i' ve one Q
play to game.exe file after i founded 1871, other ver # in funcBox folder.
How can i changed ver# (ex. 1871->1889 or other ver#)
thanks..
Printable View
i' ve one Q
play to game.exe file after i founded 1871, other ver # in funcBox folder.
How can i changed ver# (ex. 1871->1889 or other ver#)
thanks..
The most useful information I've seen so far suggests that if you search for the "Ver:" string, it gets combined in "%s%d.%d.%d".
So in Olly, search for the string "Ver:" then search for references to it.
You'll find a section of code that goeswhere each edx is one of the match variables in "Ver: %d.%d.%d"Code:push edx
push edx
push edx
So you can push constant figures (eg. Push 0a to get version 10) instead to display something else.
You can also replace the %d in the string to a constant string... but this is only cosmetic... the server will still see the client as the version it always was.
It has a secondary check, so unless you just change the string, you get a "Version does not match" error before it even starts talking to the server.
I believe Shagpub and Quantumfusion have done this, but there are still many questions asked.
--- Edit ---
This information came to me, indirectly from Shagpub... so I should really credit him... It's not entirely accurate, but he PMed it to a friend of mine off the top of his head some considerable time ago.
--- EndEdit ----
A full tutorial is needed, but I've not succeeded here yet. ;) Many times it looks good, and then causes bugs elsewhere.
Best of luck to you.
------------ EDIT -----------
Oh yea... those pushes come from a static constant value 1855d in the exe, so you can hunt down 1885d = 73Fh = 3F 07 (intel corrected) in hex and change it to any number you like, but you will get version doesn't match unless you fix the check also... I don't know a good way to do that.
Open Ollydbg. Search: "Version does not match" And look for a module call it. :D
Thanks for your information.
I try ti this method and how can I change Ver# of server.exe
Server doesn't have a version... well, they are all 4069.
It checks the client version against minimum and maximum versions set in the server hotuk.ini, which (I think) is more likely what you are looking for.
Thank you for your kind tecahing.
I have a favor to ask you.
Can i have the server.exe of Lev.150?
Not the best person to ask, as I don't go beyond 120 under normal circumstances. I have some exes that make claims but I can't vouch for them. Anyone?
http://www.underworldvn.com/f60/guid...-exe-8712.html
There is a Guide how to change the version by GM-Ice
Good luck ^_^
When you change from here. You recived : "Version Does Not Match"Quote:
Originally Posted by tr1pl3x1
Hi. I edit my client can use anything version :D..... B/c i remove check version :D
They don't seem to let me register at UnderworldVN, can someone reproduce that description here? Or is that not allowed?
Alternatively, if someone who has managed this could write a Tutorial in their own words it would be very much appreciated, I'm sure. :D:
At Underwordvn please pm to me. My Nick: zahara
If that's addressed to me (as the last poster) I don't think I can PM till I can register... I've tried several times, and it just won't go through. :(Quote:
Originally Posted by zaharavn
This is what it said on that thread, I need help as well and I didn't really understand this guide, maybe you Bobsobol can interpret it better with usQuote:
Originally Posted by bobsobol
Quote:
http://img291.imageshack.us/img291/5804/imagemko0.jpg
only need a game.exe to retrieve the version compare with her and change^^
its easy^^
u can use a Bpt, PTv or PTP version in your sever =p
to search the offset in olly:
Search for/Sequence of commands
ADD ESP,4
MOV EAX,1
RETN
PUSH 0
Yes... that solves the stumbling block I had.
Here's the how to...
1) Search binary string "Ver: "
2) Trace referances to that string to locate code fragment:-3) Follow MOV ECX,[6CE6E8] reference in data dump to find "4E 07 00 00" or 0x74E or 1870 (dec).Code:MOV ECX,[6CE6E8]
CMP ECX,3E8
MOV EDI,EAX
JGE SHORT 00522D16
FILD DWORD PTR [6CE6E8]
PUSH OFFSET 1873_Cleaning.005DC828
SUB ESP,8
LEA EAX,[ESP+134]
FMUL DWORD PTR [5C0370] ; FLOAT 0.01000000
FSTP QWORD PTR [ESP]
PUSH OFFSET 1873_Cleaning.005DC820 ; ASCII "Ver: "
PUSH OFFSET 1873_Cleaning.005DC814 ; ASCII "%s%2.2f%s"
PUSH EAX
CALL 005AA2BD
JMP SHORT 00522D54
MOV EAX,ECX
CDQ
MOV EBP,0A
4) Change for your prefered version number. Say 1.11.1 or 1111 or 0x457 or 57 04 00 00.
Now we have "Versions of client wrong" bug. :(
Don't find the string "Version of client wrong" it's in a table that is very hard to find the references for.
5) DO search for the command sequence:-Actually, it shows up on the list of referring routines to your version DWord... about 3rd on the list.Code:ADD ESP,4
MOV EAX,1
RETN
PUSH 0
6) Correct the CMP EAX,-0E9C...
How?That fixes "Version of client wrong" bug.
EAX is loaded with your version number (1870 or 1111) it is negated (-1870 or -1111) and it is shifted left by 1 bit.
Math time:-
-1870d = FF FF F8 B2h = 11111111 11111111 11111000 10110010bNext, to work out our version numbers check code.
1111111 11111111 11111000 10110010b times 2 = 11111111 11111111 11111000 10110010b ShL(1)
so 11111111 11111111 11111000 10110010b ShL(1) = 1111111 11111111 11111000 101100100b
1111111 11111111 11111000 101100100b = FF FF F1 64h = FF FF F1 64h = -3740d
To paraphrase for the mathematically challenged:-
Neg(1870 * 2) = -3740, since 1870 times 2 equals 3740... good, we are all on the same page now... I hope. ^_^
1111d * 2 = 2222d
-2222d = FF FF F7 52h or -08AE
So compile CMP EAX, -08AE over the top of CMP EAX, -0E9C... get it?
BTW... now this is public knowledge, you do realise that the guys hacking your servers can hack their client to match whatever version you choose to use as easily as you can change it? ^_^