Process Guard vs Gunbound ?

Discussion in 'ProcessGuard' started by Myztik, Sep 13, 2004.

Thread Status:
Not open for further replies.
  1. Myztik

    Myztik Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    3
    Ok Process guard is a great program and i have used it for awhile now. A Game i have played for 1 year that im addicted to has just recently patched its game cause of process guard hacking. I personaly dont hack using this . But now you cant even access the game if u have process guard installed.

    1) Is there gonng be an update for this ?
    2) Is there a simular program out there like process guard ?

    Thanks For the Help.
    Myztik
     
  2. 420

    420 Guest

    Damn I smell Law suit
     
  3. Kaye

    Kaye Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    2
    I too have a similar problem. Last week I was evaluating process Guard and found it to be a rather useful program, even though it did take some time to setup properly. I was considering buying the liscence for the full version when yesterday i logged into Gunbound and found that I could not.

    Further examination of gunbound.net revealed that all users of ProcessGuard are not allowed to login to gunbound. I believe this not to be the case just for gunbound but a large majority of Korean games as they all utilize nProtect. Is it possible for DiamondCS to rectify this problem? Any feedback would be much appreciated
     
  4. hmmmm

    hmmmm Guest

    Gunbound has a Weak security BUT DONT BAN THE PROCESS GAURD !

    WE PAY MONEY FOR A GOOD PROGRAM LIKE THAT ..... :'(
     
  5. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Welcome to Wilders Myztik.

    How are they using Process Guard to hack? What are they able to hack with it?

    SSM (System Safety Monitor) is the closest to PG, but a little different.
     
  6. Myztik

    Myztik Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    3
    You add Explorer.exe - allow Flag- and it bypasses gunbound security so you a can open hacks. But some of us dont hack, and we are being punished cause of hackers. Process Guard Pretty much allows u to by-pass gunbound security. Now we either have to use process guard and not play gunbound or vice versa. Reall Sux cause i have worked on this rank in this game for over a yr.

    I hope you gues look into this.. I know for a fact there has been over 30 email to you guys about this from some forums im on. =~P
    Hope you guys come back shootin... If you think about it, they are takin your customers. I have talked to serveral guys about this and they where going to purchase process guard also. Now they cant make up their mind wich is more important
     
  7. ???

    ??? Guest

    um for the hacks people use process guard to stop the nprotect the anti hack software for gb for enterin into the hack file inorder to detect it. so they do some settings in pg and add that as a program to protect and it works.
     
  8. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    See this thread also.

    Indeed it's a strange one. By developing the worlds most powerful kernel protection system we've inadvertently defeated the simple protection mechanisms of a game protection program (nProtect), and thus are now seen as the ones 'at fault' by Softnyx (Gunbound author and user of nProtect). Clearly if a software protection feature can be stopped by something like Process Guard which isn't even a hacker/cracker tool then it's weak and shouldn't be used for protection.
     
  9. Myztik

    Myztik Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    3
    Ty for the info.. Is there a way to still use process guard and gunbound same time ? thats pretty much my question right now. Or will that be in an update . or at all ?
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Jimminy Christmas. If you have to turn off the best protection on the market to play a game, there ought to be a clue there.

    Would you turn off your firewall to play a gameo_O o_O
     
  11. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Absolutely Peter :)
    Only if you like "Base Jumping", without the benefits of a parachute mate. :D

    Cheers, TAS
     
  12. TJ420

    TJ420 Guest

    basically what happened was.. there was a bypass for nprotect and it was patched by nprotect. what u did was inject 2 dll files into explorer.exe and when u opened gunbound you could use tools for memory editing and aimbot. but then it was patched and this time after u injected then started gunbound, nprotect would restart your explorer.exe and your injection was then useless. so someone thought hmm if i inject these 2 dlls then use process guard to protect my explorer.exe from nprotect then it wouldnt restart and things would be ok. then they patched process guard. basically what i think is it looks for PG's self protection and sees if its active or goes through the registry to see if PG is installed. Nprotect used to be bypassed by doind another method where u installed IIS on your PC. Then you created your own webserver for the nprotect files and basically tricking the nprotect program into thinking it updated to the newest version and it was all good but you were actually using its oldest files from when it was first released and you could use old hacks or bypass it alot easier then normally. So this shows the program is rather weak also considering the fact that these 12-15 year old kids are messing around with nprotect which is made by older people.
     
  13. Process Guard is a wonderful program that help me block some processes that i dun want it to run but Nprotect Blew it cos now i have to unstall it to play GB?? no way!!! i want to play Gb n i wan to Use Process Guard anyway to help me to this?:(
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Gunboundlover

    Since you want to run both, I assume protection is of some interest to you. This may prove to be an ongoing problem, and frankly I would hope DCS doesn't compromise Process Guard in the slightest for this kind of issue.

    Some suggestions:

    1) The obvious, but one you don't want: Give up the game.
    2) Get a separate computer just for the gaming, and don't worry to much
    about the security issue.
    3) and this would be my actual recommendation to you:
    Check out Raxco's (www.raxco.com) First Defense - ISR. It will allow you to create a separate snapshot (you do need diskspace) that you can use for your game playing. You boot to the game snapshot, and turn off PG, and whatever else may interfere with the Game. Then boot back to your primary snapshot for other stuff. Should your game snapshot get infected it can't affect your main snapshot, and then you just refresh the game snapshot from the primary one, and presto, infection gone.

    Pete
     
  15. KoreaBoy

    KoreaBoy Guest

    As far as I can understand, the aimbot people are discussing seems to read the memory and work with it, rather than reading packages.
    People here posted "this got patched", as in "this is now detected by Nprotect".
    As for Nprotect itself, it prevents hacking by loading a special module via "dll injection" onto ANY program's memory, blocking or changing some kernel-based memory/debugging functions like ReadProcessMemory, so they specifically return error codes or invalid read-ups, if the "target" is the game's name.
    The way Nprotect, from Inca, "patch" (as in "detects the hacks"), is by adding signatures from functions used inside the code or by string recongnition after a search through that program's memory.

    If by any time, that special module recons any signature on the program where it's loaded, one of two things happen:

    If nprotect is not able to terminate that program with a matching signature, It issues a shutdown signal to the main module of nprotect. Gunbound, (or the protected game) shuts itself down, in the case of it's protection is closed (and presents a "hack detected" checkbox).

    In the even the "illegal" program is able to be closed directly, Gunbound and it's protection will remain active, but still issueing that message box, same way.


    What does ProcessGuard has to do with this?

    It prevents the load of that "special module" onto the hack program, by adding protection onto it.
    Therefore, no string recognition is in order, and most importantly, the original kernel memory functions are preserved and are usable.

    The hacks "bypass" (as in the common word for "is not detected by") Nprotect defensive modules.

    Forcing the users to terminate ProcessGuard, would re-allow the Nprotect to gain Write/set info/read/terminate privilleges onto any program loaded in the system, therefore injecting successfully the "special module" and detecting the "aimbot" or "hack" mentioned.

    Is this measure (detecting ProcessGuard as a common hack) "legal"?
    I think so, because Gunbound is a free game, and to play it we have to abide by their rules on it. Any quarrel over this and the result would stll be the user's choice to decide between the game or the ProcessGuard.

    It is the similar case as the quarrel that happened some years ago, when some software came up with a counter-debugging technique to prevent "Softice", by detecting this debugger's name and modules, and even spying the registry and Windows load modules. The result was precisely this : "either the user chooses other debugger rather than "SoftIce", or chooses to use other software".
     
  16. Oremina

    Oremina Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    209
    Location:
    England
    The mind boggles!! :rolleyes:
     
  17. 1. from what i heard is that gunbound has something called "cash" in game which u can buy with real money(more info www.gunbound.net)

    2.if people bought both that and diamondcs game guard which one will they choose? plus, if The hacks bypass Nprotect defensive modules , that means nprotect is weak, its not DCS's fault. again DCS has nothing to do with it, do you think a game's security is more important than player's computer security.

     
  18. KoreaBoy

    KoreaBoy Guest

    Anti-virus like BitDefender do this too, as the users themselves might be possible trojen makers, and helps global security by logging their own customers.
    So far, it was not considered, illegal. I think it is considered the best in the world, I must add.
    This is obviously a joke or something. So many applications crash explorer.exe and none, that I recall/used was considered illegal. Even ProcessGuard crashes explorer.exe if some system apps are protected (and explorer has no "allow" privilleges over them).
    If they'd do that, the game hackers would obviously put no, and the protection would be absolutely useless.
    You are correct. No explanation of GameGuard is present on the site of Gunbound.
    It is a spyware, in it's true meaning, so far not considered malicious. Logs the aplications running, not the contents of it. The temp files problem are indeed true, but how many Microsoft apllications do exactly the same if not worse ?
    I think you could make a good point and a good argument (of course with a very good lawyer) but nothing more than that.
    Yes, not part of the free game. As in an extra. The full features are available for free.
    Obviously the player's computer is more important. And correct, if the hacks bypass nprotect, that is nprotect's business, not DiamondCS. If gunbound team decides to make keep protection against processguard, the only ones being harmed are the users, who are exposed, and It would be nice of Gunbound Team to present their users with a security solution, after the so called "ultimatum" (Gunbound, or ProcessGuard).
     
  19. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Are these Gunbound hacks being used just for game cheats (aimbots and such), or are they being used to compromise and infect other player's computers?
    If the latter, how are they doing this?
     
  20. Gunboundaim

    Gunboundaim Guest

    ok "Aimbot" = 2 programmes running at the same time means the line is on top of Gunbound that helps ppl aim thats all.
     
  21. Basically, nProtect is doing stuff that is ILLEGAL.
    first of all, it is a spyware, which someone had stated earlier.
    This is ILLEGAL IN USA, as it conflicts with the Internet Privacy Treaty Signed by Bill Clinton.

    I also dont see why users dont get to read any terms of agreement, as when i signed up for gunbound, they DIDNT stay Processguard MUST be deleted, and that they will install crap on my computers, which is nProtect, AKA spyware hacking tool.
    I dont remember ever agreeing to these terms and giving permission for that.
    So what does this means? Gunbound scammed me? Should I consult a lawyer for that.

    I dont see why users can REFUSE updating of nProtect. You can always BAN the users OUT OF GB who dont update.

    I dont see how come you cannot patch the hacks even if lamers try to bypass it using Processguard. If such a weak defense system and weak programmers does exist, GB IS HOPELESS. By banning processguard, it makes no differences. Users will seek after programs made by other companies that does the SAME OR BETTER function, ie a squared, symantec's Norton Systemworks.
    So is gunbound going to ban every single company and stripping us of our anti virus, firewall and security?
    Then gunbound gonna promote a FIREWALL or antivirus program that ONLY works if u want to paly gunbound? So every single user must BUY ITo_O
    Or gunbound wants to strips us of our security so that nProtect can have an easier time hacking us, stealing our paypal passwords etc?

    I dont play gunbound, but I have pg installed. The problem is my youngest brother plays this stupid lame games, and to make him happy, I have to install all these load of **** spywares on my computer and delete such a wonderful program.

    I have checked around several other websites, and found out that the "hackers" are already using other bypasses by microsoft, symantec, and own made bypasses. So gunbound gonna ban them all huho_O

    And to koreaboy, who thinks gunbound programming code is better than microsoft, as he said earlier in his post. My question is why is ur company still so dumb then? U cant even program a good game security system. If u make an OS, it gonna get hacked like no tomorrow.

    And why is Gunbound hiring stupid hackers ie Xanatos who installed keyloggers, trojans, spywares in other people's computer just to hack them? Afterall Xanatos isnt the only hacker who made hacks for gunbound. Is this one of gunbound's plan to install keyloggers in everyone's computer in the future with the help of little xanatos?

    Gunbound, do reflect.

    I hope progessguard will come up with a new version that changes the reg key name of the processguard process so gunbound will not be able to block it.

    If gunbound says this is for the best security system, thats bullshit. Valve and Blizzard was able to reduce hackers on their games(counter-strike, warcraft 3) to less than a 0.001%. They were constantly able to detect hacks and stop them from spoiling the game without installing crap on people's computer or blocking other programs. So what does this means. Gunbound programmers need to attend college's programming classes. Go start with Basic programming with C++, COMSC-101 n00bs.
     
  22. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi gunbound is absurb.
    Please do not make personal comments about individuals.

    If you have evidence that gunbound contains malware please show it, as we do not condone this sort of speculation at Wilders without any proof.

    Thanks. Pilli
     
  23. Hi.
    U can always download gunbound at www.gunbound.net
    install it, and connect to server.
    after that, exit gb and look at the nProtect.

    if u scan it with any anti virus or any anti spyware/ or keylog or anti adware program, gunbound and nprotect always somehow appear on the list and the threat is considered HIGH

    thanks
     
  24. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I'm no programmer, but I wouldn't think it would be that hard to put in a patch that looks for the DLL and allows/denies the game to start/get on the server based on that, and denies anyone that doesn't have the patch installed and fuctioning properly.

    Next thing you know the people using the hacks will start using rootkits and become targets in a whole new (very bad) way.
     
  25. The new bypass utilizes a new form of protection system similar to the one enforced in Process Guard.
    It also hides the process of the program from appearing in the processes tab and can appear by going to the start menu, click run, and the program name.

    chances of getting detected is very slim tat way, as the program is almost working in "total silence".

    this new bypass shows that gunbound is already ineffective.

    i hope diamondcs and gunbound can do something
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.