Register for your free account! | Forgot your password?

Go Back   elitepvpers > MMORPGs > Rohan
You last visited: Today at 15:24

  • Please register to post and access all features, it's quick, easy and FREE!

 

Toast's turtorial to binary string reading.

Reply
 
Old   #1
 
elite*gold: 0
Join Date: Jun 2008
Posts: 30
Received Thanks: 34
Toast's turtorial to binary string reading.

Quote:
Originally Posted by coolninja
Dear Toast

I suddenly figured that how did u make the hacks for rohan, u extracted the whole rohan back to porgrams!

Till now, all i do is randomly search values in CE in rohan.
that's why i cant find much thing,
would you mind teaching me how to map out the source code of rohan? cause i really want to read the code myself.

thanks for any help!

Yours,
Nutimash
We'll useually using CE, and tracing the address back to a larger control structure. but i'll show you how anyways.


Note: "This is all based off memory, since i do not have rohan anymore but the concept is always the same FOR MOST GAMES."

Mapping out the strings is pretty easy,
1)First go over to and download the latest version of OLLYDBG enither olly 1 or 2 will achieve the same thing.
2)Run the rohan bypass through the bot.
3)Attach olly to the bot
4)You'll find yourself in ntdll , this is not what you want. Useually your games are located in the 0x04000000 region, so you would so lets jump to that expression shall we?
5)CTRL-G, and enter any value you searched with any cheat engine to jump to the game. (remember it should be somewhere in the 04000000 region.
6)Right click the main window and go to Find--->All text strings
7)Copy to clipboard ---> Whole table.

This is the easiest way to go around things but i'd suggest you read up on ASM, Pointers, Memory types,cove caves, structure, stack overflows and how memory is mapped out in a window's system. I also recommend learning a computer language such as C++.



bluetoast is offline  
Old   #2
 
elite*gold: 0
Join Date: Jun 2008
Posts: 14
Received Thanks: 2
not quite understand this line...

5)ALT-G, and enter any value you searched with any cheat engine to jump to the game. (remember it should be somewhere in the 04000000 region

more easier explanation pls?


coolninja is offline  
Old   #3
 
elite*gold: 0
Join Date: Feb 2008
Posts: 1,450
Received Thanks: 373
you should put this in the tutorial section of the forum
tux-penguin is offline  
Old   #4
 
elite*gold: 0
Join Date: Jun 2008
Posts: 30
Received Thanks: 34
Copied right out of the text book

0x00400000 is where your game is almost always loaded. Kernel32.dll, USER32.dll, and SHELL32.dll are other common modules.

All data in all games have addresses and values. An integer can have an address of 0x00443C0C and have a value of 100 (0x64), and this value is used for mathematical purposes. Likewise, a pointer can have an address of 0x0042104C and a value of 0x004AE804, but this value isn’t used for math. This value is yet another address.xx

It is important to be very clear on what a static address is. In our above example, address 0x00340000 would be static. Some people define static addresses as addresses that never move. But quite clearly that would mean every address is static. Address 0x00340000 is always address 0x00340000, address 0x00300000 is always 0x00300000, 3 is always 3, etc. So it isn’t the address that never moves, since addresses never move anyway. It’s the data that never moves. The data for my player may be at address 0x00340000. Address 0x00340000 will always be there, but the data for my player may later move off to address 0x0234C000.

EXTRA :
The accessible range (as shown) is from 0x00000000 to 0x7FFFE000, which covers two gigabytes. But wait. What if you don’t have two gigabytes of RAM? And, wait a minute. How can both of your games be loaded at 0x004000000 at the same time? Most of the processes on your computer are running at either 0x00400000 or 0x01000000, so that must mean they each have their own 2 gigabytes of RAM, right? But then, that means every time you load a process, you suddenly gain 2 gigabytes of RAM, right?

In my left hand is a red pill. If you take it I will show you the truth. I lost my right hand in the war, so I’m afraid you’re stuck with the red pill.

Every address you see here is a lie. You always see 0x00400000 as the base address of your game, but that is not its real address. Windows® hides its real address, and uses a virtual mapping system to give each process its own “set of RAM”. These addresses are virtual. But luckily for us, we don’t need to know this at all! All that is important to know is that when working in any given process, we are working within a virtual space with addresses that have meaning only to that process. For the sake of simplicity we always treat them as literal real addresses.


bluetoast is offline  
Old   #5
 
elite*gold: 0
Join Date: Jun 2008
Posts: 14
Received Thanks: 2
Quote:
Originally Posted by bluetoast View Post
Copied right out of the text book

0x00400000 is where your game is almost always loaded. Kernel32.dll, USER32.dll, and SHELL32.dll are other common modules.

All data in all games have addresses and values. An integer can have an address of 0x00443C0C and have a value of 100 (0x64), and this value is used for mathematical purposes. Likewise, a pointer can have an address of 0x0042104C and a value of 0x004AE804, but this value isn’t used for math. This value is yet another address.xx

It is important to be very clear on what a static address is. In our above example, address 0x00340000 would be static. Some people define static addresses as addresses that never move. But quite clearly that would mean every address is static. Address 0x00340000 is always address 0x00340000, address 0x00300000 is always 0x00300000, 3 is always 3, etc. So it isn’t the address that never moves, since addresses never move anyway. It’s the data that never moves. The data for my player may be at address 0x00340000. Address 0x00340000 will always be there, but the data for my player may later move off to address 0x0234C000.

EXTRA :
The accessible range (as shown) is from 0x00000000 to 0x7FFFE000, which covers two gigabytes. But wait. What if you don’t have two gigabytes of RAM? And, wait a minute. How can both of your games be loaded at 0x004000000 at the same time? Most of the processes on your computer are running at either 0x00400000 or 0x01000000, so that must mean they each have their own 2 gigabytes of RAM, right? But then, that means every time you load a process, you suddenly gain 2 gigabytes of RAM, right?

In my left hand is a red pill. If you take it I will show you the truth. I lost my right hand in the war, so I’m afraid you’re stuck with the red pill.

Every address you see here is a lie. You always see 0x00400000 as the base address of your game, but that is not its real address. Windows® hides its real address, and uses a virtual mapping system to give each process its own “set of RAM”. These addresses are virtual. But luckily for us, we don’t need to know this at all! All that is important to know is that when working in any given process, we are working within a virtual space with addresses that have meaning only to that process. For the sake of simplicity we always treat them as literal real addresses.


woah, that teach me another big thing i never noticed, virtual address allocate by OS real memory operation code.

But, my question is simply don't understand what this line means...
5)ALT-G, and enter any value you searched with any cheat engine to jump to the game. (remember it should be somewhere in the 04000000 region
does it means, i can't search the value from CE because the value are encrypted or so, but i can with ollydbg? and what do you mean "to jump to the game"? why do i have to search so that i can jump to the game address? and what do I have to search?
coolninja is offline  
Old   #6
 
elite*gold: 0
Join Date: Jan 2005
Posts: 1
Received Thanks: 0
Quote:
Originally Posted by bluetoast View Post
Copied right out of the text book

0x00400000 is where your game is almost always loaded. Kernel32.dll, USER32.dll, and SHELL32.dll are other common modules.

All data in all games have addresses and values. An integer can have an address of 0x00443C0C and have a value of 100 (0x64), and this value is used for mathematical purposes. Likewise, a pointer can have an address of 0x0042104C and a value of 0x004AE804, but this value isn’t used for math. This value is yet another address.xx

It is important to be very clear on what a static address is. In our above example, address 0x00340000 would be static. Some people define static addresses as addresses that never move. But quite clearly that would mean every address is static. Address 0x00340000 is always address 0x00340000, address 0x00300000 is always 0x00300000, 3 is always 3, etc. So it isn’t the address that never moves, since addresses never move anyway. It’s the data that never moves. The data for my player may be at address 0x00340000. Address 0x00340000 will always be there, but the data for my player may later move off to address 0x0234C000.

EXTRA :
The accessible range (as shown) is from 0x00000000 to 0x7FFFE000, which covers two gigabytes. But wait. What if you don’t have two gigabytes of RAM? And, wait a minute. How can both of your games be loaded at 0x004000000 at the same time? Most of the processes on your computer are running at either 0x00400000 or 0x01000000, so that must mean they each have their own 2 gigabytes of RAM, right? But then, that means every time you load a process, you suddenly gain 2 gigabytes of RAM, right?

In my left hand is a red pill. If you take it I will show you the truth. I lost my right hand in the war, so I’m afraid you’re stuck with the red pill.

Every address you see here is a lie. You always see 0x00400000 as the base address of your game, but that is not its real address. Windows® hides its real address, and uses a virtual mapping system to give each process its own “set of RAM”. These addresses are virtual. But luckily for us, we don’t need to know this at all! All that is important to know is that when working in any given process, we are working within a virtual space with addresses that have meaning only to that process. For the sake of simplicity we always treat them as literal real addresses.
Do you mind telling me the name of that book?
magisbladius is offline  
Old   #7
 
elite*gold: 0
Join Date: Mar 2008
Posts: 333
Received Thanks: 29
Quote:
Originally Posted by magisbladius View Post
Do you mind telling me the name of that book?
+1 (& where we can find it if not a problem)
SellSellSell is offline  
Old   #8
 
elite*gold: 0
Join Date: Jun 2008
Posts: 30
Received Thanks: 34
it can be found in almost EVERY reverse engineering book, under window's memory management. little guide i use is mhs tutorial.
bluetoast is offline  
Thanks
1 User
Old   #9
 
elite*gold: 0
Join Date: Jul 2009
Posts: 6
Received Thanks: 0
help

what do you mean "bot"----- the multiclient or the RohanBotEn1.0.9?
i really don't understand this part.... pls help.....>.<
lae0821 is offline  
Old   #10
 
elite*gold: 0
Join Date: Mar 2009
Posts: 150
Received Thanks: 13
Quote:
Originally Posted by lae0821 View Post
what do you mean "bot"----- the multiclient or the RohanBotEn1.0.9?
i really don't understand this part.... pls help.....>.<
wag na po asa kung depleted na ang braincells (bobo)
FebeSexy is offline  
Old   #11
 
elite*gold: 0
Join Date: Jul 2009
Posts: 6
Received Thanks: 0
Wink aw

nag tatanong lng po...... grabe ka nman....paturo n lng lam ko nman na magaling kau d2....


lae0821 is offline  
Reply



« Previous Thread | Next Thread »

Similar Threads
widevpn turtorial (kts vpn)
ok guys some of you already asked me how to use the vpn and witch one is the best.i used so far widepvn and it was realy good.for the korean ip its...
29 Replies - Rappelz
KTS English Patch Turtorial
ok guys here is the download link and the turtorial. Download link: CLICK HERE Turtorial: 1) you copy the data A and data B file on your...
24 Replies - Rappelz
autoit binary to string??
hey also ich will ne exe in nen source code zurück konvertieren (wenn das überhaupt geht mit autoit) mein bisheriger code^^
10 Replies - AutoIt



All times are GMT +2. The time now is 15:24.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy
Copyright ©2017 elitepvpers All Rights Reserved.