Most visitors online was 8830 , on 6 Feb 2024
Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!
Join Today!How about removing game guard / Hashshield?1.find oep
2.fix iat
3.fix oep
finally just dump it
Unpacking the client is not anything new here. Now unvirtualizing the IP checks, bypassing themida CRC and HS modules, etc.. that's where everyone gets stuck. This is nice for IDA purposes I guess, but we already had a v117 unpacked for IDB's previously.
yeah you are right , I will try it@br1337 @Chriss If it were that easy, then we'd have fully functional localhosts for versions other than v62~v90.
Before you're able to easily bypass CRC and HS, you'll need to un-vm the functions in the client that uses them. You can lookup the Deathway plugin for Olly which is an Oreans Unvirtualizer. Once you've un-vmed the client properly, you'll be able to NOP out all of the checks involved and modify other misc instructions. There's some tutorials out there for bypassing the debug register checks and stuff, and you can also look into the public CRC bypasses for more information and/or AoBs that can help you find it. Do note that the themida CRC checks are everywhere, there's tons of them, so you're going to need a valid AoB so that you can strip it from every function. Then, you have HackShield/GameGuard dependent on the version you're reversing that you'll need to bypass. In CWvsApp::SetUp, you'll have to NOP out the CSecurityClient::StartModule so that it doesn't start the AhnHS Service (probably more but I haven't researched it). We can't forget the IP checks either! Just changing the IP won't make the client fully run, it'll crash from IP checks throughout the client. You'll need to remove these checks and then you should have yourself a localhost.
One thing to note: While I prefer a real localhost game client (as do most), the easier way to tackle this would be to make a DLL instead. Using a DLL, you can use AoBs to parse in the client once it's active in memory, and skip all of the checks involved. This would mean you wouldn't need to take the time un-vming functions throughout the client or anything because you can automate the process and overwrite everything active in memory. Since newer Themida is used on higher game clients, it's extremely difficult to reverse it, and this is why you see things like LEN and other DLL's in place. Another thing that's useful about using a DLL over an actual client is that you can VMProtect a DLL better than you can your MapleStory client, making it impossible for people to see the code you're executing to bypass the client checks (which is probably done both for public LEN's and what Extalia did).
Question: The CRC checks are executed in the client main thread?
Eric : have you ever try to create your own DLL and hook it to client? if yes, can you share your experience :the easier way to tackle this would be to make a DLL instead. Using a DLL, you can use AoBs to parse in the client once it's active in memory, and skip all of the checks involved. This would mean you wouldn't need to take the time un-vming functions throughout the client or anything because you can automate the process and overwrite everything active in memory.