| View previous topic :: View next topic |
| Author |
Message |
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
 Posted: Tue Aug 19, 2008 1:45 pm Post subject: GameGuard Problem |
 |
|
| When ever you force quit gg or something like that it prevents you from running any more processes. So How do you prevent that>
|
|
| Back to top |
|
 |
lurc
Grandmaster Cheater Supreme
 Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Tue Aug 19, 2008 1:47 pm Post subject: |
|
|
It's because GameGuard crashed and its hooks are still in place.
_________________
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Tue Aug 19, 2008 1:48 pm Post subject: |
|
|
Great SO I have to unhook those hooks too if I were to crash it? O.o
Edit: That doesn't explain why I can open processes when gameguard is still alive normally.
|
|
| Back to top |
|
|
sponge
I'm a spammer
 Reputation: 1
Joined: 07 Nov 2006
Posts: 6009
|
| Posted: Tue Aug 19, 2008 2:19 pm Post subject: |
|
|
its because you did something bad when gg's hooks are still in place. once that happens you can't open any processes. so if you do anything "bad", gg will refuse to let you open any processes.
_________________
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Tue Aug 19, 2008 4:31 pm Post subject: |
|
|
| sponge wrote: | | its because you did something bad when gg's hooks are still in place. once that happens you can't open any processes. so if you do anything "bad", gg will refuse to let you open any processes. |
All I did was terminate GameMon.des Thats not so bad is it?
|
|
| Back to top |
|
|
rapion124
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Mar 2007
Posts: 1095
|
| Posted: Tue Aug 19, 2008 7:55 pm Post subject: |
|
|
GG's process hooks work like those of an anti-virus. The driver intercepts all process creations via PsSetCreateProcessNotifyRoutine, allowing the driver's function to be called whenever a process is created. The prototype is this:
| Code: |
VOID
(*PCREATE_PROCESS_NOTIFY_ROUTINE) (
IN HANDLE ParentId,
IN HANDLE ProcessId,
IN BOOLEAN Create
);
|
It passes the PID to GameMon.des and waits for GG to check the process's info against its blacklist. But, because you terminated GG's usermode process, all processes that are created aren't created because they're waiting for GG's "approval."
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Wed Aug 20, 2008 9:33 am Post subject: |
|
|
| Is it possible to simulate that connection? Or do u just have to terminate the driver?
|
|
| Back to top |
|
|
linden
Master Cheater
![]() Reputation: 0
Joined: 10 Mar 2006
Posts: 319
|
| Posted: Wed Aug 20, 2008 12:15 pm Post subject: |
|
|
You can remove all CreateProcessNotifyRoutines by doing this:
| Code: |
for( ULONG i = 0x80000000; i < 0xFFFFFFFF; i++ ){
PsSetCreateProcessNotifyRoutine( (CREATE_PROCESS_NOTIFY_ROUTINE)i, TRUE );
}
|
But I believe you still have to do some work at usermode level, because GG hooks usermode CreateProcess/CreateProcessInternal/CreateProcessWithLogon APIs too.
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Wed Aug 20, 2008 1:10 pm Post subject: |
|
|
| Trampoline over the 5 bytes and your ok. SO Im gonna try that.
|
|
| Back to top |
|
|
Barack Obongah
Master Cheater
 Reputation: 0
Joined: 11 Feb 2007
Posts: 435
Location: The white house with my finger on the button
|
| Posted: Wed Aug 20, 2008 1:37 pm Post subject: |
|
|
| just restart. and close GG normal.
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Wed Aug 20, 2008 2:21 pm Post subject: |
|
|
| lol how? you cant reopen gg the only way is to restart comp.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
