|
You last visited: Today at 09:49
Advertisement
Ollydbg help
Discussion on Ollydbg help within the Dekaron forum part of the MMORPGs category.
07/29/2009, 20:04
|
#1
|
elite*gold: 20 
Join Date: Nov 2008
Posts: 1,496
Received Thanks: 345
|
Ollydbg help
I am trying to get a GM hack working, but I am still pretty noob with olly and assembly language. Is there anybody who would be willing to help me along, or work on it with me? I'm not asking for somebody to tell me what to do, just for somebody to give me a few pointers and tips and such to get this going.
What I did was backtrack a few of the gm commands using the call tree, and I ended up at the same offset for each code (0050CE37). So, I'm assuming that is the line that determines if you are a GM or not.
Quote:
|
JMP DWORD PTR DS:[EAX*4+50D160]
|
However, I do not know exactly what to do with it to enable that line or whatever. That's what I need help with.
Thanks
|
|
|
|
07/31/2009, 09:11
|
#2
|
elite*gold: 0
Join Date: Aug 2008
Posts: 164
Received Thanks: 26
|
nope its not what determines whether your a gm. its a jump, however it could possibly jump to that, personally idk
|
|
|
|
|
07/31/2009, 09:23
|
#3
|
elite*gold: 115
Join Date: Oct 2007
Posts: 9,390
Received Thanks: 12,345
|
That looks pretty much like an Assembler-switch which means you're barking up the wrong tree. I'm not familiar with 2Moons (well when I played it I was a noob lol), but as far as I know the client checks if you're a GM by checking the first 4 characters of your name and comparing it with the string "[GM]".
So I'd look for that string and see where the client accesses it.
|
|
|
|
|
07/31/2009, 15:21
|
#4
|
elite*gold: 20
Join Date: Aug 2008
Posts: 2,763
Received Thanks: 4,397
|
It could be that there are 2 procedures near each other, one for GM and one for regular players. And the EAX value before the jump could decide to which of them you'd jump.
|
|
|
|
|
07/31/2009, 16:06
|
#5
|
elite*gold: 20
Join Date: Nov 2008
Posts: 1,496
Received Thanks: 345
|
Quote:
Originally Posted by Disconnect
as far as I know the client checks if you're a GM by checking the first 4 characters of your name and comparing it with the string "[GM]".
So I'd look for that string and see where the client accesses it.
|
that's what I started out with. I searched for all refence text strings that had [GM], and there is only 1 result:
Quote:
So i view the call tree on that, and it says it is called from 2 different places:
Quote:
However, both of those offsets have 2 push commands, 1 mov command, and then they both call 0051EFC0.
0051EFC0 has a long list of commands, so I don't even know where to start with it.
EDIT: I ran a search for [DEV], and it takes me back to those 2 offsets (51F6E9 and 51F737) so I think I'm on the right path. It looks like those 2 offsets determine what your account is
|
|
|
|
|
07/31/2009, 17:54
|
#6
|
elite*gold: 115
Join Date: Oct 2007
Posts: 9,390
Received Thanks: 12,345
|
Set a memory breakpoint on the "[GM]"-string which breaks on access. If you try to use a GM-command now ollydbg should break as soon as the client accesses the "[GM]"-string. The client needs to access that string because it compares it with the beginning of the character name. That should bring you directly to the part of the code which decides if GM-commands are allowed or not.
|
|
|
|
|
07/31/2009, 17:57
|
#7
|
elite*gold: 20
Join Date: Nov 2008
Posts: 1,496
Received Thanks: 345
|
i'll try that, thanks for the tip.
i fail with olly, haha. I put the breakpoint -> memory, on access and then I hit the play button. It sits there and then at the bottom says "Exception 406D1388 - use Shift+F7/F8/F9 to pass exception to program"
When I pass the exception using F8, the game tries to load, but sits at a black screen...
is this because the [GM] string broke and that that line is what accesses it?
|
|
|
|
|
07/31/2009, 18:14
|
#8
|
elite*gold: 115
Join Date: Oct 2007
Posts: 9,390
Received Thanks: 12,345
|
Did you really set the memory breakpoint on the string? According to your previous post it is located at 0A4307C.
|
|
|
|
|
07/31/2009, 18:18
|
#9
|
elite*gold: 20
Join Date: Nov 2008
Posts: 1,496
Received Thanks: 345
|
i put the break on the result i got from searching for [GM].
I can't find 00A4307C...the last offset is 00A25FFF
|
|
|
|
|
07/31/2009, 18:22
|
#10
|
elite*gold: 115
Join Date: Oct 2007
Posts: 9,390
Received Thanks: 12,345
|
Press Alt+M and select the section which contains 00A4307C. 
|
|
|
|
|
07/31/2009, 18:35
|
#11
|
elite*gold: 20
Join Date: Nov 2008
Posts: 1,496
Received Thanks: 345
|
i found that, I think. Says something like this:
Quote:
|
.[GM]....[DEV]...[DEKARON]...[OPR]...
|
so i highlisted the [GM] part and put a break on that. but then when I hit play, it tries to load and then when I hit Start, it says "Invalid Excute File" and closes the launcher
|
|
|
|
|
07/31/2009, 18:38
|
#12
|
elite*gold: 115
Join Date: Oct 2007
Posts: 9,390
Received Thanks: 12,345
|
Hmm... can't help you then, sorry. :S
|
|
|
|
|
07/31/2009, 18:40
|
#13
|
elite*gold: 20
Join Date: Nov 2008
Posts: 1,496
Received Thanks: 345
|
i tried doing that same thing on my original dekaron launcher, instead of the unpacked one, but I couldn't find the same text thing at the offset...
|
|
|
|
|
08/01/2009, 06:41
|
#14
|
elite*gold: 0
Join Date: Feb 2008
Posts: 250
Received Thanks: 65
|
i thought they server sided all the gm commands after sparkythestar killed it all. if it were possible everyone would be messing around with the exp rate and dropping high lvl mobs everywhere. that is unless we have responsible hackers.......
|
|
|
|
|
08/01/2009, 17:47
|
#15
|
elite*gold: 20
Join Date: Aug 2008
Posts: 2,763
Received Thanks: 4,397
|
Quote:
Originally Posted by sachamo512
i tried doing that same thing on my original dekaron launcher, instead of the unpacked one, but I couldn't find the same text thing at the offset...
|
That's the point in having unpacked executables. In packed ones everything is just encrypted code. The unpacker stub will then decrypt that code upon runtime into memory  .
|
|
|
|
 |
|
Similar Threads
|
OllyDBG & CO
07/15/2011 - CO2 Programming - 540 Replies
Hello all.
I've noticed the huge amount of people asking how to do multiclient without the date going of and how to remove virus scanner etc. This is a small tutorial to teach people how to make those by yourself.
Requirements :
- OllyDBG OllyDBG v1.10
- Conquer patched upto 5035.
Note 0-1. steps are same for all of the modifications.
|
How to use OllyDBG
12/13/2009 - 12Sky2 - 1 Replies
Is there any tutorial for this program? I want to learn how to hack 12Sky but I don't know how to use it. I know some basics but nothing more. I know to work in CE and in AutoIT really well.
|
[Help]Ollydbg.
12/10/2009 - Mabinogi - 4 Replies
I didnt have problems until today.
For some reason, when i open any dll with ollydbg this error message pops up.
If you dont mind, help me with this problem.
|
OllyDBG
07/16/2009 - Perfect World - 5 Replies
hey can i have question what can i do with ollydbg at pw all? can i change my atk or gold with them? pls tell me what all can i do with this programm at pw:handsdown:
|
OllyDBG Help
03/25/2008 - General Coding - 4 Replies
Hi,i recently heard you could dupe items in ROSE Online with OllyDBG,it's patched already,and i was wondering if this works with any game.If so,could someone release a Tutorial or something to help me understand how to use OllyDBG better?
I'm sorry if there is one already posted,i searched and couldnt find any.
|
All times are GMT +1. The time now is 09:52.
|
|
