Prevent GameGuard from Loading

Coding
1

First off let me say that this will disconnect you after a certain amount of time!

  1. Load sro_client.exe into OllyDbg
  2. Right Click → Search For → All Referenced Text Strings
  3. In the new window Right Click → Search for text
  4. Search for ‘GameGuard’
  5. Look for something similar to this
007F1E6A     56                                    PUSH ESI
007F1E6B     FFD5                                  CALL EBP
007F1E6D     50                                    PUSH EAX                                                                                           ; kernel32.BaseThreadInitThunk
007F1E6E     56                                    PUSH ESI
007F1E6F     68 9888D400                           PUSH sro_clie.00D48898                                                                             ; ASCII "GameGuard"
007F1E74     FFD5                                  CALL EBP
007F1E76     50                                    PUSH EAX                                                                                           ; kernel32.BaseThreadInitThunk
007F1E77     68 9888D400                           PUSH sro_clie.00D48898                                                                             ; ASCII "GameGuard"
007F1E7C     68 01000100                           PUSH 10001
007F1E81     68 00040000                           PUSH 400
007F1E86     FF15 E0D1CF00                         CALL DWORD PTR DS:[<&kernel32.CompareStringA>]                                                     ; kernel32.CompareStringA
  1. Go to the address of ‘GameGuard’ in the dump window and change it to GameGuar2
  2. Save the EXE by copying the changed byte and right clicking and choosing Copy to executable
  3. Load the saved EXE into olly and repeat steps 2 through 3
  4. Now this time search for ‘n_protect.dat’. You should see something like this.
00AC9C40     8B4424 04                             MOV EAX,DWORD PTR SS:[ESP+4]
00AC9C44     68 3CD7D600                           PUSH sro_clie.00D6D73C                                                                             ; ASCII "config\\n_protect.dat"
00AC9C49     A3 E0110701                           MOV DWORD PTR DS:[10711E0],EAX                                                                     ; kernel32.BaseThreadInitThunk
00AC9C4E     E8 2DFDFFFF                           CALL sro_clie.00AC9980
00AC9C53     83C4 04                               ADD ESP,4
00AC9C56     8D4C24 04                             LEA ECX,DWORD PTR SS:[ESP+4]
00AC9C5A     51                                    PUSH ECX
00AC9C5B     6A 00                                 PUSH 0
00AC9C5D     6A 00                                 PUSH 0
00AC9C5F     68 509BAC00                           PUSH sro_clie.00AC9B50
00AC9C64     6A 00                                 PUSH 0
00AC9C66     6A 00                                 PUSH 0
00AC9C68     A3 C0110701                           MOV DWORD PTR DS:[10711C0],EAX                                                                     ; kernel32.BaseThreadInitThunk
00AC9C6D     FF15 94D1CF00                         CALL DWORD PTR DS:[<&kernel32.CreateThread>]                                                       ; kernel32.CreateThread
00AC9C73     A3 DC110701                           MOV DWORD PTR DS:[10711DC],EAX                                                                     ; kernel32.BaseThreadInitThunk
00AC9C78     33C0                                  XOR EAX,EAX                                                                                        ; kernel32.BaseThreadInitThunk
00AC9C7A     C3                                    RETN
  1. On the line where it says ‘n_protect.dat’ you want to modify it by press space on that line and typing ‘RET’ and hitting enter
  2. Right click on the main OllyDbg disassembly window and choose Copy to executable → All modifications → (New window appears) Copy all
  3. Right click on the new window → Save file
  4. You got the rest
2 Likes