Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

[v90] All "Client Hack" Addresses

Joined
Jan 18, 2010
Messages
3,109
Reaction score
1,139
I had posted some of my client edits on a help thread a while back, but since I've been asked about v90 addys still I'll just make a thread for all of my documented/noted edits.

These are all of the popularly used "client hacks"
Code:
// No Damage Cap
00C7D6C0 -> db 2147483647.00000

// Meso Drop Cap, ty justin
00917612 -> db 2000000000

// ADBoard Max Length (default max is db 40)
00A5CBCF -> 7F

// Repeating Chat Text Bypass (default condition is 0x74/JE)
004B2A70 -> JMP (db EB)

// 2s Chat Spam Delay Bypass (default condition is 0x73/JNB)
004B2ABA -> JMP (db EB)

// Infinite Chat Text (default max is db 46)
// -- This can be modified to reach up to 256 characters ;)
009E9385 -> db 127

// Swear Filter (default condition is 0x75/JNZ)
008702FA -> JE (db 74)

// Tubi + Super Tubi
004A76E5 -> NOP (db 90 90) ; !this->m_bExclRequestSent
004A7705 -> NOP (db 90 90) ; bIgnoreDeadState || this->m_pCharacterData.characterStat.nHP > 0
004A7716 -> NOP (db 90 90) ; get_update_time() - this->m_tExclRequestSent >= tTimeInterval

// Droppable NX
00531844 -> NOP (db 90 90 90 90 90 90)
00531856 -> NOP (db 90 90 90 90 90 90)

// SkillEffectChange Bypass
00B8234A -> JMP (db EB)

// AP Check Removal (nAP > 200, "Please use AP")
00B82429 -> JMP (db EB)

// Let GM/Admins Drop Items (default condition is 0x74/JE)
00531515 -> JMP (db EB)

// Let GM/Admins Drop Mesos (default condition is 0x74/JE)
00917505 -> JMP (db EB)

// Let GM/Admins Attack (default condition is 0x74/JE)
00A7B859 -> JMP (db EB)
00A838A8 -> JMP (db EB)
00A882E4 -> JMP (db EB)
00A95DA6 -> JMP (db EB)
00A8C554 -> JMP (db EB)

// Bound Jump Foothold Bypass (Floor Jump)
00AA89AF -> NOP (db 90 90 90 90 90 90)
00AA89BE -> NOP (db 90 90 90 90 90 90)
00AA89F1 -> NOP (db 90 90 90 90 90 90)
00AA8A00 -> NOP (db 90 90 90 90 90 90)
00AA8A22 -> NOP (db 90 90 90 90 90 90)
00AA8B17 -> NOP (db 90 90 90 90 90 90)

// Falldown Foothold Bypass (Infinite Flash Jumps)
00A7B4DB -> NOP (db 90 90)
00A7B4DD -> NOP (db 90 90 90 90 90 90)

// Delete Character No-PIC bypass (Fake PIC)
00675C15 -> JMP

These are my Gr2D hacks
Code:
// Pre-BB Gr2D DirectX Window Mode Client Startup
00B4F535 -> MOV DWORD PTR DS:[D8E7D0], 1
00B52A18 -> MOV EAX, 0

// Enable the graphics Gr2D FPS Toggle
00B52D2C -> NOP (db 90 90)
00B52D2E -> NOP (db 90 90 90 90)

These are my encryption/client changes
Code:
// Client Locale (GMS Locale is 08)
004BB5F1 -> 4F

// IGcipher Encryption Keys
// -- IGcipher::innoHash
00BB3B3E -> C65053F2
// -- IGcipher::innoDecrypt
00BB3C3B -> C65053F2
// -- IGcipher::innoEncrypt
00BB3BD3 -> C65053F2

// Rename ijl15.dll, ty justin
01160092 -> db 'ijl15.dll'

// CLogo client modifications.
006B23CA -> modify 514 to 0FF to remove the ability to skip CLogo.
006B2427 -> modify to millisecond time. ex 0x915E is a 37.2 second long intro.
006B24AE -> modify to 7F, though unncessary. length interval check for Wizet.

// Disable CLogo entirely.
-> NOP address 006B1F7D~006B1F90
006B1F7D      90                    NOP
006B1F7E      90                    NOP
006B1F7F      90                    NOP
006B1F80      90                    NOP
006B1F81      90                    NOP
006B1F82      90                    NOP
006B1F83      90                    NOP
006B1F84      90                    NOP
006B1F85      90                    NOP
006B1F86      90                    NOP
006B1F87      90                    NOP
006B1F88      90                    NOP
006B1F89      90                    NOP
006B1F8A      90                    NOP
006B1F8B      90                    NOP
006B1F8C      90                    NOP
006B1F8D      90                    NOP
006B1F8E      90                    NOP
006B1F8F      90                    NOP
006B1F90      90                    NOP
006B1F91      90                    NOP

These are my loginscreen layout addys
Code:
// Move the Login Screen Dialogue Box to coordinates
006A25B6 -> Change -0x2C to new Y-value
006A258B -> Change -0x60 to new X-value
-- For integer coordinates > 0x7F adjustment:
-- You must remove the last DWORD and move all remaining assignment up.
-- Then, push an integer rather than a single byte.
006A2570  |.  89BE 4C010000 MOV     DWORD PTR DS:[ESI+14C], EDI
006A2576  |.  8D8E 58010000 LEA     ECX, DWORD PTR DS:[ESI+158]
006A257C  |.  C645 FC 0B    MOV     BYTE PTR SS:[EBP-4], 0B
006A2580  |.  E8 E4923500   CALL    009FB869
006A2585      68 00010000   PUSH    100
006A258A  |.  90            NOP
006A258B  |.  90            NOP
006A258C  |.  90            NOP
006A258D  |.  5B            POP     EBX

// Change the font color of usernames/password on the Login Screen
006A2B47 -> Change 0xFF[5D3C1D] -> To your own Hex Color Code. [Ex: 0xFF000000 is Black]

// Move the Login button:
006A283F -> 0x4F
006A2841 -> 0x4C

// Move the Password Box
006A2C78 -> 0x29
006A2C7A -> 0x28

// Move the ID Box
006A2BDC -> 0xF
006A2BDE -> 0x28

// Move the Save Email button
006A28B9 -> 0x16
006A28BB -> 0x17

// Checkmark
006A2E8C -> 0x17
006A2E8F -> 0x16

// Disable the Website button
006A2A98 -> 0x58
006A2A9A -> -0x61 (Enable: 0x57)

// Disable the Join button
006A2A21 -> 0x44 (Enable: 0x58)
006A2A23 -> -0x55 (Enable: 0xF)

// Move the Forgot ID button
006A2930 -> 0x52
006A2932 -> 0xD

// Move the Forgot P/W button
006A29A7 -> 0x67
006A29A9 -> 0xD

// Move the Quit button
006A2B0F -> 0x52
006A2B11 -> 0xAE

This is the old Windows 8 code-cave fix
Code:
// Windows 8, 8.1, and 10 Support (Pre-BB)
// ** First Method - Performing a kernel32 2000ms sleep code-cave.
// AoB: 68 00 08 00 00 ?? FF 15 ?? ?? ??
// -> Address Call [006035E2]
006035E2  |.  E8 C9DC5D00   CALL    <JMP.&dinput8.DirectInput8Create>
// -> Address Call [006035ED]
006035ED  |.  E8 7A297900   CALL    00D95F6C
// -> Address Code Cave [00D95F6C]
00D95F6C   $  90            NOP
00D95F6D   .  90            NOP
00D95F6E   .  90            NOP
00D95F6F   .  90            NOP
00D95F70   .  68 00200000   PUSH    2000                             ; /Timeout = 8192. ms
00D95F75   .  FF15 E0D1C600 CALL    NEAR DWORD PTR DS:[<&kernel32.Sl>; \Sleep
00D95F7B   .^ E9 72D686FF   JMP     006035F2
00D95F80      90            NOP
00D95F81      90            NOP
00D95F82      90            NOP
00D95F83      90            NOP

These were random tests for customization
Code:
// Modify the background color of item description tooltips
// Hex value represents binary representation. Values are in ARGB format.
// Orion Colors: [Default=0x32630F3D] [Premium=0xA007070A]
00A0106C 0F8                 and     eax, 3FFFC0h -> 25 [C0 00 FF 3F]
00A01071 0F8                 add     eax, 0A0000040h -> 05 [40 00 00 A0]

// To allow unique TVmedia on MapleTV's (assign each media to NPC ID)
// we must modify the addresses below.
// the objective here is to nop the two pop ecx, nop the randomizer calls,
// and modify the mov edi, eax register to mov edi, [edx] for ptr [edx+0]->dwTemplateID
// *all below addresses are for v90.

00763247      56            PUSH    ESI
00763248      FFB0 40040000 PUSH    DWORD PTR DS:[EAX+440]
0076324E  |.  C745 FC 10000>MOV     [LOCAL.1], 10
-------------------------------------------------------------
00763255      90            NOP
00763256      90            NOP
00763257      90            NOP
00763258      90            NOP
00763259      90            NOP
0076325A      90            NOP
0076325B      90            NOP
0076325C      8B3A          MOV     EDI, DWORD PTR DS:[EDX]
-------------------------------------------------------------
0076325E      8D45 08       LEA     EAX, DWORD PTR SS:[EBP+8]

UPDATE: Here are my notes in regards to modifying the "WZ" extension to your own. This is just another random change I did on Orion which will work for any client version.
Code:
; Modifying the game client's ResMan "WZ" extension to our own.
; To easily find the extensions, use the AoB: 77 00 7A 00

; -------------------------
; PE Unicode String Dump:
; -------------------------
00B520FA   PUSH    00CC61A8                ; %s.wz
00B51D0D   PUSH    00CC6214                ; Base.wz

; ------------------
; Assembly Section:
; ------------------
00CC61A8                     unicode 0, <%s.wz>,0
00CC6214                     unicode 0, <Base.wz>,0

; Unicode stores characters as two bytes:
; [25 00] -> %
; [73 00] -> s

; [2E 00] -> .
; [77 00] -> w
; [7A 00] -> z

; We modify the unicode and change it to a <.or> extension with
; the following bytes:
; [6F 00] -> o
; [72 00] -> r

; Nexon iterates all files under %s.wz EXCEPT for Base, so we
; must change from the 'Base.wz' unicode to 'Base.or':
; [42 00] -> B
; [61 00] -> a
; [73 00] -> s
; [65 00] -> e

; [2E 00] -> .
; [77 00] -> w => [6F 00] -> o
; [7A 00] -> z => [72 00] -> r

; Nexon may check for Base.wz in the MapleStory module, but
; not 'List.wz' as that is in two different DLLs. In order
; to use 'List.or', two additional files must be updated.

; -> Canvas.DLL - Modify 'List<.wz>' to 'List<.or>'
; -> PCOM.dll   - Modify 'List<.wz>' to 'List<.or>'

; NOTE: It is infinitely easier to open up a Hex Editor like HxD,
; search for the AoB as hex bytes, and update the raw string there.
; No need to go through the trouble of messing with DB/DD values in olly.

Hope this helps!

- Eric
 
Last edited:
Experienced Elementalist
Joined
Apr 29, 2016
Messages
269
Reaction score
3
Hey Eric-- Have you ever found anything having to do with the game's default font choice? I'm trying to change it to a font that allows for Capital letter I and lowercase letter L to be visually different.
 
Joined
Jan 18, 2010
Messages
3,109
Reaction score
1,139
Hey Eric-- Have you ever found anything having to do with the game's default font choice? I'm trying to change it to a font that allows for Capital letter I and lowercase letter L to be visually different.

Of course! In fact, Orion had actually used a different font that we felt looked better ourselves. The font name is actually one of the StringPools, you can open up STREDIT to change it.
PHP:
pConfig->InsertStringPool("Arial", "Segoe UI");
pConfig->InsertStringPool("Arial Narrow", "Segoe UI");

Only thing to note is that it must be a valid windows font, and also note that it should support all operating systems (some newer fonts exist in win10 but not win7 for example).
 
Experienced Elementalist
Joined
Apr 29, 2016
Messages
269
Reaction score
3
Of course! In fact, Orion had actually used a different font that we felt looked better ourselves. The font name is actually one of the StringPools, you can open up STREDIT to change it.
PHP:
pConfig->InsertStringPool("Arial", "Segoe UI");
pConfig->InsertStringPool("Arial Narrow", "Segoe UI");

Only thing to note is that it must be a valid windows font, and also note that it should support all operating systems (some newer fonts exist in win10 but not win7 for example).
Great thanks for all of your efforts. Your guides are well written and easy to understand, even as someone with minimal programming knowledge.
 
Joined
Jan 19, 2014
Messages
39
Reaction score
2
Hey Eric, great release! Since you're familiar with v90 I thought maybe you could shed some light on something for me.
Every time I try to move in v90 I'm getting terrible lag spikes; watch how my game freezes every few steps ( ), in v62 I hardly spike, in v83 happens not so often and in v90 it is extremely bad, it happens every few seconds.
I tried moving on several v90 servers with different clients but the issue remains.
Any idea what I should look into?
 
Joined
Jan 18, 2010
Messages
3,109
Reaction score
1,139
Hey Eric, great release! Since you're familiar with v90 I thought maybe you could shed some light on something for me.
Every time I try to move in v90 I'm getting terrible lag spikes; watch how my game freezes every few steps ( ), in v62 I hardly spike, in v83 happens not so often and in v90 it is extremely bad, it happens every few seconds.
I tried moving on several v90 servers with different clients but the issue remains.
Any idea what I should look into?

I don't personally recall ever having this issue before, at least not on Orion. My first guess is that it might be something to do with your client's resolution, since it looks huge according to your video recording. However, if you've experienced the same problem on other public v90 servers with clean resolution, then it might be a source-related issue. One problem that was experienced more on higher versions was the movement lag in populated entity areas, like Henesys. This is because in areas like Henesys, the server is sending NPC control and NPC enter field packets for a ton of objects that are about to all spawn in on your screen. As a result, as soon as you walked into range you would have a slight movement lag. You could test this theory out on your own server by spawning into a map that spawns no NPC's (or mobs) and try walking. If it still continues to lagspike, then it could potentially be caused from MovePath (movement packets). Since MapleStory's movement handling is client-sided, you can go ahead and comment out where the server is sending the "movePlayer" packets and try walking to see if it triggers. Otherwise, if it isn't from your resolution, and it's not because of the field objects being packet spammed into range, and it's not even your movement packets, then I'm afraid I couldn't tell ya.

Also, if it were anything to do with client resolution or server-end packet handling, I would try testing it out on Croosade. If any v9x server has correctly updated resolution checks in the client and sends proper MovePath/NpcEnterField packets, it'll be them (no way they're doing it same as Odin like the other servers are). If it still occurs on their server, then I'm all out of ideas -- maybe it's your computer's cpu spiking or something? dunno
 
Initiate Mage
Joined
Mar 8, 2020
Messages
9
Reaction score
0
I had posted some of my client edits on a help thread a while back, but since I've been asked about v90 addys still I'll just make a thread for all of my documented/noted edits.

These are all of the popularly used "client hacks"
Code:
// No Damage Cap
00C7D6C0 -> db 2147483647.00000

// Meso Drop Cap, ty justin
00917612 -> db 2000000000

// ADBoard Max Length (default max is db 40)
00A5CBCF -> 7F

// Repeating Chat Text Bypass (default condition is 0x74/JE)
004B2A70 -> JMP (db EB)

// 2s Chat Spam Delay Bypass (default condition is 0x73/JNB)
004B2ABA -> JMP (db EB)

// Infinite Chat Text (default max is db 46)
// -- This can be modified to reach up to 256 characters ;)
009E9385 -> db 127

// Swear Filter (default condition is 0x75/JNZ)
008702FA -> JE (db 74)

// Tubi + Super Tubi
004A76E5 -> NOP (db 90 90) ; !this->m_bExclRequestSent
004A7705 -> NOP (db 90 90) ; bIgnoreDeadState || this->m_pCharacterData.characterStat.nHP > 0
004A7716 -> NOP (db 90 90) ; get_update_time() - this->m_tExclRequestSent >= tTimeInterval

// Droppable NX
00531844 -> NOP (db 90 90 90 90 90 90)
00531856 -> NOP (db 90 90 90 90 90 90)

// SkillEffectChange Bypass
00B8234A -> JMP (db EB)

// AP Check Removal (nAP > 200, "Please use AP")
00B82429 -> JMP (db EB)

// Let GM/Admins Drop Items (default condition is 0x74/JE)
00531515 -> JMP (db EB)

// Let GM/Admins Drop Mesos (default condition is 0x74/JE)
00917505 -> JMP (db EB)

// Let GM/Admins Attack (default condition is 0x74/JE)
00A7B859 -> JMP (db EB)
00A838A8 -> JMP (db EB)
00A882E4 -> JMP (db EB)
00A95DA6 -> JMP (db EB)
00A8C554 -> JMP (db EB)

// Bound Jump Foothold Bypass (Floor Jump)
00AA89AF -> NOP (db 90 90 90 90 90 90)
00AA89BE -> NOP (db 90 90 90 90 90 90)
00AA89F1 -> NOP (db 90 90 90 90 90 90)
00AA8A00 -> NOP (db 90 90 90 90 90 90)
00AA8A22 -> NOP (db 90 90 90 90 90 90)
00AA8B17 -> NOP (db 90 90 90 90 90 90)

// Falldown Foothold Bypass (Infinite Flash Jumps)
00A7B4DB -> NOP (db 90 90)
00A7B4DD -> NOP (db 90 90 90 90 90 90)

// Delete Character No-PIC bypass (Fake PIC)
00675C15 -> JMP

These are my Gr2D hacks
Code:
// Pre-BB Gr2D DirectX Window Mode Client Startup
00B4F535 -> MOV DWORD PTR DS:[D8E7D0], 1
00B52A18 -> MOV EAX, 0

// Enable the graphics Gr2D FPS Toggle
00B52D2C -> NOP (db 90 90)
00B52D2E -> NOP (db 90 90 90 90)

These are my encryption/client changes
Code:
// Client Locale (GMS Locale is 08)
004BB5F1 -> 4F

// IGcipher Encryption Keys
// -- IGcipher::innoHash
00BB3B3E -> C65053F2
// -- IGcipher::innoDecrypt
00BB3C3B -> C65053F2
// -- IGcipher::innoEncrypt
00BB3BD3 -> C65053F2

// Rename ijl15.dll, ty justin
01160092 -> db 'ijl15.dll'

// CLogo client modifications.
006B23CA -> modify 514 to 0FF to remove the ability to skip CLogo.
006B2427 -> modify to millisecond time. ex 0x915E is a 37.2 second long intro.
006B24AE -> modify to 7F, though unncessary. length interval check for Wizet.

// Disable CLogo entirely.
-> NOP address 006B1F7D~006B1F90
006B1F7D      90                    NOP
006B1F7E      90                    NOP
006B1F7F      90                    NOP
006B1F80      90                    NOP
006B1F81      90                    NOP
006B1F82      90                    NOP
006B1F83      90                    NOP
006B1F84      90                    NOP
006B1F85      90                    NOP
006B1F86      90                    NOP
006B1F87      90                    NOP
006B1F88      90                    NOP
006B1F89      90                    NOP
006B1F8A      90                    NOP
006B1F8B      90                    NOP
006B1F8C      90                    NOP
006B1F8D      90                    NOP
006B1F8E      90                    NOP
006B1F8F      90                    NOP
006B1F90      90                    NOP
006B1F91      90                    NOP

These are my loginscreen layout addys
Code:
// Move the Login Screen Dialogue Box to coordinates
006A25B6 -> Change -0x2C to new Y-value
006A258B -> Change -0x60 to new X-value
-- For integer coordinates > 0x7F adjustment:
-- You must remove the last DWORD and move all remaining assignment up.
-- Then, push an integer rather than a single byte.
006A2570  |.  89BE 4C010000 MOV     DWORD PTR DS:[ESI+14C], EDI
006A2576  |.  8D8E 58010000 LEA     ECX, DWORD PTR DS:[ESI+158]
006A257C  |.  C645 FC 0B    MOV     BYTE PTR SS:[EBP-4], 0B
006A2580  |.  E8 E4923500   CALL    009FB869
006A2585      68 00010000   PUSH    100
006A258A  |.  90            NOP
006A258B  |.  90            NOP
006A258C  |.  90            NOP
006A258D  |.  5B            POP     EBX

// Change the font color of usernames/password on the Login Screen
006A2B47 -> Change 0xFF[5D3C1D] -> To your own Hex Color Code. [Ex: 0xFF000000 is Black]

// Move the Login button:
006A283F -> 0x4F
006A2841 -> 0x4C

// Move the Password Box
006A2C78 -> 0x29
006A2C7A -> 0x28

// Move the ID Box
006A2BDC -> 0xF
006A2BDE -> 0x28

// Move the Save Email button
006A28B9 -> 0x16
006A28BB -> 0x17

// Checkmark
006A2E8C -> 0x17
006A2E8F -> 0x16

// Disable the Website button
006A2A98 -> 0x58
006A2A9A -> -0x61 (Enable: 0x57)

// Disable the Join button
006A2A21 -> 0x44 (Enable: 0x58)
006A2A23 -> -0x55 (Enable: 0xF)

// Move the Forgot ID button
006A2930 -> 0x52
006A2932 -> 0xD

// Move the Forgot P/W button
006A29A7 -> 0x67
006A29A9 -> 0xD

// Move the Quit button
006A2B0F -> 0x52
006A2B11 -> 0xAE

This is the old Windows 8 code-cave fix
Code:
// Windows 8, 8.1, and 10 Support (Pre-BB)
// ** First Method - Performing a kernel32 2000ms sleep code-cave.
// AoB: 68 00 08 00 00 ?? FF 15 ?? ?? ??
// -> Address Call [006035E2]
006035E2  |.  E8 C9DC5D00   CALL    <JMP.&dinput8.DirectInput8Create>
// -> Address Call [006035ED]
006035ED  |.  E8 7A297900   CALL    00D95F6C
// -> Address Code Cave [00D95F6C]
00D95F6C   $  90            NOP
00D95F6D   .  90            NOP
00D95F6E   .  90            NOP
00D95F6F   .  90            NOP
00D95F70   .  68 00200000   PUSH    2000                             ; /Timeout = 8192. ms
00D95F75   .  FF15 E0D1C600 CALL    NEAR DWORD PTR DS:[<&kernel32.Sl>; \Sleep
00D95F7B   .^ E9 72D686FF   JMP     006035F2
00D95F80      90            NOP
00D95F81      90            NOP
00D95F82      90            NOP
00D95F83      90            NOP

These were random tests for customization
Code:
// Modify the background color of item description tooltips
// Hex value represents binary representation. Values are in ARGB format.
// Orion Colors: [Default=0x32630F3D] [Premium=0xA007070A]
00A0106C 0F8                 and     eax, 3FFFC0h -> 25 [C0 00 FF 3F]
00A01071 0F8                 add     eax, 0A0000040h -> 05 [40 00 00 A0]

// To allow unique TVmedia on MapleTV's (assign each media to NPC ID)
// we must modify the addresses below.
// the objective here is to nop the two pop ecx, nop the randomizer calls,
// and modify the mov edi, eax register to mov edi, [edx] for ptr [edx+0]->dwTemplateID
// *all below addresses are for v90.

00763247      56            PUSH    ESI
00763248      FFB0 40040000 PUSH    DWORD PTR DS:[EAX+440]
0076324E  |.  C745 FC 10000>MOV     [LOCAL.1], 10
-------------------------------------------------------------
00763255      90            NOP
00763256      90            NOP
00763257      90            NOP
00763258      90            NOP
00763259      90            NOP
0076325A      90            NOP
0076325B      90            NOP
0076325C      8B3A          MOV     EDI, DWORD PTR DS:[EDX]
-------------------------------------------------------------
0076325E      8D45 08       LEA     EAX, DWORD PTR SS:[EBP+8]

UPDATE: Here are my notes in regards to modifying the "WZ" extension to your own. This is just another random change I did on Orion which will work for any client version.
Code:
; Modifying the game client's ResMan "WZ" extension to our own.
; To easily find the extensions, use the AoB: 77 00 7A 00

; -------------------------
; PE Unicode String Dump:
; -------------------------
00B520FA   PUSH    00CC61A8                ; %s.wz
00B51D0D   PUSH    00CC6214                ; Base.wz

; ------------------
; Assembly Section:
; ------------------
00CC61A8                     unicode 0, <%s.wz>,0
00CC6214                     unicode 0, <Base.wz>,0

; Unicode stores characters as two bytes:
; [25 00] -> %
; [73 00] -> s

; [2E 00] -> .
; [77 00] -> w
; [7A 00] -> z

; We modify the unicode and change it to a <.or> extension with
; the following bytes:
; [6F 00] -> o
; [72 00] -> r

; Nexon iterates all files under %s.wz EXCEPT for Base, so we
; must change from the 'Base.wz' unicode to 'Base.or':
; [42 00] -> B
; [61 00] -> a
; [73 00] -> s
; [65 00] -> e

; [2E 00] -> .
; [77 00] -> w => [6F 00] -> o
; [7A 00] -> z => [72 00] -> r

; Nexon may check for Base.wz in the MapleStory module, but
; not 'List.wz' as that is in two different DLLs. In order
; to use 'List.or', two additional files must be updated.

; -> Canvas.DLL - Modify 'List<.wz>' to 'List<.or>'
; -> PCOM.dll   - Modify 'List<.wz>' to 'List<.or>'

; NOTE: It is infinitely easier to open up a Hex Editor like HxD,
; search for the AoB as hex bytes, and update the raw string there.
; No need to go through the trouble of messing with DB/DD values in olly.

Hope this helps!

- Eric

I can't find IME.
Where should I search for my address?
 
Initiate Mage
Joined
Jul 20, 2020
Messages
1
Reaction score
0
Hey Eric, Is there anyway for me to get in contact with you mayb in disscord. Thanks !
 
Initiate Mage
Joined
Mar 14, 2024
Messages
6
Reaction score
0
this is awesome! May I ask,How to find those address? I wanna study, begging teach me. And God Eirc Have Other version’s address Like CMS79 or TWMS113?
 
Back
Top