Generating GameGuard class object
Generate an object of CNPGameLib class as a global variable.
CNPGameLib npgl(“Cube”);
Or, you could just declare the pointer of CNPGameLib class as global and generate it as dynamic later on.
CNPGameLib *pNpgl = NULL;
pNpgl = new CNPGameLib(“Cube”);
At this time, insert the character strings as letters of the constructor. The game name of the above example is Cube.
This character string is a part the file name excluding the extension of the .ini file which is the configuration file. Ex) GameGuard will start initializing when Cube.ini, CNPGameLib objects are being generated.
Processing GameGuard initialization result
Right after the objects of CNPGameLib has been created call npgl.Init() function to process the result of GameGuard initialization.
DWORD dwResult = npgl.Init();
if (dwResult != NPGAMEMON_SUCCESS)
{
... // Refer to the examples below for the methods of handling each error codes.
}
If an object is created dynamically through new, process Init() in the next line.
If the object is created globally, process Init() in the start of a program, such as WinMain().
Make sure to diagnose the return value of Init(), and show the users the appropriate error messages, then close the game. (refer to the examples and error codes later on)
Transferring Game client main window handle
After initializing all graphic, UI related of the game client, transferring of main window handle (HWND) to GameGuard is made.
npgl.SetHwnd(g_hMainWnd);
GameGuard sends the message to the callback function after the window handle has been received.
Recording GameGuard callback function
Callback function is a function that independently handles the messages that are sent by GameGuard.
[c]BOOL CALLBACK NPGameMonCallback(DWORD dwMsg, DWORD dwArg)
{
// Refer to the examples below for a specific embodiment method
}]/c]
Messages such as gamehack detect, speed hack detect, game falsification, GameGuard falsification will be sent as a callback function.
Message box will be printed right before the game ends after processing the closure of the game first.
The reason message box is not printed first is because hackers will be able to easily analyze debugging, using the location as a hint, and the reason the callback function is being called is because the thread is different from the main thread of the game, and therefore, that could let the game continue with the message box left on.
Therefore, record only the message number or message character strings that will be printed later in the callback function, and right before the game is being shut down, show the recorded message after checking whether there are printed items.
When you are continuing with the game according to the callback function message, return TURE, and when you are ending the game return FALSE.
Way to Check whether GameGuard is running while Game is on
Basically, GameGuard communicates with game client whether it is running or not through a secret channel every few seconds, and therefore, if one side shuts down, the other side also become aware of this, and shuts down.
However, in preparation of a low quality debugging, it is good to check whether GameGuard is running by calling npgl.Check() function through timer from many parts of the game.
5-10 seconds is appropriate as checking period.
if (npgl.Check() != NPGAMEMON_SUCCESS) bAppExit = true; // Game ends
Checking if Any Illegal Program Is in Use
When the user ID is informed by npgl.Send() function after logging in the game, the use of illegal program can be confirmed through the user’s log, and the information gathered can be used for further customer assistance. Please be aware that if the user ID is not sent to GameGuard, some GameGuard options will be turned OFF.
npgl.Send(szUserID);
When an illegal program is detected NPGAMEMON_GAMEHACK_DETECT or NPGAMEMON_GAMEHACK_KILLED message is sent through the callback function of the game client.
At this time, npgl.GetInfo() or GetInfoFromGameMon() functions can be used in order to check the process names of the illegal programs inside the callback function.
strcpy(g_szHackInfo, npgl.GetInfo());
If the return value is NULL, the game hack might be a type that the process name cannot be obtained from, for an independent process does not exist.
The usage of illegal programs among the users can be confirmed by transmitting this kind of information to the game server and recording the log along with the user information.
Quote:
Information being returned as GetInfo() can be very useful information for hackers to bypass hack tools. Therefore, please leave out detailed information when the game hack found message is being displayed for the user.
In addition, users using illegal programs can be logged through the following game hack finding callback message.
NPGAMEMON_GAMEHACK_REPORT sends the game client the encrypted information after GameGuard finishes analyzing the hacking tools. When this message is sent to the callback function, the corresponding data will be sent to the server directly in the encrypted form, and can be used as an evidence to stop the certain user through data decrypting in the server. Please refer to sections 4, 5 and 6 for implementing methods.
Log forms can be differentiated through ‘|’ character. Below is the log format.
Hack type|GameGuard version|Date|Hack name|Pattern number|Details|Hack file TimeStamp
GameMon’ Message Types & Handling
- NPGAMEMON_COMM_ERROR – means that the communication with GameMon is disconnected. In most cases, it means an improper closing of GameMon, thus close the game as well.
- NPGAMEMON_COMM_CLOSE –GameMon is closed properly. Close the game, too.
- NPGAMEMON_SPEEDHACK – Speedhack is detected. Close the game with a relevant message.
- NPGAMEMON_GAMEHACK_KILLED- A running gamehack is detected, but successully forced to be closed. Although it is possible to proceed with the game, It is still highly recommended to close the game.
- NPGAMEMON_GAMEHACK_DETECT – Gamehack detected, but could not be closed by GameGuard. Close the game, displaying a relevant message.
- NPGAMEMON_GAMEHACK_DOUBT – Program is suspected to have a Gamehack currently running, or the game or GameGuard file has been corrupted. Display the message saying ‘Close all unnecessary programs and try the game again’, then close the game.
- NPGAMEMON_INIT_ERROR – A failure in initializing GameMon. Print a relevant message with the error code to user, and close the game.
- NPGAMEMON_GAMEHACK_REPORT – Game hack was found, however, operating normally. Game client has sent the received data to the game server and is operating normally.
Explanation on GameGuard library functions
DWORD PreInitNPGameMon(LPCSTR szGameName);
- Initialize the GameGuard
- In case of C++, automatically call from the constructor of CNPGameLib
- Return Value: NPGAMEMON_SUCCESS – Initialization success. Other values – Error code
- Rofer to examples or error codes in chapter 5
DWORD InitNPGameMon();
- Sends the initialization result of PrelnitNPGameMon()
- Same as Init() of CNPGameLib
- Return value: NPGAMEMON_SUCCESS – initialization success, other values – error code
- Rofer to examples or error codes in chapter 5
void SetHwndToGameMon(HWND hWnd);
- Transfer the main window handle of the game client to GameMon
- Same as SetHwnd() of CNPGameLib
- Return value: none
DWORD CheckNPGameMon();
- Check whether GameMon is running
- Same as Check() of CNPGameMon
- Return value: NPGAMEMON_SUCCESS – Running, other values – no GameMon
BOOL SendUserIDToGameMon(LPCSTR szUserID);
- Transfer the user ID to GameMon
- Return value: 0 – failure 1- success
LPCSTR GetInfoFromGameMon();
- Obtain name or information of hacking tools that are detected by GameMon
- Same as GetInfo() of CNPGameLib
- Return value: Hacking tool information character string or NULL
BOOL CloseNPGameMon();
- Close GameGuard
- In case of C++, it will be automatically called from the destructor of CNPGameLib
- Return value: 0 – failure, 1 – success
LPBYTE GetHackInfoFromGameMon(DWORD* dwSize);
- Bring detailed data when NPGAMEMON_GAMEHACK_REPORT message is received.
- Encrypted data(binary) is returned and data size is saved in the sending letters.
- Error 0 is returned if no data is received.