So this is what I will do:

1. Allocate KeServiceDescriptorTable->TableSize*sizeof( PVOID ) byte of memory

2. Copy KeServiceDescriptorTable->ServiceTable into the memory

3. Set KeServiceDescriptorTable->ServiceTable to point to the memory.

4. Wait for GameGuard to load, they will hook the memory allocated instead of the real SSDT

5. Restore KeServiceDescriptorTable->ServiceTable with the original address.

6. Do the same to KeServiceDescriptorTableShadow….

Ok thats what i got soo far:

Code:

ULONG size;

unsigned realTable;

NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)

{

DbgPrint("Driver Loaded!");

PVOID *faekTable; size = KeServiceDescriptorTable->TableSize*4;

realTable = (unsigned)KeServiceDescriptorTable->ServiceTable;

faekTable = ExAllocatePoolWithTag(0, size, 0x31323334);

memcpy(faekTable, KeServiceDescriptorTable->ServiceTable, size);

(unsigned)KeServiceDescriptorTable->ServiceTable = (unsigned)&faekTable; //Found GG //Sleep(20000); (unsigned)KeServiceDescriptorTable->ServiceTable = realTable;

return STATUS_SUCCESS;

}

credits: the_undead, ******ph and Surpintine

Another way..

Now on to what you've been waiting for
Here goes:
==========================
1) Download the Old GG Version
to get old GG you will have to redownload rakion and get the GG files BEFORE you update the game.

2) Extract the old GG files to the GameGuard Folder (NOTE: don't forget to back-up, just in case)

3) Select all GG files in the folder (including the hidden one)

4) Right-Click on any of the files-> Then click Properties

5) Select Read Only, then hit OK

6) Download PC Protect

7) Install (if you haven't done so already) PC Protect

8) (-=OPTIONAL=-)Patch PC Protect to unlock full version

9) Select all the GG files

10) Right Click on any of the files-> Mouse over PC Protect (this is only available after you install PC Protect) ->Click on Lock (in all 3 tabs select "Read-only") and hit OK


What all this does:
With the locked in files, GameGuard will try to update by downloading the files, however since all the files are read-only locked and cannot be overwritten, the Gameguard will just download the files and not do anything with them. However since the GG files are still considered to be proper, gameguard will consider them as the new ones. Now the only way they can stop this is to literally introduce a new version of the game

A few things I have noticed:
-------------------------
Occasionally you will notice that the game will exit saying something about the GameGuard folder, contact your administrator, bla bla bla.... Now unless you want to contact the GM and tell him that you're Bypassing Gameguard, preventing Gameguard from updating, hacking, and modifying the game, I suggest you just ignore this warning. It doesn't affect your gameplay at all (besides the fact you gotta re-load MU again)
--------------------------

You must have PC Protect running at all times, or the game will say "Gamehack detected" and boot you out of the game. This is why I recommend updating the Optional step 8 so that the program will always work (instead of expiring after 30 days)

just got this from other sites, (i hope im not breaking any rules here)
credits: romerdir047

VirusTotal - Free Online Virus, Malware and URL Scanner
pcprotect.rar - Jotti's malware scan

LOL copy paste leecher give credits to me

[umbraga01]

LOL copy paste leecher give credits to me

tell me, why should i give credits to you?
u didn't do this?
i found this a very very long time ago at ....ph so don't tell me to give credits to you.

btw this TUT is very very old (2006 - 2008 i think..)

don't u think its funny to be pretend you're a elite coder??

[Alen]

LOL copy paste leecher give credits to me

There is no way you wrote that

[choykay619]

Obviously windowsxp925 is just a show off .

[firefox800]

This is not working anymore....this was long time ago ...when GG was fall asleep...