:D cool although ide stay away from python if I was you, use Visual C++ its free. get 2008 if you can.
The mult client is in my TSXClient thread now ill quote it for you here though
Quote:
Multi Client
This one is something a lot of people want, heres how to do it.
First of all we need to run the game before we run it in ollydbg.
We then run the game in ollydbg so that we can see the message box text that pops up saying the window is already open. When the messagebox pops up we take note of the text and search for it as a referenced string find where its referenced scroll up and patch the conditonal jump.
We can find alot of strings actually like the same format. They are all initilization errors. Which we can look at the code around them to find out alot more about the game. Patching it to allow custom items database is along these lines of the item init error. Anyway
Double click [Error::FindWindow()] in the referenced text strings list in ollydbg
We see this code
Code:
00403ABE |. 85C0 TEST EAX,EAX
00403AC0 |. 74 3D JE SHORT 00403AFF
00403AC2 |. 68 00100000 PUSH 1000
00403AC7 |. 68 B4065600 PUSH 005606B4 ; ASCII "TwelveSky2"
00403ACC |. 68 DC075600 PUSH 005607DC ; ASCII "[Error::FindWindow()]"
00403AD1 |. 53 PUSH EBX
00403AD2 |. E8 82C6B002 CALL 02F10159
The conditional jump we wanna patch is the only jump there convnient change it to a JMP instead of JE
The code will now jump down under that area. Note we cant use this on this run of the game because the messagebox has already been called and the game will terminate. but what we can do is copy the address above our jump and set a hardware breakpoint on it the next run will hit it and we can make our change to see if it works. The DLL can apply the patch for us later when we code it in.
To make the HWBP right click the TEST EAX,EAX line and click Breakpoint then Hardware, On Execution
Stop the game and restart it keeping the first instance running.
Make the patch in ollydbg when breakpoint is hit then continue running with F9
You can remove the HWBP after patching if you want by clicking Debug Breakpoints and remove or right clickign the line and removing the breakpoint in the breakpoints menu.
SUCCESS two windows of the game.
[Only registered and activated users can see links. Click Here To Register...]
So we now have to make a signiture for this and apply the patch in our dll.
I will do this later.
|
So you can make a signiture for it like I have done for another thing on that post and do it in the DLL very easily.
My
[Only registered and activated users can see links. Click Here To Register...]
Go nuts I guess :)
As far as duping goes it looks like their fix is to include some numbers that the client must send to server when loging into world server / doing a zone change. So rather than knowing somones username and char name and slot you might also have to know those numbers. I havent found them in memory yet or know if my theory is true. Compare two zone change packets with the packet id 0B for Login to see what is sent. If the values ar e the same then ollydbg the send for that packet before its encrypted on another client and put in the values, if it works Dupe!
Thanks for using our stuff :D