Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Game kPT DCFix

Tolrok

Tolrok

Junior Spellweaver
10 Happy Years
Joined
Jan 8, 2012
Messages
133
Reaction score
44
Hey guys, today im publishing the current game.exe of the corean Prison Tale without the DC when you login in the server. There is a "protection" on the current game in the package 0x48470082 where you must reallocate one table to match with your server, so I rebuilt the struct of the game so it will connect without the server jPT and without taking the DC. Thanks to my friend Razor for give me this tip.

Tolrok - Game kPT DCFix - RaGEZONE Forums


You must be registered to see links
 
Last edited:
The Best DDoS Protected Servers
Phatkone

Phatkone

RZA-PT | KilroyPT
Joined
Aug 27, 2007
Messages
936
Reaction score
85
Which server file is this one meant to be paired with?
 
Phatkone

Phatkone

RZA-PT | KilroyPT
Joined
Aug 27, 2007
Messages
936
Reaction score
85
Tolrok said:
You can use any server as long as you change ports and connection packets.
Click to expand...

Ah k, is this tier 4 or tier 5 client? (does it have the shaman and assassin classes too?)

out of interest, what did you do to get it to show the account expiry on login?
 
Tolrok

Tolrok

Junior Spellweaver
10 Happy Years
Joined
Jan 8, 2012
Messages
133
Reaction score
44
Phatkone said:
Ah k, is this tier 4 or tier 5 client? (does it have the shaman and assassin classes too?)

out of interest, what did you do to get it to show the account expiry on login?
Click to expand...

Yes friend, this is the game of the current version of KPT, just play on top of the full client
 
Phatkone

Phatkone

RZA-PT | KilroyPT
Joined
Aug 27, 2007
Messages
936
Reaction score
85
ah mad stuff,

Do you know what setting it is to make it show the expiry date on login? (i figure its in the hotuk, ie. *show_disuseday or something?)
 
Phatkone

Phatkone

RZA-PT | KilroyPT
Joined
Aug 27, 2007
Messages
936
Reaction score
85
See in the image, in the chat box it displays the welcome message (expire day for the account), what do I set to display that in my server?

In google translate, forgive if its bad:

Veja na imagem, na caixa de bate-papo que exibe a mensagem de boas-vindas (expirar dia para a conta), o que eu definir para exibir que no meu servidor?
 
D

davidscofield

Newbie Spellweaver
Joined
Jun 13, 2016
Messages
50
Reaction score
1
can you show me offset fix DC
image ollyDBG
Thank so much .



when i run game.exe . it is exit with time show login control.
what is error ?
Thank you



send me link your full client. I used full client subagames . But error with your game.exe
 
Tolrok

Tolrok

Junior Spellweaver
10 Happy Years
Joined
Jan 8, 2012
Messages
133
Reaction score
44
You must download the full kpt client
You must be registered to see links


The two adjusted functions that cause DC are here
Code: 
00643AD0   /$  A1 60F4A503                         MOV EAX,DWORD PTR DS:[3A5F460]
00643AD5   |.  83EC 34                             SUB ESP,34
00643AD8   |.  85C0                                TEST EAX,EAX
00643ADA   |.  74 61                               JE SHORT game_NoD.00643B3D
00643ADC   |.  A1 446F9E00                         MOV EAX,DWORD PTR DS:[9E6F44]
00643AE1   |.  8B5424 38                           MOV EDX,DWORD PTR SS:[ESP+38]
00643AE5   |.  8B0D 08EC8E00                       MOV ECX,DWORD PTR DS:[8EEC08]
00643AEB   |.  894424 0C                           MOV DWORD PTR SS:[ESP+C],EAX
00643AEF   |.  52                                  PUSH EDX                                  ; /String2 = 000000C3 ???
00643AF0   |.  8D4424 18                           LEA EAX,DWORD PTR SS:[ESP+18]             ; |
00643AF4   |.  50                                  PUSH EAX                                  ; |String1 = 0685342B
00643AF5   |.  C74424 0C 82004748                  MOV DWORD PTR SS:[ESP+C],48470082         ; |
00643AFD   |.  C74424 08 34000000                  MOV DWORD PTR SS:[ESP+8],34               ; |
00643B05   |.  C74424 10 00000000                  MOV DWORD PTR SS:[ESP+10],0               ; |
00643B0D   |.  894C24 18                           MOV DWORD PTR SS:[ESP+18],ECX             ; |game_NoD.<ModuleEntryPoint>
00643B11   |.  FF15 C4906C00                       CALL NEAR DWORD PTR DS:[<&KERNEL32.lstrcp>; \lstrcpyA
00643B17   |.  FF15 94946C00                       CALL NEAR DWORD PTR DS:[<&WINMM.timeGetTi>;  WINMM.timeGetTime
00643B1D   |.  8B4C24 00                           MOV ECX,DWORD PTR SS:[ESP]                ;  KERNEL32.75B35478
00643B21   |.  6A 01                               PUSH 1
00643B23   |.  51                                  PUSH ECX                                  ;  game_NoD.<ModuleEntryPoint>
00643B24   |.  8B0D 60F4A503                       MOV ECX,DWORD PTR DS:[3A5F460]
00643B2A   |.  8D5424 08                           LEA EDX,DWORD PTR SS:[ESP+8]
00643B2E   |.  52                                  PUSH EDX
00643B2F   |.  A3 BCF4A503                         MOV DWORD PTR DS:[3A5F4BC],EAX
00643B34   |.  E8 970EE3FF                         CALL game_NoD.004749D0
00643B39   |.  83C4 34                             ADD ESP,34
00643B3C   |.  C3                                  RETN
00643B3D   |>  33C0                                XOR EAX,EAX
00643B3F   |.  83C4 34                             ADD ESP,34
00643B42   \.  C3                                  RETN


CONTINUATION


Code: 
006447D0   /$  83EC 34                             SUB ESP,34
006447D3   |.  A1 740E8F00                         MOV EAX,DWORD PTR DS:[8F0E74]
006447D8   |.  894424 0C                           MOV DWORD PTR SS:[ESP+C],EAX
006447DC   |.  8B4424 3C                           MOV EAX,DWORD PTR SS:[ESP+3C]             ;  game_NoD.008F8470
006447E0   |.  83F8 02                             CMP EAX,2
006447E3   |.  56                                  PUSH ESI                                  ;  game_NoD.00400000
006447E4   |.  8B7424 3C                           MOV ESI,DWORD PTR SS:[ESP+3C]             ;  game_NoD.008F8470
006447E8   |.  C74424 08 82004748                  MOV DWORD PTR SS:[ESP+8],48470082
006447F0   |.  C74424 04 34000000                  MOV DWORD PTR SS:[ESP+4],34
006447F8   |.  894424 0C                           MOV DWORD PTR SS:[ESP+C],EAX
006447FC   |.  C74424 14 00000000                  MOV DWORD PTR SS:[ESP+14],0
00644804   |.  75 3E                               JNZ SHORT game_NoD.00644844
00644806   |.  56                                  PUSH ESI                                  ; /String = "MZ"
00644807   |.  FF15 94926C00                       CALL NEAR DWORD PTR DS:[<&KERNEL32.lstrle>; \lstrlenA
0064480D   |.  33C9                                XOR ECX,ECX                               ;  game_NoD.<ModuleEntryPoint>
0064480F   |.  85C0                                TEST EAX,EAX
00644811   |.  7E 31                               JLE SHORT game_NoD.00644844
00644813   |>  803C31 20                           /CMP BYTE PTR DS:[ECX+ESI],20
00644817   |.  74 07                               |JE SHORT game_NoD.00644820
00644819   |.  41                                  |INC ECX                                  ;  game_NoD.<ModuleEntryPoint>
0064481A   |.  3BC8                                |CMP ECX,EAX
0064481C   |.^ 7C F5                               \JL SHORT game_NoD.00644813
0064481E   |.  EB 24                               JMP SHORT game_NoD.00644844
00644820   |>  57                                  PUSH EDI
00644821   |.  8D3C31                              LEA EDI,DWORD PTR DS:[ECX+ESI]
00644824   |.  57                                  PUSH EDI
00644825   |.  E8 4D110600                         CALL game_NoD.006A5977
0064482A   |.  83C4 04                             ADD ESP,4
0064482D   |.  3D E8030000                         CMP EAX,3E8
00644832   |.  C607 00                             MOV BYTE PTR DS:[EDI],0
00644835   |.  894424 10                           MOV DWORD PTR SS:[ESP+10],EAX
00644839   |.  5F                                  POP EDI                                   ;  KERNEL32.75B35478
0064483A   |.  7D 08                               JGE SHORT game_NoD.00644844
0064483C   |.  C74424 0C 02000000                  MOV DWORD PTR SS:[ESP+C],2
00644844   |>  56                                  PUSH ESI                                  ; /String2 = "MZ"
00644845   |.  8D4C24 1C                           LEA ECX,DWORD PTR SS:[ESP+1C]             ; |
00644849   |.  51                                  PUSH ECX                                  ; |String1 = game_NoD.<ModuleEntryPoint>
0064484A   |.  FF15 C4906C00                       CALL NEAR DWORD PTR DS:[<&KERNEL32.lstrcp>; \lstrcpyA
00644850   |.  8B0D 60F4A503                       MOV ECX,DWORD PTR DS:[3A5F460]
00644856   |.  85C9                                TEST ECX,ECX                              ;  game_NoD.<ModuleEntryPoint>
00644858   |.  C705 A05AC000 01000000              MOV DWORD PTR DS:[C05AA0],1
00644862   |.  5E                                  POP ESI                                   ;  KERNEL32.75B35478
00644863   |.  74 15                               JE SHORT game_NoD.0064487A
00644865   |.  8B5424 00                           MOV EDX,DWORD PTR SS:[ESP]                ;  KERNEL32.75B35478
00644869   |.  6A 01                               PUSH 1
0064486B   |.  52                                  PUSH EDX
0064486C   |.  8D4424 08                           LEA EAX,DWORD PTR SS:[ESP+8]
00644870   |.  50                                  PUSH EAX
00644871   |.  E8 5A01E3FF                         CALL game_NoD.004749D0
00644876   |.  83C4 34                             ADD ESP,34
00644879   |.  C3                                  RETN
0064487A   |>  33C0                                XOR EAX,EAX
0064487C   |.  83C4 34                             ADD ESP,34
0064487F   \.  C3                                  RETN

Connection ports
Code: 
00403749    .  68 19270000                         PUSH 2719
0044AC75    .  C787 30F5BE00 19270000              MOV DWORD PTR DS:[EDI+BEF530],2719
0044ACC0    .  C787 34F5BE00 19270000              MOV DWORD PTR DS:[EDI+BEF534],2719
0044AD03    .  C786 38F5BE00 19270000              MOV DWORD PTR DS:[ESI+BEF538],2719
0044B185   |> \B8 19270000                         MOV EAX,2719
00543AB5   |.  C707 19270000                       MOV DWORD PTR DS:[EDI],2719
005451B8   |.  C707 19270000                       MOV DWORD PTR DS:[EDI],2719
0062E6BC    > \68 19270000                         PUSH 2719
006342E5   |> \68 19270000                         PUSH 2719
00641827   |.  B8 19270000                         MOV EAX,2719
00641A83   |.  68 19270000                         PUSH 2719
00641A8D   |.  C705 C83C9B03 19270000              MOV DWORD PTR DS:[39B3CC8],2719
0064B71F    .  68 19270000                         PUSH 2719

You must change the value 2719 for your server..

Other connection packets
Code: 
004750F3   |.  80F1 ED                             |XOR CL,0ED
00475198   |.  80F2 ED                             |XOR DL,0ED

You must change your server to ED packages, I hope it helps...
 
D

davidscofield

Newbie Spellweaver
Joined
Jun 13, 2016
Messages
50
Reaction score
1
Tolrok said:
You must download the full kpt client
You must be registered to see links


The two adjusted functions that cause DC are here
Code: 
00643AD0   /$  A1 60F4A503                         MOV EAX,DWORD PTR DS:[3A5F460]
00643AD5   |.  83EC 34                             SUB ESP,34
00643AD8   |.  85C0                                TEST EAX,EAX
00643ADA   |.  74 61                               JE SHORT game_NoD.00643B3D
00643ADC   |.  A1 446F9E00                         MOV EAX,DWORD PTR DS:[9E6F44]
00643AE1   |.  8B5424 38                           MOV EDX,DWORD PTR SS:[ESP+38]
00643AE5   |.  8B0D 08EC8E00                       MOV ECX,DWORD PTR DS:[8EEC08]
00643AEB   |.  894424 0C                           MOV DWORD PTR SS:[ESP+C],EAX
00643AEF   |.  52                                  PUSH EDX                                  ; /String2 = 000000C3 ???
00643AF0   |.  8D4424 18                           LEA EAX,DWORD PTR SS:[ESP+18]             ; |
00643AF4   |.  50                                  PUSH EAX                                  ; |String1 = 0685342B
00643AF5   |.  C74424 0C 82004748                  MOV DWORD PTR SS:[ESP+C],48470082         ; |
00643AFD   |.  C74424 08 34000000                  MOV DWORD PTR SS:[ESP+8],34               ; |
00643B05   |.  C74424 10 00000000                  MOV DWORD PTR SS:[ESP+10],0               ; |
00643B0D   |.  894C24 18                           MOV DWORD PTR SS:[ESP+18],ECX             ; |game_NoD.<ModuleEntryPoint>
00643B11   |.  FF15 C4906C00                       CALL NEAR DWORD PTR DS:[<&KERNEL32.lstrcp>; \lstrcpyA
00643B17   |.  FF15 94946C00                       CALL NEAR DWORD PTR DS:[<&WINMM.timeGetTi>;  WINMM.timeGetTime
00643B1D   |.  8B4C24 00                           MOV ECX,DWORD PTR SS:[ESP]                ;  KERNEL32.75B35478
00643B21   |.  6A 01                               PUSH 1
00643B23   |.  51                                  PUSH ECX                                  ;  game_NoD.<ModuleEntryPoint>
00643B24   |.  8B0D 60F4A503                       MOV ECX,DWORD PTR DS:[3A5F460]
00643B2A   |.  8D5424 08                           LEA EDX,DWORD PTR SS:[ESP+8]
00643B2E   |.  52                                  PUSH EDX
00643B2F   |.  A3 BCF4A503                         MOV DWORD PTR DS:[3A5F4BC],EAX
00643B34   |.  E8 970EE3FF                         CALL game_NoD.004749D0
00643B39   |.  83C4 34                             ADD ESP,34
00643B3C   |.  C3                                  RETN
00643B3D   |>  33C0                                XOR EAX,EAX
00643B3F   |.  83C4 34                             ADD ESP,34
00643B42   \.  C3                                  RETN


CONTINUATION


Code: 
006447D0   /$  83EC 34                             SUB ESP,34
006447D3   |.  A1 740E8F00                         MOV EAX,DWORD PTR DS:[8F0E74]
006447D8   |.  894424 0C                           MOV DWORD PTR SS:[ESP+C],EAX
006447DC   |.  8B4424 3C                           MOV EAX,DWORD PTR SS:[ESP+3C]             ;  game_NoD.008F8470
006447E0   |.  83F8 02                             CMP EAX,2
006447E3   |.  56                                  PUSH ESI                                  ;  game_NoD.00400000
006447E4   |.  8B7424 3C                           MOV ESI,DWORD PTR SS:[ESP+3C]             ;  game_NoD.008F8470
006447E8   |.  C74424 08 82004748                  MOV DWORD PTR SS:[ESP+8],48470082
006447F0   |.  C74424 04 34000000                  MOV DWORD PTR SS:[ESP+4],34
006447F8   |.  894424 0C                           MOV DWORD PTR SS:[ESP+C],EAX
006447FC   |.  C74424 14 00000000                  MOV DWORD PTR SS:[ESP+14],0
00644804   |.  75 3E                               JNZ SHORT game_NoD.00644844
00644806   |.  56                                  PUSH ESI                                  ; /String = "MZ"
00644807   |.  FF15 94926C00                       CALL NEAR DWORD PTR DS:[<&KERNEL32.lstrle>; \lstrlenA
0064480D   |.  33C9                                XOR ECX,ECX                               ;  game_NoD.<ModuleEntryPoint>
0064480F   |.  85C0                                TEST EAX,EAX
00644811   |.  7E 31                               JLE SHORT game_NoD.00644844
00644813   |>  803C31 20                           /CMP BYTE PTR DS:[ECX+ESI],20
00644817   |.  74 07                               |JE SHORT game_NoD.00644820
00644819   |.  41                                  |INC ECX                                  ;  game_NoD.<ModuleEntryPoint>
0064481A   |.  3BC8                                |CMP ECX,EAX
0064481C   |.^ 7C F5                               \JL SHORT game_NoD.00644813
0064481E   |.  EB 24                               JMP SHORT game_NoD.00644844
00644820   |>  57                                  PUSH EDI
00644821   |.  8D3C31                              LEA EDI,DWORD PTR DS:[ECX+ESI]
00644824   |.  57                                  PUSH EDI
00644825   |.  E8 4D110600                         CALL game_NoD.006A5977
0064482A   |.  83C4 04                             ADD ESP,4
0064482D   |.  3D E8030000                         CMP EAX,3E8
00644832   |.  C607 00                             MOV BYTE PTR DS:[EDI],0
00644835   |.  894424 10                           MOV DWORD PTR SS:[ESP+10],EAX
00644839   |.  5F                                  POP EDI                                   ;  KERNEL32.75B35478
0064483A   |.  7D 08                               JGE SHORT game_NoD.00644844
0064483C   |.  C74424 0C 02000000                  MOV DWORD PTR SS:[ESP+C],2
00644844   |>  56                                  PUSH ESI                                  ; /String2 = "MZ"
00644845   |.  8D4C24 1C                           LEA ECX,DWORD PTR SS:[ESP+1C]             ; |
00644849   |.  51                                  PUSH ECX                                  ; |String1 = game_NoD.<ModuleEntryPoint>
0064484A   |.  FF15 C4906C00                       CALL NEAR DWORD PTR DS:[<&KERNEL32.lstrcp>; \lstrcpyA
00644850   |.  8B0D 60F4A503                       MOV ECX,DWORD PTR DS:[3A5F460]
00644856   |.  85C9                                TEST ECX,ECX                              ;  game_NoD.<ModuleEntryPoint>
00644858   |.  C705 A05AC000 01000000              MOV DWORD PTR DS:[C05AA0],1
00644862   |.  5E                                  POP ESI                                   ;  KERNEL32.75B35478
00644863   |.  74 15                               JE SHORT game_NoD.0064487A
00644865   |.  8B5424 00                           MOV EDX,DWORD PTR SS:[ESP]                ;  KERNEL32.75B35478
00644869   |.  6A 01                               PUSH 1
0064486B   |.  52                                  PUSH EDX
0064486C   |.  8D4424 08                           LEA EAX,DWORD PTR SS:[ESP+8]
00644870   |.  50                                  PUSH EAX
00644871   |.  E8 5A01E3FF                         CALL game_NoD.004749D0
00644876   |.  83C4 34                             ADD ESP,34
00644879   |.  C3                                  RETN
0064487A   |>  33C0                                XOR EAX,EAX
0064487C   |.  83C4 34                             ADD ESP,34
0064487F   \.  C3                                  RETN

Connection ports
Code: 
00403749    .  68 19270000                         PUSH 2719
0044AC75    .  C787 30F5BE00 19270000              MOV DWORD PTR DS:[EDI+BEF530],2719
0044ACC0    .  C787 34F5BE00 19270000              MOV DWORD PTR DS:[EDI+BEF534],2719
0044AD03    .  C786 38F5BE00 19270000              MOV DWORD PTR DS:[ESI+BEF538],2719
0044B185   |> \B8 19270000                         MOV EAX,2719
00543AB5   |.  C707 19270000                       MOV DWORD PTR DS:[EDI],2719
005451B8   |.  C707 19270000                       MOV DWORD PTR DS:[EDI],2719
0062E6BC    > \68 19270000                         PUSH 2719
006342E5   |> \68 19270000                         PUSH 2719
00641827   |.  B8 19270000                         MOV EAX,2719
00641A83   |.  68 19270000                         PUSH 2719
00641A8D   |.  C705 C83C9B03 19270000              MOV DWORD PTR DS:[39B3CC8],2719
0064B71F    .  68 19270000                         PUSH 2719

You must change the value 2719 for your server..

Other connection packets
Code: 
004750F3   |.  80F1 ED                             |XOR CL,0ED
00475198   |.  80F2 ED                             |XOR DL,0ED

You must change your server to ED packages, I hope it helps...
Click to expand...

Thank so much.
That is big shared !
 
Phatkone

Phatkone

RZA-PT | KilroyPT
Joined
Aug 27, 2007
Messages
936
Reaction score
85
@Tolrok what are the connection packets ? (the last bit you had) what is the ED value about? (so I know what I am searching for in my server / client)
 
Tolrok

Tolrok

Junior Spellweaver
10 Happy Years
Joined
Jan 8, 2012
Messages
133
Reaction score
44
@Phatkone The ED package is also responsible for the connection, if your server is different, it will not connect in the game.

Connected server in game
View attachment -KPT-Endless-Tower-Update-V2.2.rar

Package 1

Code: 
004012C1    .  68 19270000                         PUSH 2719
00435820   |.  C787 D8A58400 19270000              MOV DWORD PTR DS:[EDI+84A5D8],2719
0043586B   |.  C787 DCA58400 19270000              MOV DWORD PTR DS:[EDI+84A5DC],2719
004358AE   |.  C786 E0A58400 19270000              MOV DWORD PTR DS:[ESI+84A5E0],2719
00435CE7   |> \B8 19270000                         MOV EAX,2719
004D1C07   |.  C786 88028E07 19270000              MOV DWORD PTR DS:[ESI+78E0288],2719
004D252F   |.  C786 88028E07 19270000              MOV DWORD PTR DS:[ESI+78E0288],2719
004D2796   |.  C786 88028E07 19270000              |MOV DWORD PTR DS:[ESI+78E0288],2719
004D2BFB   |.  C786 88028E07 19270000              MOV DWORD PTR DS:[ESI+78E0288],2719
00564410    > \817F 0C 19270000                    CMP DWORD PTR DS:[EDI+C],2719
0056449E    > \817F 0C 19270000                    CMP DWORD PTR DS:[EDI+C],2719
005644E5    > \817F 0C 19270000                    CMP DWORD PTR DS:[EDI+C],2719
005682EE   |.  C74424 24 19270000                  MOV DWORD PTR SS:[ESP+24],2719
0056B460    .  68 19270000                         PUSH 2719
00571142    .  C74424 20 19270000                  MOV DWORD PTR SS:[ESP+20],2719
00571B81    .  C74424 20 19270000                  MOV DWORD PTR SS:[ESP+20],2719
00574731   |> \68 19270000                         PUSH 2719
0057E797   |.  B8 19270000                         MOV EAX,2719
0057E9F3   |.  68 19270000                         PUSH 2719
0057E9FD   |.  C705 B084B007 19270000              MOV DWORD PTR DS:[7B084B0],2719
00585DFF   |.  68 19270000                         |PUSH 2719


Package 2

Code: 
08B64473     80F1 ED                               XOR CL,0ED
08B64518     80F2 ED                               XOR DL,0ED
08B645E8     80F1 ED                               XOR CL,0ED
08B646AE     80F2 ED                               XOR DL,0ED

Server offset...
 

Attachments

You must be registered for see attachments list
D

davidscofield

Newbie Spellweaver
Joined
Jun 13, 2016
Messages
50
Reaction score
1
why i used your client shared . it dont work. when run game.exe if show login control is exit process.
What error ?
i used win7 64bit.
Thank so much.
 
D

davidscofield

Newbie Spellweaver
Joined
Jun 13, 2016
Messages
50
Reaction score
1
where is IP connection ?
i checked ptreg.rgx wrong IP.
thank you so much
 
You must log in or register to reply here.

About Us

RaGEZONE® is a website dedicated to the development of massively multiplayer online role-playing games (MMORPGs).

Online statistics

Members online
204
Guests online
1,417
Total visitors
1,621
Totals may include hidden visitors.

Forum statistics

Threads
428,822
Messages
4,588,822
Members
279,041
Latest member
Veckor
Most visitors online was 8830 , on 6 Feb 2024

RaGEZONE Sponsor

    HyperFilter
Back
Top