Matsy
2008-08-07, 06:15 AM
This is not a thread to go like 'omgz letz bypazz gameguard', no.
This is a thread with a possibility to resolve all Gameguard related issues. Things will be added over time.
When you first run Gameguard, it downloads every file, and copies it to your computer in the Maplestory/Gameguard folder.
Gameguard is packed with Themida, at least the main process: GameMon.des
http://img390.imageshack.us/img390/9758/themidaproofcz5.png
I'm not going in-dept about what Themida does, but it allows debugger prevention (So, people don't go snooping in it).
This is also why gameguard is so large, 2.6MB lol.
When Gameguard runs, one of the first things it does is creating a file, called npgg.erl
The npgg.erl is a log file, with extensive logs of your sytem. Mainly:
The path of your Cyptography provider
Your computer GUID.
All the processes and its modules
Your computer name
Otheral several pieces of important system information
This is all before the splash image appears.
Now, it writes to your registry (Not important, it just sets how often it has errored, 0 times here)
Then, it opens MaplestoryUS.ini and tries to retrieve information, a piece of that could look like:
CreationTime: 20-5-2008 22:59:42
LastAccessTime: 6-8-2008 15:04:05
LastWriteTime: 20-5-2008 22:59:34
ChangeTime: 4-8-2008 13:10:47
AllocationSize: 408
EndOfFile: 401
FileAttributes: A
Not sure why it does that, because it doesnt use it. MaplestoryUS.ini contains all the configuration settings for Gameguard, (Seeing the extension, it really is a .ini file with groups and such)
Now, it writes the Gameguard update log to npgmup.erl, that doesn't contain too much important info.
Now, the fun starts.
In EVERY application you have open, Gameguard injects the DLL npggNT.dll
In all those applications, a thread starts with that DLL (It's for hacking prevention, to check what the application is).
It also does this on runtime, so every new application that you create gets the same DLL.
I might not have told it by so, but dump_wmimmc.sys has already been initialized. I could go on for ages about what that does, but explaining it is a bit too complicated here, let's just say it is important to Gameguard.
What happens when this driver gets unloaded for a weird reason? (Could be lots of reasons).
A BSOD will pop up immediately.
The most common BSOD caused by this is:
(Stop code: 0X000000CE) Driver Unloaded Without Cancelling Pending Operations
This means the driver was in use, and didn't have time to finish what it was doing. This occurs very regularly on Windows XP machines lately.
Now, code hooks.
GameGuard "hooks" (Redirects it to him) every possible command that you can run via Windows. For the more experienced, that's stuff like (CreateFileA).
Here's an image of MSN Plus! hooking WINAPI in Msnmsgr.exe:
http://img225.imageshack.us/img225/5329/codehooksnl6.png
Using these methods, Gameguard can intercept data that you'd normally send to Maplestory.exe and Gameguards internal processes, and check it's data. If it is correct, it'll go trough, if not, a "Hacking detection found" will pop up.
What happens when these code hooks don't go trough well(That also happens very often). You won't be able to use Maplestory.exe again, and it will hang.
This is a thread with a possibility to resolve all Gameguard related issues. Things will be added over time.
When you first run Gameguard, it downloads every file, and copies it to your computer in the Maplestory/Gameguard folder.
Gameguard is packed with Themida, at least the main process: GameMon.des
http://img390.imageshack.us/img390/9758/themidaproofcz5.png
I'm not going in-dept about what Themida does, but it allows debugger prevention (So, people don't go snooping in it).
This is also why gameguard is so large, 2.6MB lol.
When Gameguard runs, one of the first things it does is creating a file, called npgg.erl
The npgg.erl is a log file, with extensive logs of your sytem. Mainly:
The path of your Cyptography provider
Your computer GUID.
All the processes and its modules
Your computer name
Otheral several pieces of important system information
This is all before the splash image appears.
Now, it writes to your registry (Not important, it just sets how often it has errored, 0 times here)
Then, it opens MaplestoryUS.ini and tries to retrieve information, a piece of that could look like:
CreationTime: 20-5-2008 22:59:42
LastAccessTime: 6-8-2008 15:04:05
LastWriteTime: 20-5-2008 22:59:34
ChangeTime: 4-8-2008 13:10:47
AllocationSize: 408
EndOfFile: 401
FileAttributes: A
Not sure why it does that, because it doesnt use it. MaplestoryUS.ini contains all the configuration settings for Gameguard, (Seeing the extension, it really is a .ini file with groups and such)
Now, it writes the Gameguard update log to npgmup.erl, that doesn't contain too much important info.
Now, the fun starts.
In EVERY application you have open, Gameguard injects the DLL npggNT.dll
In all those applications, a thread starts with that DLL (It's for hacking prevention, to check what the application is).
It also does this on runtime, so every new application that you create gets the same DLL.
I might not have told it by so, but dump_wmimmc.sys has already been initialized. I could go on for ages about what that does, but explaining it is a bit too complicated here, let's just say it is important to Gameguard.
What happens when this driver gets unloaded for a weird reason? (Could be lots of reasons).
A BSOD will pop up immediately.
The most common BSOD caused by this is:
(Stop code: 0X000000CE) Driver Unloaded Without Cancelling Pending Operations
This means the driver was in use, and didn't have time to finish what it was doing. This occurs very regularly on Windows XP machines lately.
Now, code hooks.
GameGuard "hooks" (Redirects it to him) every possible command that you can run via Windows. For the more experienced, that's stuff like (CreateFileA).
Here's an image of MSN Plus! hooking WINAPI in Msnmsgr.exe:
http://img225.imageshack.us/img225/5329/codehooksnl6.png
Using these methods, Gameguard can intercept data that you'd normally send to Maplestory.exe and Gameguards internal processes, and check it's data. If it is correct, it'll go trough, if not, a "Hacking detection found" will pop up.
What happens when these code hooks don't go trough well(That also happens very often). You won't be able to use Maplestory.exe again, and it will hang.