Translate Tittle Post: Editar cuentas sin salirse del juego
HERE VIDEO TUTORIAL EXPLAIN
HERE 1 VIDEO TUTORIAL EXPLAINING ITS FUNCTION
AQUI 1 VIDEO TUTORIAL EXPLICANDO SU FUNCIONAMIENTO.
JUST USE MY PROGRAMMED DBSRV
SOLO USEN MY DBSRV PROGRAMADO.
Credits: HETEROJENEO.
Skype: tantraservidores@gmail.com
Last edited by heterojeneo; 21-12-16 at 09:35 PM.
Good job @heterojeneo
Do you have tutorial sir how to increase the Limit ID in HTLauncher ? video Tutorial ?
That takes time The offset to extend the limits is not free.
Originally Posted by Panyawan
@ Panyawan: follow this and you will not have to pay anyone for getting the offsets:
This is for finding the offsets where the code use the values:
https://youtu.be/K8DYIMniQEE
What I do on the video is using OllyDbg to save the HTLauncher module to a txt file, that way i dont need to run Olly any time I need to find some. Once you have the HTLauncher module in the txt file you use that file any time you need to find some. Of course the search can be done inside Olly too w/o making the txt file.
as you may see on the video there are 5 places on the HTLauncher that compare a register (eax,edi etc) with the values you are searching for :
2001 in Hex = 7D1
2999 in Hex = 0BB7
3501 in Hex = DAD
3999 in Hex = 0F9F
for example:
1002C664 |> 81FF D1070000 CMP EDI,7D1
1002C66A |. 72 08 JB SHORT HTLaunch.1002C674
1002C66C |. 81FF B70B0000 CMP EDI,0BB7
1002C672 |. 76 18 JBE SHORT HTLaunch.1002C68C
1002C674 |> 81FF AD0D0000 CMP EDI,0DAD
1002C67A |. 0F82 D2000000 JB HTLaunch.1002C752
1002C680 |. 81FF 9F0F0000 CMP EDI,0F9F
the most left number is the offset + header on olly, on hex editors the header is not added so in a hex editor, the offset will be the same minus the header, for example 1002c664 will be 0002c664.
There are values that are not stored on the code, they are stored as a resource on the data segment of the .exe file, so you wont be able to find them in the code as I did with the 0F9F, for those, you can use a hex editor like you did to find the "jo" or use the resource mem search on Olly. Usually you will recognize them on the dump because they are reference by its mem address (offset=mem addressing) instead of its value. so for example if a value is declare as a constant in the c++ header file like this:
const int MAX_PARTY=7;
the rest of the code will reference it as MAX_PARTY which is a mem address that stores the value of 7, the code on the dump can be similar to this:
MOV EAX,DWORD PTR DS:[101CB280] instead of MOV EAX,7
BTW my offset could not be the same for you, offsets changes from client versions, so if you want to find yours better if you search for ,0F9F
Last edited by Eliana Gherbaz; 26-12-16 at 07:16 PM.
Perfect advise Eliana. Btw, I just want to ask if you have tried messing up with .tfx files? I'm currently looking for a way to unpack the files to csv and encrypt it back like hpk files do. It stores the animation data and it's functions. I am working on new skill animation with new effects. Though I can only use the old pcskillactive and actions.
No sorry I didnt play with those files and the reason im not interested to play with them is that Im trying to move Tantra to a new engine so Im spending my time on the new engine and not in the old.
I see. Good luck with that one bro. Looking forward to see some screenshots with your development. If by chance you will successfully use a new engine for the game, i hope you can share some files/tools which can be used for the game(old).
Is your ZoneSRV.exe k5.2? If so, why mine starts at "7" and yours started at "1"
for example:
1002C664 |> 81FF D1070000 CMP EDI,7D1
1002C66A |. 72 08 JB SHORT HTLaunch.1002C674
1002C66C |. 81FF B70B0000 CMP EDI,0BB7
1002C672 |. 76 18 JBE SHORT HTLaunch.1002C68C
1002C674 |> 81FF AD0D0000 CMP EDI,0DAD
1002C67A |. 0F82 D2000000 JB HTLaunch.1002C752
1002C680 |. 81FF 9F0F0000 CMP EDI,0F9F
and mine like this:
775D00A6 53 PUSH EBX
775D00A7 E8 BB730B00 CALL ntdll.77687467
775D00AC 85C0 TEST EAX,EAX
775D00AE 75 04 JNZ SHORT ntdll.775D00B4
775D00B0 5B POP EBX
775D00B1 C2 1000 RETN 10
you are not on HTLauncher module, you are on ntdll module
Oh there you are! Thank you very much!
Thank You! -Link Working 2017.12.31
Reply With Quote