elapidd82 wrote:Thank you Admin and 3cmSailorfuku. Let me take a step back and ask you this question then.
Instead of taking such an ambitious step, what if I only target a low end GG license, where as 3cmSailorfuku said doesn't detect changes in memory or loaded modules", do you think which way would work :
1. detour
2. check to see if codes for winapi functions such as postmessage are changed, if they are changed, i can try to revert the code back :
DWORD DLLFunc = (DWORD)GetProcAddress( LoadLibraryW(L"User32.dll" ), "PostMessageA" ) + 5;
__declspec(naked) BOOL WINAPI PM(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)
{
__asm
{
mov edi, edi
push ebp
mov ebp, esp
jmp dword ptr ds:[DLLFunc]
}
}
You are taking it too far already, what you are attempting won't be a generic bypass, it has to be adjusted to each release, subversion and game executable you wan't to have GameGuard bypassed (Where you will get stuck with ASProtect as in your example). The admin explained already that it is a very complicated and tiring task.
If its a budget level license, you could just load your dll as a library into the game, this worked many times in the past already and still does.
And I believe a VTable hook won't be detected by GameGuard ever unless the file gets reported.
In your case you can't simply deny or revert the "code changes" GameGuard does, it will most likely quit the game. Worked in the past though, you could reserve various functions without GG going all bitchy on you. Anyway, you have to use GameGuards trampoline function and detour your function into it, making GameGuard believe everything still works according to plan heahhehhae.
But yeah, there are hundreds of ways, maybe you can figure yourself something out but this is as far as my knowledge goes.