[HELP] Need to find function address on KR client

Hi, Guys.
I'm modifing tliu0c's cool AlissaFix to fit in Korean Mabinogi client.
Setup proper debuging tools, Bypass hackshield, Searching pattern... All things went well except one thing.

The problem is, not like US client with separated dll such as Mint.dll, ESL.dll.., KR client include them in client.exe file. (I'm pretty sure about this.)
In my ollydbg, when I attach to client.exe, it shows up very few info to me so that I can't figure out where function like 'mint::CMessage::GetStreamLength' is. I found ReadFromNetwork function with pattern but I have no idea how I can find others.

Please Give me some useful hint, dudes.
Is there a good way to trace function address without its name?
or Should I use other MORE powerful tool like IDA?

Sorry for quite noob question and my poor English. I hope you all understand.

You find mint.dll&esl.dll then get those apis by loadlibrary&getprocaddress..
And this is how AF is supposed to work..
And not any versions of client have mint.dll&esl.dll exposed..

Oops... It was really noob question. :facepalm:
Thanks for help really.

-

Got success right after posting.
It was quite hard to find useful informations in the old threads.
But now I have learned some of mechanics and know what I have to do.
Well, actually getting in trouble of finding opcodes... lol

Anyway, Are you guys still working on this game?
There're just few old info, many old secrets and old noob trollings.
How about sharing some of your fine technics with noob like me now? :)

Quote:

Originally Posted by SaintsRow0 Oops... It was really noob question. :facepalm: Thanks for help really. - Got success right after posting. It was quite hard to find useful informations in the old threads. But now I have learned some of mechanics and know what I have to do. Well, actually getting in trouble of finding opcodes... lol Anyway, Are you guys still working on this game? There're just few old info, many old secrets and old noob trollings. How about sharing some of your fine technics with noob like me now? :)

Opcodes? You mean finding packets?
No we do not work on this game anymore. At least not me.
Just waiting for some of the new good games to come out. If you are in korea then I'm not sure why u are still messing with mabi....cuz there should be plenty of other good games.~

Quote:

Originally Posted by tliu0c Opcodes? You mean finding packets? No we do not work on this game anymore. At least not me. Just waiting for some of the new good games to come out. If you are in korea then I'm not sure why u are still messing with mabi....cuz there should be plenty of other good games.~

Yes, you're right. There are many good games.
But... some reason I wanna mess this OLD game now.
I just ask you to let me get your secret hints... I hope.;)

Quote:

Originally Posted by SaintsRow0 Yes, you're right. There are many good games. But... some reason I wanna mess this OLD game now. I just ask you to let me get your secret hints... I hope.;)

I don't have hints for you. I don't even have mabi client.
I envy you koreans:mad: You people get all the good games and we'd have to wait years even if we get lucky:(

Quote:

Originally Posted by tliu0c I don't have hints for you. I don't even have mabi client. I envy you koreans:mad: You people get all the good games and we'd have to wait years even if we get lucky:(

LOL:D
I didn't know you guys envy Korean. I thought there're pretty many good games in other countries too so you had no reason to envy us.

In fact, I envy north americans. It is 99% online game in Korea so that I can't play awesome package(video) games at all. Most online game has too much limit at storytelling and visual quallity. Korean must know much about English to play Non-online game or need somebody to make korean patch.
Maybe we should be born each other's country. :(

Actually there is a pattern you can use to search all the opcodes in client.exe..
I can't remember the pattern..but it's really easy to figure it out..
For each opcode you find, you can do some basic ASM reading to reveal the meaning of that specific opcode..

Quote:

Originally Posted by SaintsRow0 Oops... It was really noob question. :facepalm: Thanks for help really. - Got success right after posting. It was quite hard to find useful informations in the old threads. But now I have learned some of mechanics and know what I have to do. Well, actually getting in trouble of finding opcodes... lol Anyway, Are you guys still working on this game? There're just few old info, many old secrets and old noob trollings. How about sharing some of your fine technics with noob like me now? :)

Quote:

Originally Posted by Caesarw Actually there is a pattern you can use to search all the opcodes in client.exe.. I can't remember the pattern..but it's really easy to figure it out.. For each opcode you find, you can do some basic ASM reading to reveal the meaning of that specific opcode..

Thanks for your help again!
I already found a plenty of opcodes but I will check it out :D

Quote:

Originally Posted by Caesarw Actually there is a pattern you can use to search all the opcodes in client.exe.. I can't remember the pattern..but it's really easy to figure it out.. For each opcode you find, you can do some basic ASM reading to reveal the meaning of that specific opcode..

PUSH XXXXXXXX
PUSH EDX
PUSH EAX

Pretty much, XXXXXXXX relates to OP code, while EDX+EAX relates to your character ID.

Or you know, you can also XREF all Read/Write U8/U16/U32/U64 Mint functions in Pleione.dll and find them that way too. It will be pretty hard to decode all those non-named functions if you don't have the "D" version.

I've been trying to mod another game recently...I never realize how challenging it is when it comes from a different enviroment. I'm so used to Mabinogi ASM that most of my search methods in other games, actually don't work.

Especially when CE becomes super retard mode
[Only registered and activated users can see links. Click Here To Register...]

:DNice approach of using xref to mint apis in pleione.dll..
And regard to why your CE failed to search that byte array..
Because you've choosen searching writable in memory scan options..
Unclick that and try again..

Quote:

Originally Posted by [P2933]Step29 PUSH XXXXXXXX PUSH EDX PUSH EAX Pretty much, XXXXXXXX relates to OP code, while EDX+EAX relates to your character ID. Or you know, you can also XREF all Read/Write U8/U16/U32/U64 Mint functions in Pleione.dll and find them that way too. It will be pretty hard to decode all those non-named functions if you don't have the "D" version. I've been trying to mod another game recently...I never realize how challenging it is when it comes from a different enviroment. I'm so used to Mabinogi ASM that most of my search methods in other games, actually don't work. Especially when CE becomes super retard mode [Only registered and activated users can see links. Click Here To Register...]