[Guide] Finding address for multiclient

s4lly · 07/14/2011, 09:45

1.Open CheatEngine

2. Open game.exe process

3. Memory view

4. Search (array of) byte
33 DB 3B C3 89 44 24 28

5. note the address

6. add 4bytes to the adress

7. Your Done

to put i multiclient.ini

[SETTING]
ADDRESS=0x00468EEA

those who wanna make their own multiclient loader can use the following snippet and implement it into their current coding..

PHP Code:



        //---MultiClient
        static string sig_multi = "33 DB 3B C3 89 44 24 28";
        static string mask_multi = "xxxxxxxx";
        //---MultiClient
        uint multi_client = HomeGrown.Hacking.dwFindPattern(pr, 0x401000, sig_multi, mask_multi)+4; 

writememory multi_client,&hEB20

Then the check is skipped

Hope you can use it

zysus · 07/14/2011, 14:54

thanks for the simple and easy explanation.

now it is only question of practices.

My420Time · 07/14/2011, 16:10

Interesting, hadn't tried using Cheat engine for this. Wasn't sure it was capable enough.

tekc · 07/15/2011, 00:53

Thank you very much for the offset, I tried to follow the tutorial but got a little hung up on searching for the array of bytes

Could you please explain how you came up with that array of bytes? I'm sure it means something in assembly, just not sure what.

Thanks again

s4lly · 07/15/2011, 09:55

When you fire up the memory view, there are to sections.. The assembly window, and beneath that, the memory view. The memory view window is were you search the array of bytes, or the string "CheckClientMaxNum".

Inathero · 07/15/2011, 17:35

Quote:

Originally Posted by My420Time

Interesting, hadn't tried using Cheat engine for this. Wasn't sure it was capable enough.

It isn't.

This method is possible using anything that can scan for an array of bytes. IDA can do it, Ollydbg, CE, hell you can ever write your own memory scanner to do it.

But yea, my guess is the guy found the place in olly, noted down the array of bytes, and just pasted it into CE to do an AoB scan for the location. Thats about it ^^

Then he opens up the memory view to see the assembly at that addy and work from there ^^

s4lly · 07/15/2011, 19:15

43 68 65 63 6B 43 6C 69 65 6E 74 4D 61 78 4E 75 6D = CheckClientMaxNum

in HEX

s4lly · 07/15/2011, 19:16

-----------------------

A funny thing is, that there is also a check on the clientversion

that could maybe be exploited to

AmplifierS · 07/16/2011, 11:20

Plz Finding address SV Thailand

dantelie · 07/16/2011, 19:55

after step 4
i dont recognize how to do step 5

can someone explain more??
video maybe perhaps

thanks for the explanation

learning to use this all program

Inathero · 07/16/2011, 21:00

@dantelie, when you search that Array of Bytes (AoB) you'll have some result(s) on the left of cheat engine

look for the one that's in green. You'll notice it's split up in two columns. Some numbers on the left and the AoB you scanned for on the right.

the numbers on the left in that row = the address in step 5

abpolite · 07/23/2011, 06:11

Can anyone help me? I'm from Thai server ,so I think my client is different I can't find "CheckClientMaxNum" or "43 68 65 63 6B 43 6C 69 65 6E 74 4D 61 78 4E 75 6D" in step 4

This is my client
rar.html

Thanks

Yras · 07/25/2011, 05:21

You can search text in warning window and name of this window.
In non-english version it can be hard

My420Time · 07/25/2011, 05:39

You could also snag a copy of OllyDBG, bypass VMProtect, jump the CreateMutexA call, and then dump the exe.

s4lly · 07/25/2011, 08:29

Quote:

Originally Posted by abpolite

Can anyone help me? I'm from Thai server ,so I think my client is different I can't find "CheckClientMaxNum" or "43 68 65 63 6B 43 6C 69 65 6E 74 4D 61 78 4E 75 6D" in step 4

This is my client
rar.html

Thanks

[SETTING]
ADDRESS=0x0046883A