Bypass age images from main

[[RCZ]ShadowKing]

First of all here are 2 SS:

Before



After



How i do this?
Follow my guide and you will learn how to do this in any main you need!

1.You need to find where these images are loaded and bypass the function...
->Right click -> Search For -> All referenced text strings and search for "Interface\gamecensorship_12.tga".Once you found it double click on its line and you will get a screen like this

Now double click on selected line and write "RETN"!!

Now the loadimage function was bypassed and we need now to bypass printimage function too else main will crash at start!

2.We need to find printimage function and bypass it...

Ok,the printimage function offset in my main is 0x0049B9B6 as you can see in image...
Now press CTRL+G and enter the offset like this 0049B9B6 and press ok.
Now if i`ll continue to make SS this thread will be huge so i hope you will can understand by other method

We got to this code after we go to printimage offset:

Code:

0049B9B6      E8 A3010000   call    0049BB5E
0049B9BB  |.  A1 10468400   mov     eax, dword ptr [844610]
0049B9C0  |.  8945 F0       mov     dword ptr [ebp-10], eax
0049B9C3  |.  C745 F4 00000>mov     dword ptr [ebp-C], 0
0049B9CA  |.  DF6D F0       fild    qword ptr [ebp-10]
0049B9CD  |.  D835 6C678000 fdiv    dword ptr [80676C]
0049B9D3  |.  8B4D F8       mov     ecx, dword ptr [ebp-8]
0049B9D6  |.  D999 90030000 fstp    dword ptr [ecx+390]
0049B9DC  |.  8B15 14468400 mov     edx, dword ptr [844614]
0049B9E2  |.  8955 E8       mov     dword ptr [ebp-18], edx
0049B9E5  |.  C745 EC 00000>mov     dword ptr [ebp-14], 0
0049B9EC  |.  DF6D E8       fild    qword ptr [ebp-18]
0049B9EF  |.  D835 68678000 fdiv    dword ptr [806768]
0049B9F5  |.  8B45 F8       mov     eax, dword ptr [ebp-8]
0049B9F8  |.  D998 94030000 fstp    dword ptr [eax+394]
0049B9FE  |.  8B4D F8       mov     ecx, dword ptr [ebp-8]
0049BA01  |.  8B91 94030000 mov     edx, dword ptr [ecx+394]
0049BA07      52            push    edx
0049BA08      8B45 F8       mov     eax, dword ptr [ebp-8]
0049BA0B      8B88 90030000 mov     ecx, dword ptr [eax+390]
0049BA11  |.  51            push    ecx                              ; |Arg10
0049BA12  |.  6A 00         push    0                                ; |Arg9 = 00000000
0049BA14  |.  6A 00         push    0                                ; |Arg8 = 00000000
0049BA16  |.  6A 00         push    0                                ; |Arg7 = 00000000
0049BA18  |.  6A 00         push    0                                ; |Arg6 = 00000000
0049BA1A  |.  6A 00         push    0                                ; |Arg5 = 00000000
0049BA1C  |.  6A 00         push    0                                ; |Arg4 = 00000000
0049BA1E  |.  68 34750000   push    7534                             ; |Arg3 = 00007534
0049BA23  |.  6A 74         push    74                               ; |Arg2 = 00000074
0049BA25  |.  6A 63         push    63                               ; |Arg1 = 00000063
0049BA27  |.  8B4D F8       mov     ecx, dword ptr [ebp-8]           ; |
0049BA2A  |.  83C1 48       add     ecx, 48                          ; |
0049BA2D  |.  E8 C493F7FF   call    00414DF6                         ; \weapondi.00414DF6
0049BA32  |.  8B55 F8       mov     edx, dword ptr [ebp-8]
0049BA35  |.  8B82 94030000 mov     eax, dword ptr [edx+394]
0049BA3B  |.  50            push    eax                              ; /Arg11
0049BA3C  |.  8B4D F8       mov     ecx, dword ptr [ebp-8]           ; |
0049BA3F  |.  8B91 90030000 mov     edx, dword ptr [ecx+390]         ; |
0049BA45  |.  52            push    edx                              ; |Arg10
0049BA46  |.  6A 00         push    0                                ; |Arg9 = 00000000
0049BA48  |.  6A 00         push    0                                ; |Arg8 = 00000000
0049BA4A  |.  6A 00         push    0                                ; |Arg7 = 00000000
0049BA4C  |.  6A 00         push    0                                ; |Arg6 = 00000000
0049BA4E  |.  6A 00         push    0                                ; |Arg5 = 00000000
0049BA50  |.  6A 00         push    0                                ; |Arg4 = 00000000
0049BA52  |.  68 35750000   push    7535                             ; |Arg3 = 00007535
0049BA57  |.  6A 74         push    74                               ; |Arg2 = 00000074
0049BA59  |.  6A 63         push    63                               ; |Arg1 = 00000063
0049BA5B  |.  8B4D F8       mov     ecx, dword ptr [ebp-8]           ; |
0049BA5E  |.  81C1 F0000000 add     ecx, 0F0                         ; |
0049BA64  |.  E8 8D93F7FF   call    00414DF6                         ; \weapondi.00414DF6
0049BA69  |.  8B45 F8       mov     eax, dword ptr [ebp-8]
0049BA6C  |.  8B88 94030000 mov     ecx, dword ptr [eax+394]
0049BA72  |.  51            push    ecx                              ; /Arg11
0049BA73  |.  8B55 F8       mov     edx, dword ptr [ebp-8]           ; |
0049BA76  |.  8B82 90030000 mov     eax, dword ptr [edx+390]         ; |
0049BA7C  |.  50            push    eax                              ; |Arg10
0049BA7D  |.  6A 00         push    0                                ; |Arg9 = 00000000
0049BA7F  |.  6A 00         push    0                                ; |Arg8 = 00000000
0049BA81  |.  6A 00         push    0                                ; |Arg7 = 00000000
0049BA83  |.  6A 00         push    0                                ; |Arg6 = 00000000
0049BA85  |.  6A 00         push    0                                ; |Arg5 = 00000000
0049BA87  |.  6A 00         push    0                                ; |Arg4 = 00000000
0049BA89  |.  68 36750000   push    7536                             ; |Arg3 = 00007536
0049BA8E  |.  6A 74         push    74                               ; |Arg2 = 00000074
0049BA90  |.  6A 63         push    63                               ; |Arg1 = 00000063
0049BA92  |.  8B4D F8       mov     ecx, dword ptr [ebp-8]           ; |
0049BA95  |.  81C1 98010000 add     ecx, 198                         ; |
0049BA9B  |.  E8 5693F7FF   call    00414DF6                         ; \weapondi.00414DF6
0049BAA0  |.  8B4D F8       mov     ecx, dword ptr [ebp-8]
0049BAA3  |.  8B91 94030000 mov     edx, dword ptr [ecx+394]
0049BAA9  |.  52            push    edx                              ; /Arg11
0049BAAA  |.  8B45 F8       mov     eax, dword ptr [ebp-8]           ; |
0049BAAD  |.  8B88 90030000 mov     ecx, dword ptr [eax+390]         ; |
0049BAB3  |.  51            push    ecx                              ; |Arg10
0049BAB4  |.  6A 00         push    0                                ; |Arg9 = 00000000
0049BAB6  |.  6A 00         push    0                                ; |Arg8 = 00000000
0049BAB8  |.  6A 00         push    0                                ; |Arg7 = 00000000
0049BABA  |.  6A 00         push    0                                ; |Arg6 = 00000000
0049BABC  |.  6A 00         push    0                                ; |Arg5 = 00000000
0049BABE  |.  6A 00         push    0                                ; |Arg4 = 00000000
0049BAC0  |.  68 37750000   push    7537                             ; |Arg3 = 00007537
0049BAC5  |.  6A 74         push    74                               ; |Arg2 = 00000074
0049BAC7  |.  6A 63         push    63                               ; |Arg1 = 00000063
0049BAC9  |.  8B4D F8       mov     ecx, dword ptr [ebp-8]           ; |
0049BACC  |.  81C1 40020000 add     ecx, 240                         ; |
0049BAD2  |.  E8 1F93F7FF   call    00414DF6                         ; \weapondi.00414DF6
0049BAD7  |.  8B55 F8       mov     edx, dword ptr [ebp-8]
0049BADA  |.  8B82 94030000 mov     eax, dword ptr [edx+394]
0049BAE0  |.  50            push    eax                              ; /Arg11
0049BAE1  |.  8B4D F8       mov     ecx, dword ptr [ebp-8]           ; |
0049BAE4  |.  8B91 90030000 mov     edx, dword ptr [ecx+390]         ; |
0049BAEA  |.  52            push    edx                              ; |Arg10
0049BAEB  |.  6A 00         push    0                                ; |Arg9 = 00000000
0049BAED  |.  6A 00         push    0                                ; |Arg8 = 00000000
0049BAEF  |.  6A 00         push    0                                ; |Arg7 = 00000000
0049BAF1  |.  6A 00         push    0                                ; |Arg6 = 00000000
0049BAF3  |.  6A 00         push    0                                ; |Arg5 = 00000000
0049BAF5  |.  6A 00         push    0                                ; |Arg4 = 00000000
0049BAF7  |.  68 38750000   push    7538                             ; |Arg3 = 00007538
0049BAFC  |.  6A 74         push    74                               ; |Arg2 = 00000074
0049BAFE  |.  6A 63         push    63                               ; |Arg1 = 00000063
0049BB00  |.  8B4D F8       mov     ecx, dword ptr [ebp-8]           ; |
0049BB03  |.  81C1 E8020000 add     ecx, 2E8                         ; |
0049BB09  |.  E8 E892F7FF   call    00414DF6                         ; \weapondi.00414DF6
0049BB0E  |.  C745 FC 00000>mov     dword ptr [ebp-4], 0
0049BB15  |.  EB 09         jmp     short 0049BB20

ok now doubleclick on pink line(in olly ofcourse) and write "JMP GREEN_OFFSET".In my main the jmp will look like "JMP 0049BB0E".

I hope you will learn something from this tutorial!

Have Fun and Enjoy!

[MentaL]

[gogisan]

Thank you, very usefull ;)

[dieweb]

When i write "JMP GREEN_OFFSET" (after double click on the pink lign) its doesnt work: i cant clik on ok: olly say: uknown identifier o_o

[dieweb]

Lol scry I have understood, sorry i am a noob with english langage ><, I go test ^^

[dieweb]

WORKS PERFECT good job !

[[RCZ]ShadowKing]

When i write "JMP GREEN_OFFSET" (after double click on the pink lign) its doesnt work: i cant clik on ok: olly say: uknown identifier o_o

replace "GREEN_OFFSET" with offset number with green color,read careful

[Gladiator*]

Thanks for a useful Guide.

Could you tell me how to convert a jpg image into a loading image for Mu Client?!

[[RCZ]ShadowKing]

use borteam tool from dev section

[Gladiator*]

I couldn't find it :/ Can you give me a link?!

[[RCZ]ShadowKing]

http://forum.ragezone.com/f508/dev-m...-tools-553168/

[Gladiator*]

Thanks for the link..I downloaded it but when I tried to run it, I got this Error.

[Gladiator*]

Thanks for the link..I downloaded it but when I tried to run it, I got this Error.

[[RCZ]ShadowKing]

post in dev thread is not my software so i cant give support for it..

[Nachtelf]

its WAY easier to just turn the tga's alpha chanels off.

(...or just to translate the images to have a original client)

iam more curious, if its possibil to load different images and change them with the old ones...to get better quality/resolution

[[RCZ]ShadowKing]

we can "exploit" existing functions in main to insert our own images at any quality/res

[Gladiator*]

I'm sorry I didn't understand what you'r talking about ^^
I just want an easy way to make my Image.jpg loading image for my mu client =]

[uL7ra]

Just what i needed... Thanks !! :)

[sonic_2]

offsets of main 1.05d ?? pls

[[RCZ]ShadowKing]

search it,this is the tutorial`s job,to teach you how to do it yourself in any version else i can do a simple tutorial how to change 2 hex codes and you will learn nothing

[sonic_2]

thanks, but I'm learning is a bit complicated. Thanks alike.

[trapizonga]

yeaaaaaaa.. nice man!! 10/10

[sonic_2]

I try but I can not do it, I need to remove them, I do not like. help me to remove that.

heres is my main.
http://rapidshare.com/files/252417570/main.rar

thanks.

[|ARIES|]

I try but I can not do it, I need to remove them, I do not like. help me to remove that.

heres is my main.
http://rapidshare.com/files/252417570/main.rar

thanks.

:S More easy is change the images, try using this (Replace in folder Data/Interface)are the images, but transparent...

GameCensorships.zip
Enjoy!

Sorry my bad english!

[sonic_2]

Thanks Men, You helpme ... Greetings

[★ ♥ Deiu]

but why nobody likes them?