_hex automaticaly turns 0x9F3E6C into the reversed 6C3E9F00, which can be used by the cpu.
so the $base = 0x9F3E6C
now to get to the call. calls ain't that easy to realize. to explain it check the string in odbg.
Code:
0046062C E8 8F961800 CALL elementc.005E9CC0
as you can see the adress that gets called is 0x5E9CC0
the call string is 8F 96 18 00. reversed we get the real hex value: 0x0018968F.
and the call command is placed @ 0x0046062C
we know we want to call 0x5E9CC0, but how can we get the hex string to call that adress? all we have is the inline position and the call adress.
0x46062C and 0x5E9CC0, and we need to get 0x18968F as result.
if we substract 0x46062C from 0x5E9CC0, we get 0x189694 as result. as you can see its still to high. we need to substrct 5 from that to get the real string we're looking for: 0x18968F
so we've found the formula of how to get the call string we need:
Code:
$call_string = $call_adress - $position - 5
so whats the $position in our code?
we know the allocated memory is placed @ $pRemoteMem[0]. thats where we place all of our asm code.
but thats still not where we place our call.
first we add '60' (1byte), then 'A1'&_hex($base) (5 byte), then '68'&_hex($id) (5byte), then '8B4820' (3byte) and now we're writing our call.
so the position is $pRemoteMem[0] + 1 + 5 + 5 + 3 (thats equal to $pRemoteMem[0] + 14 or $pRemoteMem[0]+StringLen($OPcode)/2).
so now we've got our $position = $pRemoteMem[0]+StringLen($OPcode)/2
the $call_adress is 0x5E9CC0.
so our formula is:
and thats exactly what i've written right there =)
for example, if the allocated memory is placed @ 0xB1000000, $pRemoteMem[0] would be 0xB1000000. the call would be placed @ 0xB1000000 + 14 and the call string would be 0x4F5E9CAD.
now the _hex function is used to reverse those hex patterns and we get the call string: AD9C5E4F. so we can use the call with "E8 AD9C5E4F".
as you can see thats totally different from E88F961800. using the original string would call a totally different adress, and your client would crash.
@chakjii : hi, nice blog u'r having there, I just visited and noticed there is a $vCharBase to read char name, how do you find a base address for char ? Usually it's global base address and then use offsets to point to other memory location to read some values like hp mp maxhp etc.
I tried to subtract your PW version's $vCharBase with $vBase, the result is 1516, then add it to PW Indo's $vBase which is 10007676 and still can't read char name.
@chakjii : hi, nice blog u'r having there, I just visited and noticed there is a $vCharBase to read char name, how do you find a base address for char ? Usually it's global base address and then use offsets to point to other memory location to read some values like hp mp maxhp etc.
I tried to subtract your PW version's $vCharBase with $vBase, the result is 1516, then add it to PW Indo's $vBase which is 10007676 and still can't read char name.
well charnames and some other names are often static in games, but i dont know why.
you need to read the name with wchar, not with dword
@chakjii : hi, nice blog u'r having there, I just visited and noticed there is a $vCharBase to read char name, how do you find a base address for char ? Usually it's global base address and then use offsets to point to other memory location to read some values like hp mp maxhp etc.
I tried to subtract your PW version's $vCharBase with $vBase, the result is 1516, then add it to PW Indo's $vBase which is 10007676 and still can't read char name.
Hey Smurf the name strings are unicode, probably u might need to convert them to ansi charset according to the printing api's ur using, use WideCharToMultiByte api for this conversion. cheers
[Stolen]Sourcecodes 03/10/2010 - CrossFire - 4 Replies hi habe ein paar Sourcecodes für die coder vllt hilft euch das ja.
Credits gehen an:dodo4876(****.net)
{
public:
float fMoveMentWalkRate; //0000
float fMovementDuckRate; //0004
float fMovementSideRate; //0008
float fMoveMentAcceleration; //000C
float fMoveMentFriction; //0010
SourceCodes: SmurfIT, AutoPotv1.95 and ZcPWBotv1.2 10/23/2009 - Perfect World - 45 Replies I am in open source feeling, so im spreading the sources of this Bots. Partwise its crappy code, but nevertheless enjoy it!
SmurfIT:
cl1p.net
AutoPotv1.95:
cl1p.net
ZcPWBotv1.2:
cl1p.net
Suche SourceCodes 10/06/2009 - Flyff Private Server - 4 Replies Hi
ich suche ein paar source von verschiedenen Flyff hacks. Habe auch schon via google gesucht, aber noch nichts gefunden. Soweit ich weiß kann mann aus diesen SourceCodes einen Neuen UNDETECTEN hack basteln oder?
Alle hilfreichen posts werden mit einem dicken DaumenHoch und einem Thanks bedankt ;)
Suche SourceCodes von Hacks 04/12/2008 - General Coding - 0 Replies Moin ich mal wieder...
bin auf der suche nach sourcecodes von hacks favorisiert aber css... ist egal ob detectet oder nicht oder wieviele funktionen er hat. bin einfach nur interessiert wie genau den sowas funktioniert und wie man das mit dem d3d ingame menu anstellt
wäre für ein paar links hier oder per pm sehr dankbar