It isn't just GameGuard, there have been a lot of anti hack systems that have dug into places that they shouldn't touch. Same with DRM systems.
Well, as I said, I'm double checking things now, but the fact that it is able to hide the process on 32 bit Windows means that it is likely using one of the major weaknesses in 32 bit Windows. This was fixed with 64 bit Windows by the way.
*Edit*
Well, I seem to have been right. Basically GG derps on 32 bit IMO. After getting a 32 bit version of Windows 7 installed and investigating a bit, I know why there is a difference between 32 bit and 64 bit versions of Windows, and why there will never be a fix for 64 bit versions of Windows. In order to hide the process on 32 bit Windows, it loads in a driver without prompting the end user, patches the Windows kernel so that it doesn't include pso2.exe and gamemon.des in the process list provided by the toolhelp snapshot and reverses that when PSO2 exits. The 64 bit Windows kernel has kernel patch protection, so this is impossible to do (if something attempted it then Windows would bug check) and there is also the fact that 64 bit Windows only accepts signed drivers unless you select that option on the boot menu at every boot.
Anyway, I would be more inclined to send a bug report to Microsoft for allowing a driver to get loaded without the user's consent rather than sending a bug report to GameGuard. After the whole Sony DRM fiasco (which did something similar to what GG is doing) then I always shudder when companies resort to attempting to patch the kernel, and is also why I'm glad that the world is slowly migrating towards x64.
Oh, and as for the hiding of the process actually making any difference, to be honest, I'd say only against the script kiddies. For the time it takes for GG to load, pso2.exe is visible along with its PID. So unless it also patches the kernel so that it also fails for direct requests to open up a process from the PID (which is more dangerous mind you) then it will only really help if the programs you use only allow you to choose from a process list rather than allowing you to enter a PID.
Connect With Us