[HEX STRINGS] < Disable GameGuard > < Valkyrie >

Philippines

Moderators: waferbaron, Moderators

Forum rules
This server is currently not maintained and tables folder (including connection info) is outdated. Read the wiki for instructions on how to update those information. Please contribute your updated info. Contact Cozzie to join the team as a regular server supporter.
Message
Author
noobotter
Moderators
Moderators
Posts: 139
Joined: 31 Jul 2008, 22:12
Noob?: No
Contact:

Re: [HEX STRINGS] < Disable GameGuard > < Valkyrie >

#281 Post by noobotter »

napoleoncihuy wrote:sorry.. i missed something about stripperX..
before disassembler ragexe.exe whether it should be unpacked ragexe.exe with stripper v2.07 ??

because of that, Kernel32 not found n my Function > import in DURSoft W32DASM V8.93 not active.. thx /wah
Your modules are not loaded properly. You can see on your screenshot. "Number of Imported Modules = 0 (decimal)"

You need to unpack it first before disassembling.
A storm is coming.

napoleoncihuy
Noob
Noob
Posts: 12
Joined: 20 Apr 2010, 07:08
Noob?: Yes
Location: My House
Contact:

Re: [HEX STRINGS] < Disable GameGuard > < Valkyrie >

#282 Post by napoleoncihuy »

noobotter wrote:
napoleoncihuy wrote:sorry.. i missed something about stripperX..
before disassembler ragexe.exe whether it should be unpacked ragexe.exe with stripper v2.07 ??

because of that, Kernel32 not found n my Function > import in DURSoft W32DASM V8.93 not active.. thx /wah
Your modules are not loaded properly. You can see on your screenshot. "Number of Imported Modules = 0 (decimal)"

You need to unpack it first before disassembling.
thx you very much mr. noobotter, i waiting for win. XP for unpact my client .exe because i heard in another thread stripperX can't work in win7...
the erorr log is can not unpack this file.. thank you very much ^^ /wah

genuineopenkore
Plain Yogurt
Plain Yogurt
Posts: 52
Joined: 16 Jan 2011, 03:06
Noob?: Yes

Re: [HEX STRINGS] < Disable GameGuard > < Valkyrie >

#283 Post by genuineopenkore »

heero wrote:
To disable GameGuard do this
Search for KERNEL32.CreateMutexA then scroll down until you see the code similar to the one below. I have pointed out the code we need to look for.

Code: Select all

* Reference To: kernel32.CreateMutexA, Ord:0000h
                                  |
:007080E5 FF1534F17400            Call dword ptr [0074F134]
:007080EB 50                      push eax

* Reference To: kernel32.WaitForSingleObject, Ord:0000h
                                  |
:007080EC FF1528F27400            Call dword ptr [0074F228]
:007080F2 85C0                    test eax, eax
:007080F4 0F85CC010000            jne 007082C6
:007080FA 0FBE0542217B00          movsx eax, byte ptr [007B2142]
:00708101 0FBE0D41217B00          movsx ecx, byte ptr [007B2141]
:00708108 0FBE1540217B00          movsx edx, byte ptr [007B2140]
:0070810F 03C1                    add eax, ecx
:00708111 0FBE0D3F217B00          movsx ecx, byte ptr [007B213F]
:00708118 03C2                    add eax, edx
:0070811A 0FBE153E217B00          movsx edx, byte ptr [007B213E]
:00708121 03C1                    add eax, ecx
:00708123 0FBE0D3D217B00          movsx ecx, byte ptr [007B213D]
:0070812A 03C2                    add eax, edx
:0070812C 0FBE153C217B00          movsx edx, byte ptr [007B213C]
:00708133 03C1                    add eax, ecx
:00708135 03C2                    add eax, edx
:00708137 3DC9020000              cmp eax, 000002C9
:0070813C 0F8584010000            jne 007082C6
:00708142 B978AB8500              mov ecx, 0085AB78
:00708147 E824B9FBFF              call 006C3A70
:0070814C E8DF47E4FF              call 0054C930    <----------------- This is what we need to look for
:00708151 85C0                    test eax, eax
:00708153 0F846D010000            je 007082C6
Search:
E8 DF 47 E4 FF
Replace:
90 90 90 90 90
I find hard to disabled my GameGuard. Based on sir heero's guide, I've tried every kernel32.WaitForSingleObject i could found to disabled my gameguard, but none of them are working. can please someone help me?.. Our server (pRO) has been patched for "Rebalance Patch" and the old strings is not working anymore.

Here's my Unpacked Lokiexe... I've used stripper_v207ht to unpack this..

noobotter
Moderators
Moderators
Posts: 139
Joined: 31 Jul 2008, 22:12
Noob?: No
Contact:

Re: [HEX STRINGS] < Disable GameGuard > < Valkyrie >

#284 Post by noobotter »

genuineopenkore wrote: I find hard to disabled my GameGuard. Based on sir heero's guide, I've tried every kernel32.WaitForSingleObject i could found to disabled my gameguard, but none of them are working. can please someone help me?.. Our server (pRO) has been patched for "Rebalance Patch" and the old strings is not working anymore.

Here's my Unpacked Lokiexe... I've used stripper_v207ht to unpack this..
As far as I know, you will have a hard time locating the functions using W32DASM since the clients are already compiled using a more latest version.
Try other disassemblers and see what you can do.
A storm is coming.

genuineopenkore
Plain Yogurt
Plain Yogurt
Posts: 52
Joined: 16 Jan 2011, 03:06
Noob?: Yes

Re: [HEX STRINGS] < Disable GameGuard > < Valkyrie >

#285 Post by genuineopenkore »

what disassemblers would you suggest sir?

Post Reply