[ESRO] Loader with range patch

ÑõÑ_Ŝŧóp · 06/12/2011, 18:20

great
but when i opened it nothing happened

!

Edit: worked

!

raveSTAR* · 06/12/2011, 18:29

Is he really trustable ? and from where he got it ?

ÑõÑ_Ŝŧóp · 06/12/2011, 18:31

Quote:

Originally Posted by raveSTAR*

Is he really trustable ? and from where he got it ?

yup
he is trustful ...

eddi02 · 06/12/2011, 18:54

why itools dont work
and anyone have media pk² whit autoselect for elite2?

jremy · 06/12/2011, 18:54

Quote:

Originally Posted by ÑõÑ_Ŝŧóp

great
but when i opened it nothing happened !

You mean the loader won't open (FileDialog), or sro won't start or range doesn't change? Make sure the dll file is in same folder with the executable. Tried running as adminstrator?

ÑõÑ_Ŝŧóp · 06/12/2011, 19:09

Quote:

Originally Posted by jremy

You mean the loader won't open (FileDialog), or sro won't start or range doesn't change? Make sure the dll file is in same folder with the executable. Tried running as adminstrator?

i knew the reason
my windows has some issues with file select dialog
can u make it with .ini file?

so i can run it (too tired to reinstall my windows

!)

* White * · 06/12/2011, 20:02

WORKINGGG

jlfbalo · 06/12/2011, 21:01

Quote:

Originally Posted by eddi02

why itools dont work
and anyone have media pk² whit autoselect for elite2?

You must be doing something wrong... itools is 100% working... also about the pk thing try to search the next time -.- its 2 threads below this one

Mr.LoLz · 06/12/2011, 22:20

works :X

DorkaZoid · 06/12/2011, 22:43

work!! but we need a keypress but i think

niyghtell · 06/12/2011, 22:46

very good

, you can do a cute little loader with zoom hack, nude paket etc, or this will work

?

DorkaZoid · 06/12/2011, 22:49

@jremy:That means zoomhack, etc are not possible.

niyghtell · 06/12/2011, 22:57

not possible yet

smedheaddk · 06/12/2011, 23:36

gj works well

smedheaddk · 06/13/2011, 00:04

Quote:

Originally Posted by jremy

I've seen few requests for the range patch so i wanted to do it. I guess the only way to patch it without bypassing gameguard is with injected dll, which need to be injected before gameguard loads. Gameguard detected the patch at startup (protection error), but if we wait the sro to be loaded we can modify the value of pointers with the injected dll. I tried patching static address, but game guard detected it few minutes later. That means zoomhack, etc are not possible.

Binarys: attached

Scan:

Sources:

Spoiler

esroLoaderdll.cpp:

Code:

#include "windows.h"

void WriteMemory(DWORD address, LPVOID patch, DWORD size)
{
	DWORD oldProtect;
	VirtualProtect((LPVOID)address, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
	memcpy((LPVOID)address, patch, size);
}

DWORD WINAPI PatchRangeThread(LPVOID lpParam) //need to wait for sro window or we get protection error
{
	while(1)
	{
		HWND hWnd = FindWindowA("CLIENT", 0);
		DWORD pid = 0;
		GetWindowThreadProcessId(hWnd, &pid);
		if(pid == GetCurrentProcessId())
			break;

		Sleep(10);
	}

	float range = 5000;
	WriteMemory(0xD10678, &range, sizeof(float));

	return 0;
}

BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
	if(ul_reason_for_call == DLL_PROCESS_ATTACH)
	{
		CreateMutexA(0, 0, "Silkroad Online Launcher");
		CreateMutexA(0, 0, "Ready");

		CreateThread(0, 0, &PatchRangeThread, 0, 0, 0);
	}
	return true;
}

esroLoader.cpp:

Code:

#include <windows.h>
#include <string.h>
#include <iostream>
using namespace std;

string OpenFile(char *filter = "sro_client.exe (*.exe*)")
{
	OPENFILENAMEA ofn;
	char fileName[MAX_PATH] = "";
	ZeroMemory(&ofn, sizeof(ofn));

	ofn.lStructSize = sizeof(OPENFILENAME);
	ofn.hwndOwner = NULL;
	ofn.lpstrFilter = filter;
	ofn.lpstrFile = fileName;
	ofn.nMaxFile = MAX_PATH;
	ofn.Flags = OFN_EXPLORER | OFN_FILEMUSTEXIST | OFN_HIDEREADONLY;
	ofn.lpstrDefExt = "";

	string fileNameStr;

	if(GetOpenFileNameA(&ofn))
		fileNameStr = fileName;

	return fileNameStr;
}

void InjectDLL(HANDLE hProcess, LPCSTR lpszDLLPath)
{
	DWORD dwMemSize = lstrlenA(lpszDLLPath) + 1;
	LPVOID lpBaseAddr = VirtualAllocEx(hProcess, NULL, dwMemSize, MEM_COMMIT, PAGE_READWRITE);
	WriteProcessMemory(hProcess, lpBaseAddr, lpszDLLPath, dwMemSize, NULL);
	HMODULE hUserDLL = LoadLibraryA("kernel32.dll");
	LPVOID lpFuncAddr = GetProcAddress(hUserDLL, "LoadLibraryA");
	HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)lpFuncAddr, lpBaseAddr, 0, NULL);
	WaitForSingleObject(hThread, INFINITE);
	FreeLibrary(hUserDLL);
	CloseHandle(hThread);
	VirtualFreeEx(hProcess, lpBaseAddr, 0, MEM_RELEASE);
}

HANDLE CreateSusProc(LPCSTR appName, LPSTR commandLine, LPCSTR dllPath)
{
	STARTUPINFOA si;
	PROCESS_INFORMATION pi;

	memset(&si, 0, sizeof(si));

	CreateProcessA(appName, commandLine, 0, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &si, &pi);

	InjectDLL(pi.hProcess, dllPath);

	return pi.hThread;
}

int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
{
	char dllpath[MAX_PATH];
	GetCurrentDirectoryA(sizeof(dllpath), dllpath);
	strcat_s(dllpath, "\\esroLoaderdll.dll");

	string args = " 0 /38 0 0";
	string path = OpenFile();
	path += args;
	
	HANDLE hThread = CreateSusProc("sro_client.exe", (LPSTR)path.c_str(), dllpath);
	ResumeThread(hThread);
	return 0;
}

TY FOR THE SOURCE! this well help Alot of people with there projects im sure.