Jump to content

NProtect GameGuard

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Fyyre (talk | contribs) at 04:17, 22 May 2009 (External links: Fixed link to display correctly). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

nProtect GameGuard
Developer(s)INCA Internet Co., Ltd.
Operating systemMicrosoft Windows
Available inC++
TypeAnti-cheating
LicenseProprietary
Websitegameguard.nprotect.com

nProtect GameGuard (sometimes called GG) is an anti-cheating rootkit developed by INCA Internet. It is installed alongside many Asian massively multiplayer online roleplaying games (MMORPGs)s such as Lineage II, 9Dragons, Cabal Online, Phantasy Star Universe, GunZ: The Duel and Ragnarok Online to block malicious applications and common methods of cheating. nProtect GameGuard provides B2B2C security services for online game companies and portal sites.

GameGuard hides the game application process, monitors the entire memory range, terminates applications defined by the game vendor and INCA Internet to be cheats (QIP for example), blocks certain calls to DirectX functions and Windows APIs, and auto-updates itself to change as new threats surface. nProtect GameGuard is launched via GameMon.des with a driver dump_wmimmc.sys.

GameGuard possesses a database on game hacks based on security references from more than 260 game clients. Some editions of GameGuard are now bundled with INCA Internet's Tachyon anti-virus/anti-spyware library, and others with nProtect KeyCrypt, an anti-keylogger software that protects the keyboard input information.

System requirements

Operating System Processor (CPU) RAM First library drive
Requirements Windows 98, Windows ME, Windows 2000, Windows XP, Windows Vista Intel Pentium 133MHz or higher (or equivalent) 32 MB Minimum 1.2M Maximum

Problems

There are issues with GameGuard regarding problems with other programs. Many of the problems have been solved or are in the process of being resolved.[1] Gameguard pppoe disconnection problem in Cabal is resolved using a router. Because of its method of actuation (very similar to a rootkit), it is criticized for being extremely invasive, often without knowledge of the end user. The software installs a device driver which is difficult to uninstall; even uninstalling the game will still leave some files hidden on the system, but it stays inactive without the game. In recent versions (revision 1007 and up), GameGuard fails to halt when the game ends, so GameGuard continues to use computer resources and inject code into processes. This is often unknown to the end-user, as GameGuard masks its CPU usage by hooking Windows system querying APIs. Most anti-virus vendors currently exclude nProtect GameGuard from their detection databases due to it being commercial software, however this was initially not the case, leading to system crashes as both the Antivirus and GameGuard attempted to override each other.

Many hackers attempt to find ways to compromise GameGuard in new ways. For example, it has been said that GameGuard can still be compromised by using modified game client files, modified versions of Cheat Engine coupled with server emulation utilities. nProtect GameGuard constantly updates itself and provides new protection against the latest threats. Even though it boasts such effectiveness, in truth hackers can break or bypass GameGuard faster than it gets updated, therefore rendering the system quite useless. Especially from the number of sites out there utilizing 'bot' programs to flood the game to farm the ingame currency & rare items, which are then sold for real money. Such sites and 'bots' have been known to be up and running again, having bypassed GameGuard, within an hour of its latest update.

In Lineage II, Cabal Online and Ragnarok Online it is well known that GameGuard is usually bypassed in a matter of hours after an update. In 9Dragons situation was ever worse - in spite of GameGuard's constant updates, Vietnam players continued to hack the game which resulted in the blocking all of Vietnam IPs.

On some games such as MapleStory, the game itself does a hash check of the GameGuard revision currently running and will exit if it does not match the hash on the server side.[citation needed] This is a security measure from nProtect GameGuard to ensure that GameGuard has not been hacked and nProtect GameGuard should update to the latest version under normal circumstances. But it can be easily compromised with a Packet software, such as russian PacketHack which designed for Packet interception and hacking on net-driver level.

In some issue's Windows xp user's may have problems with GameGuard due to the fact the same "Windows Product Key" is installed on two computer's and on the same router. This is a security measure and it is beeing overlook'ed to ensure Window's Security Policie standards.(as of now the only way to resolve this exact problem is to re-format Hard Drive and re-install Window's completly with a different Window's Key then any other computer on that same Router) [not sure yet if the problem's would Still Occur on a computer that just has a "Duplicate Window's Key" and on a different Router and/or internet connection all together] meaning it might be possible to run a "GameGuard Protected" game on two computers with the same Windows Key as long as they were on a Different Router.

GameGuard is currently not compatible with Windows 7 Build 7000 - it ends up in "Error Initializing (0)", so games using GameGuard also don't work with Windows 7[2].

Because of the way that GameGuard hooks into core system DLLs, it is impossible to run games protected by GameGuard under Windows API Emulators, such as Wine under Unix-based operating systems. The key issue being that GameGuard bypass the OS safeguards in order to:

  • Hide the game application process.
  • Monitor the entire memory range.
  • Terminate specific applications without the user consent.
  • Block specific calls to DirectX or the windows API.

Windows 7

Due to GameGuard's nature of hooking into core system DLLS, Windows 7 does not allow for this type of execution. and games running GameGuard will display the splash screen and then crash with an error of error:0

On March 23, 2009, it has been updated and found that some GameGuard games are working with Windows 7 due to a new update. One of the examples is Gunbound GIS. [citation needed]

A player made patch has been released to fix GameGuard on Windows 7 x64. Gameguard Workaround for 64 bit Windows 7 The fix was made for Rappelz however it works with other games after deleting the GameGuard folder and allowing the game to repatch.

Known games running GameGuard

File:GameGuard Splash NF.jpg
Splash shown during nProtect GameGuard execution

Known blocked applications

  • ATI Tray Tools
  • AutoHotkey - (Created hotkeys do not work)
  • cFosSpeed - Detected as a game hack if "Traffic Shaping" is turned on
  • Cheat Engine - Some strings and blocks of codes are detected, up to a buffer size of 512, so the names of some things can be changed to evade detection. Usually referred to as "Undetected Cheat Engine" (UCE) when it is not detected by nProtect GameGuard.
  • Daemon Tools
  • Eclipse - Does not start while GameGuard is running; works if it is already running on GameGuard initialization
  • F-Secure Blacklight - Renders software broken; unable to scan for rootkits
  • Filezilla - (Reason unknown) Causes the software to crash. Tried and tested on XP (works)
  • Freenet - Closes Freenet node without warning.
  • Game Servers Client - Works if loaded after game.
  • Google Chrome - Prevents the browser from working. Tried and tested on XP (works)
  • Hacker Defender - Prevents game from starting and asks user if removal of program is okay.
  • Logitech G-series Keyboard Profiler (Profiler is required to use G-keys and any features) This software is no longer blocked.
  • Motherboard Monitor - (Reason unknown) Causes the software to crash
  • NeoPaint
  • NetLimiter - Detected as a game hack, even if you stop the service and kill the process
  • Ollydbg
  • Outpost Firewall Pro
  • PIX
  • Razer - Mouse drivers (mouse buttons mapped to keys will not function, scrollwheel ceases to function). Note: Razer copperhead is working as it should with correct keymapping
  • Steam (content delivery) - Launching game through Steam, GameGuard reports Steam as a "Game Hack" and shuts down the game) - Tested on XP (works)
  • SpeedFan - (Reason unknown) Core2 sensors report -27 degrees Celsius, Voltage and RPM drop to 0 when game is launched
  • The Core Media Player
  • Tsearch
  • Almost all VNC servers, such as RealVNC (does not block or shut down, but disables input)
  • Xpadder
  • Zboard Z-Engine
  • Memory Hacking Software by L. Spiro
  • LCD smartie - LCD does not work

References

  1. ^ nProtect GameGuard FAQ
  2. ^ nProtect GameGuard Advisory
  3. ^ a b c d e f "partner.htm" (htm). INCA Internet Co., Ltd. Retrieved 27 August. {{cite web}}: Check date values in: |accessdate= (help); Unknown parameter |accessyear= ignored (|access-date= suggested) (help)
Retrieved from "https://en.wikipedia.org/w/index.php?title=NProtect_GameGuard&oldid=291548955"