Okay. Lets go.
Load up your favourite disassembler. I'm using x32dbg.
I gave away the addresses to look at. Explaining how I got there is part of another story.
Press Ctrl+G, enter the address you want to go to:
Now we got the location where the ShowGWnd(false) is called. From my post before we know PUSH and CALL are the important parts of a function call.
Select the PUSH instruction. Press Space to open the assembler. It will show the current instruction.
Enter "NOP" to replace it with a No-Operation. Make sure to tick the "Fill with NOP" Box.
Replace the PUSH and the CALL with NOPs. When you are done, it should look like this:
Repeat this step until you replaced all ShowGWnd(false) calls:
After that, press Ctrl+P to open the Patches-Window. Press "Patch File" to export a patched binary. You can not use the file you opened (e.g. sro_client.exe), so choose a different name.
sro_client_ruined.exe sounds like a good choice to me:
Now you are done. You have successfully patched the client. The icons are now visible. What's left is the background image. Use your acquired knowledge to analyze the code right below of what to patched to find another CALL thats using [edx+5C]. Thats the background. Replace it with NOP and the visuals are fine.
