[Release] Main GMO 104D cracked

[aecrimch]

chris05,
I saw in your pictures that you have implemented in your client Gembrid ChatWnd... can you please share your offsets?

Here is mine, but i think something is wrong...

//ChatWnd offsets for 1.04D by aecrimch
const int GetDisplayMsgType = 0x78A4A0; //0x6F7FE0;
const int SetDisplayMsgType = 0x78A510; //0x6F7F95;
const int ShowChatMsgs = 0x788930; //0x6F5584;
const int ShowChatMsgsCall_Hook = 0x78AF6C; //0x6F7927;
const int NewCall = 0x9CFF45; //0x8510BA;
const int FixSysMsg1_Hook = 0x789617; //0x6F60AC;
const int FixSysMsg1_FALSE = FixSysMsg1_Hook+5;
const int FixSysMsg1_TRUE = 0x7896D4; //0x6F6165;
const int FixSysMsg2_Hook = 0x789913; //0x6F63B3;
const int FixSysMsg2_FALSE = FixSysMsg2_Hook+5;
const int FixSysMsg2_TRUE = 0x789A0A; //0x6F64B6;
const int FixSysMsg3_Hook = 0x789C5C; //0x6F6715;
const int FixSysMsg3_FALSE = FixSysMsg3_Hook+5;
const int FixSysMsg3_TRUE = 0x789D1F; //0x6F67DA;

[chris05]

aecrimch,

My offsets to 104D GMO are:

#define Offset_GetDisplayMsgType (0x0078B770)
#define Offset_SetDisplayMsgType (0x0078B720)
#define Offset_ShowChatMsgs (0x00788930)

#define Offset_ShowChatMsgsCall_Hook (0x0078AF6C)

#define Offset_NewCall (0x009CFF45)

#define Offset_FixSysMsg1_Hook (0x00789617)
#define Offset_FixSysMsg1_FALSE (FixSysMsg1_Hook+5);
#define Offset_FixSysMsg1_TRUE (0x007896D4)

#define Offset_FixSysMsg2_Hook (0x00789913)
#define Offset_FixSysMsg2_FALSE (FixSysMsg2_Hook+5);
#define Offset_FixSysMsg2_TRUE (0x00789A0A)

#define Offset_FixSysMsg3_Hook (0x00789C5C)
#define Offset_FixSysMsg3_FALSE (FixSysMsg3_Hook+5);
#define Offset_FixSysMsg3_TRUE (0x00789D1F)

[aecrimch]

thanks chris05, but i have another problem... now all messages are overlapping:



I do not have original Gembrid's chatwnd.cpp, can you share your chatwnd.cpp too?

thanks again

[chris05]

aecrimch,

Search the original source on Ragezone...

[knight06]

aecrimch, how to find these offset for any main? can you tell me, thanks?
sorry for my bad english

[aecrimch]

knight06,
i searched offsets by comparison version 1.04D with 1.03K, ex:

const int GetDisplayMsgType = 0x78B770; //0x6F7FE0;

0x6F7FE0

is 1.03K tested and working offset
i do not know other method...

anyway i fail with searching first and second offset of 1.04D (chris05 found)...
do u have original Gembrid's chatwnd.cpp source? i searched RZ forum all this afternoon and found nothing.

[knight06]

I found nothing,too but I can remake it if I know method find these offset follow "switch"
sorry for my bad english

[blackdovevn]

Chris05, can u tell me how to fix Remember ID for Main 1.04D ?

[chris05]

blackdovevn,

Sorry.... But I didnt understand you... What do you want to know?

[phit666]

thanks chris05, but i have another problem... now all messages are overlapping:



I do not have original Gembrid's chatwnd.cpp, can you share your chatwnd.cpp too?

thanks again

This should fix it

Code:

__declspec(naked) void ShowSysMsgs()
{
    __asm 
    {
        MOV EDI, GetDisplayMsgType
        call EDI
        MOV dwMsgType,EAX
        MOV ECX, DWORD PTR SS:[EBP-4]
        MOV EAX, DWORD PTR DS:[ECX+0x128]
        MOV dwYpos, EAX
        MOV EAX, DWORD PTR DS:[ECX+0x138]
        MOV dwHeight, EAX
        // ----
        MOV EDX, 150 // y position
        MOV DWORD PTR DS:[ECX+0x128], EDX
        MOV DWORD PTR DS:[ECX+0x138], 0x64
        MOV EAX, DWORD PTR DS:[ECX+0x13C]
        MOV dwMsgCnt, EAX
        MOV DWORD PTR DS:[ECX+0x13C], 6
        MOV EAX, DWORD PTR DS:[ECX+0x148]
        MOV dwScrollPos, EAX
        PUSH 3
        MOV ECX, DWORD PTR SS:[EBP-4]
        MOV EDI,SetDisplayMsgType
        CALL EDI
        MOV ECX, DWORD PTR SS:[EBP-4]
        MOV EDI,ShowChatMsgs
        CALL EDI
        MOV ECX, DWORD PTR SS:[EBP-4]
        PUSH dwMsgType
        MOV EDI,SetDisplayMsgType
        CALL EDI
        MOV ECX, DWORD PTR SS:[EBP-4]
        MOV EAX, dwYpos
        MOV DWORD PTR DS:[ECX+0x128], EAX
        MOV EAX, dwHeight
        MOV DWORD PTR DS:[ECX+0x138], EAX
        MOV EAX, dwMsgCnt
        MOV DWORD PTR DS:[ECX+0x13C], EAX
        MOV EAX, dwScrollPos
        MOV DWORD PTR DS:[ECX+0x148], EAX
        MOV ECX, DWORD PTR SS:[EBP-4]
        MOV EDI,ShowChatMsgs
        CALL EDI
        retn
    }
}

[aecrimch]

thanks phit666 it works...

[blackdovevn]

blackdovevn,

Sorry.... But I didnt understand you... What do you want to know?

My main 1.04D can't remember Account ID when i log in to game. Can u tell me how to fix ?

[chris05]

blackdovevn,

Maybe the problem isnt on main... Maybe is on DB...

[ayh5401]

Korean 1.04d protocols share some

[aecrimch]

chris05,
can you help me please with extend wings limit?
custom wings models are loaded ok but wings are not in fact wings...



tried to extend limit using jewels model like this:

//patch new wings
__declspec(naked) void PatchingNewWings()
{
DWORD Enabeled;
_asm
{
MOV edx,DWORD PTR SS:[EBP-0x28]
MOVSX eax,WORD PTR DS:[edx]
mov Enabeled,eax
}
// ----
if(Enabeled != 6279 &&Enabeled != 6344 &&Enabeled != 6345 &&Enabeled != 6346 &&Enabeled != 6347 &&
Enabeled != 6348 &&Enabeled != 6349 &&Enabeled != 6350 &&Enabeled != 6351 &&Enabeled != 6352 &&Enabeled != 6353 &&Enabeled != 6354 &&Enabeled != 6355 &&Enabeled != 6356 &&Enabeled != 6357)
{
_asm
{
mov eax,WingsTry
jmp eax
}
}
// ----
else
{
_asm
{
mov eax,WingsFalse
jmp eax
}
}
}

where:

#define WingsTry 0x00876ED1 //0x00876E5E
#define WingsFalse 0x00876DAF //0x00838361
#define PathWings 0x00876DA4 //0x00876D96

but unsuccesful.., :(