Good job @heterojeneo
Do you have tutorial sir how to increase the Limit ID in HTLauncher ? video Tutorial ?
That takes time The offset to extend the limits is not free.
@ Panyawan: follow this and you will not have to pay anyone for getting the offsets:
This is for finding the offsets where the code use the values:
What I do on the video is using OllyDbg to save the HTLauncher module to a txt file, that way i dont need to run Olly any time I need to find some. Once you have the HTLauncher module in the txt file you use that file any time you need to find some. Of course the search can be done inside Olly too w/o making the txt file.
as you may see on the video there are 5 places on the HTLauncher that compare a register (eax,edi etc) with the values you are searching for :
2001 in Hex = 7D1
2999 in Hex = 0BB7
3501 in Hex = DAD
3999 in Hex = 0F9F
for example:
1002C664 |> 81FF D1070000 CMP EDI,7D1
1002C66A |. 72 08 JB SHORT HTLaunch.1002C674
1002C66C |. 81FF B70B0000 CMP EDI,0BB7
1002C672 |. 76 18 JBE SHORT HTLaunch.1002C68C
1002C674 |> 81FF AD0D0000 CMP EDI,0DAD
1002C67A |. 0F82 D2000000 JB HTLaunch.1002C752
1002C680 |. 81FF 9F0F0000 CMP EDI,0F9F
the most left number is the offset + header on olly, on hex editors the header is not added so in a hex editor, the offset will be the same minus the header, for example 1002c664 will be 0002c664.
There are values that are not stored on the code, they are stored as a resource on the data segment of the .exe file, so you wont be able to find them in the code as I did with the 0F9F, for those, you can use a hex editor like you did to find the "jo" or use the resource mem search on Olly. Usually you will recognize them on the dump because they are reference by its mem address (offset=mem addressing) instead of its value. so for example if a value is declare as a constant in the c++ header file like this:
const int MAX_PARTY=7;
the rest of the code will reference it as MAX_PARTY which is a mem address that stores the value of 7, the code on the dump can be similar to this:
MOV EAX,DWORD PTR DS:[101CB280] instead of MOV EAX,7
BTW my offset could not be the same for you, offsets changes from client versions, so if you want to find yours better if you search for ,0F9F