Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!
Sure, that is why im posted all this here, so you're welcome : )
I saw you code and i think i know what you want to try, but i need more information about your Problem.
Did you tried with Clean Repack? How do you load your DLL? Did you tried only printing "Hello World", and did this work? Can you attach Olly maybe to see what happens exactly?
You can also pm me and we can talk a bit about Coding via ICQ/MSN/Skype.
Sure, that is why im posted all this here, so you're welcome : )
I saw you code and i think i know what you want to try, but i need more information about your Problem.
Did you tried with Clean Repack? How do you load your DLL? Did you tried only printing "Hello World", and did this work? Can you attach Olly maybe to see what happens exactly?
You can also pm me and we can talk a bit about Coding via ICQ/MSN/Skype.
can anyone give an example of how to create new skill any of them. I am begginier in *.dll making and want to learn how to create new skills. Only DMG with action to new engine.
And can you tell me when I try this tutorial my server crashes?. Another source realased here with window at start works well.
Basicly you don't have to do anything clientside...Just serverside. First, test skills simply by allowing the server to display it to the client. For this, you have to create a virtual array(or whatever..) where the new skills from the db get saved.Therefore, the server will display errors while loading unknown skills. there you have to hook and get the skills, disable the error message and there you go. Learn skill, skill up is the next step. Now you can skill up, learn skills and display them in the client. First step done. Next step PreSkill and Execute skill needs to be hooked. There you can add your cd protection aswell... Pre skill is mostly unimportant, only for Ice Arrow it's important and the CD protection...what's important is the execute skill function...there you check everything, add damage to target and send the execution packet. Skills done.
void __fastcall Hooked_ExcuteSkill(void* thispointer, void *_edx, signed int nSkillID, int a3, int a4)
{
void* Pointer = (void*)*(DWORD*)(int)thispointer;
int Class = *(DWORD*)((int)Pointer + 460);
const int nPlayerID = *(int*)(unsigned(thispointer)+0x1c);
I noticed that some people started with coding or are interested in Kal coding. Here is another little post from me about Kal Coding, maybe there's some interesting for you in it : )
Lets Begin with Intercept : )
The Intercept
The Intercept code can be found here: http://forum.ragezone.com/f389/source-code-collection-917296/
Some people know that Kealy wrote a little Memory Class, where Intercept is included as Memory Hook.
So whats the difference between: Intercept / Memory->Hook and DetourAttach / Memory->HookAPI? API Hook (DetourAttach) means that we dont need to grab a caller, all function calls that leads to the orgianal function, will be redirected to our hooked function. I think this is easy to understand and this is how the tutorial Code made the hook.
Intercepting means, that you put in the Caller Adress, instead of the Functions adress.
An Example:
Memory->Hook(0x0044D538,OurHookedFunction); // This would be an Intercept
With this we are able to jump directly into functions and modify single calls, its also usefull if you have a very very lage Method and dont want to rewrite the whole function, then you can modify it only on some little places.
Protect yourself
All people knows that Clean, KOSP/R11, KoemV1 and KoemV2 are "hacked". The questions is why? And the answer is:
Code:
__declspec (naked) int __cdecl KoemSend(BYTE type , char* format, ...)
{
__asm push ebp
__asm mov ebp,esp
__asm mov ebp,esp
__asm push eax
__asm mov eax,4
__asm redo:
__asm add esp, -4092
__asm push eax
__asm dec eax
__asm jnz redo
__asm mov eax, dword ptr ss:[ebp-4]
__asm add esp, -44
__asm xor eax, eax
__asm mov dword ptr ss:[ebp-8], eax
//you can also sniff send here
//fake the caller (will be append to the packet and checked @ serverside)
__asm mov eax, 0x004921f9
__asm sub eax,5
__asm mov dword ptr ss:[ebp-4], eax
__asm jmp sendadr
}
__declspec (naked) int __cdecl KocpSend(BYTE type , char* format, ...)
{
__asm push ebp
__asm mov ebp, esp
__asm sub esp, 0x14
//skip the caller check
//you can also sniff send here
__asm jmp sendadr
}
__declspec (naked) int __cdecl KoemV2Send(BYTE type , char* format, ...)
{
//no caller check, jump directly to the function header
__asm jmp sendadr
}
//get the send adr
DWORD adr = ((*(DWORD*)(0x004921F4+1))+(0x004921F4+1)+4);
//get the handle of the adr
HMODULE* hModule = new HMODULE;
GetModuleHandleExA(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS,(char*)adr, hModule);
//determinate to which module it belongs
char* ModuleName = new char[MAX_PATH];
GetModuleBaseNameA(GetCurrentProcess(), *hModule, ModuleName, MAX_PATH);
//depeding on the result do your poop
//if ModuleName == Extended.dll - koem - use KoemSend
sendadr = adr+55;
//if ModuleName == ProtectC.dll - kocp - use KocpSend
sendadr = adr+35;
//if ModuleName == engine.exe - clean - use KocpSend(normal)
sendadr = adr;
//if ModuleName == Protect.cpln - koem2 - use KoemV2Send
sendadr = adr;
//or if you want to sniff hook it
...
delete hModule;
delete [] ModuleName;
All these Send Methods are known, so we are able to send our own Packets (Crash Packets, Hack Packets) to the Server, for R11 it would be as example:
KocpSend(0x02,"ss","LoginName","Password"); // When i send this would me Login if this Login would exist
And with the same way you can send crash or hack packets to all these kown Sends.
What you can do against this?
-> Write your own Send Method like i did, my Send Method is called
MadSend (at the moment it is Online at Xiukal, so you could test to hack there and you will see all exisiting Hacks (public or nonpublic) wich are based on packet hacks, will not work there anymore).
Look into Kealys Source Code, how he made his own Send and try to adapt it and make it save with your own Send Method, then these Packet Hacks (crashes etc) are fixed.
The Memory God
All what we do in Kal coding is based on Memoryedits, i want you to show some equivalent ways of editing.
We take as Example the ThreadCount Value wich is at 0x004E1190. We want to modify it and write the Value 5 into it:
Dereferencing:
*(int *)0x004E1190 = 5;
Set
memory->Fill(0x004E1190,0x05,1);
or Fill
memory->Set(0x004E1190,"\x05",1);
Olly:
It depends on what you want or what your prefered coding style is, choose a method that fits to your needs : )
Master the Stack
C++ is a nice to programm things for Kal, but sometimes you may need to go a little bit deeper into the Mainserver ^^
Then youre welcome to inline assembly
I found a little explaination from BakaBug about the Calling Convetions: http://forum.ragezone.com/f554/tutorial-c-dll-injection-main-375634/index4.html#post3257022
So we have __fastcall, __thiscall, __stdcall and __cdecl. Sometimes you need to put all params onto the stack, via __asm push param and somtimes you need to move it into the ecx register, for example for an __thiscall __asm mov ecx, thispointer.
If you are not sure about what todo, take a look at the IDA ASM view.
Example:
.text:00434B21 push offset aStackDumpCompl ; "Stack dump completed"
.text:00434B26 call Console__Write__Blue ; Call Procedure
.text:00434B2B add esp, 4
Console__Write__Blue is a __cdecl, so we need to clear the stack via __asm add esp, 4
If you have more Params, then you need to clear more (__asm add esp, 8,12,...).
Another Example for __thiscall
.text:00453136 mov ecx, [ebp+playerpointer]
.text:0045313C call CPlayer__CanMove ; Call Procedure
.text:00453141 test eax, eax
Here we only move the Playerpointer into the ecx Register and call CPlayer__CanMove. After a Call of an Function, that have an Return Value, the return Value is always stored in the Register eax, thats the Reason why i am allowed to write:
You may think where is the return Statement, this can compile, but eax is the "AutoReturn" Register and you will have no Compiler error, also the [ecx] is a litte Trick, because the only Attribut of my Class is void* thispointer;, wich is exactly [ecx] in this case : )
1. Hook at 0x0047FBB0
2. Look at lafreak's code: http://forum.ragezone.com/f315/skill-sources-917291/ (Check skill id and class)
3. Write own skillzz.
4. As lafreak said his AOE method is old and crappy, check splashy ice code to use native method.
"Rome was not built in a day."
If you can't do that just start with smaller things like hooking small functions and printing some values etc.
If you don't know even how to start (despite of all that tutorials) you should start learn basics of C++ :>
void __fastcall Hooked_ExcuteSkill(void* thispointer, void *_edx, signed int nSkillID, int a3, int a4)
{
void* Pointer = (void*)*(DWORD*)(int)thispointer;
int Class = *(DWORD*)((int)Pointer + 460);
const int nPlayerID = *(int*)(unsigned(thispointer)+0x1c);
if(Class == 0)// class of kn
{
if(nSkillID == 43)//skill ID
{
YourSkill((int*)Class,Pointer,(char*)a3,(char*)a4);
}
}