Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Auto-search offsets for any main.exe

Experienced Elementalist
Joined
Oct 11, 2008
Messages
225
Reaction score
423
Hello all, today i'm start little project - auto offset researcher (yes mauro, u can go out :laugh:).

My base for it - olly dbg scripts on plugin "Odbg Script".
Of course it open source and etc.

And of course it not for all-all mains, but i try to make it for S3.2 -> S6.3.

Script (Updated: 05.05.2013):
Code:
var LogFile
var Start
var Version
var VersionConvert
var Serial
var MapNumber
var MainState
var UserObjectStruct
var ObjectPreviewStruct
var MasterLevel
var MasterPoints
var CursorX
var CursorY
var MaxZenWidth1
var MaxZenWidth2
var MaxZenWidth3
var MaxZenWidth4
var MaxZenWidth5
var WinWidth
var WinHeight
var CameraZoom
var CameraRotY
var CameraRotZ
var CameraPosZ
var CameraClipX
var CameraClipY
var CameraClipGL
// ---------------------------------------------------------
mov LogFile, ".\\MU.txt"
mov Start, 401000
// ---------------------------------------------------------
wrt LogFile, "//Auto researcher script"
// ---------------------------------------------------------
//Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN), 1.03.11 (JPN)
find Start, #83BD??????FF10#
cmp [$RESULT + f], 8a, 1
je Except1
mov Serial, [$RESULT + 12]
jmp WriteVersion
Except1:
mov Serial, [$RESULT + 11]
WriteVersion:
mov Version, Serial - 8
atoi [Version]
mov VersionConvert, $RESULT - 22345
eval "//Main: 10{VersionConvert}"
wrta LogFile, $RESULT
eval "#define Version					0x{Version} //-> {[Version]}"
wrta LogFile, $RESULT
log Version
eval "#define Serial					0x{Serial} //-> {[Serial]}"
wrta LogFile, $RESULT
log Serial
// ---------------------------------------------------------
//Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN), 1.03.11 (JPN)
find Start, #83F945#
mov MapNumber, [$RESULT + 7]
eval "#define MapNumber				*(int*)0x{MapNumber}"
wrta LogFile, $RESULT
log MapNumber
// ---------------------------------------------------------
//Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN), 1.03.11 (JPN)
find Start, #6A006A006A73#
mov MainState, [$RESULT - 7]
eval "#define MainState				*(int*)0x{MainState}"
wrta LogFile, $RESULT
log MainState
// ---------------------------------------------------------
//Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN), 1.03.11 (JPN)
find Start, #81F980000000740432C0EB19#
mov UserObjectStruct, [$RESULT + 0e]
eval "#define UserObjectStruct		0x{UserObjectStruct}"
wrta LogFile, $RESULT
log UserObjectStruct
// ---------------------------------------------------------
//1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN)
find Start, #C745FC0000000068E900000068C1000000#
mov ObjectPreviewStruct, [$RESULT - 21]
eval "#define ObjectPreviewStruct		0x{ObjectPreviewStruct}"
wrta LogFile, $RESULT
log ObjectPreviewStruct
// ---------------------------------------------------------
//Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN)
find Start, #5?68D2060000#
mov MasterLevel, [$RESULT - 4]
eval "#define MasterLevel				*(short*)0x{MasterLevel}"
wrta LogFile, $RESULT
log MasterLevel
// ---------------------------------------------------------
//Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN)
find Start, #5?68D3060000#
mov MasterPoints, [$RESULT - 4]
eval "#define MasterPoints			*(short*)0x{MasterPoints}"
wrta LogFile, $RESULT
log MasterPoints
// ---------------------------------------------------------
//Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN)
find Start, #813D????????2C010000#
mov CursorX, [$RESULT + 2]
wrta LogFile, "#define CursorX        			*(int*)0x"
wrta LogFile, CursorX, ""
log CursorX
mov CursorY, [$RESULT + 1a]
wrta LogFile, "#define CursorY        			*(int*)0x"
wrta LogFile, CursorY, ""
log CursorY
// ---------------------------------------------------------
//Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN), 1.03.11 (JPN)
findcmd Start, "push 8;push 0c; push 32"
GREF 0
GREF 1
mov MaxZenWidth1, $RESULT + 1
eval "#define MaxZenWidth1			*(BYTE*)0x{MaxZenWidth1}"
wrta LogFile, $RESULT
log MaxZenWidth1
GREF 2
mov MaxZenWidth2, $RESULT + 1
eval "#define MaxZenWidth2			*(BYTE*)0x{MaxZenWidth2}"
wrta LogFile, $RESULT
log MaxZenWidth2
GREF 3
mov MaxZenWidth3, $RESULT + 1
eval "#define MaxZenWidth3			*(BYTE*)0x{MaxZenWidth3}"
wrta LogFile, $RESULT
log MaxZenWidth3
GREF 4
mov MaxZenWidth4, $RESULT + 1
eval "#define MaxZenWidth4			*(BYTE*)0x{MaxZenWidth4}"
wrta LogFile, $RESULT
log MaxZenWidth4
GREF 5
mov MaxZenWidth5, $RESULT + 1
eval "#define MaxZenWidth5			*(BYTE*)0x{MaxZenWidth5} //-> If 0x0 or 0x1 = not in use"
wrta LogFile, $RESULT
log MaxZenWidth5
// ---------------------------------------------------------
//Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN), 1.03.11 (JPN)
find Start, #C705????????40060000#
mov WinWidth, [$RESULT + 2]
eval "#define WinWidth				*(GLsizei*)0x{WinWidth}"
wrta LogFile, $RESULT
log WinWidth
mov WinHeight, WinWidth + 4
eval "#define WinHeight				*(GLsizei*)0x{WinHeight}"
wrta LogFile, $RESULT
log WinHeight
// ---------------------------------------------------------
//Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN), 1.03.11 (JPN)
find Start, #C705????????00000C42#
cmp $RESULT, 0
je Season6
mov CameraZoom, $RESULT + 6
// ----
find Start, #5ED8C1#
mov CameraRotY, [$RESULT - 11]
// ----
find Start, #C74424??00C0A845C74424??00007A46C705????????000020C2#
mov CameraRotZ, [$RESULT + 12]
// ----
find Start, #D8C1D91D????????DDD8#
mov CameraPosZ, [$RESULT - 4]
// ----
find Start, #C745??????????C745??00609F46C745??????????#
mov CameraClipX, [$RESULT + 52]
mov CameraClipY, $RESULT - 2a
// ----
find Start, #D99D????????E8????????99B958020000F7F9#
mov CameraClipGL, [$RESULT - 4]
// ----
jmp EndOfCamSearch
Season6:
find Start, #6A006A006889000000#
mov CameraZoom, [$RESULT - 14]
// ----
find Start, #0FB7045?????????2?800000007427#
mov CameraRotY, [$RESULT - 1f]
mov CameraRotZ, [$RESULT - 4b]
// ----
find Start, #6AFF6A006AFF6A006A006A285?D905????????D91C24#
mov CameraPosZ, [$RESULT + 0f]
// ----
find Start, #833D????????2775??D905????????D95D??EB??D905????????D95D??833D????????02#
mov CameraClipX, [$RESULT + 9b]
// ----
find Start, #D905????????D95DE?51D9E?D91C??8D55??5?8D45??5?6878010000#
mov CameraClipY, [$RESULT + 2]
// ----
find Start, #D905????????D95D??8B4???8378??7A#
mov CameraClipGL, [$RESULT + 2]
// ----
EndOfCamSearch:
eval "#define CameraZoom				*(float*)0x{CameraZoom}"
wrta LogFile, $RESULT
log CameraZoom
eval "#define CameraRotY				*(float*)0x{CameraRotY}"
wrta LogFile, $RESULT
log CameraRotY
eval "#define CameraRotZ				*(float*)0x{CameraRotZ}"
wrta LogFile, $RESULT
log CameraRotZ
eval "#define CameraPosZ				*(float*)0x{CameraPosZ}"
wrta LogFile, $RESULT
log CameraPosZ
eval "#define CameraClipX				*(float*)0x{CameraClipX} //-> if Season 6+ == *(double*)"
wrta LogFile, $RESULT
log CameraClipX
eval "#define CameraClipY				*(float*)0x{CameraClipY}"
wrta LogFile, $RESULT
log CameraClipY
eval "#define CameraClipGL			*(float*)0x{CameraClipGL}"
wrta LogFile, $RESULT
log CameraClipGL
// ---------------------------------------------------------

List: (Updated: 05.05.2013):
  • char Version
  • char Serial
  • int MapNumber
  • int MainState
    - SelectServer = 2, SwitchCharacter = 4, Playing = 5
  • struct UserObjectStruct
  • struct ObjectPreviewStruct (like MakePreviewCharSet, but it global)
  • short MasterLevel
  • short MasterPoints
  • int CursorX
  • int CursorY
  • BYTE MaxZenWidth[1-5] ( )
    - It is direct offset, like *(BYTE*)0xXXXXXXXX = 9;, not +1;
  • GLsizei WinWidth
  • GLsizei WinHeight
  • float CameraZoom
  • float CameraRotY
  • float CameraRotZ
  • float CameraPosZ
  • float CameraClipX
    - In Season 6+ clients it can be double (8 byte)
  • float CameraClipY
  • float CameraClipGL

How use:
0.
1. Copy code from thread, create new text file, paste code and save with format .osc
2. , in Olly
3. Open u main.exe via Olly
4. Go to menu Plugins -> ODbgScript -> Log Window
-=DarkSim=- - Auto-search offsets for any main.exe - RaGEZONE Forums

5. Run script, Plugins -> ODbgScript -> Run Script...
6. Go to MU.txt and "magic":
-=DarkSim=- - Auto-search offsets for any main.exe - RaGEZONE Forums

-

Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN), 1.03.11 (JPN)

-

Me need help with tests bcz i don't have time for 4+ mains.exe, u can:
- Post your main and needed offsets for auto-researcher
- If you have 100% offsets from list for your main - please check it and post results

Updates: ~every 2-3 days

Bad english and etc ;D
 
Last edited:
Experienced Elementalist
Joined
Oct 11, 2008
Messages
225
Reaction score
423
VeltonD
- It not problem, one version for old 2k windows and one universal, use only ODbgScript.dll
 
Junior Spellweaver
Joined
Feb 13, 2013
Messages
193
Reaction score
69
DarkSim
Msg Fruint Main
It is referring to this message appears when you use the command /add.
Main 1.03K
But if have 1.03.28 to use as a reference thanks. thx
Screen(05_02-12_55)-0000 - Auto-search offsets for any main.exe - RaGEZONE Forums
 

Attachments

You must be registered for see attachments list
Last edited:
Experienced Elementalist
Joined
Oct 11, 2008
Messages
225
Reaction score
423
VeltonD
- You can send it message box by server)
 
Experienced Elementalist
Joined
Oct 11, 2008
Messages
225
Reaction score
423
UP:
- Added offset write to file (.\\MU.txt)
xuSYN19 - Auto-search offsets for any main.exe - RaGEZONE Forums

- Added version & serial search (need test-test-test, bcz i test it only on mains from list)

--

powerranger
- U can send point add packet from fruits =/
 

Attachments

You must be registered for see attachments list
Last edited:
Experienced Elementalist
Joined
Nov 4, 2007
Messages
200
Reaction score
5
Darksim, can u add to search for 3D camera and MuError.log crypt offsets ? would be verry nice if that have it :)
 
Experienced Elementalist
Joined
Oct 11, 2008
Messages
225
Reaction score
423
Stifi
- I add 3D Cam after weekend maybe, if u have offset for MuError enc - post main and offset)
 
Joined
Oct 29, 2007
Messages
1,267
Reaction score
1,284
-=DarkSim=- This is very good, in spite of the offense directed towards me, by the author of topic :) DarkSim, no good whatever your reasons to hate me so much lol, and really do not care, but others think not to say that this sort of thing (Auto-Researcher of Offsets), just make newer members of the community, even less qualified, make no mistake maybe this is one of those cases where the cure is worse than the disease. "TEIKIRISI" & "DON'T WORRY, BE HAPPY MY FRIEND" I do not think of abandoning them to you (the community), at least not yet.
 
Initiate Mage
Joined
May 3, 2013
Messages
1
Reaction score
2
-=DarkSim=- This is very good, in spite of the offense directed towards me, by the author of topic :) DarkSim, no good whatever your reasons to hate me so much lol, and really do not care, but others think not to say that this sort of thing (Auto-Researcher of Offsets), just make newer members of the community, even less qualified, make no mistake maybe this is one of those cases where the cure is worse than the disease. "TEIKIRISI" & "DON'T WORRY, BE HAPPY MY FRIEND" I do not think of abandoning them to you (the community), at least not yet.
That's not hate, that's the true, all your project = offsets research & sources of other people. I remember how after rpgsky release of smd converter, you did copy paste of .exe with credits for nemesis coder. GameEngine & Kalimidor also other people work. New sets/weapons remake of other people models & photoshop. You can lie to kids w/o knowledge u did modifications in code or anywhere, but you won't trick real guys. Maybe it's useful for someone, but it's all about respect, and because of people like you, many of great coders stop releasing free stuff or simply gone. New minimap, custom interfaces, clock, custom item effects addon, season 6 e3 emu, ex702/s8 editors, those sources would be public today, but why if mu leecher will call it GameEngine.
mauro07 = noob coder :D
mauro07 unsigned char is max 255 not 512 lol.. 1 byte max value = 0xFF (max value for 8 bits and 1 byte = 8 bits), for 512 it iwll be 0x200 10 bits. so first learn basics before trying to write things u dont understand
@mauro07: loops are your friends, I've looked into your dll's code and I was like o.0 when I saw 10 functions doing same thing only 1 BYTE changed in the string. Make the computer work for you.
Cracked by PE Explorer, nope? :) Nemesis (unpack custom library) :thumbdown: :facepalm:
Mu Coder = shenanigans
True hurts. @Darksim good work, it will save time for new people :)
 
Joined
Oct 29, 2007
Messages
1,267
Reaction score
1,284
That's not hate, that's the true, all your project = offsets research & sources of other people. I remember how after rpgsky release of smd converter, you did copy paste of .exe with credits for nemesis coder. GameEngine & Kalimidor also other people work. New sets/weapons remake of other people models & photoshop. You can lie to kids w/o knowledge u did modifications in code or anywhere, but you won't trick real guys. Maybe it's useful for someone, but it's all about respect, and because of people like you, many of great coders stop releasing free stuff or simply gone. New minimap, custom interfaces, clock, custom item effects addon, season 6 e3 emu, ex702/s8 editors, those sources would be public today, but why if mu leecher will call it GameEngine. True hurts. @Darksim good work, it will save time for new people :)

many can speak and criticize, partly for that is that there are free forums like this, many may feel envy and anger after all are free to do it? everyone is free to do and say whatever he wants and still more being on the Internet, but they are few and counted on the fingers, people who really have NO intentions of profiting from the work of others, and I certainly I am one of those few people, because if it is true that just know how to do research's of offsets and perhaps also I can play some few lines of code: C + + and maybe a few also from: ASM, with that little bit I've also done some things that are just meant for me mine based on my experience, and as you well said, "I have re-written some parts of source code" and I did it alone with the little knowledge I had, Nobody forces anyone to Provide or Saving a source code, as well no one forces anyone to go or stay in some public place like this.

Moreover, although maybe I have not tried, I can say that I have NEVER sold anything to anyone. All the things I do, sooner or later with whom I share the calls.

Has never been my intention to harm anyone, and well, of course there are people who will never change and I think I'm one of them, fine to those who like this. and to those who don't like this... "I don't care ".

Sorry for my bad English.
 
Last edited:
Back
Top