[Guide] Finding address for multiclient

Page 1 of 4 1 23 Last »
07/14/2011 09:45 s4lly#1
1.Open CheatEngine

2. Open game.exe process

3. Memory view

4. Search (array of) byte
33 DB 3B C3 89 44 24 28

5. note the address

6. add 4bytes to the adress

7. Your Done

to put i multiclient.ini

[SETTING]
ADDRESS=0x00468EEA



those who wanna make their own multiclient loader can use the following snippet and implement it into their current coding..

PHP Code:
        //---MultiClient
        static string sig_multi "33 DB 3B C3 89 44 24 28";
        static string mask_multi "xxxxxxxx";
        //---MultiClient
        uint multi_client HomeGrown.Hacking.dwFindPattern(pr0x401000sig_multimask_multi)+4

writememory multi_client,&hEB20 
Then the check is skipped



Hope you can use it
07/14/2011 14:54 zysus#2
thanks for the simple and easy explanation.

now it is only question of practices.

:handsdown:
07/14/2011 16:10 My420Time#3
Interesting, hadn't tried using Cheat engine for this. Wasn't sure it was capable enough.
07/15/2011 00:53 tekc#4
Thank you very much for the offset, I tried to follow the tutorial but got a little hung up on searching for the array of bytes

Could you please explain how you came up with that array of bytes? I'm sure it means something in assembly, just not sure what.

Thanks again
07/15/2011 09:55 s4lly#5
When you fire up the memory view, there are to sections.. The assembly window, and beneath that, the memory view. The memory view window is were you search the array of bytes, or the string "CheckClientMaxNum".
07/15/2011 17:35 Inathero#6
Quote:
Originally Posted by My420Time View Post
Interesting, hadn't tried using Cheat engine for this. Wasn't sure it was capable enough.
It isn't.

This method is possible using anything that can scan for an array of bytes. IDA can do it, Ollydbg, CE, hell you can ever write your own memory scanner to do it.

But yea, my guess is the guy found the place in olly, noted down the array of bytes, and just pasted it into CE to do an AoB scan for the location. Thats about it ^^

Then he opens up the memory view to see the assembly at that addy and work from there ^^
07/15/2011 19:15 s4lly#7
43 68 65 63 6B 43 6C 69 65 6E 74 4D 61 78 4E 75 6D = CheckClientMaxNum

in HEX
07/15/2011 19:16 s4lly#8
-----------------------

A funny thing is, that there is also a check on the clientversion

:D that could maybe be exploited to :D
07/16/2011 11:20 AmplifierS#9
Plz Finding address SV Thailand
07/16/2011 19:55 dantelie#10
after step 4
i dont recognize how to do step 5

can someone explain more??
video maybe perhaps :)

thanks for the explanation

learning to use this all program
07/16/2011 21:00 Inathero#11
@dantelie, when you search that Array of Bytes (AoB) you'll have some result(s) on the left of cheat engine

look for the one that's in green. You'll notice it's split up in two columns. Some numbers on the left and the AoB you scanned for on the right.

the numbers on the left in that row = the address in step 5
07/23/2011 06:11 abpolite#12
Can anyone help me? I'm from Thai server ,so I think my client is different I can't find "CheckClientMaxNum" or "43 68 65 63 6B 43 6C 69 65 6E 74 4D 61 78 4E 75 6D" in step 4

This is my client
rar.html[Only registered and activated users can see links. Click Here To Register...]

Thanks :)
07/25/2011 05:21 Yras#13
You can search text in warning window and name of this window.
In non-english version it can be hard :)
07/25/2011 05:39 My420Time#14
You could also snag a copy of OllyDBG, bypass VMProtect, jump the CreateMutexA call, and then dump the exe.
07/25/2011 08:29 s4lly#15
Quote:
Originally Posted by abpolite View Post
Can anyone help me? I'm from Thai server ,so I think my client is different I can't find "CheckClientMaxNum" or "43 68 65 63 6B 43 6C 69 65 6E 74 4D 61 78 4E 75 6D" in step 4

This is my client
rar.html[Only registered and activated users can see links. Click Here To Register...]

Thanks :)

[SETTING]
ADDRESS=0x0046883A
Page 1 of 4 1 23 Last »