High possibility of nProtect Gameguard being a rootkit.

How is gg calling for the reboot?

 

Hi,

I thought I would like to take this oppotunity to explain a bit about the history of things with Maple Story.

As with all (online) games, whenever there's a game available, people will try to hack it. Maple story is no exception. Various people tried hacking this game to gain unfair benefits, mainly trying to get stronger, at an abnormally fast rate (vaccuum hack). After a while, Wizet (the company that owned MS global and sea), employed Gameguard to "protect" the game from being hacked.

From my understanding, Gameguard (GG) is very adhoc in their approach to the problem, and their methods are reactive, as oppose to preventive of the situation. If people said you could use a program to look at the source (such as Olly Dbg), then they will update their program to find any process that identify themself as Olly Dbg, and either kill it, or kill the game.

All went well, until someone wrote a program called Cheat Engine (CE), and then people started using that program. GG promptly ban it. The creator wrote a "stealth method" to bypass the ban. GG then attempt to detect "various strings" within CE, and whenever it sees that byte-array, it does what it do best, makes your computer goes haywire.

However, the war doesnt end there. The creator of CE (I dont personally think he plays the game, nor he hates GG/Wizet for whatever reasons) release the source code for CE, and then people started to "rename the detected strings" and that's how an Undetected Cheat Engine (UCE) was born. Because of this, GG has always been struggling to cope with the amount of hackers with such a powerful tool. Most are just leechers, but there're real programmers, that know things, and they can easily create one of these UCEs.

Hence this is why GG decided to go "low level" with the whole situation, and start injecting itself into every single processes available, in an attempt to stop the hackers.

Also, as someone mentioned about the problem with remoting, I would like to relate that to an ingame situation. People used to be able to log onto one account in windows (eg Dad), open up Maple Story, select a character, do something, disconnect that session, logs onto another windows account (eg Me), and then logs onto Maple again, selects another maple account, and play with that. A practical situation is that you can use one character, 1 computer to level 2 characters at the same time. GG stopped that from happening.

As for my personal opinion of GG, I have to say that I have little respect for this software. It's like the problems with web application development. You have to choose which browsers to adapt your code to, and the resolutions it should be. The easy way out is to use JavaScript to "force the client's browser" to be at a certain resolution, and disabled them from changing the resolution or resize their browsers, and this is analogous to what GG does, only GG does it worse. I dont think any program (minus a few such as antivirus) should have that much power into my personal computer, and put me in a position to "assume that they're the good guy".

 

Taken from Wikipedia: (http://en.wikipedia.org/wiki/Gameguard)

"GameGuard is an application developed by INCA Internet, bundled with multiplayer games which hides the game application process, monitors the entire memory range, terminates applications defined by the game vendor and INCA to be cheats, blocks certain calls to DirectX functions, and auto-updates itself."

-Now there's the "Safety" declaimer:

"The application installs itself Does nothing.This Program is extremely safe . Furthermore, even when the game is not running, GameGuard still sits in the background. Even clicking the 'uninstall' button in device manager does not get rid of it -- a user must manually delete both it, and the registry keys that refer to it.

This program DOES NOT leave a computer running Windows 2000 or XP exposed to the vulnerability of unprivileged arbitrary read/write access.It is safe enough to use..."

Apperantly all of your hard work finding if nProtect GameGuard being a rootkit was for nothing, because they announce it in public.

Anyways, thanks for this thread, really helped me with this matter.
-Absulutio.

 

Isn't there a program that makes it applicable to contain nProtect GameGuard from the rest of my computer? Like, (i.e Maple Story, as I play), wont load up without GameGuard actually connecting to Maple Story through my computer. Shouldn't there be a way to keep GameGuard authenticating itself into GameGuards server, connect to the Maple Story server, but skip the processes of my computer?

Let's take an empty Water Bottle. If you put a hole in the side, and then stick a straw through the top bottle, but exiting through the hole you put in the side, filled the bottle up with water, (Assuming the hole in the side is perfectly cut so that no water comes out), and then put a black liquid into the straw, where it enter the straw, not touching the contents of the bottle, yet only to leave the side of the bottle through the straw.

For some reason if you didn't catch that bad metaphor I just used, the holes in the bottle are connection into the internet, (The side hole being Maple Story's server, and the top being nProtect GameGuard, the bottle being my computer, the water being my data, and the black liquid nProtects connection.)

 

I have my doubts about that safety disclaimer which you are talking about. I kindly request you to post a link to this 'safety disclaimer' you are talking about for me and others to verify its factual existence and accuracy.

Obviously that is NOT a REAL safety disclaimer, I myself can't find it anywhere at all. Modifying the text and boasting it off as a SAFETY DISCLAIMER seems like lying. And that 2nd paragraph with the words: DOES NOT , seems weird.