Ollydbg help

I am trying to get a GM hack working, but I am still pretty noob with olly and assembly language. Is there anybody who would be willing to help me along, or work on it with me? I'm not asking for somebody to tell me what to do, just for somebody to give me a few pointers and tips and such to get this going.

What I did was backtrack a few of the gm commands using the call tree, and I ended up at the same offset for each code (0050CE37). So, I'm assuming that is the line that determines if you are a GM or not.

Quote:

JMP DWORD PTR DS:[EAX*4+50D160]

However, I do not know exactly what to do with it to enable that line or whatever. That's what I need help with.

Thanks

nope its not what determines whether your a gm. its a jump, however it could possibly jump to that, personally idk

That looks pretty much like an Assembler-switch which means you're barking up the wrong tree. I'm not familiar with 2Moons (well when I played it I was a noob lol), but as far as I know the client checks if you're a GM by checking the first 4 characters of your name and comparing it with the string "[GM]".
So I'd look for that string and see where the client accesses it.

It could be that there are 2 procedures near each other, one for GM and one for regular players. And the EAX value before the jump could decide to which of them you'd jump.

Quote:

Originally Posted by Disconnect as far as I know the client checks if you're a GM by checking the first 4 characters of your name and comparing it with the string "[GM]". So I'd look for that string and see where the client accesses it.

that's what I started out with. I searched for all refence text strings that had [GM], and there is only 1 result:

Quote:

0051F389 - PUSH 0A4307C

So i view the call tree on that, and it says it is called from 2 different places:

Quote:

0051F6E9 & 0051F737

However, both of those offsets have 2 push commands, 1 mov command, and then they both call 0051EFC0.

0051EFC0 has a long list of commands, so I don't even know where to start with it.


EDIT: I ran a search for [DEV], and it takes me back to those 2 offsets (51F6E9 and 51F737) so I think I'm on the right path. It looks like those 2 offsets determine what your account is

Set a memory breakpoint on the "[GM]"-string which breaks on access. If you try to use a GM-command now ollydbg should break as soon as the client accesses the "[GM]"-string. The client needs to access that string because it compares it with the beginning of the character name. That should bring you directly to the part of the code which decides if GM-commands are allowed or not.

i'll try that, thanks for the tip.

i fail with olly, haha. I put the breakpoint -> memory, on access and then I hit the play button. It sits there and then at the bottom says "Exception 406D1388 - use Shift+F7/F8/F9 to pass exception to program"

When I pass the exception using F8, the game tries to load, but sits at a black screen...


is this because the [GM] string broke and that that line is what accesses it?

Did you really set the memory breakpoint on the string? According to your previous post it is located at 0A4307C.

i put the break on the result i got from searching for [GM].

I can't find 00A4307C...the last offset is 00A25FFF

Press Alt+M and select the section which contains 00A4307C. ;)

i found that, I think. Says something like this:

Quote:

.[GM]....[DEV]...[DEKARON]...[OPR]...

so i highlisted the [GM] part and put a break on that. but then when I hit play, it tries to load and then when I hit Start, it says "Invalid Excute File" and closes the launcher

Hmm... can't help you then, sorry. :S

i tried doing that same thing on my original dekaron launcher, instead of the unpacked one, but I couldn't find the same text thing at the offset...

i thought they server sided all the gm commands after sparkythestar killed it all. if it were possible everyone would be messing around with the exp rate and dropping high lvl mobs everywhere. that is unless we have responsible hackers.......

Quote:

Originally Posted by sachamo512 i tried doing that same thing on my original dekaron launcher, instead of the unpacked one, but I couldn't find the same text thing at the offset...

That's the point in having unpacked executables. In packed ones everything is just encrypted code. The unpacker stub will then decrypt that code upon runtime into memory :).