Use the launcher to get the parameters needed to start the TwelvSky2.exe
You could use process hacker then right click the TwelveSky2.exe process before xtrap fully loads and go properties.
Then you have the commandline arguments to launch the game.
Close the game & Xtrap etc.
Move the xtrap files out of the game directory and load the game in ollyDBG (Or similar debugger eg x69dbg)
Use stealth plugins (Such as StrongOD & HideDBG) to prevent the packer for the exe noticing your debugging.
If game shows a message box about Xtrap or init error you can do this.
Click Pause in debugger.
Then go Debugger execute untill return to user code.
If your debugger does not have that or you cannot find, just put a breakpoint on the retn in MessageBoxW function. (or on the function)
Once a message comes up you can find what called it by looking at the stack, or goto the retn and press F7 to step into.
Then scroll up a little in the CPU window and you would see some code probably like
PUSH
PUSH
CALL something
TEST something
JNZ
verMessageBox
PUSH Message TItle
PUSH Message Content
CALL Kernel32.MessageBoxW
JMP EndOfLoop/KillGame
overMessageBox:
More code...
Your first patch can be in that call or on that test.
I like to do in the call, just change it to
MOV EAX,1;
RETN;
That way it returns true and the jump does not goto the message box and end the game.
Then there will be 2-3 other places to patch in similar or other ways.
And LoadLibrary for the module could be NOP or retn before it even gets to calling it.
And further down in the game loop there may be a check and a message to say hack detected or anti hack not loaded etc might wanna NOP that.
Once your game can run in the debugger just fine without the anti hack running.
You want to make a dll that can apply your patches. See my TSX Client topic, and maybe look at the code of my TSX Client DLL for an example.
Then you could launch the game suspended, inject the dll, resume threads and it would bypass GG in the way you have in olly / your debugger.
Then you can use cheat engine to find stuff like you want
Make signitures for finding memory addresses and put them in your DLL using a signiture scanner like the one i made
.
Then when you want it to work on real server simply don't bypass the anti hack.
With luck it won't detect your DLL file and your hacks will work so long as you don't use any API functions it checks for, dont' detour any code or write to any of the .code sections in the game or modules the game uses.