hacking?

03/04/2009 04:38 Alleyn#1
ok i think this is wrong section
sry mod if it is
couldnt find the right place for it

how do u find addresses and stuff for 2moons
i really dont wanna just do tutorials all the time on how to make it
but i wanna know how did they find the addreses n such to make the hack
and how did they learn to make it

eh i dont know how to explain it more throughly
tats all

once again sry if its in the wrong section
plz move if it is
03/04/2009 05:00 bottomy#2
ok heres 4.6.17 script for none aggro the new addresses


Code:
[ENABLE]
alloc(newmem,1024)
label(returnhere)
label(originalcode)
label(exit)

0053DB4A:
jmp newmem
nop
nop
returnhere:

newmem:

originalcode:
movzx eax,word ptr [esi+00000154]

//mov eax,01
//mov word ptr [esi+00000156],ax
mov [esi+00000070],40c00000 // speed mob  [esi+70] 
//40c00000 = 6 lv 1
//41400000 = 12 lv 2
//41c00000 = 24 lv 3
mov byte ptr [esi+00000174],0000 // malee attack range = 0
mov byte ptr [esi+00000244],0000 // magic attack range = 0
mov [esi+00000240],0000000 //other attack range = 0
mov [esi+0000023c],0000000 //other attack range = 0
mov [esi+00000238],0000000 //other attack range = 0
mov eax,03
mov word ptr [esi+00000154],ax

exit:
jmp returnhere

[DISABLE]
dealloc(newmem)

0053DB4A:
movzx eax,word ptr [esi+00000154]

so thats current but anyway to find it again, look at where it says original code

originalcode:
movzx eax,word ptr [esi+00000154]

you open ollydbg and open unpacked dekaron.exe then you search for that command or commands (depends how much there is for originalcode) so ctrl+f then paste movzx eax,word ptr [esi+154], to know if you found the write address you should look at the old unpacked dek.exe you had the right address for and go to that address then compare to see if the commands around it is the same.
03/04/2009 05:20 axtranti#3
Quote:
Originally Posted by bottomy View Post
ok heres 4.6.17 script for none aggro the new addresses


Code:
[ENABLE]
alloc(newmem,1024)
label(returnhere)
label(originalcode)
label(exit)

0053DB4A:
jmp newmem
nop
nop
returnhere:

newmem:

originalcode:
movzx eax,word ptr [esi+00000154]

//mov eax,01
//mov word ptr [esi+00000156],ax
mov [esi+00000070],40c00000 // speed mob  [esi+70] 
//40c00000 = 6 lv 1
//41400000 = 12 lv 2
//41c00000 = 24 lv 3
mov byte ptr [esi+00000174],0000 // malee attack range = 0
mov byte ptr [esi+00000244],0000 // magic attack range = 0
mov [esi+00000240],0000000 //other attack range = 0
mov [esi+0000023c],0000000 //other attack range = 0
mov [esi+00000238],0000000 //other attack range = 0
mov eax,03
mov word ptr [esi+00000154],ax

exit:
jmp returnhere

[DISABLE]
dealloc(newmem)

0053DB4A:
movzx eax,word ptr [esi+00000154]

so thats current but anyway to find it again, look at where it says original code

originalcode:
movzx eax,word ptr [esi+00000154]

you open ollydbg and open unpacked dekaron.exe then you search for that command or commands (depends how much there is for originalcode) so ctrl+f then paste movzx eax,word ptr [esi+154], to know if you found the write address you should look at the old unpacked dek.exe you had the right address for and go to that address then compare to see if the commands around it is the same.
after i do the search of *movzx eax,word ptr [esi+154]* what i have to do, plz help me :(

[Only registered and activated users can see links. Click Here To Register...]
03/04/2009 06:07 Alleyn#4
Quote:
Originally Posted by bottomy View Post
ok heres 4.6.17 script for none aggro the new addresses


Code:
[ENABLE]
alloc(newmem,1024)
label(returnhere)
label(originalcode)
label(exit)

0053DB4A:
jmp newmem
nop
nop
returnhere:

newmem:

originalcode:
movzx eax,word ptr [esi+00000154]

//mov eax,01
//mov word ptr [esi+00000156],ax
mov [esi+00000070],40c00000 // speed mob  [esi+70] 
//40c00000 = 6 lv 1
//41400000 = 12 lv 2
//41c00000 = 24 lv 3
mov byte ptr [esi+00000174],0000 // malee attack range = 0
mov byte ptr [esi+00000244],0000 // magic attack range = 0
mov [esi+00000240],0000000 //other attack range = 0
mov [esi+0000023c],0000000 //other attack range = 0
mov [esi+00000238],0000000 //other attack range = 0
mov eax,03
mov word ptr [esi+00000154],ax

exit:
jmp returnhere

[DISABLE]
dealloc(newmem)

0053DB4A:
movzx eax,word ptr [esi+00000154]

so thats current but anyway to find it again, look at where it says original code

originalcode:
movzx eax,word ptr [esi+00000154]

you open ollydbg and open unpacked dekaron.exe then you search for that command or commands (depends how much there is for originalcode) so ctrl+f then paste movzx eax,word ptr [esi+154], to know if you found the write address you should look at the old unpacked dek.exe you had the right address for and go to that address then compare to see if the commands around it is the same.


ok thx for showing me how to do it but
wat i mean is
how did they know movzx eax,word ptr [esi+00000154]
was gonna be non agro
like how do they find stuff like that and such
i dunno if this is clear
its kind of hard to explain