I'm mostly a lurker here, so to avoid the usual suspicion etc I'm not going to provide exe's, just show you what to do, like a DIY guide. This is also my first successful hack ever (woo, go me!) so it's probably excrutiatingly simple to a lot of people here... but, since I only did this BECAUSE a multiclient didn't already exist for Florensia on these forums, I figured it would be nice to give back to this community which is very helpful to many people.
I'm not an expert, either, so this isn't perfect, but it works, and that's all that matters, right? :}
K, first, you need Olly. If you don't have it, go download it. It's a decompiler. If you're totally lost right now, sorry, but I'm not really writing this as a newbie guide, you'll have to get someone to explain it to you.
First order of business is getting rid of shitty HShield, because it stops you opening up multiple copies of the game. Delete or rename the HShield folder in the Florensia\bin folder, then open up FlorensiaEN.bin in Olly and do an ASCII search. I use "Ultra String References Plugin" for this, but it may work without... try it and see, download the aforementioned plugin if not.
Now, in the new window of strings that popped up, Ctrl+F for 'hshield' and doubleclick the first instance of that word that it highlights.
If you scroll up from that line, pretty soon the section of code ends (begins) and you'll see this:
008CD6E7 CC INT3
008CD6E8 CC INT3
008CD6E9 CC INT3
008CD6EA CC INT3
008CD6EB CC INT3
008CD6EC CC INT3
008CD6ED CC INT3
008CD6EE CC INT3
008CD6EF CC INT3
008CD6F0 > 55 PUSH EBP
where that PUSH EBP is the beginning of the code chunk, and is a JUMP from a CALL somewhere else. So, rightclick, Goto->JMP from wherever it says.
That takes you into a middle of a JMP minefield. Make sure you don't select a different line and get yourself lost... rightclick the line that was highlighted, and again do rightclick, Goto->CALL from wherever it says.
Now you'll be at a line that probably looks like this:
008CDDDA . E8 2A97ECFF CALL Florensi.00797509
and below it, a MOVZX, followed by a TEST, and then a JNZ. That' JNZ is what you need to change; doubleclick it and change it to a JMP.
A few lines down you'll find another TEST followed by another JNZ. Again, switch that JNZ for a JMP.
That's it, BOOM, HShield is dead. But now we want to disable the errors that force the game to close, because now it will complain that HShield isn't running. D'oh. Time to nuke that once and for all.
If you go back into your string references window, Ctrl+F to find the text "has no object leaks". Here is where you should end up:
008CE454 > 68 3C20EE00 PUSH Florensi.00EE203C ; /String = "Application has no object leaks."
008CE459 . FF15 44557601 CALL DWORD PTR DS:[<&KERNEL32.OutputDebu>; \OutputDebugStringA
008CE45F > C785 70DDFFFF >MOV DWORD PTR SS:[EBP-2290],0
008CE469 . 8D8D 90EAFFFF LEA ECX,DWORD PTR SS:[EBP-1570]
008CE46F . FF15 54587601 CALL DWORD PTR DS:[<&MSVCP71.??1?$basic_>; MSVCP71.??1?$basic_string@DU?$char_traits@D@std@@V ?$allocator@D@2@@std@@QAE@XZ
008CE475 . 8B85 70DDFFFF MOV EAX,DWORD PTR SS:[EBP-2290]
008CE47B > 5F POP EDI
008CE47C . 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
008CE47F . 33CD XOR ECX,EBP
008CE481 . E8 FC98EDFF CALL Florensi.007A7D82
008CE486 . 8BE5 MOV ESP,EBP
008CE488 . 5D POP EBP
008CE489 . C2 1000 RETN 10
008CE48C CC INT3
008CE48D CC INT3
008CE48E CC INT3
008CE48F CC INT3
The line we are interested in here is: 008CE47B (your equivilent will most likely be a different number, so use the above paste chunk to figure out which line you should be focusing on)
That line is being jumped to from a whole bunch of different instructions. Rightclick that line, Goto->the first JMP item in the list. Then doubleclick that JMP and NOP it's ass.
Now read down the lines slowly, and find anything that JMPs to (your equivilent of 008CE47B), and NOP those as well. Do that 3 or 4 times and that should be sufficient.Now, assuming no screwups, rightclick anywhere in the window and do Copy->Select All, followed by rightclick->Copy to executable->Selection.
In the new window, rightclick->Save File. Save it as FlorensiaEN.bin (but for the love of all that is holy, make sure you backup the original first!)
Now, when you load up the game, you'll get two errors regarding HShield... but the game WILL still load. If you then load the game again, you'll get three errors (HShield whinging + 'game is already operation') but, again, the client will still load, and you are free to log in two different accounts. Trading between them works, as does inviting them to party, etc. There's some weirdness, and of course, those errors you get at first are annoying, but apart from that it's perfect.
If anyone wants to use this as a basis for a better hack, go ahead, you got my full permission to do whatever. Just don't shove a virus in it and distribute exe's saying "this was made by Fiestaa, enjoy!!" :P
Edit: Oh, also, you might need to change the Launcher.exe a bit too. If it complains about "game already operation", you'll want to search for that string in Olly and NOP whatever jumps to that section of code (you'll see a little > symbol next to any lines that are jumped to from elsewhere, meaning if you see one of these near that string, rightclick and goto->JMP from wherever, and NOP that line. Hope that makes sense.)
