of coz u can doubt ,
but myself i have same problems connecting and playing russian server with original exe and with fixed exe.
russian sever is just sucking all the way ,ive tried playing there, i have 26 lvl SH
and i cant play ther even with orig exe same shit happens DC - unable to connect etc
ill repeat myself its just a server, offsets working pretty nice,
logic tells me you have connection problems (bad routing for example) AND protection issues, and i have protection issues only.
anyway, i changed j(n)z at these locations (as you can see it's 0x90 bytes away from english version.. if i remember correctly):
384402
3845B2
3bb800
nops placed here:
386B27
and there is a cycle with peekmessage(), which in some case goes to checking again:
38488f
could you upload original russian requiem.exe here please, cause I can't.
have anyone tried MzBot (v2) API? did it work? i am unable to make it work.
by MzBot v2 they mean proof of concept code, that supposedly bypasses NtUserSendInput hook
the code of dll is this:
Code:
.386
.model flat, stdcall
option casemap:none
include windows.inc
include kernel32.inc
includelib kernel32.lib
.DATA
varSSID dd 0
sDeviceName db 92, 92, 46, 92, 116, 111, 66, 122, 77, 0 ; //./toBzM
buffDrvOutput dq 0
.CODE
start:
LibMain proc hInstDLL:DWORD, reason:DWORD, unused:DWORD
mov varSSID, 0
.if reason == DLL_PROCESS_ATTACH
.elseif reason == DLL_PROCESS_DETACH
.elseif reason == DLL_THREAD_ATTACH
.elseif reason == DLL_THREAD_DETACH
.endif
mov eax, 1
ret
LibMain endp
InitMzBot proc
; Open File it
push 0
push 0
push 3 ; OPEN_EXISTING
push 0
push 3 ; FILE_SHARE_READ | FILE_SHARE_WRITE,
push 0C0000000h ; GENERIC_READ | GENERIC_WRITE
push OFFSET sDeviceName
call CreateFile
cmp eax, 0FFFFFFFFh ; INVALID_HANDLE_VALUE
jne ContactDriver1
; Oh sh*t? A funny error occurred!
mov eax, -1
ret
ContactDriver1:
; So we got it?
push eax ; Backup the handle as usual
; Time to IOCTL it!
push 0 ; Reserve 4 byte for the OutputSize
mov ebx, esp ; Yes, I have a habit of using random registers.. erm... not eax and not ecx...
; Call IOCTL
push 0
push ebx
push 8 ; QWord, remember?
push OFFSET buffDrvOutput; The content?
push 0 ; No, there is ~~
push 0 ; no input data!
push 0A9002A40h ; #define IOCTL_GET_STARTING_SERVICEID CTL_CODE(0xA900, 0x0A90, METHOD_BUFFERED, FILE_ANY_ACCESS)
push eax
call DeviceIoControl
cmp eax, 0
jne ContactDriver2
; Screw it, another error!
add esp, 4 ; Clean off the OutputSize as well!
call CloseHandle ; Backup.. backup...
mov eax, -2
ret
ContactDriver2:
add esp, 4
call CloseHandle
mov eax, OFFSET buffDrvOutput ; **** it! Who cares if it is a QWord or DWord?! As far as I see, it won't be zero
mov eax, [eax]
add eax, 01000h
mov varSSID, eax ; Set varSSID as well...
ret
InitMzBot endp
AltSendInput proc
mov eax, varSSID
cmp eax, 0
je Alt_SendInput_Err
call IntCallGate
ret 0Ch
Alt_SendInput_Err:
mov eax, -1
ret 0Ch
IntCallGate:
; Erm.. no, they won't be dumb enough to detect this!
mov edx, esp
db 00Fh
db 034h ; Yeah, sysenter
ret
AltSendInput endp
end start
I fail to get results with this code even with no hooks on NtUserSendInput. I've tried myself - no result. Found a C++ wrap for the dll:
Code:
#ifndef MZBOT2_DLL_VERSION_HEADER
#define MZBOT2_DLL_VERSION_HEADER
#include <windows.h>
unsigned int MzBot_Init() {
HMODULE m = LoadLibrary( "amz.dll" );
if ( !m ) {
return -3;
}
unsigned long addr = (unsigned long) GetProcAddress( m, "InitMzBot" );
if ( !addr ) {
return -4;
}
__asm {
mov eax, addr
call addr
mov addr, eax
}
return addr;
};
unsigned int MzBot_SendInput( UINT nInputs, LPINPUT pInputs, int cbSize )
{
HMODULE m = LoadLibrary( "amz.dll" );
unsigned long addr = (unsigned long) GetProcAddress( m, "AltSendInput" );
__asm {
mov eax, addr
push cbSize
push pInputs
push nInputs
call addr
mov addr, eax
}
return addr;
};
#endif //#ifndef MZBOT2_DLL_VERSION_HEADER
and again, no result.
well, the error occures during init. return val is -1, so CreateFile isn't working well. who remembers what can be \\.\toBzM? like mailslot, but it's not... stream?
i dont remember exactly but this is eng requiem exe that works at least for me on russian server too.
allows me to use all the things i need to ease my game.
by "doesn't start" I mean no errors even. i replace my exe with yours, start "UpdaterRus.exe", on the appeared window I press "start" (in russian ofcourse) button, and then nothing...
Today after the update, when using the current HackShield Bypass everything turn into a ? icons. Can you make a new quick one or show me how to do it if it's simple? This is for Requiem USA.
can someone make one for the last english client i dont have such good programming skills and i would be very thankfull cuz i cant play without it . thks in advance
[Release]Hackshield Bypass 02/28/2013 - Metin2 Hacks, Bots, Cheats, Exploits & Macros - 24 Replies so ehm, hier gibts nen release zum Hackshield Bypass (nur für dll's)!
wundert euch nich über den namen (Mod Manager), das soll später ein tool zum client modding werden ;)
dazu gibts mehr infos wenns soweit is!
have fun ;)
edit: hab ne kleinigkeit vergessen ;)
how to use:
[RELEASE]Hackshield Bypass 04/20/2011 - Coding Releases - 3 Replies hi leutzZ also ich habe hier mal so ein trick ich weis aber nich ob es funzt is only vista(ich hab leider kein vista und kann es nicht testen)
also geht in die Hs Folder in s4 league und löscht Hshield.dat und hsupdater dingsbums (macht aber vorher eine sicherheitskopie nicht das es nicht funzt)
wenn es klappt oder nicht bitte posten *ich wünsche euch mal das es klappt*
[Release] D3D Bypass (Hackshield) 05/20/2010 - WarRock Hacks, Bots, Cheats & Exploits - 20 Replies Ok, Since i whas vip coder for warrock and I quit I will release this,
*NOTE* If I have around 100 views and 10-20 thanks, I CLOSE THIS TRHEAD
Just bool it, (DONT MAKE A ON-OFF FUNCTION THAT WILL LAGG WARROCK)
if (Hack_Detected) // Hack detected
{
const BYTE Bypass = {0xE8, 0xFD, 0xC2, 0x3C, 0x00};
{
*Release Hackshield Bypass* 08/10/2009 - Dragonica Hacks, Bots, Cheats & Exploits - 13 Replies First off I take no credits in this, I did not make it, but I really can't remember where I got this, it has been on my desktop for a while now, So if anybody knows who to give credits to I will be more than willing to Give those credits =)
Instructions:
Open dragonica to patcher.........then open any injector, I recommend an auto injector, and inject bypass into DRAGONICA.EXE exactly like that with all capitals...............done
I was able to open CE 5.5 and scan that's all ive...
[Release]Loader/HackShield bypass 05/28/2009 - General Gaming Discussion - 48 Replies Put this in your Requiem\System folder and execute, it will load the game straight up bypassing the launcher and hackshield
Have fun
*M*