1.00.18 GS and 1.00.19 GS-CS - update 4

[juanmanuelsaad]

Re: [Guide] 1.00.18 GS and 1.00.19 GS-CS

005E5D4D 68 2D5D5E00 PUSH GameServ.005E5D2D ; ASCII "DSTeam.dll"
005E5D52 FF15 F4BC8C0C CALL DWORD PTR DS:[<&KERNEL32.LoadLibrar>; kernel32.LoadLibraryA
005E5D58 33C0 XOR EAX,EAX
005E5D5A ^0F84 3552FBFF JE GameServ.<ModuleEntryPoint>
005E5D60 68 3D5D5E00 PUSH GameServ.005E5D3D ; ASCII "Inicio"
005E5D65 50 PUSH EAX
005E5D66 FF15 F0BC8C0C CALL DWORD PTR DS:[<&KERNEL32.GetProcAdd>; kernel32.GetProcAddress
005E5D6C FFD0 CALL EAX
005E5D6E ^E9 2252FBFF JMP GameServ.<ModuleEntryPoint>

this is what i write into the GS, just like the guide say


after i save changes and reopen it again i got this look:

005E5D4C . 0068 2D ADD BYTE PTR DS:[EAX+2D],CH
005E5D4F . 5D POP EBP
005E5D50 . 5E POP ESI
005E5D51 . 00FF ADD BH,BH
005E5D53 . 15 F4BC8C0C ADC EAX,<&KERNEL32.LoadLibraryA>
005E5D58 . 33C0 XOR EAX,EAX
005E5D5A .^0F84 3552FBFF JE GameServ.<ModuleEntryPoint>
005E5D60 . 68 3D5D5E00 PUSH GameServ.005E5D3D ; /ProcNameOrOrdinal = "Inicio"
005E5D65 . 50 PUSH EAX ; |hModule => NULL
005E5D66 . FF15 F0BC8C0C CALL DWORD PTR DS:[<&KERNEL32.GetProcAdd>; \GetProcAddress
005E5D6C . FFD0 CALL EAX
005E5D6E .^E9 2252FBFF JMP GameServ.<ModuleEntryPoint>

so confused, and EP is 0052d6b0 but in LordPE say 0019AF95

 

[DarkFuture]

Re: [Guide] 1.00.18 GS and 1.00.19 GS-CS

so confused, and EP is 0052d6b0 but in LordPE say 0019AF95

how times I must say? http://forum.ragezone.com/f196/guide-1-00-18-gs-1-00-19-gs-cs-356748/index3.html#post3137676

LordPE EIP = Olly EIP (0052d6b0) - BASE SIZE (in LordPe can see 00401... or smth)

about code

005E5D4D 68 2D5D5E00 PUSH GameServ.005E5D2D ; ASCII "DSTeam.dll"

005E5D4C . 0068 2D ADD BYTE PTR DS:[EAX+2D],CH

D and C what is that numbers? 1, 3, 5, etc and 2, 4, 6, etc ... I don`t remember
but You must start code on offsets which hex value in dec don`t end with 1, 3, 5, 7, 9 (pair numbers?!)

P.s. better use other people gs with hook, that mean use other dll name and proc name who already is in GS ^^ (cheating )

 

[juanmanuelsaad]

Re: [Guide] 1.00.18 GS and 1.00.19 GS-CS

how times I must say? http://forum.ragezone.com/f196/guide-1-00-18-gs-1-00-19-gs-cs-356748/index3.html#post3137676

LordPE EIP = Olly EIP (0052d6b0) - BASE SIZE (in LordPe can see 00401... or smth)

about code

005E5D4D 68 2D5D5E00 PUSH GameServ.005E5D2D ; ASCII "DSTeam.dll"

005E5D4C . 0068 2D ADD BYTE PTR DS:[EAX+2D],CH

D and C what is that numbers? 1, 3, 5, etc and 2, 4, 6, etc ... I don`t remember
but You must start code on offsets which hex value in dec don`t end with 1, 3, 5, 7, 9 (pair numbers?!)

P.s. better use other people gs with hook, that mean use other dll name and proc name who already is in GS ^^ (cheating )

sry dude i'm too noob xD

so u say i shoud start coding in offsets that end in a pair number for example:

Dll in: 005E5D38
Function Inicio in: 005E5D44
and start hooking it in: 005E5D4C

C=12

i'm right?

 

[phillips41]

Re: [Guide] 1.00.18 GS and 1.00.19 GS-CS

It depends on the Olly as well, Shadow's Olly stops at the LordPE's EntryPoint

And about the translation, I'm going to continue tonight because yesterday I didn't have any time. Also, if anyone gets any errors recheck every file or start from scratch like phillips41 did, I also had errors and it was some typos!

what version Olly we need becuase i am not at that entry point he is saying in guide.

 

[DarkFuture]

Re: [Guide] 1.00.18 GS and 1.00.19 GS-CS

to juanmanuelsaad, yeah, on pair numbers, to known if C = 12 use Win Calc, Win+R-> Type "calc"-> enter xD

to user with orange username, Entry Point is that point where start code, Not DLL, Proc names, but where start first PUSH

005E5D4D 68 2D5D5E00 PUSH GameServ.005E5D2D ; ASCII "DSTeam.dll"
005E5D52 FF15 F4BC8C0C CALL DWORD PTR DS:[<&KERNEL32.LoadLibrar>; kernel32.LoadLibraryA
005E5D58 33C0 XOR EAX,EAX

here EIP will be 005E5D4D
in LordPE EIP will be 005E5D4D - GS Base Size (find in Lord PE, when editing EIP)

 

[hymen]

Re: [Guide] 1.00.18 GS and 1.00.19 GS-CS

Here's

You must be registered to see links

. It's a freeware, haven't had any problems with it.

 

[juanmanuelsaad]

Re: [Guide] 1.00.18 GS and 1.00.19 GS-CS

to juanmanuelsaad, yeah, on pair numbers, to known if C = 12 use Win Calc, Win+R-> Type "calc"-> enter xD

to user with orange username, Entry Point is that point where start code, Not DLL, Proc names, but where start first PUSH

005E5D4D 68 2D5D5E00 PUSH GameServ.005E5D2D ; ASCII "DSTeam.dll"
005E5D52 FF15 F4BC8C0C CALL DWORD PTR DS:[<&KERNEL32.LoadLibrar>; kernel32.LoadLibraryA
005E5D58 33C0 XOR EAX,EAX

here EIP will be 005E5D4D
in LordPE EIP will be 005E5D4D - GS Base Size (find in Lord PE, when editing EIP)

have same problem in pairs numbers, but i already understand about entry point hehe some idea

this is what i got now:

005E5D4C . 68 2C 5D 5E 0>ASCII "h,]^",0
005E5D51 . FF15 F4BC8C0C CALL DWORD PTR DS:[<&KERNEL32.LoadLibrar>; \LoadLibraryA
005E5D57 . 33C0 XOR EAX,EAX
005E5D59 .^ 0F84 5179F4FF JE GameServ.WinMain
005E5D5F . 68 3C5D5E00 PUSH GameServ.005E5D3C ; /ProcNameOrOrdinal = "Inicio"
005E5D64 . 50 PUSH EAX ; |hModule => NULL
005E5D65 . FF15 F0BC8C0C CALL DWORD PTR DS:[<&KERNEL32.GetProcAdd>; \GetProcAddress
005E5D6B . FFD0 CALL EAX
005E5D6D .^ E9 3E79F4FF JMP GameServ.WinMain

 

[DarkFuture]

Re: [Guide] 1.00.18 GS and 1.00.19 GS-CS

You start code at DB 00?
maybe try on INT3
use Fill with NOP at that place where start code ( <-- try this)

 

[phillips41]

Re: [Guide] 1.00.18 GS and 1.00.19 GS-CS

Here's

You must be registered to see links

. It's a freeware, haven't had any problems with it.

thanks alot that did it.
Just need to go by guide as close as possible. that way if something goes wrong i know it was me.

 

[juanmanuelsaad]

Re: [Guide] 1.00.18 GS and 1.00.19 GS-CS

You start code at DB 00?
maybe try on INT3
use Fill with NOP at that place where start code ( <-- try this)

Fill with NOP's in DB 00?

in INT3 when i declare my dll i got this:

005CF800 53 DB 53 ; CHAR 'S'
005CF801 68 DB 68 ; CHAR 'h'
005CF802 69 DB 69 ; CHAR 'i'
005CF803 6E DB 6E ; CHAR 'n'
005CF804 67 DB 67 ; CHAR 'g'
005CF805 2E DB 2E ; CHAR '.'
005CF806 64 DB 64 ; CHAR 'd'
005CF807 6C DB 6C ; CHAR 'l'
005CF808 6C DB 6C ; CHAR 'l'
005CF809 CC INT3
005CF80A CC INT3
005CF80B CC INT3
005CF80C CC INT3
005CF80D CC INT3
005CF80E CC INT3
005CF80F CC INT3
005CF810 49 DB 49 ; CHAR 'I'
005CF811 6E DB 6E ; CHAR 'n'
005CF812 69 DB 69 ; CHAR 'i'
005CF813 63 DB 63 ; CHAR 'c'
005CF814 69 DB 69 ; CHAR 'i'
005CF815 6F DB 6F ; CHAR 'o'

i think it is not there

 

[Holy]

Re: [Guide] 1.00.18 GS and 1.00.19 GS-CS

He means fills wth NOPS the INT3, because in HEX the INT3 are CC CC CC CC...

And the DB 00 are just 00 00 00 00, so its stupid to fill with NOPS the DB 00 because they are the
same

 

[hymen]

Re: [Guide] 1.00.18 GS and 1.00.19 GS-CS

juanmanuelsaad, the first screenshot seems fine to me, it's like my GS is. Just continue what the guide says, change the EntryPoint to the DLL's function offset (005E5D4D) in LordPE and it will be ok.

 

[juanmanuelsaad]

Re: [Guide] 1.00.18 GS and 1.00.19 GS-CS

when i was near of throw mi PC through the windows the light goes on XD thx guys =D.
but when i modify the entry point in LordPE i substract 5E5D4D and 400000 = 1E5D4D but same problem before "Module DSTeam has entry point outside the code (as specified in the PE header). Maybe this file is self-extracting or self-modifying. Please keep it in mind when setting breakpoints."

 

[Holy]

Re: [Guide] 1.00.18 GS and 1.00.19 GS-CS

when i was near of throw mi PC through the windows the light goes on XD thx guys =D.
but when i modify the entry point in LordPE i substract 5E5D4D and 400000 = 1E5D4D but same problem before "Module DSTeam has entry point outside the code (as specified in the PE header). Maybe this file is self-extracting or self-modifying. Please keep it in mind when setting breakpoints."

Thats why the gs is packed, use another unpacked.

And for change the entry point use better PE Explorer if you dont know how to use LordPE

 

[juanmanuelsaad]

Re: [Guide] 1.00.18 GS and 1.00.19 GS-CS

and what GS should i use? i'm using the one it's given in this guide

 

[hymen]

Re: [Guide] 1.00.18 GS and 1.00.19 GS-CS

when i was near of throw mi PC through the windows the light goes on XD thx guys =D.
but when i modify the entry point in LordPE i substract 5E5D4D and 400000 = 1E5D4D but same problem before "Module DSTeam has entry point outside the code (as specified in the PE header). Maybe this file is self-extracting or self-modifying. Please keep it in mind when setting breakpoints."

It's 001E5D4D, did you put that value? If yes, that doesn't happen to me :|

 

[juanmanuelsaad]

Re: [Guide] 1.00.18 GS and 1.00.19 GS-CS

yes it is i put that value in LordPE


EDIT: OOOOO dudeessss i can't beleve howww NOOB i am OMG, i just have to do Double click in the offset. CyA guys i'm going to suicide xD

At least i learned a lot of things xD thx all the ppl who gave me some help

 

[phillips41]

Re: [Guide] 1.00.18 GS and 1.00.19 GS-CS

yes it is i put that value in LordPE


EDIT: OOOOO dudeessss i can't beleve howww NOOB i am OMG, i just have to do Double click in the offset. CyA guys i'm going to suicide xD

At least i learned a lot of things xD thx all the ppl who gave me some help

what was it i am having same trouble as you

 

[juanmanuelsaad]

Re: [Guide] 1.00.18 GS and 1.00.19 GS-CS

select offset right click on it and select New Origin Here i did that and worked

but just one thing, it only worked with shadow's olly the other ollyDbg didn't work doing that :S


but i have another problem with GS :S...when i run it to test it, debugger windows open, i select debug...and when it is debugging it i got this error

Excepci

 

[coniki]

Re: [Guide] 1.00.18 GS and 1.00.19 GS-CS

This is my first post. I have been studying Reverse Engineering a lot and have learned a lot of the C++ language, enough to build my own events with packets included (Less than 2 months knowing Mu Online). It is a shame that we cannot keep such fine work Japanese Protocols in which it would be Season 3 Episode 1 with Cashshop. It is not that difficult to make cashshop emulation, and with little searching I found great things like working mu mail messenger, and the japanese protocols for 1.00.18, so Cashshop would be just time in order to find it or build it.

I want to thank the people who made this guide, it helps me a lot more than you would know. I just have to say that, even though I disagree with the Development on Korean Protocols until Season 3 Episode 2, this guide rocks.

P.S. Don't flame, this message was to tell people that even if your fairly new to a game, you can still catch on quick.

~ Coniki Tiki