Requia

Maybe It's Maybelline · 01/29/2007, 16:56

You mean difficult like using a premade tool who retrivies the offsets/data from the functions? XD

I don't understand why people would have problems getting the offets oO

Harko · 01/29/2007, 21:00

says the person who couldn't even installed softice

I see the same big words as in the begining of the thread, how about you share your great knoweldge and post a list with working addresses?

Maybe It's Maybelline · 01/29/2007, 21:27

Quote:

Originally posted by Harko@Jan 29 2007, 21:00
says the person who couldn't even installed softice

I see the same big works as in the begining of the thread, how about you share your great knoweldge and post a list with working addresses?

I was able to install softice, I was just asking you what I should do with it since you wanted to give me further steps of developing something.

I have deleted GW since almost half a year ago... Okay Okay, I will just give a short tut how to do it manually, open CE, look for the desired offset by using the search button and eliminating other offsets, then you hook the debugger on it and see what adress/function access it, remember the EAX offset and search for the hex value this time after you find one offset that will be your pointer. Or I just could use a dumper

SilonVier · 01/29/2007, 21:45

Two important things were revealed:
- Marie hates midgets
- Harko is a midget

What now?

Maybe It's Maybelline · 01/29/2007, 21:46

+ He's a smurf. I don't like smurfs. ;D

gcardinal · 01/29/2007, 21:46

Quote:

I have deleted GW since almost half a year ago... Okay Okay, I will just give a short tut how to do it manually, open CE, look for the desired offset by using the search button and eliminating other offsets, then you hook the debugger on it and see what adress/function access it, remember the EAX offset and search for the hex value this time after you find one offset that will be your pointer. Or I just could use a dumper

a few things :

most data in gw is stored over the TEB and this is the funniest part because the result is there is NO offset/address lol beside small deltas which are hardcoded .. but I am sure you found an offset and injected it into Requia

next .. please show me how to find a function like MoveTo with CheatEngine ... this would be really great because than I can deinstall IDA and SoftIce thanks.

edit: wrong pc .. thats why this account : )

n3Cre0 · 01/29/2007, 21:55

Maybe It's Maybelline · 01/29/2007, 22:06

Quote:

most data in gw is stored over the TEB and this is the funniest part because the result is there is NO offset/address

and whats the relation to this? "Ohh over there are some booby traps and a non-existing gold bag, hurry and get it!"

Quote:

found an offset and injected it into Requia

Injected? was that some kind of typo?

Quote:

next .. please show me how to find a function like MoveTo with CheatEngine ... this would be really great because than I can deinstall IDA and SoftIce thanks.

I explained it before, you trigger the event ingame and catch the offsets, after you got a low amount you hook the debugger on it and wait until your tested offset causes a AccessViolation because of CE, or use the MV as help.
You can look into the gunz forums, there is a tutorial explaining how to retrive the offsets for functions fast and reliable by using CE.

Harko · 01/29/2007, 22:27

Quote:

and whats the relation to this? "Ohh over there are some booby traps and a non-existing gold bag, hurry and get it!"

quote from irc: "this person is really funny. not." : p

go and search some offsets which doesn't exist, as I said there is no offset for most gw data and this is the truth.

Quote:

I explained it before, you trigger the event ingame and catch the offsets, after you got a low amount you hook the debugger on it and wait until your tested offset causes a AccessViolation because of CE, or use the MV as help.
You can look into the gunz forums, there is a tutorial explaining how to retrive the offsets for functions fast and reliable by using CE.

sounds easy do it.

you know what is really funny? I look at this forum with 100.000 user: a non-working autoit script and only big words. Then I look at my pgp disk and I see two private dupes for two very popular games, I see teleport/fly hacks for nearly all shooter based games (xaladin saw two of them), I see requia modules for all, and I mean all, popular mmorpgs, I see a flawless working clientless bot for gw, I see full automated level/farm scripts for multiple games (no not such glider autoit ****) and I see full documentations of warden/xtrap/.. up to the last byte.

But at least it seems I can always save boring days here.

Maybe It's Maybelline · 01/29/2007, 22:30

Quote:

go and search some offsets which doesn't exist, as I said there is no offset for most gw data and this is the truth.

Okay, I will install GW again and take a look on it, how about that?

Edit: I dont see any problem there, I just got the offset for the function to add things from the store with CE, where is exactly YOUR problem?

Quote:

I see requia modules for all, and I mean all, popular mmorpgs

Maybe because Requia isnt public anymore? ;p Perhaps people would start making their own if you just offer again the sources.

SilonVier · 01/29/2007, 22:44

Quote:

Originally posted by gcardinal+Jan 29 2007, 21:46--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (gcardinal @ Jan 29 2007, 21:46)</td></tr><tr><td id='QUOTE'>most data in gw is stored over the TEB and this is the funniest part because the result is there is NO offset/address lol beside small deltas which are hardcoded .. but I am sure you found an offset and injected it into Requia [/b]

And the Santa Claus hides itself within the PEB?

Quote:

Originally posted by -gcardinal@Jan 29 2007, 21:46
next .. please show me how to find a function like MoveTo with CheatEngine ... this would be really great because than I can deinstall IDA and SoftIce thanks.

- I would attach a debugger, inject my dll which subclass the main window and breaks at the movement keys (int03). From this point I would follow the flow and track down in a deeper function the information, which I need to find it at the next time programmatically.
- I'm sure GW holds a static pointer to your Character-struct internally (it can be a linked-list like in D2 ... whatever). In most situations the current position of your character (xyz) is stored within this struct. It would be a good idea to find the char-struct first.
- Simple but in most games a working method -> Search unknown value, go to a higher location and search for an increased value (z) and so on.

(One or two may not work with GW - I never had GW to analyze the Client)

Quote:

Originally posted by -Harko@Jan 29 2007, 22:27
But at least it seems I can always save boring days here.

Huh? I thought it's the only reason why someone registers here.

<!--QuoteBegin--Maybe It's Maybelline@Jan 29 2007, 22:30
Maybe because Requia isnt public anymore? ;p Perhaps people would start making their own if you just offer again the sources.[/quote]
please no ...

Harko · 01/29/2007, 22:48

Quote:

Maybe because Requia isnt public anymore? ;p Perhaps people would start making their own if you just offer again the sources.

funny I thought I had even published a step by step tutorial how to create a module ... at the end I had to do all the work anyway and I wasted only time

edit:

Quote:

And the Santa Claus hides itself within the PEB?

you ever looked at gw?

show me a fixed address or pointer relationship for PlayerGold/PlayerExp ... the mistake to make big words without knowing the reality seems to be common here

Quote:

- I would attach a debugger, inject my dll which subclass the main window and breaks at the movement keys (int03). From this point I would follow the flow and track down in a deeper function the information, which I need to find it at the next time programmatically.

you know what multi threading is and what obfuscation means when a large scale c++ gets really big or? Gw isn't really a "Hello world" program ; )

Maybe It's Maybelline · 01/29/2007, 22:49

Quote:

Originally posted by Harko+Jan 29 2007, 22:48--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Harko @ Jan 29 2007, 22:48)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--Maybe It's Maybelline@Jan 29 2007, 22:30

Quote:

go and search some offsets which doesn't exist, as I said there is no offset for most gw data and this is the truth.

Okay, I will install GW again and take a look on it, how about that?

Quote:

I see requia modules for all, and I mean all, popular mmorpgs

Maybe because Requia isnt public anymore? ;p Perhaps people would start making their own if you just offer again the sources.

Quote:

Maybe because Requia isnt public anymore? ;p Perhaps people would start making their own if you just offer again the sources.

funny I thought I had even published a step by step tutorial how to create a module ... at the end I had to do all the work anyway and I wasted only time [/b][/quote]
You have taken it from the server after that Ebay case, the thread still exists though.

Harko · 01/29/2007, 23:04

since I only use clientless bot anyway and I didn't updated normal gw module for over 2 month I don't care anyway thats why:

xor eax, eax
mov ecx, fs:0x2c
mov edx, [ecx+eax*4]
mov eax, [edx+4]
mov eax, [eax+3c]
mov eax, [eax+e8]
mov eax, [eax+54] ;54h = PlayerGold

this is the complete program flow to get the PlayerGold value

yes I see the fixed address/offset and yes I know fs didn't point to the TEB in windows : p maybe Santa Claus told me the wrong stuff sorry =(

SilonVier · 01/29/2007, 23:24

Quote:

Originally posted by Harko+Jan 29 2007, 22:48--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Harko @ Jan 29 2007, 22:48)</td></tr><tr><td id='QUOTE'>you ever looked at gw?
show me a fixed address or pointer relationship for PlayerGold/PlayerExp ... [/b]

You haven't read my posting completely? :-

Quote:

Originally posted by -SilonVier@Jan 29 2007, 22:44
(One or two may not work with GW - I never had GW to analyze the Client)

Quote:

Originally posted by -Harko@Jan 29 2007, 22:48
the mistake to make big words without knowing the reality seems to be common here

Big words? I 'm not the one who talks here about my job, my projects, what cool things I have on my harddrive or claim that all users here are idiots. You are the one.

Quote:

Originally posted by -Harko@Jan 29 2007, 22:48
you know what multi threading is and what obfuscation means when a large scale c++ gets really big or?

Yes, how about you?

Quote:

Originally posted by -Harko@Jan 29 2007, 22:48
Gw isn't really a "Hello world" program ; )

oh, really?

<!--QuoteBegin--Harko@Jan 29 2007, 23:04
maybe Santa Claus told me the wrong stuff sorry =([/quote]
The "Osterhase" has the correct answer but he is at the moment very busy (planning and so on)