Jump to content

GameGuard Bypass


ofLight
 Share

Recommended Posts

Hi.

I have been able to bypass some gameguard's protection for a game :)

I am able to use any key of the keyboard, I am able to move the mouse wherever I want

But I have not been able to "simulate" the pressing of the Left mousebutton. <_<

1. Actual implemented solution.

Gameguard intercepts almost everything, but it seems that they have forgotten (or they couldn't do it) intercepting the TranslateMessage API.

Sending a text via TranslateMessage is then possible.

The return key doesn't work, but with the trick of the Microsoft Virtual keyboard I've read here I've been able to send it:

I move the mouse on the return button of the virtual keyboard and then I press it with a virtual leftmousebutton message, that is obviously not blocked by the virtual keyboard.

Yes, I could do both the message and the Return with the virtual keyboard only, but finding one single coordinate is easyier then finding 50.

Then the mouse move. It's really simple. I can set the focus in an external window, move the mouse and then again put the focus on the game's window.

But the left mousebutton sent to the game window is out of mine control.

Any idea?

I can use the assistant of Windows for moving the mouse (using the pair MicrosoftVirtualKeyboard and MouseAssistant), but its left click (key 5 of the numeric pad) is inibithed by gameguard (wtf, I wonder if it's a collateral behaviour or if they really thought about it).

I was thinking of opening my old serial mouse, wiring the leftbutton to an appropriate pin of the parallel port and send then a real leftmousebutton throught an apposite command to the parallel, but I was wondering if there is another clean way to do it...

2. Definitive and more complex architecture:

2a. I can install a virtual couple of serial port.

2b. I can configure them to act as a Null-Modem, so each command sent to the A port is received from the B port.

2c. I can install a serial mouse driver on the port B.

2d. I can finally send the 3 bytes of each mouse message from the port A, with both coordinates and mouse buttons, simulating a "real" virtual mouse to do anything. No more tricks finally...

2e. If this thing works, I can move doing the same thing for the keyboard (on the USB maybe, where things sound to be more complex)

So far I've done the points 2a and 2b.

I've not been successful in doing the 2c.

The 2d is apparentrly trivial, apart from the fact the maybe the driver would like that my virtual mouse answers to some question I don't know at the moment.

Anyway the 2d point is for sure less complex then rewriting my own serial mouse driver with the DDK (task which includes mouse responses too for sure, if any).

So: Is anybody able to install a serial mouse driver for WindowsXP on a virtual serial port?

As far as I know you can attach a serial mouse whenever you want to a serial port (not ps/2), so the driver could be installed without any real or virtual device attached to it...

I remember about some configurable driver on which I selected the COM port... but it's very likely it was under Win95 or Win3.11

Has anybody of you inspected if there is a way to solve this problem installing something BEFORE WinXp starts, that is in the CONFIG.SYS that is always present in our machine?

And also... i am enjoying more finding the solution than using it for the game!!!

Thanks.

Zee.

Link to comment
Share on other sites

  • 5 months later...

WOW!!! Genius... about the OSK... additionally, I use a joystick profiler, that seems to be able to get around gameguard blocking of API's(perhaps because of custom APIs or something with the profiler?) and I program it to do left mouse click when i hit a joystick button, then I program the commands to a keyboard key... which with the aforementioned genius with the OSK would make my stuff a lot more functional.

Link to comment
Share on other sites

  • 1 month later...

hi...i have make a keyboard macro for online game.

now i use the macro..the key is not send to the game..

how now ?/

can someone help me

You cannot send any command using a macro without bypassing GG, Xtrap or Hacksheild that protect the game from any Hacks.

I used to make bots on different online game using AutoIt but before I can run my script i need to bypass the game protection first..

Link to comment
Share on other sites

  • 3 months later...

Several people have asked me for an example of howto use Pixelchecksum on a GameGuard protected game without having to run it in a VM. Although I stand by my Opinion that running these games in a VM is the easyer and much more effecient way to go, the following methode doesnt require any external software.

This code was ripped from my 2moons Mobb hunter so its VERY ugly, and I just briefly tested it to verify functionality. The main purpose is to demonstrate the Steps needed and basic components.

Note 1. This script is set to search the current active window, given the steps needed for use it is MUCH faster to specify a Smaller area within a window.

Note 2. You can also use other file formats other than BMP. I mainly use BMP because It is the most consistent, however I have also Tried jpeg successfully. Jpeg is significantly faster than BMP, but getting a valid Checksum is difficult with the Standard "PixelCheckSum".

#include<array.au3>
;#include<PixelCheckSumFindAll.au3>
#Include<GUIConstants.au3>
#include<misc.au3>
#include<string.au3>
#include<A3LScreenCap.au3>
#include<IE.au3>

Opt("PixelCoordMode", 0);1=absolute & Default, 0=relative, 2=client area   ;Set CoOrds relative to Window not screen
Opt("MouseCoordMode", 0) 

HotKeySet("`","_Go")
HotKeySet("~","_record")
HotKeySet('{esc}', '_Exit')

Local $msg = "Press Shift+tilde to Record "&@LF&"Press tilde to Find "&@LF&"info saved in NoMia.ini" 
Local $xy,$currentpixel,$FileBMP = ".\Render.bmp",$IniFile = ".\NoMIA.ini"

_initialize($IniFile)

While 1
    $xy = MouseGetPos()
    $currentpixel = PixelGetColor($xy[0],$xy[1])
    ToolTip("Pixel color = " & $currentpixel & @LF & $msg)
    Sleep(100)
WEnd

Func _Go()
    $pixel = Int(IniRead($IniFile,"Rec1","PixelColor","-1"))
    $chksum = Int(IniRead($IniFile,"Rec1","PixelCheckSum","-1"))
    $WinLoc = WinGetPos("")
    _ScreenCap_Capture($FileBMP, $WinLoc[0], $WinLoc[1],$WinLoc[0]+$WinLoc[2],$WinLoc[1]+$WinLoc[3])        ;Create Image
    _RenderImg($FileBMP, $WinLoc[0], $WinLoc[1])                                                            ;Render Image
    $WinLoc = WinGetPos(" Render VD")
    $Array = _PixelCheckSumFindAll( $pixel, $chksum, 5, 5, 5, 5, 0, 0, $WinLoc[2], $WinLoc[3])              ;Find in Image
    GUISetState(@SW_HIDE)
    For $i = 1 to $Array[0][0]                                                                              ;Demonstrate Found locations
        MouseMove($Array[$i][0],$Array[$i][1], 10)
        MouseClick("Left")
    Next
    _ArrayDisplay($Array)
EndFunc

Func _record()
    IniWrite($IniFile,"Rec1","PixelColor",$currentpixel)
    Local $chksum = PixelChecksum($xy[0]-5, $xy[1]-5, $xy[0]+5, $xy[1]+5)
    IniWrite($IniFile,"Rec1","PixelCheckSum",$chksum)
    ToolTip('          '&@CRLF&'  SAVED  '&@CRLF&'          ')
    Sleep(500)
EndFunc

Func _Exit()
    ToolTip('          '&@CRLF&'  EXITING  '&@CRLF&'          ')
    Sleep(500)
    Exit
EndFunc 

Func _initialize($IniFile)
    ;For $i = 0 to 9
        $val01 = IniRead($IniFile, "Rec1","PixelColor", -1) 
        $val02 = IniRead($IniFile, "Rec1","PixelCheckSum", -1)  
        $val03 = IniRead($IniFile, "Rec1","Left_SerchArea", -1) 
        $val04 = IniRead($IniFile, "Rec1","Top_SerchArea", -1)
        $val05 = IniRead($IniFile, "Rec1","Right_SerchArea", -1)    
        $val06 = IniRead($IniFile, "Rec1","Bottom_SerchArea", -1)       
        If $val01 = -1 then IniWrite($IniFile, "Rec1","PixelColor", "0")
        If $val02 = -1 then IniWrite($IniFile, "Rec1","PixelCheckSum", "0")     
        If $val03 = -1 then IniWrite($IniFile, "Rec1","Left_SerchArea", "0")
        If $val04 = -1 then IniWrite($IniFile, "Rec1","Top_SerchArea", "0")
        If $val05 = -1 then IniWrite($IniFile, "Rec1","Right_SerchArea", "100")
        If $val06 = -1 then IniWrite($IniFile, "Rec1","Bottom_SerchArea", "100")
    ;Next
EndFunc 

Func _RenderImg($FileBMP, $x, $y)
    $size = _ImageGetSize($FileBMP) ; 0 = width, 1 = height
    $Form1 = GUICreate(" Render VD", $size[0], $size[1], $x, $y, $WS_POPUP)
    GUICtrlCreatePic($FileBMP,0,0,$size[0],$size[1])
    GUISetState(@SW_SHOW)
EndFunc 

;===============================================================================
; Function Name:    _PixelCheckSumFindAll
; Description:      Finds all instances of Checksum within a given area and returns array with Total and all locations X and Y.
; Parameters:       $Pixel          Colour value of pixel to find (in decimal or hex).
;                   $chksum         Previously generated checksum value of the region per(PixelChecksum)
;                   $CS_l           left coordinate of rectangle. (amount to subtract)
;                   $CS_t           Top coordinate of rectangle. (amount to subtract)
;                   $CS_r           Right coordinate of rectangle. (amount to add)
;                   $CS_b           Bottom coordinate of rectangle. (amount to add)
;                   $SB_l           left coordinate of total area to search. Default is 0 (far left side of screen)
;                   $SB_t           top coordinate of total area to search. Default is 0 (top most Side of screen)
;                   $SB_r           Right coordinate of total area to search. Default is @DesktopWidth (Far Right side of screen)
;                   $SB_b           Bottom coordinate of total area to search. Default is @DesktopHeight (Bottom most side of screen)
; Syntax:           _PixelCheckSumFindAll($pixel, $chksum, $CS_l, $CS_t, $CS_r, $CS_b[, $SB_l, $SB_t, $SB_r, $SB_b])
; Author(s):        ofLight
; Returns:          $Array[0][0] = 0 on failure, $Array on success
;===============================================================================
Func _PixelCheckSumFindAll($pixel,$chksum,$CS_l,$CS_t,$CS_r,$CS_b,$SB_l=0,$SB_t=0,$SB_r=@DesktopWidth,$SB_b=@DesktopHeight)
    $SB_b_Max = $SB_b
    $SB_l_Max = $SB_l
    Dim $Array[2][2]
    $Array[0][0] = "0"
    $Count = "0"
    While 1
        $xy = PixelSearch($SB_l,$SB_t,$SB_r,$SB_b,$pixel, 0)
        If @error And $SB_b = $SB_b_Max Then
            SetError(1)
            Return $Array
        ElseIf @error Then
            $SB_t = $SB_b + 1
            $SB_b = $SB_b_Max
            $SB_l = $SB_l_Max
        ElseIf $chksum = PixelCheckSum($xy[0]-$CS_l, $xy[1]-$CS_t, $xy[0]+$CS_r, $xy[1]+$CS_B) Then 
            $Count = $Count+1
            $Array[0][0] = $Count
            ReDim $Array[$Count+1][2]
            $Array[$Count][0] = $xy[0]
            $Array[$Count][1] = $xy[1]
            $SB_t = $xy[1]
            $SB_b = $SB_t
            $SB_l = $xy[0] + 1
        Else
            $SB_t = $xy[1]
            $SB_b = $SB_t
            $SB_l = $xy[0] + 1
        EndIf
    WEnd
EndFunc

;==========================   Render Image Specific   ==========================
Func _GUICtrlCreateGIF($gif, $x = 0, $y = 0, $border = 0)
    Local $oIE, $GUIActiveX
    Local $a_sizes = _ImageGetSize($gif) ; 0 = width, 1 = height
    $oIE = ObjCreate("Shell.Explorer.2")
    $GUIActiveX = GUICtrlCreateObj($oIE, $x, $y, $a_sizes[0], $a_sizes[1])
    $oIE.navigate ("about:blank")
    While _IEPropertyGet($oIE, "busy")
        Sleep(100)
    WEnd
    $oIE.document.body.background = $gif
    $oIE.document.body.scroll = "no"
    If $border = 0 Then $oIE.document.body.style.border = "0px"
    Return $oIE
EndFunc   

Func _ImageGetSize($sFile)
    Local $sHeader = _FileReadAtOffsetHEX($sFile, 1, 24); Get header bytes
    Local $asIdent = StringSplit("FFD8 424D 89504E470D0A1A 4749463839 4749463837 4949 4D4D", " ")
    Local $anSize = ""
    For $i = 1 To $asIdent[0]
        If StringInStr($sHeader, $asIdent[$i]) = 1 Then
            Select
                Case $i = 1; JPEG
                    $anSize = _ImageGetSizeJPG($sFile)
                    ExitLoop
                Case $i = 2; BMP
                    $anSize = _ImageGetSizeSimple($sHeader, 19, 23, 0)
                    ExitLoop
            EndSelect
        EndIf
    Next
    If Not IsArray($anSize) Then SetError(1)
    Return ($anSize)
EndFunc   

Func _ImageGetSizeSimple($sHeader, $nXoff, $nYoff, $nByteOrder)
    Local $anSize[2]
    $anSize[0] = _Dec(StringMid($sHeader, $nXoff * 2 - 1, 4), $nByteOrder)
    $anSize[1] = _Dec(StringMid($sHeader, $nYoff * 2 - 1, 4), $nByteOrder)
    Return ($anSize)
EndFunc  

Func _FileReadAtOffsetHEX($sFile, $nOffset, $nBytes)
    Local $hFile = FileOpen($sFile, 0)
    Local $sTempStr = ""
    FileRead($hFile, $nOffset - 1)
    For $i = $nOffset To $nOffset + $nBytes - 1
        $sTempStr = $sTempStr & Hex(Asc(FileRead($hFile, 1)), 2)
    Next
    FileClose($hFile)
    Return ($sTempStr)
EndFunc  

Func _Dec($sHexStr, $nByteOrder)
    If $nByteOrder Then Return (Dec($sHexStr))
    Local $sTempStr = ""
    While StringLen($sHexStr) > 0
        $sTempStr = $sTempStr & StringRight($sHexStr, 2)
        $sHexStr = StringTrimRight($sHexStr, 2)
    WEnd
    Return (Dec($sTempStr))
EndFunc  

Func _ImageGetSizeJPG($sFile)
    Local $anSize[2], $sData, $sSeg, $nFileSize, $nPos = 3
    $nFileSize = FileGetSize($sFile)
    While $nPos < $nFileSize
        $sData = _FileReadAtOffsetHEX($sFile, $nPos, 4)
        If StringLeft($sData, 2) = "FF" Then; Valid segment start
            If StringInStr("C0 C2 CA C1 C3 C5 C6 C7 C9 CB CD CE CF", StringMid($sData, 3, 2)) Then; Segment with size data
                $sSeg = _FileReadAtOffsetHEX($sFile, $nPos + 5, 4)
                $anSize[1] = Dec(StringLeft($sSeg, 4))
                $anSize[0] = Dec(StringRight($sSeg, 4))
                Return ($anSize)
            Else
                $nPos = $nPos + Dec(StringRight($sData, 4)) + 2
            EndIf
        Else
            ExitLoop
        EndIf
    WEnd
    Return ("")
EndFunc
Could you please tell me how to use this bypass, I would really appreciate it.
Link to comment
Share on other sites

Could you please tell me how to use this bypass, I would really appreciate it.

Idiot.

It is my personal opinion that this thread should be closed. It will only attract more people of suhch mentality and it will never rest. This thread is practically spam IMO.

[center][/center]Working on the next big thing.Currently Playing: Halo 4, League of LegendsXBL GT: iRememberYhslaw

Link to comment
Share on other sites

  • 2 weeks later...

Idiot.

It is my personal opinion that this thread should be closed. It will only attract more people of suhch mentality and it will never rest. This thread is practically spam IMO.

First of all you shouldn't be so rude too new commers, because low and behold you might find out that they are smarter in other thing's either than scripts ok. And second of all learn how too spell before you call anyone an indiot, you idiot. Thrid of all you really need to re-define mentality, becuase mentality thrown into that sentence makes no sense at all.... You incompitent retarted fool.

Link to comment
Share on other sites

  • Moderators

Guys, lighten up... the kid came in asking questions, with no type of demand or flame (although he showed the lack of effort on his part). You're entitled to your opinions, but he didn't deserve to be called an idiot (until he proved it :P ).

The fact of life is that we'll have to put up with these type of questions regardless of whether we like them or not (Because I'm sure as hell not going to read them all).

I am locking this thread, but not because others felt it should be, I'm locking it because it's lost its ability to grow prosperously.

Edited by SmOke_N

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...