From: on 21 Oct 2009 07:31 nProtectGameMon dwAddrAspr2: %x %x skip 1 byte(%x) dwAddrAspr4: dwMem:%x, aspr4:%x, crc:%x 68: %x %x (%x): %x %x %x %x %x %x %x %x %x skip 1 byte(%x) not skip 1 byte(%x) dwAddrAspr3: dwMem:%x, aspr3:%x, crc:%x e9: %x %x (%x): %x %x %x %x %x %x %x %x %x poly start %x skip 1 btye(0004) Thread32Next Thread32First Module32Next Module32First Process32First Kernel32 NtOpenThread NtQueryObject NtQueryInformationProcess NtQueryInformationThread NTDLL GetModuleFileNameExA EnumProcessModules EnumProcesses PSAPI N/A (security restriction) N/A (error2) N/A (error1) N/A (error3) N/A (error4) usprserv User Privilege Service npggsvc nProtect GameGuard Service hacklog to gl : %s YSOnline ExteelUS Exteel DarkStoryTW DarkStoryHK DarkStoryCN SP1KR WinBaramKRTest WinBaramKR NeoWizGamesKR Aion SPJam FighterStoryKRTest FighterStoryKR WolfTeam VicGame CrossFire LastChaos HanPokerTest HanGoStopTest HanBoardTest HanPoker HanGoStop HanBoard Fez FantaE MonsterH CabalOnline SuddenAttack TalesWeaver Mabinogi ATrix SEGAPSU OrderOnlineA TestGame TestGameRemote KartRider Jianghu TwelveSky OZ GTH DragonGem Trickster Dekaron HanPoker RanOnline MapleStory SilkRoad Rakion NeoSteam Shaiya Rohan NewBaseball DFighter Rose 1003B NineDragons Pangya PSO Muhan Mu Ragnarok Flyff PT2EU PristonTale RYL Lineage Lineage2US Lineage2Test Lineage2 Gersang GunBound Seal === Init Done: %d, ScanWait: %d === RedStoneJP CronousJP SilkRoadJP MuJP 1003bJP CPID: %lu, CTID: %lu ConnectCommPipe fail %lu ReExec mode AdjustPrivilege failed AdjustPrivilege successfully gmse invalid id: %lu %lu argc: %d, argv: %s cmd: %s --- %s version %d : %hs --- GameMon.des NL59NPGL npgm.erl %lu %lu %lu %lu %lu %s %x %x %x ntdll.dll RtlAdjustPrivilege %lu %lu %lu %lu %lu %s %x %x %x %x -service 0411 DFighterJPTest DFighterJP 0412 DFighterTest DFighter 041e RYLCIB 0c09 0809 0409 0412 DekaronTest Dekaron 0804 BattleRohanKRTest BattleRohanKR CronousJP GersangTW GersangJP Gersang MuJP InitNPGM fail FileRawSize: %x CS2.5 GameMon ver : %d CS2: %s * OS: %s, ComputerName: %s, UserName: %s * ----- nProtect GameGuard Log Started ----- hlog.erl sw 0 ws2_32.dll BanOS, %s, %s ParseIni fail safe lc: %x _lclose safe lo: %x _lopen --- Explorer Module --- GameMon Module NQSIm: %x code: %x, %x, %x, %x, %x NQSI2: %x NtQuerySystemInformation ntdll.dll FSD: %d advapi32.dll RK? hntdll: %x, NQSI: %x, %x NtQuerySystemInformation ntdll.dll safe gtc: %x safe vqx: %x NtQueryVirtualMemory VirtualQueryEx safe vpx: %x NtProtectVirtualMemory VirtualProtectEx safe wpm: %x WriteProcessMemory safe rpm: %x ReadProcessMemory safe tpr: %x TerminateProcess safe opr: %x OpenProcess WOW64 Mode!! safe IsWow64Process: %x IsWow64Process sk 0 kernel32.dll sn 0 idp: %d turn off Netizen turn off nProtect Personal with FW TfrmNPMONV nProtect V CreateSEvent fail %d Global\EnxGMSE GAMEMON_DIE_EVENT: %x CreateEvent fail %d Global\EnxNPGM EnxNPGM reboot counter %d CloseGameMon Done EAD %s %lu %s \GameGuard.des UserInfo[%d]: %s turn on Netizen turn on nProtect Personal with FW CloseGameMon Start -- ParseIni done pi6 VirtualPC fail VMWare fail bte fail1 bte fail2 vid \\.\SIWVIDSTART \\.\SICE \\.\NTICE CSIR: %d CSII3: %d CFI: %d pi5 %x nuov %d %d INF HashValue NPEW 1.0 nProtect Enable WPE rdTest gamename not match %s, %s pi4 License Expired! exdate: %d, today: %d 172.20.30. 70.101. chkincops %ld : %ld GGBuilder pi3.5 QATestMagicValue: %08x QA_TEST_MAGICVALUE USE_GGSCAN_CC NO_KILL_NODEVICEP EXPIRE_DATE FLASH_CLICK_ENDING FLASH_SPLASH2 USE_DRV_MESSAGE NO_CHECKOS GID ADPATH OFF_NPPERSONAL_FW NO_USE_DUMP BUILD_GAME USE_SUM USE_PROXY USE_WSP NO_ALT_TAB USE_GGSCAN CALC HWMSCAN NO_DRV_INT1 NO_DRV_DEBUG NO_DRV_FILTER NO_DRV_KERNEL NO_DRIVERSCAN COUNT_LOG_SERVER LOG_SERVER NO_CSAUTH SCAN_WAIT NO_TRAYICON NO_FULLSCAN NO_GATE NO_PHIDE ADMIN_ONLY BLOCK_JOYTOKEY NO_VMWARE NO_SOFTICE GAMECRC SENDLOG SENDERL SPEEDCHECK_FLAG SPEEDCHECK_INTERVAL NO_API_SDI2 API_DC NO_API_VPT NO_API_STH NO_API_LLA NO_API_SDM NO_API_DIO NO_API_SCP NO_API_SWH NO_API_OPR NO_API_SDI NO_API_MSE NO_API_RPM NO_REALTIMESCAN NO_SPEEDCHECK NO_GAMEGUARD NO_UPDATE OPTION_VALUE szGameName not found UNKNOWN GAME_NAME UNKNOWN GAMEMON pi3 Decrypt2 fail %d %d pi2 ini Auth fail %d %lu pi1 ..ini \GameGuard\ ini file not found ini: %s ..ini pi0-2 pi0-1 GetModuleFileName fail %d -- ParseIni GameMon already Exist! GameMon Can't create mutex! %lu MtxNPGM Global\MtxNPGM nusi found2 instdir: %s InstallDir curver: %s Current Version nusi found fi: %d, %x -_Exception in CFI, code: %08x, addr: %08x GetGameLibMutex: %d IAT Hooked. %d == GameHWND Done. GetWindowThreadProcessId fail, pid:%lu, gamepid:%lu GetWindowThreadProcessId fail, %lu GameHWND[%d] : %lu Hook fail DoHookProcessNT, %x pid diff, parent: %lu, arg: %lu pid diff /Session [%d] Closed Fail to create tray icon. %d nProtect GameMon Rev %d COMMPIPE_LOSE, count: %lu, bSend: %lu lt: %d, %d lml: %d, %d, %d dwReqTime: %lu, %lu, %lu NO_CSAUTH gmt: %d, rsmt: %d Csauth's Alterd by hack detect alter value send byungJo %x FIRST AUTH 2 NO_CSAUTH 1 st: %d, acsv CS2 Send: %08lx %08lx %08lx %08lx CS2 Recv: %08lx %08lx %08lx %08lx TricksterTW DarkStoryHK DarkStoryTW dwReqTime2: %lu, %d SEND: %x %x %x %x RECV: %x %x %x %x CS2ERROR: %x %x %x %x pipe callback[%d]: %lu %lu RAC excute time: %d -_Exception in CSAuth2, code: %08x, addr: %08x LocalIPAddress %s !-_- debug: %s !-_- reg: %s eax: %x, ebx: %x, ecx: %x, edx: %x, ebp: %x, esi: %x, edi: %x, eflag: %x !-_- dump: %s %02X !-_- code: %08X, addr: %08X, ctid: %lu SetnSendErl: %s why once info info2 info3 info4 info5 info6 info7 info8 info9 info10 bcc bte virus hack api error ref always _cm desk note ggerl npgma FtpPutFileA InternetCloseHandle InternetOpenA wininet.dll FtpSendErl! DLL TimeStamp %hs ErrorCount %hs SOFTWARE\INCAInternet\nProtectGameGuard\GameMon FtpSendErl npsc.erl %d %lu %d %s npsc why macro detect speed pattern memory _cm desk note npgmaa FtpPutFileA InternetCloseHandle InternetConnectA InternetOpehq wininet.dll FtpSendLog! ----- nProtect GameGuard Log Finished ----- \GameGuard\npgm\%s_%s_%s_%s_%04d_%02d_%02d_%02d_%02d_%02d.%03d FtpPutFileA InternetCloseHandle InternetOpenA wininet.dll \*.* Description SYSTEM\CurrentControlSet\Services\npggsvc -service \GameMon.des %SystemRoot%\System32\svchost.exe -k netsvcs impersonate success -_Exception in MGPA, code: %08x, addr: %08x version %s, %lu, %lu Han MemCrc diff %x, %x crc32file fail %s, %d %d commpipe handle not found CommThread(%x) ID[%d]: %lu AcceptNewSession diff game name, active: %s, new: %s AcceptNewSession fail, diff game name, active: %s, new: %s KAFighterKR KoongyaAdventure Yaburi pid diff: %lu %lu MtxNPGL Global\MtxNPGL Hack object etc GameHack Detect Emergency Block Socket Hooking illegal game dll(by npsc.des) illegal system dll Game Alter(by npsc.des) SpeedHack Hack program(by npsc.des) Hack program Hack driver else hack (msg: %d, arg: %d) etc hack SpeedHack Detect GameHack Kill Check threads(%x): %x Check handles(%x): %lu ObtainSePrivilege success AdjustTokenPrivileges2 fail: %lu AdjustTokenPrivileges1 fail: %lu LookupPrivilegeValue fail: %lu ObtainSePrivilege: %s AdjustPrivilegeRights success scecli.dll 4: %x, 5: %x, 6: %x 1: %x, 2: %x, 3: %x c bad ter repack CurPath RunFlag RunFlag Software\INCAInternet\nProtectGameGuard\GameMon R.C -DAF End %s -DAF %s Microsoft Corporation \VarFileInfo\Translation !lud %-20s %08X %8lu %s - %x %d PaperHK.dll allayer.dll themehelper.dll CloseTestMidiDrv Syncor11.dll xgusb.cpl !da&cf %-20s %08X %8lu %s \GameGuard ntdll.dll !ntt suc !nat %d %x NtSetInformationThread NtQueryInformationThread NtTerminateThread NtClose %s(%s) DirectX 6.0 DirectX 7.0 DirectX 7.0a DirectX 8.0 DirectX 8.1 DirectX 9.0a DirectX 9.0b DirectX 9.0c Version Video Driver(1) : %s, Driver date : %s DriverDate DriverDesc SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE- BFC1-08002BE10318}\0001 Video Driver(0) : %s, Driver date : %s DriverDate DriverDesc SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE- BFC1-08002BE10318}\0000 c:\mslog%ld.cmd c:\mslog%ld_o.txt c:\pagefiIe.sys netstat -n SOFTWARE\Classes\HTTP\shell\open\command creating SM 1 for GSS fail(type %d) %d creating SM 2 for GSS fail(type %d) %d writing SM for GSS success(type %d) %d Icps Global\GameGuardService3 Global\GameGuardService2 Global\GameGuardService |%d|%s|0x%08x| %04d/%02d/%02d %02d:%02d:%02d| Rev %d| KERNEL_HACK| SPEED_HACK| MODULE_HACK| HACK_PROGRAM| INCOPS for Wemade INCOPS for NHN INCOPS for NCSOFT incops20081024wemade%s incops20080918nhn%s incops20070821ncsoft%s Global\incops20070821%d NCSOFT DOMAIN ncsoft.corp NCSOFT DOMAIN for QA Test INCOPS for NCSOFT new chkincops Wemade %ld : %ld chkincops NHN %ld : %ld INCOPS has been detected. Global\PM_ICTRAY Global\EVT_ICATCAL Global\EVT_ICDCMGR CSS, P_A %lu, %s CSS, P_H %lu, %s DAD error4: %s, %d DAD error3: %x, %d DAD error2: %x, %d dump_wmimmc.sys \ \drivers\ Type Start ImagePath ErrorControl dump_wmimmc Try unload first SYSTEM\CurrentControlSet\Services\dump_wmimmc InitGmguardSvcReg : New setup ==> %s \??\%s\dump_wmimmc.sys \??\%s\drivers\dump_wmimmc.sys SYSTEM\CurrentControlSet\Services\dump_wmimmc\Enum CleanGmguardSvcReg Success to NtLoadDriver(), %d Failed[0x%x] to NtLoadDriver() status: %x, Try system32\drivers path. NtDeviceIoControlFile cannot get procedure 'NtLoadDriver' with error code %u NtLoadDriver cannot open library 'ntdll.dll' with error code %u ntdll.dll LoadGGDriver() : %d = %ws Success to NtUnloadDriver() cannot get procedure 'NtUnloadDriver' with error code %u NtUnloadDriver ntdll.dll UnloadGGDriver() : %d = %ws Fail2[%d] to CreateFile(%s) Fail1[%d] to CreateFile(%s) GetDriverVersion(ver:%d, o: %x, lb: %x, ck: %d) SetExcludePid() Fail : IOCTL_GMGUARD_SETPID, %x AddProtectPid(%lu) Fail : IOCTL_GGKERNEL_ADDPID, %x SetDriverEnable() Fail : IOCTL_GMGUARD_ENABLE, %x SetDriverDisable() Fail : IOCTL_GMGUARD_DISABLE, %x Fail : IOCTL_GGKERNEL_GET_DRVOBJECT, %x DoHideProcess(%lu) Fail : IOCTL_GMGUARD_HIDEPROCESS, %x Fail : IOCTL_GMGUARD_HOOKINFO, %x NtWriteFile: %x -> %x NtOpenSection: %x -> %x NtCreateSection: %x -> %x NtDeviceIoControlFile: %x -> %x NtGetContextThread: %x -> %x NtResumeThread: %x -> %x NtCreateThread: %x -> %x NtQuerySystemInformation: %x -> %x NtQueryVirtualMemory: %x -> %x NtProtectVirtualMemory: %x -> %x NtReadVirtualMemory: %x -> %x NtOpenProcess: %x -> %x DoSetSDT(%lu) : %d Fail : IOCTL_GMGUARD_SETSDT, %x CollectSDTInfo failed, %d, %d Fail : IOCTL_GMGUARD_HALT, %x dpm closed ret: %x, %d, %s Fail : IOCTL_GMGUARD_DUMP, %x, %x KernelZwOpenProcess(%lu -> %x) Fail : IOCTL_GMGUARD_OPR %lu, %x ioc: %x %x dcs ch: %x %x Fail : IOCTL_GMGUARD_INOUTCHECK, %x ; ProcessDeleted [PID: %d, PPID: %d] %s Fail : IOCTL_GGKERNEL_GET_PROCINFO, %x ; (%d) %s Fail : IOCTL_GGKERNEL_GET_LOGINFO, %x UnloadDriver() TPkd.sys DigiFilt.sys SysBoot.sys Syser.sys \regsys \filem \win32k.sys [%d : 0x%x - 0x%x - 0x%x] %s NtQuerySystemInformation ntdll.dll NtWriteFile NtOpenSection NtCreateSection NtQueryInformationProcess NtOpenThread NtGetContextThread NtCreateThread NtQuerySystemInformation NtQueryVirtualMemory NtProtectVirtualMemory NtWriteVirtualMemory NtReadVirtualMemory NtOpenProcess kmas: %x kap: %x KeAttachProcess dwSEIP: %x %x dwINIT: offset: %x, size: %x, code: %x iLok \win32k.sys dwKiServiceTable: %x, size: %x KeServiceDescriptorTable -_Exception in TurnOnGGScan, code: %08x, addr: %08x user32.dll kernel32.dll ntdll.dll MACRO4U st end pmap checkpmap %lu %s deamon.exe gameguard.des checkpmemrangei2 %lu, i: %d -_-!!!! HACK_APP_MEMORY_PATTERN checkpmem2%s %lu [%s]:%s, i: %d gscv3 peanut trrunw32 MuNewera checkpmem %lu %s, i: %d pmem i: %lu ggsas end checkpmemrange2%s %lu, [%s]:%s, i: %d gscv2 ggsas start nsp2 end game memory i: %lu checkpmemrange %lu %s, i: %d nsp2 start KartRiderCNTest - second Game Module Scan complete checkpmemrangei2%s %lu, [%s]:%s, i: %d gscv1 - second Game Module Scan start - Game Module Scan complete NEW_GAME_MODULE_PATTERN checkpmemrangei %lu %s, i: %d - Game Module Scan checkpmm: %s, %s %x : %d PtTw OpenKore 2006.02.03 TcpDog _Proxy Termination _TwAddVarRO(a)20 _TwEventWin32(a)16 _TwTerminate@0 _TwGetTopBar@0 TwelveSky CN Macro Out32 Inp32 stabch MHOOK_IsMouseAttached MHOOK_MouseEnd RTX 2006.04.13 GetMobHeight GetMobCoords AreTool 2006.01.06.01 SendPacket \cps.dll _ProxyRecv(a)12 _ProxyDisconnect@4 _ProxyConnect@8 TcpDogUninstall TcpDogInstall injectSelf@4 injectSelf FreeChobit Dummy \iprotect.dll win mu ?KeyboardProc@@YGJHIJ@Z HookUnload Tearayoot @Madcodehook(a)FlushHooks$qqrv AutoDrinkWater QuickQuickQuick InstallHook_Message ZZangMacro UninstallKeyBoardHookingRoutine Tasker macro 2006.12.08 TaskerKeyboardProc ReloadServiceCache boot_Term__ReadKey _boot_Term__ReadKey perl RagnarokJP boot_Socket HookBakery HookBakery.dll JJOL BeginAHunter InstallHook spy HACK_MODULE Rarpwns5 SPY_MEM.dll SPY_IO.DLL spy_sock32.dll GameMaster 2006.05.24 MemBrowse SetupHook Iolo Macro Magic 2006.05.16 EventHook_Stop MouseCounter Sniper 2006.04.18 TVICHW32 DebugCode WinDBG 2006.03.25 DebugConnectWide DebugConnect same upside IsMouseMsg IsKeyboardMsg TrickSterTW macro 2006.03.23 InstallKeyboardHook MouseNeKr Plus 2006.02.02 VK_Press \VirtualDevice.dll MouseNeKr Plus 2006.01.18 UnmapPhysicalMemory \Plus.dll MouseNeKr Plus 2006.02.07 VK_Open VK_Open NeoSteam Macro 1.2 2006.01.07 Load1 \UML.dll GunBound Aimbot lhq gdiPlaySpoolStream \lhq.dll Sleep2macro Get_Pixel2 Get_Pixel aiwork MOUSECLK WRITEPMEM Makjaba Inp32 inpout32.dll QMouse pkeyBoardEx RtnXPosVal QMouse ShutdownWinIo GetPortVal modKore-Hybrid CalcPath_destroy ExitKbdHk NineDragon_Macro DllGetPixel ezmouse EzDriverStart GetData PCWorker PCW_ExitModule PCW_InitModule ?Close(a)CKMC_ClientSocket@@UAEXXZ ?GetFileName(a)CKMC_IniFile@@QAE?AVCString@@XZ LSO LinkDrvMoveLeft LinkDrvMoveUp Broom WritePhMemory GetPhAddress Lamhon lamGetPEProcess lamVQE MiniEngine mamaVQE CheatEngine GetPEProcess VQE WPE RagnarokJPTest SetTargetPid SetLoggingActi TSearch EnumTT4 SpeakString Fake system dll Fgdi %d AngleArc gdi32.dll Fusr %d GetKeyboardLayoutNameA MapVirtualKeyExA Fker %d checkpmm: %s, %s %x SetEnvironmentVariableA CreateFileMappingA GameGuard.des newfix.dll: %lu, %s newfix.dll HACK_MODULE pm i: %s aimbotcore.dll \line2pcb_V; \browsevc.dll \musky.dll \mugscm.dll musockets.dll \ksknight.dll \muhook.dll \pyqj.dll \muhookpy.dll \attacheddll.dll \muboxdll.dll HACK_APP_CONSTITUTION eAPI.fne WinIo.dll card.txt spifilter.dll Systemcallretriever.exe kerneldata.dat Stck.dll CfgMjh.dll kioport.sys Da2.DAT MapAdd.Dat arabic help.txt 1145821196.bin Finger.dat takeitem.ini vmou98.inf VMou.sys UML.exe JSP.dll advapi32.dll ProcessKill.exe Mayday.dll Gloomysunday.dll XTRAPD2.sys qmouse_rohan.exe autoupdate.exe hKeyboard.sys KHook.dll ItemfarmLogin.dll cehook.dll plork.dll dbk32.sys warning2.wav tstdll.dll launch.exe soset.ini linkdrv.dll winio.dll mis gameexp.exe tpt.exe 17617.cer muskyimage.dat musky.ini ksknight.ini ksknight.dll jfmuclient.exe muhook.dll option.ini pyqj.dll base.dll mubox.exe muboxdll.dll muzs.exe gamehook.dll door.zs authenclient.exe mubl.exe attacheddll.dll kmap.ini hookmu.dll komu.ini zntport.sys ntport.dll speeder.ini instructions.txt musockets.dll razor_config.ini zle*.exe msinet.ocx tabctko.dll zlemu.dat drvinstall.dll gasocket.dll ga.dll mugscm.dll unzdll.dll -_Exception in CheckProcesses, code: %08x, addr: %08x -_Exception in CheckProcess, code: %08x, addr: %08x checkpl %lu %s NEGiES found. block. [%d]:%s negies \drivers\Mouclas.sys ZZang macro \drivers\Kbdclas.sys zzangplay.exe checkpv %lu %s \jfmuclient.exe \qijipy.exe \mubl.exe \komu.exe NewScan: %lu, %s, filesize: %lu File does NOT exist, %d, %d, %s N/A \DUSuperControler.exe 17617 FileDescription: %s, %d 17617 \StringFileInfo\%04x%04x\FileDescription ezscript OriginalFilename: %s, %d ezscript \StringFileInfo\%04x%04x\OriginalFilename ProductName: %s, %d automouse automouse \StringFileInfo\%04x%04x\ProductName CompanyName: %s, %d ZleGem ZleGame autoseal plasticphork plasticphork jb's production jb's production Addr: %x, lpData: %x, j: %lu, lpCode: %x, size: %lu Module name: %s XprotEvent Change page protect failed, %d fake gdi %x, time: %x fake user %x, time: %x fake kernel %x, time: %x fake ntdll %x, time: %x GetDC RtlMoveMemory rpm fail: %d, %d, %x, %x lpData: %x, Section: %s, j: %lu, lpCode: %x, dwSize: %lu Too many sections: %d Check kernel modules2 end HIDEN KERNEL DRIVER HACK checkpkernelmemh, addr: %x, base: %x size: %x, image: %S, i: %d [h: 0x%x - 0x%x] %S checkpkernelmemff [%d : 0x%x - 0x%x] %S, %x - %d Check kernel modules2 start KERNEL DRIVER HACK checkpkernelmem, addr: %x, base: %x size: %x, image: %s, i: %d TPkd.sys [%d : 0x%x - 0x%x] %s npkcjpn.sys npkcrypt.sys checkpkernelmemkeysol %s, addr: %x, base: %x size: %x scsk4.sys \\.\npkcjpn \\.\npkcrypt \\.\scsk4 211.233.81. 211.109.5. 211.233.20. 202.30.244. 211.234.122. 211.58.56. 202.31.178. 202.57.111. 10.1.87. 209.67.170. 210.245.86. 206.82.200. 172.16.1. 210.245.21. 202.57.110. 203.141.240. 219.127.138. 220.130.179. 203.66.136. 203.107.140. 218.153.120. 221.148.39. 221.148.38. 121.254.252. 112.175.192. 124.109.145. 81.211.86. 89.249.27. 61.215.119. 216.107.242. 172.31.30. 216.107.242. 216.107.244. 206.127.155. 206.127.145. 116.68.143. 116.68.136. 172.24.0. 61.90.252. 10.220.3. 203.70.16. 61.215.117. 192.168.30. 210.51.41. 61.138.176. 61.152.151. 222.231.15. 222.231.15. 112.175.193. 112.175.192. 172.31.27. 172.31.22. 216.107.243. 202.80.108. 61.215.117. 70.1.0. 70.100.0. 172.20.2. 222.231.14. 210.208.86. 172.23.1. 211.13.226. 63.110.21. 64.92.129. 203.239.51. 210.122.63. 210.208.82. 210.200.157. 210.122.63. 210.0.233. 211.13.227. 61.55.138. 211.90.118. 220.168.28. 218.1.72. 61.40.243. 211.13.241. 61.215.222. 211.13.228. 211.13.235. 211.13.232. 61.215.214. 61.215.212. p %s 200.229. 93.90.176. 202.159.139. 202.8.162. 202.159.160. 59.188.22. 70.86.142. 70.86.159. 10.0.0. 61.219.19. 203.161.228. 131.107.115. 58.120.226. 203.81.59. 10.10.3. 10.10.2. 60.28.19. 218.30.90. 222.73.246. 222.73.1. 218.153.7. 192.1.3. 84.203.140. 72.172.238. 38.112.58 38.99.82 38.99.100. 195.59.138 195.27.0. 203.195.98. 202.57.108. 58.64.24. 69.90.214. 211.39.132. 203.69.140. 125.5.127. 211.33.142. 64.79.126. 64.147.162. 64.127.103. 61.129.32. 61.74.62. 218.145.66. 211.54.74. 200.189.184. 61.74.68. 208.85.108. 211.218.233. 218.83.152. 123.234.4. 121.14.15. 222.73.209. 222.73.1. 10.103.147. 10.100.147. 222.73.1. 192.168.5. 218.83.152. 210.180.66. 222.122.59. 222.122.133. 220.90.205. 218.153.7. 220.90.205. 61.78.52. 10.10.30. 218.153.7. 222.122.133. 211.219.167. 222.122.223. 222.122.222. 222.122.59. 91.202.203. 212.162.7. 220.90.205. 218.145.45. 218.153.7. 211.218.231. 125.141.210. 10.10.150. 10.10.100. 220.90.204. 38.119.66. 38.144.194. 211.171.255. 222.233.53. 222.122.11. 221.139.107. 221.139.104. 221.139.48. 218.50.7. 211.233.86. 211.233.84. 211.233.76. 211.233.73. 211.233.72. 211.233.42. 211.233.41. 211.233.40. 211.233.10. 221.139.107. 211.39.150. 211.39.147. 211.39.137. 211.39.136. 211.39.135. 211.39.133. 210.181.96. 121.254.164. 121.156.67. 121.156.53. 121.78.65. 116.193.88. 116.193.84. 58.120.224. 211.189.29. 121.253.14. 60.28.26. 211.152.39. 125.211.127. 121.9.214. 221.7.13. 202.57.110. 202.57.111. 211.55.81. 218.145.66. 61.74.68. 218.153.7. 218.145.45. 220.90.205. 210.101.84. 211.218.235. 210.101.85. 210.166.229. 202.131.203. 124.109.145. 61.215.119. 61.117.168. 61.215.119. 121.254.252. 211.43.201. 222.122.29. 210.51.28. 93.90.20. 93.90.19. 77.240.114. 217.116.19. 93.90.19. PROXY HACK SUSPICION %s:%d, %s:%d RagnarokBR hk %s MabinogiTest MabinogiKR TwelveSky NanaimoKR WarRockKR LuniaKR 121.253.66. ||above xp initialize error #4 ||above xp initialize error #3 ||above xp initialize error #2 PROXY HACK SUSPICION %s:%d, RSVPSP.DLL WSPIRDA.DLL S5IMPL.DLL PROXY HACK DETECT %s:%d proxy bypass 2 proxy bypass local RagnarokJP proxy bypass RagnarokBR RYLHK GunBoundBR CTRacerCN GunBoundLT TwelveSky CAKRTest CAKR NanaimoKR WarRockKR LuniaKR allow only MapleStory98 / ip: %s, port: %d DekaronCNTest DekaronCN allow only Rakion98 / ip: %s, port: %d Gateway : %s wide subnet mask 255 Subnet Mask: %s Local IP: %s AllocateAndGetTcpExTableFromStack GetTcpTable GetExtendedTcpTable \iphlpapi.dll closesocket getpeername getsockname inet_ntoa ntohs \ws2_32.dll GetIpAddrTable Iphlpapi.dll -_Exception in PrintTable, code: %08x, addr: %08x proxy hack AkumaEngine sejthyperscansettings funny target L2Walker Mutex MutexToL2Walker NineDragon Mutex NineDragon 2.1 Sniper mutex GIS_Sniper keybat mutex mtxKeyBat QMacroNE Running qmacro mutex QMacro Run once neotex event Neotex mnk event MouseNeKr rgb event GBbyFRK sang CE event Global\sang3 zenos CE event Global\zenos3 CE53 event Global\DBKProcList53 CE52 event Global\DBKProcList52 CE51 event Global\DBKProcList51 CE50 event Global\DBKProcList qmacro event QMacroGetColorEvent driver: NetPeeker.sys \\.\NetPeeker driver: MoosePM(new) (GB) \\.\MooseKM driver: kylixM (jamilah) driver: MooseKOPM (GB) "\\.\MooseKOPM \\.\moukb driver: jamilah driver \\.\jamilah \\.\CEDRIVER52 driver: hwinterface \\.\EZMOUSE \\.\TCLOCK driver: dbkdrvr \\.\DBKDRVR driver: mnk \\.\df_kbd driver: GAMEAUTO \\.\GAMEAUTO driver: MOUHOOK \\.\MOUHOOK driver: KBDHOOK \\.\KBDHOOK driver: MOUINP \\.\MOUINP driver: winspeeder \\.\BDCK driver: WINIO \\.\WINIO driver: KMCTRL \\.\KMCTRL driver: zlegame \\.\ZLEGAME driver: TKITSPY \\.\TKITSPY -_Exception in CheckHack, code: %08x, addr: %08x ezmouse ezhook ezhook DragonFarm macro C:\Program Files\ND ..AreTool portion portion neoauto uMutex kwon Engine kwonhyperscansettings zenos Engine zenoshyperscansettings Kaspersky Engine Cheat Engine CEHYPERSCANSETTINGS _NEO_AUTO_MAP_ NeoSteamMacro folder C:\Program Files\NeoSteam Macro EzMouse folder Makjaba folder MouseNekr Plus folder C:\Program Files\PlusMouseNeKr Sleep2(NineDragon) folder C:\Program Files\Indy21\NineDragon Portion folder Qmouse folder C:\Program Files\Qmouse sangok folder C:\Program Files\SANGOK mousenekr folder C:\Program Files\MouseNeKr gameauto folder C:\Program Files\GameAuto zlemu folder C:\Program Files\ZleGAME\ZleMU -_Exception in CheckHackOnce, code: %08x, addr: %08x %ld : %s SetHackInfo : addr %x cHT[%d] AF[%x] idx[%d] TS[%x] dT[%d] wT[%d] CSA [%x] aT[%x] cD[%d] %s:%s DragonicaTW CATW hook: %x %x %02x %02x %02x %02x %02x BeginPaint GetWindowDC GetDCEx GetDC PostMessageA SendMessageA mouse_event keybd_event GetWindowThreadProcessId SetCursorPos SendInput PostMessageW user32.dll DebugActiveProcess TerminateProcess VirtualProtectEx VirtualProtect TerminateThread SuspendThread OpenProcess ReadProcessMemory WinExec LoadModule CreateProcessA MoveFileW GetProcAddress LoadLibraryExW CreateProcessInternalW CreateProcessW kernel32.dll BeginPaint GetWindowDC GetPixel GetDCEx GetDC StretchBlt BitBlt gdi32.dll GetProcessHandle fake faild, pid: %lu, opened pid: %lu Read HackRecord: %d BagMDI Software\Microsoft\Windows\ShellNoRoam\MUICache period dll i: %d checkpmmr %lu %s, i: %d UnCrypt Crypt CalcRouteByCandOutmap CalcRouteByC CalcChecksum test2 test1 RagnarokJPTest Can't get image base: %x kernel32.dll GetModuleHandleA WSP rename failed: %d WSP copy failed: %d _ WSP not found def file: %s \msafd.dll \mswsock.dll WSP not found: %s WSP: %s WSP doubt2! WSP can not normalized! WSP normalize 2 %SystemRoot%\system32\msafd.dll WSP normalize WSP doubt1! WSP can not normalized! WSCWriteProviderOrder WSCGetProviderPath WSCEnumProtocols WSP restore 2 WSP restore WSP restore file failed %s_ SuspendProcess [%ld]:%s threaddemo.exe Aion Lineage2 Lineage2JP Lineage2us lgdcore.exe checkpWnd CE !!!! [PID: %d] a:%d | b:%d, %d, %d | c:%d, %d, %d | d:%d | e:%x checkpWnd CE !!!! [SizeDoubt3] x: %d, y: %d Change Offset: game trainer ValueChangeForm TStandAlone checkpWnd CE !!!! [SizeDoubt2] x: %d, y: %d TPUtilWindow F0rm AdvancedOptions TMB ProcessWatcheh TFormDebugStrings Puma Engine(CE) 3.0 Engi For Rev 10 Revolution Engine(CE) 5.3 ti0n Engin luti Rev VE 5.BY Vicious Engine(CE) 5.0 Vicious Engine Cheat Engine set Process watcher Blorb Slayer Engine(CE) Blorb Slayer TTrainer2 TMemoryBrowser Next Scan First Scan Fast Attack Speed Attack SpeedHack Hyper Scan Cheat Engine checkp calc pid :%d, style: 0x%x, Window: %s Class: %s checkp calc kill pid :%d, style: 0x%x, Window: %s Class: %s Desktop User Picture CiceroUIWndFrame CiceroUIWndFrame Button CiceroUIWndFrame tooltips_class32 SysShadow SysFader calc normalize checkpwndonce: %s, %s Rootkit Unhooker XueTr SS CE AddKernelPatch: bRet: %d, PatchAddr: %x, PatchSize: %x, dwWrite: %x RestoreKernelPatch: bRet: %d, PatchAddr: %x, PatchSize: %x, OrgCode: %x, dwWrite: %x -_Exception in DisplayApiCode, code: %08x, addr: %08x %s: %02X %02x %02X %02X %02X %02X %02X %02x %02X %02X LAC oIGG AHResult: %x, %s peanut, parent: %lu LAC IGG AHResult: %x, %s HookProcess: pid: %lu Rehooked. %lu CopyFile Fail %d, %s npggNT.des InitGameHook fail, bFail: %d, dwSuccess: %d, dwFail: %d Fail[%d] SetDriverEnable() -- InitGameHook Done. InitGameHook bte fail version fail %d procinfo: %x, %x, %x prena0 prenoop procinfo: %x, %x, %x Init Failed. LAC IGG Success not loaded. load now Already loaded. LAC IGG Success?? NATIVE SYSTEM PROCESS, %s, skip -- InitGameHook Oncemore InitGameHook fail, bFail: %d, bSuccess: %d Init Already. Init Failed. Init Failed. old LAC IGG Success exp fail next: %x free fail %d AllocationBase: %x not enough memory? try once aga\M rfl: %d FreeLibrary procinfo: %x, %x, %x LAC IGG AHResult: %x, %s GameHook: Hooking %lu='%s' .. NATIVE SYSTEM PROCESS, %s, skip N/A, %lu, %s, %x OpenProcess %lu fail, %lu Shstat Process, %s, skip Slsvc Process, %s, skip Game Process, %s, skip GameMon Process, %s, skip DoHide failed ssm but setSDT fail ss NtIce sacs: %x, %x, %x, %x %x, %x GGDrv loaded. Fail[%d] SetHookInfo() NtDeviceIoControl GetWindowDC GetDCEx GetDC NtWriteFile NtOpenSection NtCreateSection NtQueryInformationProcess NtOpenThread NtGetContextThread NtResumeThread SendInput Fail[%d] SetExcludePid() ver: %d GGDrv version: %d, o: %x Admin Only Limited Account Fail[%d] GmguardStartDriver() now try to load ggdrv Admin Account RtlAdjustPrivilege NtResumeThread: %x NtQuerySystemInformation: %x LdrGetDllHandle: %x NtOpenProcess LdrLoadDll NtProtectVirtualMemory NtResumeThread NtQuerySystemInformation LdrGetDllHandle ntdll.dll send ws2_32.dll LoadLibraryExW Kernel32.dll user32.dll driver: KLIF \\.\KLIF Rav driver \\.\BaseTDI ezktecas driver \\.\EZKTECAS prevx1 driver \\.\pxfsf ghostsec driver \\.\Ghostsec jamilah driver \\.\jamilah za driver \\.\vsdatant ssm driver \\.\MCNAHook procguard \\.\procguard NPGG_MUTEX: %x MtxNPGG Global\MtxNPGG g_dwAudiodgPID: %lu ShstatPID: %lu, %s \shstat.exe SlsvcPID: %lu, %s \system32\slsvc.exe CsrssPID: %lu, %s LsassPID: %lu, %s \system32\lsass.exe SmssPID: %lu, %s ClonePID: %lu, %s CloneFile: %s DLL HashValue 3 auth fail %s, %d %lu HOOKSDLL: %s not found hookdll, %s npgg9x.des DLL HashValue auth fail %s, %d %lu gamemon: %s GetModuleFileName fail %d -- InitGameHook -- CloseGameHook Done GGDrv Unloaded SetSDT recover: %d Terminate Game, terminate: %d -_Exception in UnloadGameHook, code: %08x, addr: %08x Fail[%d] SetDriverDisable() -- CloseGameHook Start -- UnloadGameHook Done CloseGameHook fail, bSuccess: %d GameHookH: Unloading %lu='%s' .. ULM AHResult: %x, %s still present. Try once again. Unload Success strange error! LAC CGG AHResult: %x, %s Close Failed LAC CGG Success GameHook: Unloading %lu='%s' .. Admin Account RtlAdjustPrivilege -- UnloadGameHook SetGameHook fail, bFail: %d, bSuccess: %d -- SetGameHook Done. SetGameHookH: %lu='%s' strange error! LAC SGH AHResult: %x, %s Failed. SetGameHook: %lu='%s' NATIVE SYSTEM PROCESS, %s, skip RtlAdjustPrivilege -- SetGameHook: %x, %lu, %x, %x Check reg fail: %lu RegCrc diff %x, %x SOFTWARE\INCAInternet\nProtectGameGuard\Update failed to close current registry hive Fix api: %s vpe fail: %lu wpm fail: %d, dwWrite: %d, %lu diff %08x, %02x, %02x -_Exception in OverwriteDll, code: %08x, addr: %08x OWD: %d %d %d %d ws2_32.dll advapi32.dll kernel32.dll ntdll.dll owc fail %d owc fail %d - diff: %s %x owc fail %d diffIAT %08x, %02x, %02x ImageBase diff: mem: %x, file: %x TimeStamp diff: mem: %x, file: %x SizeOfImage diff: mem: %x, file: %x Bad SectionHeader MDOI: %s MDO: %d %d %d %d advapi32.dll %10lu %s PID Process Name --- Process List --- ReadSMThread end KERNEL MODE DETECT Global\dump_wmimmc_event8 Global\dump_wmimmc_event9 dwLen >= SM_MAX_SIZE-4, %lu (SH- : %s cgc fail %d, %d Global\EnxNPGL /NewSession, %lu, %s *** SpeedHack Detect *** ApiCheck %d *** Hack Detect *** ModuleCheck %d SpeedCheck hackinfo message %lu, %hs SpeedCheck erl message %lu, %hs SpeedHack! Rescan, %lu checkpmapre 3 time fail %lu checkpmemrangei2 %lu, [%s]:%s, i: %d gscv0 0412 checkpbackdoor hzdll found :( %lu, i: %d checkpmemrangei %lu, i: %d psapi.dll GameGuard.des push Ctrl+Alt+Del, close taskmgr NewProcess, %lu CCP fail pid: %lu, Parent: %lu, PrevParent: %lu Check PID, %lu, ^%lu, m: %lu, g: %lu Hook Error, %lu NewScan Twice pid: %lu NewScan Once pid: %lu 1003B pass draw failed fk ttggtt4 -- InitNPGM Done Run gmt: %x NPGE ProtectionLevel: %d NPGECMCW Game Process not exist Can't Load GG SCAN, %d, %lu ggscan hash fail DLL HashValue 2 Mismatched a ggscan version. %ld --- ggscan.des revision: %d --- auth fail ggscan.des, %d %lu ggscan.des not found \ggscan.des ReExec wait succb_V ReExec wait success, hook now ReExec wait fail RE EPF %d %d ODI: %x em %x ntdll.dll kernel32.dll ReExec, GameProcess is inited. fail! %x bgg%d ScanThread(%x) ID: %lu CreateThread fail ScanThread, %d GameMonThread(%x) ID: %lu CreateEvent fail MonThread, %d CreateEvent fail ScanThreadDone, %d CreateThread fail ReadSMThread, %d CreateEvent fail hReadSMDieEvent, %d NPGG_SHAREDMEM: %x InitNPGM: Can't create sharedmem! %d SmxNPGG Global\SmxNPGG GGSM_MUTEX: %x InitNPGM: Can't create mutex! %d MtxGGSM Global\MtxGGS2 Limited Privilege reggmns: %lu Admin Privilege NtGetContextThread RegisterServiceProcess -- InitNPGM CloseNPGM Done Try to turn off npscan --- Explorer Module --- GameMon Module Terminate MSThread \Microsoft\Internet Explorer\Recovery\Active Terminate MonThread Terminate ScanThread lol98 UserInfo[%d]: %s CloseNPGM -- InitNPSC Done InitSpeedCheck fail, %d auth fail npsc.dll npsc: %s npsc.des -- InitNPSC Start CloseNPSC done Kill process fail %lu, %d Kill process %lu Hard kill: %lu kernel32.dll ExitProcess inproc, UnRegisterHook: ret: %lu inproc.dll UnRegisterHook hook.dll UnHookAPI9x SetGameHook no api swh: %lu File not found Scan ProcName: %s N/A Scan pid: %lu -_Exception in GetWindowList, code: %08x, addr: %08x Thread32Next Thread32First Module32Next Module32First Process32Next Process32First CreateToolhelp32Snapshot !!! ProcessCount %d audiodg.exe VMwareService.exe explorer.exe !%-20s %5lu %5lu %3ld !Process Name PID Threads Priority GBL %d !%-20s %08X %8lu %s Run st: %x auth fail npgmup.dll npgmup.des version fail ScanThread scan done Check processes Check kernel modules Check hack Check hack once ScanThread Started QueryDP, hPort: %x rsl Fsd: %d QuerySKD: %x QueryDP, hMyPort: %x pidp th dwOption changed: %x mt end npsc cgcd fail %d cgc fail %d cgcd fail %d %s Game's SID [%d]: %d SID: %d Game Process not exist can't received NPM_COMMPIPE_PID [%d] CREFC: HDR CREFC: %d %s %x %x %x %x %x NPGEAE doesn't enctypted? gamecrc[%d]: %x %x gamecrcsc[%d]: %x %x dwFileCrc[%d] recorded: %x NPGECMCW success, %s %x %x 3 unpacked? 3 unpacked? %x %x 3 unpacked? %x gamecrcpc[%d]: %x %x, size: %x d unpacked? %x unpacked? %x gamecrcpc2[%d]: %x %x, size: %x wb ..dat dwNum is too large: %x Enc is zero, filesize: %lu Num: %x, Enc: %x, %x, dwSkipArrayOffset: %x ..rdata (%s) ts: %x, %x ..bak ..text ..textbss gamecrc3[%d]: ok NPGEClient lac GMH fail: %x, %d cgcd file not found cgcd end, ret: %d %ld SpecialForce game client altered. SpecialForceKR cgc end, ret: %d %ld cgc start %lu cgcd start %lu %s get version failed. GameGuard Folder Ver: %d, Game Folder Ver: % copy ini failed GLE: %d copy ini file success ...\%s.ini copy GameGuard.des failed GLE: %d copy GameGuard.des success ..ini GameGuard.des version low, copy it. game folder: %d, GameGuard folder: %d cgcd fail %d, %d PlayGame.dll Core.dll core.dll engine.dll DataPool.dll XmlScript.dll CrySystem.dll Game.dll CRes.dll d3d9.dll d3dx9_29.dll CShell.dll SeData.dll engine.dll entitiesmp.dll BOMB!!!!!!!!!! Fail GTS path: %s, pBaseOfFile: %08x, dwSize: %08x, pIDH: %08x, pIDH- >e_lfanew: %08x GAMEHACK RND GAMEHACK DOWN KERNEL DETECT GAMEHACK DETECT GAMEHACK REPORT GAMEHACK ACTIVTE TIME OUT -_Exception in creating a process, code: %08x, addr: %08x, szIEPath: %s ie terminated Run IE Fail for connect[%d] : %s iexplore.exe Adpath sended: %s np*.tmp undef AnGunHapZa_2009.03.17 ZIZONAuto_2009.04.27 BlackBox_2008.02.22 IKan153_2007.01.31 Revolution_2006.11.07 Autostick_2006.11.07 Autonara_2006.11.07 useless: %d BlackBox_2008.03.28 ATplay_2009.04.06 checkp HWM found: %x %x %x %x CM_Get_Parent CM_Get_Sibling CM_Get_Child CM_Get_DevNode_Registry_PropertyA CM_Locate_DevNodeA \cfgmgr32.dll \setupapi.dll : [Port%d] \\.\HCD%d
Pages: 1 Prev: an oracle paradox Next: Proof of Cook's Theorem in Unary |