Gamerz Online

MapleStory is one of my favourite online game. I don’t really play it, I Tool it.
Life ain’t good for us game Tool. The game company implemented an Anti-cheating system, called nProtect GameGuard. A nasty fellow, I have been fighting with this anti-cheating software for quite sometime already. It’s a war between us the Tool and the game company.
I decided to deal with GameGuard’s detour hooking mechanism in usermode. They overwrite the first 5 byte of a function with a jmp, and possibly a few byte after that also to prevent us from detouring the hook. Not only do they just overwrite and leave it, like normal rootkit/softwares, they repeatly overwrite it so we cannot patch their hook back, attituded huh?
I thought that is smart ( but offensive, imagine the CPU cycles it would take to do such a thing. ), but I am sure that we Tool are smarter, I guess they will have to use GetProcAddress() to retrieve the addy to the function that they are hooking, and then use VirtualProtect so that they can overwrite the bytes. So I happily set off writing a detour hook that detour GetProcAddress and VirtualProtect….
As a surprise for me, without callling those functions, they are able to access kernel32.dll and user32.dll’ memory, and change them! It’s late now, and I guess I will have to stop here and continue my war against GameGuard, tomorrow perhaps. I am sure I will have pretty much fun with it! ( I will post how they do it, possibly in the next entry! )