I did my CRC research...

ReetaPoon · 12/24/2008, 01:04

I compared the old no crc's to the regular files and realized I need to fully unpack the .exe. Can someone send me the unpacker file. I remember back in the day we used a text file to fully extract the .exe within Olly. Can someone give me that file? If so I think I can make the no_crc.

Noi · 12/24/2008, 03:29

Quote:

Originally Posted by ReetaPoon

I compared the old no crc's to the regular files and realized I need to fully unpack the .exe. Can someone send me the unpacker file. I remember back in the day we used a text file to fully extract the .exe within Olly. Can someone give me that file? If so I think I can make the no_crc.

I'm assuming you're looking for this.

The executable did not change after version 4.6.0

GMThunder · 12/24/2008, 03:50

very good, i been saying that since 4.6.0, i have been busy too, however i think it may have been a fluke that i got the vac on the styx and carbons to work, as next time i logged in it didnt work, anyway if i get *** to work i will pm it to you, and thanks for actually giving it a shot.

ReetaPoon · 12/24/2008, 04:12

Alright thanks. I am going to play with this all day tomorrow. I am so **** tired right now I can barley see straight. Will update my progress later on.

emantiss · 12/24/2008, 12:59

Good luck mate ;]

ReetaPoon · 12/25/2008, 02:23

I am compiling the file. We will see what happens. Hopefully it works :-| I will know tomorrow. Unfortunately I started late today... ****** holidays...

xhugox · 12/25/2008, 14:34

I would suggest you to stop trying to make Nebulars method work again.

Try it out by yourself;
Take the old no_crc, the new list.csv and all files which were added to list.csv.
You will get a crash while you try to connect to server and I think that is because of some kind of buffer overflow. I am using vantran's CRC folder.

I looked at the program Nebular did in order to get the same crc value and he allocated an array[50] for the filepaths in list.csv.

Code:

char buf[MAX_PATH], csv_filename[50];

Unfortunately now there are some filepaths which have 50 characters.
It could also be that the crc value now is bigger than the allocated space.
Another reason is possible, too.

When I had my first look on th new dekaron.exe I was wondering why GameHi changed how the files in list.csv get opened and get read...

Well the CRC calc itself did not change much, GameHi swapped EBX with ESI (XCHG) and changed the calc slightly.

What can we do now?

We could try to find another method of bypassing the crc e.g. by loading all share\ files twice and changing the paths in check.csv and list.csv.

Or we can begin with the fun part, memory editing.

The disadvantage of this method is that we have to search the AiKey of every monster we want to vac, every time we restart the game.
If we find the pointers of those values it would be a different thing.
The advantage is that we can turn our hacks on/off without restarting the game.

xsvisme3177 · 12/25/2008, 14:57

Quote:
Originally Posted by xhugox
I would suggest you to stop trying to make Nebulars method work again.

Try it out by yourself;
Take the old no_crc, the new list.csv and all files which were added to list.csv.
You will get a crash while you try to connect to server and I think that is because of some kind of buffer overflow. I am using vantran's CRC folder.

I looked at the program Nebular did in order to get the same crc value and he allocated an array[50] for the filepaths in list.csv.
Code:
char buf[MAX_PATH], csv_filename[50];
Unfortunately now there are some filepaths which have 50 characters.
It could also be that the crc value now is bigger than the allocated space.
Another reason is possible, too.

When I had my first look on th new dekaron.exe I was wondering why GameHi changed how the files in list.csv get opened and get read...

Well the CRC calc itself did not change much, GameHi swapped EBX with ESI (XCHG) and changed the calc slightly.

What can we do now?

We could try to find another method of bypassing the crc e.g. by loading all share\ files twice and changing the paths in check.csv and list.csv.

Or we can begin with the fun part, memory editing.
The disadvantage of this method is that we have to search the AiKey of every monster we want to vac, every time we restart the game.
If we find the pointers of those values it would be a different thing.
The advantage is that we can turn our hacks on/off without restarting the game.

yea memory editting is working 100%. but i dont think anyone is going to post a "how to" on it. And its a bitch to edit every single mob once you start.

But you could just write a c++ program with the pointers that does it for you xD

1coolguy · 12/25/2008, 16:10

what memory editing program did you guys use? Tsearch?

Ziolean · 12/25/2008, 16:25

tsearch? none uses tsearch anymore, its **** now, unless u still stuck on buying games from wals-mart and hacking them, its Winhex their talking about, and if u do hack games form wals-mart then use ce.

Noi · 12/25/2008, 18:30

Quote:

Originally Posted by xsvisme3177

yea memory editting is working 100%. but i dont think anyone is going to post a "how to" on it. And its a ***** to edit every single mob once you start.

But you could just write a c++ program with the pointers that does it for you xD

Memory editing seems promising, but isn't it difficult to find all the necessary pointers? The dynamic addresses constantly change after reboot. And what about other ponters for skill hack, wall hack, etc. I can contribute finding the pointers if you'll provide some starting guide. (I can only manage to find the dynamic address, which I gave up on editing each login).

Systemerror · 12/25/2008, 21:59

Quote:

Originally Posted by xhugox

Or we can begin with the fun part, memory editing.
The disadvantage of this method is that we have to search the AiKey of every monster we want to vac, every time we restart the game.
If we find the pointers of those values it would be a different thing.
The advantage is that we can turn our hacks on/off without restarting the game.

Doesn't editing the memory also need a CRC-Bypass? Once You've loaded the game, any changes to the files wont apply, unless the edited files are something that must be loaded again, ie. maps. I tried editing the data stored in the memory with winhex, but as far as I know, the changes don't apply instantly when You chage them, You need to relog I think. Anyway, with the memory edited it doesn't let you back in. Or maybe I'm just talking bullshit. I haven't tried thoroughly since there wasn't a need for it before.

kikichan · 12/26/2008, 03:04

Yes that is true system. When you edit the stuff while your already log in game (already loaded map etc, you can move your character) It dosent work somehow. Which you needed to relog. But if you relog with edited you will get the crc kick. It also does not work if you changed map (go to another map)

The above is memory editing.

taranno · 12/26/2008, 04:32

Memory edit is worked but not edit the data of each monster or item. You have to edit the value when it come to the process of function related to what you want to do.

So, what you want is not the pointer of the data. But the address to each function and change its process Or to say in normal term just make a trainer.

ps Thailand server already comfirmed of this method is working and the address for function like autopot, VAC, aggro, etc. already leak to public. ;/

Traveling Salesman · 12/27/2008, 05:35

I attempted this the other day with no success. I used WinHex to do an "In-place" edit on the dekaron process's primary memory. I was able to change the AI and CellRange keys, close WinHex, reopened it and reloaded the primary memory to confirm it was still changed, but it was not working in game. So, I assume that since I read some of you have it working, I'm apparently overlooking something. Any tips/pointers/advice for this would be appreciated either in PM or posted here.

Thank you for your time,

~TS