Register for your free account! | Forgot your password?

Go Back   elitepvpers > MMORPGs > Cabal Online
You last visited: Today at 15:51

  • Please register to post and access all features, it's quick, easy and FREE!


[Discussion] Removing DC Flag

Discussion on [Discussion] Removing DC Flag within the Cabal Online forum part of the MMORPGs category.

Closed Thread
 
Old   #1
 
elite*gold: 0
Join Date: Oct 2007
Posts: 364
Received Thanks: 73
[Discussion] Removing DC Flag

I already know how to unpack cabalmain.exe, but my question is where will I change the 1 byte for DC flag? Will I use CE (code caving/or just freezing values) or do I have to make changes to cabalmain.exe itself?

Also, I don't have a clue if there's such a thing as a "live" debugger. Wherein if I attach a debugger to the process, and if I do something in-game like equip a bracelet, will I see the debugger change? (if it will point if I jumped into something etc)

Thanks



dlnqt is offline  
Thanks
1 User
Old 08/20/2009, 13:06   #2
 
elite*gold: 0
Join Date: Jan 2008
Posts: 303
Received Thanks: 155
Quote:
Originally Posted by dlnqt View Post
I already know how to unpack cabalmain.exe, but my question is where will I change the 1 byte for DC flag? Will I use CE (code caving/or just freezing values) or do I have to make changes to cabalmain.exe itself?

Also, I don't have a clue if there's such a thing as a "live" debugger. Wherein if I attach a debugger to the process, and if I do something in-game like equip a bracelet, will I see the debugger change? (if it will point if I jumped into something etc)

Thanks
o.O LiveDebug will show you the code thats in use as its used, Just get yourself DC from trying to stack, then on the code that your on in ollydbg just Traceback ONCE and your'll be on the Check that DC's you, change the value of the check (* I.e. E1 becomes E6 *) and yourve patched it... If you understand how to use ollydbg this should be pretty simple, im hardly going to give the exact address in the asm and the exact value to change otherwise no-one would do it themselves... but ill happilly point you in the right direction!.


NovaCygni is offline  
Thanks
5 Users
Old 08/20/2009, 15:35   #3
 
elite*gold: 0
Join Date: Oct 2007
Posts: 364
Received Thanks: 73
I guess that easily attaching to cabalmain.exe isn't going to work using ollydbg, so first I have to unpack cabalmain.exe, run it normally, then attach ollydbg so I can actually what cabalmain.exe asm looks like? I understand that cabalmain.exe will still run even if its size change, epic fail for its security
dlnqt is offline  
Old 08/20/2009, 21:09   #4
 
elite*gold: 0
Join Date: Jan 2008
Posts: 303
Received Thanks: 155
Quote:
Originally Posted by dlnqt View Post
I guess that easily attaching to cabalmain.exe isn't going to work using ollydbg, so first I have to unpack cabalmain.exe, run it normally, then attach ollydbg so I can actually what cabalmain.exe asm looks like? I understand that cabalmain.exe will still run even if its size change, epic fail for its security
Hint : Ollydbg plugins make life easiar.... <3 Bookmarkthis! and Hideolly Though I have about 22 plugins Learn to use them!


NovaCygni is offline  
Thanks
4 Users
Old 08/20/2009, 23:43   #5
 
elite*gold: 0
Join Date: Jul 2008
Posts: 72
Received Thanks: 85
olydebug got detected by cabal whenever i run it...
should i attach the bypass program first to olly and start from there?
or is it ok to attach the game that it is running to olly (just like c.e.)

i know this will require hard work and im determined to take it. I just do not know where to start on cabal.
168Atomica is offline  
Old 08/20/2009, 23:57   #6
 
elite*gold: 0
Join Date: Jan 2008
Posts: 303
Received Thanks: 155
Quote:
Originally Posted by 168Atomica View Post
olydebug got detected by cabal whenever i run it...
should i attach the bypass program first to olly and start from there?
or is it ok to attach the game that it is running to olly (just like c.e.)

i know this will require hard work and im determined to take it. I just do not know where to start on cabal.
o.O Download the plugin Hideolly... O.o
NovaCygni is offline  
Thanks
7 Users
Old 08/21/2009, 00:18   #7
 
elite*gold: 0
Join Date: Oct 2007
Posts: 364
Received Thanks: 73
Just downloaded those plugin, hideolly and phantom.. I "think" I manage to get it to work. Since I don't pause anymore at dbgbrkpnt (I was fiddling around with exceptions in the option) since cabalmain and ollydbg wants me to pass exception to the program..

I don't know if it's correct but registers in my ollydbg keeps on changing values. Tried equipping bracelets then I dc, but my registers still keeps on changing values. and the only option I have left in run trace is either skip or set..

Any way how to "stop" olly from changing values when I dc? Is there any exception i need to uncheck or events?

Thanks a lot nova.

EDIT: found this interesting lines of asm in ollydbg, its from adapter.dll of cabalrider

1010AFD5 68 A8121210 PUSH adapter.101212A8 ; ASCII "send enter game message"
1010AFDA 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
1010AFDD E8 BE88EFFF CALL adapter.100038A0
1010AFE2 C745 FC 00000000 MOV DWORD PTR SS:[EBP-4],0
1010AFE9 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
1010AFEC 50 PUSH EAX
1010AFED B9 AC7A1510 MOV ECX,adapter.10157AAC
1010AFF2 E8 D9F3F5FF CALL adapter.1006A3D0
1010AFF7 C745 FC FFFFFFFF MOV DWORD PTR SS:[EBP-4],-1
1010AFFE 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
1010B001 E8 1A89EFFF CALL adapter.10003920
1010B006 68 600C1110 PUSH adapter.10110C60
1010B00B E8 DF8DF9FF CALL adapter.100A3DEF
1010B010 83C4 04 ADD ESP,4
1010B013 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
1010B016 64:890D 00000000 MOV DWORD PTR FS:[0],ECX
1010B01D 59 POP ECX
1010B01E 8BE5 MOV ESP,EBP
1010B020 5D POP EBP
1010B021 C3 RETN

10109ED5 68 4C161210 PUSH adapter.1012164C ; ASCII "buy lv1 red"
10109EDA 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
10109EDD E8 BE99EFFF CALL adapter.100038A0
10109EE2 C745 FC 00000000 MOV DWORD PTR SS:[EBP-4],0
10109EE9 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
10109EEC 50 PUSH EAX
10109EED B9 D4741510 MOV ECX,adapter.101574D4
10109EF2 E8 D904F6FF CALL adapter.1006A3D0
10109EF7 C745 FC FFFFFFFF MOV DWORD PTR SS:[EBP-4],-1
10109EFE 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
10109F01 E8 1A9AEFFF CALL adapter.10003920
10109F06 68 B0091110 PUSH adapter.101109B0
10109F0B E8 DF9EF9FF CALL adapter.100A3DEF
10109F10 83C4 04 ADD ESP,4
10109F13 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
10109F16 64:890D 00000000 MOV DWORD PTR FS:[0],ECX
10109F1D 59 POP ECX
10109F1E 8BE5 MOV ESP,EBP
10109F20 5D POP EBP
10109F21 C3 RETN

all function have same format, just have to change this and that, so maybe if I create my own function at the bottom, then call it like this, will the server accept my packets? I'm assuming that this format is already pointed to get WinGetTime..
dlnqt is offline  
Thanks
1 User
Old 08/21/2009, 01:20   #8
 
elite*gold: 0
Join Date: Jan 2008
Posts: 303
Received Thanks: 155
Breakpoint <---- DAMNNNN useful right about now id be saying for you

Also, It takes a longtime to get olly's settings just the way that works right for you, depending on what your doing diffrent settings will do diffrent things... I have alot of plugins because alot of the plugins are VERY good and VERY useful (* as hideolly has just shown you *)
NovaCygni is offline  
Thanks
3 Users
Old 08/21/2009, 01:49   #9
 
elite*gold: 0
Join Date: Oct 2007
Posts: 364
Received Thanks: 73
OllyCallTrace maybe? Set a breakpoint everytime I get WSARecv func? Then Traceback a few steps? I guess that I get a WSARecv function whenever I "do" something in game...

Thanks again

EDIT:Tried setting up a breakpoint in WSARecv under WSA_32.dll executeable module.. i never breaked at anything, to my understanding, it must break everytime, since packet come and go even if I do nothing, therefore I should always receive 'WSARecv' func..
dlnqt is offline  
Old 08/21/2009, 01:50   #10
 
elite*gold: 0
Join Date: Jan 2008
Posts: 303
Received Thanks: 155
Quote:
Originally Posted by dlnqt View Post
OllyCallTrace maybe? Set a breakpoint everytime I get WSARecv func? Then Traceback a few steps? I guess that I get a WSARecv function whenever I "do" something in game...

Thanks again
Correct and Correct... im glad at least there are some people round here capable of following basic tips to obtain results

(* Obviouslly you have to BP your way all the way to the Equiping item, removing BP's each time you see what there doing... *)
NovaCygni is offline  
Thanks
3 Users
Old 08/21/2009, 02:15   #11
 
elite*gold: 0
Join Date: Oct 2007
Posts: 364
Received Thanks: 73
I really need to solve this problem, this has been my problem with olly for the past year since I started using olly (the reason why I keep giving up), I don't know "where" I'm currently at, all I see is the register window at the right side constantly changing. then while in the actual main window, I'm not pointed to where I'm actually at the memory..

another problem I encountered using BPs, I used BP on WSARecv and even WSASend func in WSA32dll, Program does not break at all.

EDIT: Ok found the ws32_dll api func.. I used send instead of WSASend and recv instead of WSARecv, and now I keep on breaking.. @[email protected]
dlnqt is offline  
Old 08/21/2009, 02:35   #12
 
elite*gold: 0
Join Date: Jan 2008
Posts: 303
Received Thanks: 155
Quote:
Originally Posted by dlnqt View Post
I really need to solve this problem, this has been my problem with olly for the past year since I started using olly (the reason why I keep giving up), I don't know "where" I'm currently at, all I see is the register window at the right side constantly changing. then while in the actual main window, I'm not pointed to where I'm actually at the memory..

another problem I encountered using BPs, I used BP on WSARecv and even WSASend func in WSA32dll, Program does not break at all.
Olly SocketTrace 1.0 Reverse Engineering b10g | REM

some of the best olly plugins...
:

Example of olly being used in this fashion,




oh and ... Relevant... much




*Edit, dont set BP's to break on all calls to it standardly, use the plugin I just posted
NovaCygni is offline  
Thanks
6 Users
Old 08/21/2009, 02:52   #13
 
elite*gold: 0
Join Date: Oct 2007
Posts: 364
Received Thanks: 73
Quote:
Originally Posted by NovaCygni View Post
Olly SocketTrace 1.0 Reverse Engineering b10g | REM

some of the best olly plugins...
:

Example of olly being used in this fashion,




oh and ... Relevant... much




*Edit, dont set BP's to break on all calls to it standardly, use the plugin I just posted
LOL it's just what I'm looking for tracing only specific func using calltrace and recording of sockets (E.g wsarecv wsa send etc) using ollysockettrace

hmm do I need to parse packets just in order to remove the dc flag? and do I have to point it to WinGetTime? I thought it was as simple as changing 1 byte in the asm..
dlnqt is offline  
Old 08/21/2009, 02:54   #14
 
elite*gold: 0
Join Date: Jan 2008
Posts: 303
Received Thanks: 155
Quote:
Originally Posted by dlnqt View Post
LOL it's just what I'm looking for tracing only specific func using calltrace and recording of sockets (E.g wsarecv wsa send etc) using ollysockettrace

hmm do I need to parse packets just in order to remove the dc flag? and do I have to point it to WinGetTime? I thought it was as simple as changing 1 byte in the asm..
It is unpack the exe and do it that way and its 1 byte, once This way, yourll be able to do alot more though ya you need to do this first anyhowz to see where in the exe the address is for the check you wanna edit...
NovaCygni is offline  
Thanks
4 Users
Old 08/21/2009, 03:05   #15
 
elite*gold: 0
Join Date: Oct 2007
Posts: 364
Received Thanks: 73
So far:

For removing the dc flag, all I have to learn is removing dc flag by attaching ollydbg to process, get disconnected by wearing bracelets then tracing back to the dc flag, once i find the 1 byte and the value it should be changed to, on to the next step.

I unpack cabalmain.exe, which is packed with yoda 1.x / modified (which I think is a lie, since tuts for yoda 1.x dont match with cabalmain.exe). Go to that 1 byte, change it to the value that it should be to avoid dc flag, the copy all modifications to cabalmain.exe. pack cabalmain.exe again (is this required or no?) then equipping bracelets/earring should not dc me anymore

So if I want to do a lot more than this, I should learn packet parsing and decryption (client can do this for me to my understanding )??

Thanks


dlnqt is offline  
Closed Thread



« Replacing a file in Data Foler | cabal item drops ? »

Similar Threads
[Discussion]Removing Weapon hit(s) limitations.
12/15/2009 - Mabinogi - 20 Replies
Was wondering, your thoughts/ideas about removing these restrictions. Like a short sword "Normal 3 hit weapon" I'd like to work on this, however. I'm clueless as to where to start or what to try. DLL edits? Maybe a PE saying "I've only hit once, let me keep slashing this bears throat s'more" that sort of thing. cause N + (figure 8 here) sounds pretty sweet.
Removing Dc Flag guides.
09/26/2009 - Cabal Online - 5 Replies
Hey all. I need a bit help with this ... i was reading all removing dc flag threads but i dont understand much, can someone give me bit of guides that will help me with this ? ok i have bypass , but i need really good guides bcoz im noob :(
cabal discussion. and program discussion xtrap killer
08/02/2009 - Cabal Online - 1 Replies
now alot of people had the chance of trying how to hack and such, google only gave me small hints on bypassing and factors. on my search of learning how to bypass xtrap i came across an interesting pogram... " Xtrap Killer 2279" a person named of Irius or some sort made the program. Cheat Engine :: View topic - X-trap Killer 2275 it was at the cheatengine site so i thought maybe the community can take a look at it! since this is trusting enough. i managed to understand how to...
Binary Discussion Discussion
04/08/2009 - CO2 Private Server - 10 Replies
I dont think thats going to work, youve just made yourself a hell of alot of work :rolleyes: Would be better to ban advertising servers in this section since 90% of people moved over to binarys anyway, theres barely any source code released because everyone either uses LOFT or the binarys, neither of which really need code (LOFT needs a complete rewrite but nothing really specific) I would release a few things but all i can only really give out is some classes, all of my systems are...



All times are GMT +2. The time now is 15:51.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

BTC: 3KeUpz52VCbhmLwuwydqxu6U1xsgbT8YT5
ETH: 0xc6ec801B7563A4376751F33b0573308aDa611E05

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2019 elitepvpers All Rights Reserved.