Auto-search offsets for any main.exe

Page 1 of 5 12345 LastLast
Results 1 to 15 of 66
  1. #1
    nullptr -=DarkSim=- is offline
    True MemberRank
    Oct 2008 Join Date
    Lost continentLocation
    241Posts

    idea Auto-search offsets for any main.exe

    Auto-search offsets for any main.exe
    Hello all, today i'm start little project - auto offset researcher (yes mauro, u can go out ).

    My base for it - olly dbg scripts on plugin "Odbg Script".
    Of course it open source and etc.

    And of course it not for all-all mains, but i try to make it for S3.2 -> S6.3.

    Script (Updated: 05.05.2013):
    Code:
    var LogFile
    var Start
    var Version
    var VersionConvert
    var Serial
    var MapNumber
    var MainState
    var UserObjectStruct
    var ObjectPreviewStruct
    var MasterLevel
    var MasterPoints
    var CursorX
    var CursorY
    var MaxZenWidth1
    var MaxZenWidth2
    var MaxZenWidth3
    var MaxZenWidth4
    var MaxZenWidth5
    var WinWidth
    var WinHeight
    var CameraZoom
    var CameraRotY
    var CameraRotZ
    var CameraPosZ
    var CameraClipX
    var CameraClipY
    var CameraClipGL
    // ---------------------------------------------------------
    mov LogFile, ".\\MU.txt"
    mov Start, 401000
    // ---------------------------------------------------------
    wrt LogFile, "//Auto researcher script"
    // ---------------------------------------------------------
    //Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN), 1.03.11 (JPN)
    find Start, #83BD??????FF10#
    cmp [$RESULT + f], 8a, 1
    je Except1
    mov Serial, [$RESULT + 12]
    jmp WriteVersion
    Except1:
    mov Serial, [$RESULT + 11]
    WriteVersion:
    mov Version, Serial - 8
    atoi [Version]
    mov VersionConvert, $RESULT - 22345
    eval "//Main: 10{VersionConvert}"
    wrta LogFile, $RESULT
    eval "#define Version					0x{Version} //-> {[Version]}"
    wrta LogFile, $RESULT
    log Version
    eval "#define Serial					0x{Serial} //-> {[Serial]}"
    wrta LogFile, $RESULT
    log Serial
    // ---------------------------------------------------------
    //Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN), 1.03.11 (JPN)
    find Start, #83F945#
    mov MapNumber, [$RESULT + 7]
    eval "#define MapNumber				*(int*)0x{MapNumber}"
    wrta LogFile, $RESULT
    log MapNumber
    // ---------------------------------------------------------
    //Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN), 1.03.11 (JPN)
    find Start, #6A006A006A73#
    mov MainState, [$RESULT - 7]
    eval "#define MainState				*(int*)0x{MainState}"
    wrta LogFile, $RESULT
    log MainState
    // ---------------------------------------------------------
    //Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN), 1.03.11 (JPN)
    find Start, #81F980000000740432C0EB19#
    mov UserObjectStruct, [$RESULT + 0e]
    eval "#define UserObjectStruct		0x{UserObjectStruct}"
    wrta LogFile, $RESULT
    log UserObjectStruct
    // ---------------------------------------------------------
    //1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN)
    find Start, #C745FC0000000068E900000068C1000000#
    mov ObjectPreviewStruct, [$RESULT - 21]
    eval "#define ObjectPreviewStruct		0x{ObjectPreviewStruct}"
    wrta LogFile, $RESULT
    log ObjectPreviewStruct
    // ---------------------------------------------------------
    //Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN)
    find Start, #5?68D2060000#
    mov MasterLevel, [$RESULT - 4]
    eval "#define MasterLevel				*(short*)0x{MasterLevel}"
    wrta LogFile, $RESULT
    log MasterLevel
    // ---------------------------------------------------------
    //Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN)
    find Start, #5?68D3060000#
    mov MasterPoints, [$RESULT - 4]
    eval "#define MasterPoints			*(short*)0x{MasterPoints}"
    wrta LogFile, $RESULT
    log MasterPoints
    // ---------------------------------------------------------
    //Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN)
    find Start, #813D????????2C010000#
    mov CursorX, [$RESULT + 2]
    wrta LogFile, "#define CursorX        			*(int*)0x"
    wrta LogFile, CursorX, ""
    log CursorX
    mov CursorY, [$RESULT + 1a]
    wrta LogFile, "#define CursorY        			*(int*)0x"
    wrta LogFile, CursorY, ""
    log CursorY
    // ---------------------------------------------------------
    //Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN), 1.03.11 (JPN)
    findcmd Start, "push 8;push 0c; push 32"
    GREF 0
    GREF 1
    mov MaxZenWidth1, $RESULT + 1
    eval "#define MaxZenWidth1			*(BYTE*)0x{MaxZenWidth1}"
    wrta LogFile, $RESULT
    log MaxZenWidth1
    GREF 2
    mov MaxZenWidth2, $RESULT + 1
    eval "#define MaxZenWidth2			*(BYTE*)0x{MaxZenWidth2}"
    wrta LogFile, $RESULT
    log MaxZenWidth2
    GREF 3
    mov MaxZenWidth3, $RESULT + 1
    eval "#define MaxZenWidth3			*(BYTE*)0x{MaxZenWidth3}"
    wrta LogFile, $RESULT
    log MaxZenWidth3
    GREF 4
    mov MaxZenWidth4, $RESULT + 1
    eval "#define MaxZenWidth4			*(BYTE*)0x{MaxZenWidth4}"
    wrta LogFile, $RESULT
    log MaxZenWidth4
    GREF 5
    mov MaxZenWidth5, $RESULT + 1
    eval "#define MaxZenWidth5			*(BYTE*)0x{MaxZenWidth5} //-> If 0x0 or 0x1 = not in use"
    wrta LogFile, $RESULT
    log MaxZenWidth5
    // ---------------------------------------------------------
    //Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN), 1.03.11 (JPN)
    find Start, #C705????????40060000#
    mov WinWidth, [$RESULT + 2]
    eval "#define WinWidth				*(GLsizei*)0x{WinWidth}"
    wrta LogFile, $RESULT
    log WinWidth
    mov WinHeight, WinWidth + 4
    eval "#define WinHeight				*(GLsizei*)0x{WinHeight}"
    wrta LogFile, $RESULT
    log WinHeight
    // ---------------------------------------------------------
    //Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN), 1.03.11 (JPN)
    find Start, #C705????????00000C42#
    cmp $RESULT, 0
    je Season6
    mov CameraZoom, $RESULT + 6
    // ----
    find Start, #5ED8C1#
    mov CameraRotY, [$RESULT - 11]
    // ----
    find Start, #C74424??00C0A845C74424??00007A46C705????????000020C2#
    mov CameraRotZ, [$RESULT + 12]
    // ----
    find Start, #D8C1D91D????????DDD8#
    mov CameraPosZ, [$RESULT - 4]
    // ----
    find Start, #C745??????????C745??00609F46C745??????????#
    mov CameraClipX, [$RESULT + 52]
    mov CameraClipY, $RESULT - 2a
    // ----
    find Start, #D99D????????E8????????99B958020000F7F9#
    mov CameraClipGL, [$RESULT - 4]
    // ----
    jmp EndOfCamSearch
    Season6:
    find Start, #6A006A006889000000#
    mov CameraZoom, [$RESULT - 14]
    // ----
    find Start, #0FB7045?????????2?800000007427#
    mov CameraRotY, [$RESULT - 1f]
    mov CameraRotZ, [$RESULT - 4b]
    // ----
    find Start, #6AFF6A006AFF6A006A006A285?D905????????D91C24#
    mov CameraPosZ, [$RESULT + 0f]
    // ----
    find Start, #833D????????2775??D905????????D95D??EB??D905????????D95D??833D????????02#
    mov CameraClipX, [$RESULT + 9b]
    // ----
    find Start, #D905????????D95DE?51D9E?D91C??8D55??5?8D45??5?6878010000#
    mov CameraClipY, [$RESULT + 2]
    // ----
    find Start, #D905????????D95D??8B4???8378??7A#
    mov CameraClipGL, [$RESULT + 2]
    // ----
    EndOfCamSearch:
    eval "#define CameraZoom				*(float*)0x{CameraZoom}"
    wrta LogFile, $RESULT
    log CameraZoom
    eval "#define CameraRotY				*(float*)0x{CameraRotY}"
    wrta LogFile, $RESULT
    log CameraRotY
    eval "#define CameraRotZ				*(float*)0x{CameraRotZ}"
    wrta LogFile, $RESULT
    log CameraRotZ
    eval "#define CameraPosZ				*(float*)0x{CameraPosZ}"
    wrta LogFile, $RESULT
    log CameraPosZ
    eval "#define CameraClipX				*(float*)0x{CameraClipX} //-> if Season 6+ == *(double*)"
    wrta LogFile, $RESULT
    log CameraClipX
    eval "#define CameraClipY				*(float*)0x{CameraClipY}"
    wrta LogFile, $RESULT
    log CameraClipY
    eval "#define CameraClipGL			*(float*)0x{CameraClipGL}"
    wrta LogFile, $RESULT
    log CameraClipGL
    // ---------------------------------------------------------
    List: (Updated: 05.05.2013):
    Spoiler:

    • char Version
    • char Serial
    • int MapNumber
    • int MainState
      - SelectServer = 2, SwitchCharacter = 4, Playing = 5
    • struct UserObjectStruct
    • struct ObjectPreviewStruct (like MakePreviewCharSet, but it global)
    • short MasterLevel
    • short MasterPoints
    • int CursorX
    • int CursorY
    • BYTE MaxZenWidth[1-5] (Max. width of numbers in vault / trade)
      - It is direct offset, like *(BYTE*)0xXXXXXXXX = 9;, not +1;
    • GLsizei WinWidth
    • GLsizei WinHeight
    • float CameraZoom
    • float CameraRotY
    • float CameraRotZ
    • float CameraPosZ
    • float CameraClipX
      - In Season 6+ clients it can be double (8 byte)
    • float CameraClipY
    • float CameraClipGL



    How use:
    0. Download oldschool Olly 1.10
    1. Copy code from thread, create new text file, paste code and save with format .osc
    2. Download plugin, Install it in Olly
    3. Open u main.exe via Olly
    4. Go to menu Plugins -> ODbgScript -> Log Window

    5. Run script, Plugins -> ODbgScript -> Run Script...
    6. Go to MU.txt and "magic":

    -

    Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN), 1.03.11 (JPN)

    -

    Me need help with tests bcz i don't have time for 4+ mains.exe, u can:
    - Post your main and needed offsets for auto-researcher
    - If you have 100% offsets from list for your main - please check it and post results

    Updates: ~every 2-3 days

    Bad english and etc ;D
    Last edited by -=DarkSim=-; 05-05-13 at 01:59 AM.


  2. #2
    Account Upgraded | Title Enabled! boncha is offline
    True MemberRank
    Oct 2008 Join Date
    254Posts

    Re: Auto-search offsets for any main.exe

    coooll mate

  3. #3
    Ultimate Member VeltonD is offline
    MemberRank
    Feb 2013 Join Date
    193Posts

    Re: Auto-search offsets for any main.exe

    I have Problems =/
    Click image for larger version. 

Name:	Sem título.png 
Views:	432 
Size:	76.6 KB 
ID:	129208

  4. #4
    Member CtrlMS is offline
    MemberRank
    Apr 2010 Join Date
    41Posts

    Re: Auto-search offsets for any main.exe

    hey how i can make folder to images in main.exe ollydbg please help me

  5. #5
    nullptr -=DarkSim=- is offline
    True MemberRank
    Oct 2008 Join Date
    Lost continentLocation
    241Posts

    Re: Auto-search offsets for any main.exe

    VeltonD
    - It not problem, one version for old 2k windows and one universal, use only ODbgScript.dll

  6. #6
    C/C++,PHP,HTML,Java,ASM zasmqniq is offline
    InactiveRank
    Jan 2009 Join Date
    BulgariaLocation
    437Posts

    Re: Auto-search offsets for any main.exe

    great job as always!!!!!!!!!

  7. #7
    Ultimate Member VeltonD is offline
    MemberRank
    Feb 2013 Join Date
    193Posts

    Re: Auto-search offsets for any main.exe

    - DarkSim
    Already decided, could spend the offsets of Fruints?

  8. #8
    nullptr -=DarkSim=- is offline
    True MemberRank
    Oct 2008 Join Date
    Lost continentLocation
    241Posts

    Re: Auto-search offsets for any main.exe

    VeltonD
    - What is Fruints?

  9. #9
    Ultimate Member VeltonD is offline
    MemberRank
    Feb 2013 Join Date
    193Posts

    Re: Auto-search offsets for any main.exe

    DarkSim
    Msg Fruint Main
    It is referring to this message appears when you use the command /add.
    Main 1.03K
    But if have 1.03.28 to use as a reference thanks. thx
    Click image for larger version. 

Name:	Screen(05_02-12_55)-0000.jpg 
Views:	447 
Size:	472.8 KB 
ID:	129216
    Last edited by VeltonD; 02-05-13 at 06:20 PM.

  10. #10
    nullptr -=DarkSim=- is offline
    True MemberRank
    Oct 2008 Join Date
    Lost continentLocation
    241Posts

    Re: Auto-search offsets for any main.exe

    VeltonD
    - You can send it message box by server)

  11. #11
    Member powerranger is offline
    MemberRank
    Apr 2010 Join Date
    28Posts

    Re: Auto-search offsets for any main.exe

    and how to take this message box to not appear in the MAIN?

  12. #12
    nullptr -=DarkSim=- is offline
    True MemberRank
    Oct 2008 Join Date
    Lost continentLocation
    241Posts

    Re: Auto-search offsets for any main.exe

    UP:
    - Added offset write to file (.\\MU.txt)

    - Added version & serial search (need test-test-test, bcz i test it only on mains from list)

    --

    powerranger
    - U can send point add packet from fruits =/
    Last edited by -=DarkSim=-; 02-05-13 at 09:42 PM.

  13. #13
    Live your Life Stifi is offline
    True MemberRank
    Nov 2007 Join Date
    BulgariaLocation
    452Posts

    Re: Auto-search offsets for any main.exe

    Darksim, can u add to search for 3D camera and MuError.log crypt offsets ? would be verry nice if that have it :)

  14. #14
    nullptr -=DarkSim=- is offline
    True MemberRank
    Oct 2008 Join Date
    Lost continentLocation
    241Posts

    Re: Auto-search offsets for any main.exe

    Stifi
    - I add 3D Cam after weekend maybe, if u have offset for MuError enc - post main and offset)

  15. #15
    Ultimate Member 007jodex is offline
    MemberRank
    Sep 2008 Join Date
    151Posts

    Re: Auto-search offsets for any main.exe

    Quote Originally Posted by -=DarkSim=- View Post
    Hello all, today i'm start little project - auto offset researcher (yes mauro, u can go out ).
    OMG! Epic! OMG! Thats really rocks! LOL

    Good Luck ;)



Page 1 of 5 12345 LastLast

Advertisement