July[2K8]/June[2K7] - Customize your grade

[Kyoshike]

All these tutorial are client side :).

***JULY 2K8 TUT***

Make a new grade - Client side

Code:

1)Go to address & Assemble the following
004A17B2 - JNZ [Code cave address]		


2)Assemble the following
CMP ECX,[Grade in hexadecimal]
JNZ SHORT [New Grade Address] //You need to jump at the next CMP ECX,[Grade in hexadecimal]
MOV ESI,DWORD PTR SS:[EBP+10]
TEST ESI,ESI
MOV EDX,DWORD PTR SS:[EBP+C]
MOV BYTE PTR SS:[EBP+8],FF //The R
MOV BYTE PTR SS:[EBP+9],80 //The G
MOV BYTE PTR SS:[EBP+A],40 //The B
MOV BYTE PTR SS:[EBP+B],FF //The A
MOV EAX,DWORD PTR SS:[EBP+8]
MOV DWORD PTR DS:[EDX],EAX
MOV AL,1
POP ESI
POP EBP
RETN

- NOTE: Repeat the above code till (n-1) grades u need

3)For the last grade it should be like this
CMP ECX,[Grade in hexadecimal]
JNZ 004A17F3 //You are jumping back to Administrator Grade  
MOV ESI,DWORD PTR SS:[EBP+10]
TEST ESI,ESI
MOV EDX,DWORD PTR SS:[EBP+C]
MOV BYTE PTR SS:[EBP+8],FF //The R
MOV BYTE PTR SS:[EBP+9],80 //The G
MOV BYTE PTR SS:[EBP+A],40 //The B
MOV BYTE PTR SS:[EBP+B],FF //The A
MOV EAX,DWORD PTR SS:[EBP+8]
MOV DWORD PTR DS:[EDX],EAX
MOV AL,1
POP ESI
POP EBP
RETN

Score board grade name color

Code:

1)Go to address & Assemble the following
00407832 - JMP [Code cave address]
00407839 - NOP
00407840 - NOP
00407847 - NOP

2)Assemble the following
MOV EAX,DWORD PTR DS:[EBX+4EA] // Assemble this only 1 time

CMP EAX,[Grade in hexadecimal]
JNE SHORT [New Grade Address] //You need to jump at the next CMP EBX,[Grade in hexadecimal]
MOV BYTE PTR SS:[EBP-17C],0FF //The R
MOV BYTE PTR SS:[EBP-17B],80 //The G
MOV BYTE PTR SS:[EBP-17A],40 //The B
MOV BYTE PTR SS:[EBP-179],0FF //The A
MOV ECX,DWORD PTR SS:[EBP-17C]
JMP 0040784E

- NOTE: Repeat the above code till (n-1) grades u need

3)For the last grade it should be like this
CMP EAX,[Grade in hexadecimal]
JNE 0040784E
MOV BYTE PTR SS:[EBP-17C],0FF //The R
MOV BYTE PTR SS:[EBP-17B],80 //The G
MOV BYTE PTR SS:[EBP-17A],40 //The B
MOV BYTE PTR SS:[EBP-179],0FF //The A
MOV ECX,DWORD PTR SS:[EBP-17C]
JMP 0040784E

- NOTE: Now we need to add the grade to the color list

4)Go to address & Assemble the following
00477000 - NOP
00477006 - NOP
0047700B - NOP
0047700D - NOP
00477012 - NOP
00477014 - NOP
00477016 - NOP
00477017 - NOP
00477019 - NOP

5)Assemble the following in your code cave #
MOV EAX,DWORD PTR DS:[ECX+4EA] // Assemble this only 1 time
CMP EAX,[Grade in hexadecimal] //This grade is the grade you added in step #3
JE SHORT [Take the number of the address which the JE Short is on]

- NOTE: Repeat the above code till (n-1) grades u need

6)For the last grade it should be like this
CMP EAX,[Grade in hexadecimal]
JE SHORT [Take the number of the address which the JE SHORT is on]
XOR AL,AL
RETN
MOV AL,1
RETN

- NOTE: now you need to change all the JE SHORT address to the [MOV AL,1] address

7)Go to address & Assemble the following
00402CEC - CALL [MOV EAX,DWORD PTR DS:[ECX+4EA] Address]
0040316F - CALL [MOV EAX,DWORD PTR DS:[ECX+4EA] Address]
00403436 - CALL [MOV EAX,DWORD PTR DS:[ECX+4EA] Address]
0040368C - CALL [MOV EAX,DWORD PTR DS:[ECX+4EA] Address]
00405A64 - CALL [MOV EAX,DWORD PTR DS:[ECX+4EA] Address]
004077F9 - CALL [MOV EAX,DWORD PTR DS:[ECX+4EA] Address]
004103EA - CALL [MOV EAX,DWORD PTR DS:[ECX+4EA] Address]
00411519 - CALL [MOV EAX,DWORD PTR DS:[ECX+4EA] Address]

Chat banned string :) A.K.A Grade 104

Code:

1)Go to address & Assemble the following
0042C892 - PUSH 4E27

2)Message.xml
<!-- Chat Banned Message -->
<MSG id="20007">You are chat banned due at several reason.</MSG>

Unmask custom grade level

Code:

1)Go to address & Assemble the following //Game room
00424D7F - MOV BYTE PTR SS:[EBP+17],1
00424D84 - JMP SHORT 00424D9F

2)Go to address & Assemble the following //Looby
00423B68 - MOV BYTE PTR SS:[EBP+17],1
00423B6D - JMP SHORT 00423B82

3)Go to address & Assemble the following //Scoreboard
00407823 - MOV ECX,DWORD PTR DS:[EBX+414]
00407829 - PUSH EAX
0040782A - PUSH ECX
0040782B - LEA EDX,DWORD PTR DS:[EDI+C]
0040782E - PUSH 00622D24
00407833 - PUSH EDX
00407834 - CALL 005779CD
00407839 - ADD ESP,14
0040783C - JMP [Code cave address]
00407847 - NOP
00407854 - NOP
00407854 - JMP SHORT 00407857

4)Assemble the following //Scoreboard color
[Code cave address] - MOV BYTE PTR SS:[EBP-179],0FF
MOV BYTE PTR SS:[EBP-17C],0FF
MOV BYTE PTR SS:[EBP-17B],80
MOV BYTE PTR SS:[EBP-17A],40
JMP 0040784E

5)Go to address & Assemble the following //End game score board
00405A80 - JMP SHORT 00405A9F

***JUNE 2K7 TUT***

Score board grade name color

Code:

1)Go to address & Assemble the following
004078F5 - JMP [Code cave address]
004078FA - NOP
004078FF - NOP
00407904 - NOP

2)Assemble the following
MOV EBX,DWORD PTR DS:[EBP+45A] // Assemble this only 1 time

CMP EBX,[Grade in hexadecimal]
JNE SHORT [New Grade Address] //You need to jump at the next CMP EBX,[Grade in hexadecimal]
MOV BYTE PTR SS:[ESP+3C],0FF //The R
MOV BYTE PTR SS:[ESP+3D],80 //The G
MOV BYTE PTR SS:[ESP+3E],40 //The B
MOV BYTE PTR SS:[ESP+3F],0FF //The A
MOV ECX,DWORD PTR SS:[ESP+3C]
JMP 00407909

- NOTE: Repeat the above code till (n-1) grades u need

3)For the last grade it should be like this
CMP EBX,[Grade in hexadecimal]
JNE 00407909
MOV BYTE PTR SS:[ESP+3C],0FF //The R
MOV BYTE PTR SS:[ESP+3D],80 //The G
MOV BYTE PTR SS:[ESP+3E],40 //The B
MOV BYTE PTR SS:[ESP+3F],0FF //The A
MOV ECX,DWORD PTR SS:[ESP+3C]
JMP 00407909

- NOTE: Now we need to add the grade to the color list

4)Go to address & Assemble the following
00473920 - NOP
00473926 - NOP
0047392B - NOP
0047392D - NOP
00473932 - NOP
00473934 - NOP
00473936 - NOP
00473937 - NOP
00473939 - NOP

5)Assemble the following in your code cave #
MOV EAX,DWORD PTR DS:[ECX+45A] // Assemble this only 1 time
CMP EAX,[Grade in hexadecimal] //This grade is the grade you added in step #3
JE SHORT [Take the number of the address which the JE Short is on]

- NOTE: Repeat the above code till (n-1) grades u need

6)For the last grade it should be like this
CMP EAX,[Grade in hexadecimal]
JE SHORT [Take the number of the address which the JE SHORT is on]
XOR AL,AL
RETN
MOV AL,1
RETN

- NOTE: now you need to change all the JE SHORT address to the [MOV AL,1] address

7)Go to address & Assemble the following
00402C6B - CALL [MOV EAX,DWORD PTR DS:[ECX+4EA] Address]
004030E4 - CALL [MOV EAX,DWORD PTR DS:[ECX+4EA] Address]
0040341B - CALL [MOV EAX,DWORD PTR DS:[ECX+4EA] Address]
004036E2 - CALL [MOV EAX,DWORD PTR DS:[ECX+4EA] Address]
00405B50 - CALL [MOV EAX,DWORD PTR DS:[ECX+4EA] Address]
004078BC - CALL [MOV EAX,DWORD PTR DS:[ECX+4EA] Address]
00410237 - CALL [MOV EAX,DWORD PTR DS:[ECX+4EA] Address]
00411282 - CALL [MOV EAX,DWORD PTR DS:[ECX+4EA] Address]

Chat banned string :) A.K.A Grade 104

Code:

1)Go to address & Assemble the following
0042B16F - PUSH 4E27

2)Message.xml
<!-- Chat Banned Message -->
<MSG id="20007">You are chat banned due at several reason.</MSG>

Unmask custom grade level

Code:

1)Go to address & Assemble the following //Game room
004236D3 - MOV BYTE PTR SS:[ESP+13],1
004236D8 - JMP SHORT 004236F3

2)Go to address & Assemble the following //Looby
00422146 - MOV BYTE PTR SS:[ESP+13],1
0042214B - JMP SHORT 00422162

3)Go to address & Assemble the following //Scoreboard
004078E3 - MOV ECX,DWORD PTR SS:[EBP+384]
004078E9 - PUSH EAX
004078EA - PUSH ECX
004078EB - LEA EDX,DWORD PTR DS:[EDI+C]
004078EE - PUSH 005E6D24
004078F3 - PUSH EDX
004078F4 - CALL 0057170D
004078F9 - ADD ESP,14
004078FC - JMP [Code cave address]
00407904 - NOP
0040790D - NOP
0040790D - JMP SHORT 00407910

4)Assemble the following //Scoreboard color
[Code cave address] - MOV BYTE PTR SS:[ESP+3F],0FF
MOV BYTE PTR SS:[ESP+3C],0FF
MOV BYTE PTR SS:[ESP+3D],80
MOV BYTE PTR SS:[ESP+3E],40
JMP 00407909

5)Go to address & Assemble the following //End game score board
00405B6C - JMP SHORT 00405B8B

[MentaL]

[Phoenix]

You're AWESOME. Thanks a lot!

[Military]

Nice release Gerry. Why aren't you on msn?

[Phoenix]

Yeah, please get on MSN. I didn't quite understand the codecave part :3.

[Military]

Yeah, please get on MSN. I didn't quite understand the codecave part :3.

Yes and help me fix X-Trap.

[iceman4154]

Just find where GunZ.exe or other interally used modules load x trap and detour them around actually calling on x trap functions.

@On Topic - This is a straight to the point set of nice little tutorials you have there, with that info alone someone can do soooooooooooo many other edits just no one tries to do anything different, most people just try to recreate the wheele so to speak.

[Turunen]

thanks good job.

[azatain]

I'm not getting the colors for the list tab .-.

[Analise]

Colors in the list tab works in masked runnable?