Adding a Higher Level Cap Better Translation!
Hey guys Unzubaru here,
This is just to help explain things here a bit better and in more clear english so people who dont know it too well have a better understanding of it without trawling through the same sentence over and over wondering what he's talking about. I hope this helps and remember! there is always a big beautiful THANKS button with a thumbs up if this helped!
Delete if this isnt needed
First Show...
http://forum.ragezone.com/attachment...-with-bin-.jpg
http://forum.ragezone.com/attachment...with-bin-2.jpg
First of all we have to find the Exp Table in the .exe
Go to Server folder and open your XPTable (the one your server.exe uses) and look at the first offset (the set of numbers and letters) you see, use that, as it is the beginning offset of your XP table in both your Client and Server.
now we go to "search for"->"all the sequences" (Use below sequence?)
Code:
pop edi
mov eax, 1
pop ebx
retn
push ebp
push esi
push edi
add eax, 388C
push ebx
push eax
you will most probably reach here
Code:
0044A14C |. 5F pop edi
0044A14D |. B8 01000000 mov eax, 1
0044A152 |. 5B pop ebx
0044A153 |. C3 retn
0044A154 |> 55 push ebp
0044A155 |. 56 push esi
0044A156 |. 57 push edi
0044A157 |. 05 8C380000 add eax, 388C
0044A15C |. 53 push ebx
0044A15D |. 50 push eax
0044A15E |. E8 6D99FFFF call 00443AD0
0044A163 |. 83C4 0C add esp, 0C
0044A166 |. E8 B597FFFF call 00443920
0044A16B |. E8 30BFFFFF call 004460A0
0044A170 |. 8B2D DC8D8B00 mov ebp, dword ptr [8B8DDC]
0044A176 |. 8BB5 44390000 mov esi, dword ptr [ebp+3944]
0044A17C |. 8B04F5 14F0C7>mov eax, dword ptr [esi*8+8C7F014]
0044A183 |. 85C0 test eax, eax
0044A185 |. 8B0CF5 10F0C7>mov ecx, dword ptr [esi*8+8C7F010]
0044A18C |. 0F8C A1000000 jl 0044A233
0044A192 |. 7F 08 jg short 0044A19C
0044A194 |. 85C9 test ecx, ecx
0044A196 |. 0F82 97000000 jb 0044A233
0044A19C |> 3BF8 cmp edi, eax
0044A19E |. 0F8C 8F000000 jl 0044A233
0044A1A4 |. 7F 08 jg short 0044A1AE
0044A1A6 |. 3BD9 cmp ebx, ecx
0044A1A8 |. 0F82 85000000 jb 0044A233
notice this line
Code:
0044A185 |. 8B0CF5 10F0C7>mov ecx, dword ptr [esi*8+8C7F010]
it is an array with a base pointer 0x8C7F010 (this is not a fixed value, It will change within each .exe ,as an example, i shall use this offset)
just on this line, we "follow in dump"->"Address Constant"
now you can see your exp table, just like this
notice that, we got 08C7F010, but the real start position of the table is 8c7f000, 0x10 bytes before it, remember!
Code:
08C7F000 08 00 09 00 0D 00 00 00 0A 00 00 00 09 00 09 00 ...............
08C7F010 00 00 00 00 00 00 00 00 E8 03 00 00 00 00 00 00 ........?......
08C7F020 C4 09 00 00 00 00 00 00 88 13 00 00 00 00 00 00 ?......?......
08C7F030 1C 25 00 00 00 00 00 00 CC 42 00 00 00 00 00 00 %......藼......
08C7F040 E5 74 00 00 00 00 00 00 0F C9 00 00 00 00 00 00 錿......?.....
08C7F050 CC 55 01 00 00 00 00 00 E1 22 02 00 00 00 00 00 蘒.....?.....
08C7F060 41 3F 03 00 00 00 00 00 02 AD 04 00 00 00 00 00 A?.....?.....
08C7F070 EE 5B 06 00 00 00 00 00 08 34 08 00 00 00 00 00 頪.....4.....
08C7F080 0A 41 0A 00 00 00 00 00 0D B7 0C 00 00 00 00 00 .A.......?.....
08C7F090 B6 A3 0F 00 00 00 00 00 87 14 13 00 00 00 00 00 叮.....?.....
Unfortunately, there really isnt enough room for the exp table anymore (.exe is clogged ;P)
so, this is the main topic today-- add a new section and move the exp table!
I obviously cannot be certain which version you have for both server/client , that's not important, if your version has got a section with many zeros, you are in luck , just skip the next 4 paragraph, otherwise, Carry on!
tools: lordpe and a hex editor~
open your server with a hex editor.
NOTE: THESE STEPS APPLY TO BOTH CLIENT AND SERVER, START WITH SERVER THEN DO CLIENT ASWELL!
Scroll to the bottom, and insert some bytes I advise you to fill it with int3 or NOP so that, Lord-PE wont butt-rape your PC to hell. do not forget how many bytes you added.
now we open the server(or client) with Lord-PE(the pe-editor built-in), and click sections to see the section table and add section, just like this
http://img14.imageshack.us/img14/4833/lordpe.jpg
and then right click the new section added, give it a suitable name you wish, and fill in the VirtualAddress and RVA blanks with the number of bytes you've just added.(that's ok for the other blanks have been fixed by lord-pe, and i have not time to explain them)
just like this
http://img15.imageshack.us/img15/9549/editsec.jpg
ok now press ok and save the operations then press "rebuild pe" , that's the easist way to add your own section to avoid many calcs! XD
now we copy the whole exp table to the new section just added by us, well what's the address, open it with pe-editor in lord-pe, just remember the offset, and add it with 0x400000 then you got it! and of course do not forget to write you own exp numbers for the new levels, (just no more than 0xFFFFFFFFFFFFFFFF), you got it ?
now we need to fix the variables , the lvl-comparing places , open the server(or client)with your hex editor, and replace
every 0x8C7F010 to your address,
every 0x8C7F010 +0x4 to your address +0x4,
every 0x8C7F010 +0x8 to your address +0x8,
every 0x8C7F010 +0xc to your address +0xc
every 0x8C7F000 to your address -0x10
every 0x8C7F004 to your address -0x10 +0x4
now back to and return to the place we found at the beginning , you 'll find we still need some more addresses to fix, but these are the last ones.
Code:
0044A107 |. 8BD8 mov ebx, eax
0044A109 |. A1 9CF9C708 mov eax, dword ptr [8C7F99C] ;this is the high dword of the second level count from back
0044A10E |. 8BFA mov edi, edx
0044A110 |. 3BF8 cmp edi, eax
0044A112 |. 7F 13 jg short 0044A127
0044A114 |. 7C 08 jl short 0044A11E
0044A116 |. 3B1D 98F9C708 cmp ebx, dword ptr [8C7F998];this is the low dword of the second level count from back
the next place is a valididity check , the server must make sure that you can not level up if you are not Rank 3 or higher after all, who is only rank 2 yet level 120?.
Code:
0044A127 |> \3B3D 2CF3C708 cmp edi, dword ptr [8C7F32C];this is the low dword of lvl100
0044A12D |. A1 DC8D8B00 mov eax, dword ptr [8B8DDC] ;this needn't to be fixed.
0044A132 |. 7C 20 jl short 0044A154
0044A134 |. 7F 08 jg short 0044A13E
0044A136 |. 3B1D 28F3C708 cmp ebx, dword ptr [8C7F328] ;this is the low dword of lvl100
this place is a MAX_LEVEL check, now mine is 0x133 that's 307 in dec(i have no time to add so many exp tables XD, even this is produced by a little tool written by me)
Code:
0044A1A6 |. 3BD9 cmp ebx, ecx
0044A1A8 |. 0F82 85000000 jb 0044A233
0044A1AE |> 81FE 33010000 cmp esi, 133 ; here (for client you need to set a jmp, because the space is not enough for opcodes
0044A1B4 |. 7D 7D jge short 0044A233
this is the exp-table check, remember to fix them in runtime(only once is enough)
Code:
0044A1BB |. 8B0D B0F9C708 mov ecx, dword ptr [8C7F9B0]
0044A1C1 |. 3BC8 cmp ecx, eax
0044A1C3 |. 75 6E jnz short 0044A233
0044A1C5 |. A1 B4F9C708 mov eax, dword ptr [8C7F9B4]
the last level check (this check is only for server side)
Code:
004439E0 /$ 8B4424 04 mov eax, dword ptr [esp+4]
004439E4 |. 85C0 test eax, eax
004439E6 |. 7E 3D jle short 00443A25
004439E8 |. 3D 32010000 cmp eax, 132;this is the right place
004439ED |. 7F 36 jg short 00443A25
004439EF |. 8B5424 0C mov edx, dword ptr [esp+C]
and your done :D~ With this you can get an ALMOST unlimited level cap~ and of course you can modify a character with the lvl editor i published.
now have fun and a nice day~ all best wishes.
WaHVeY(Strang eFay) [P.R.C]
2009-3-24 16:51:53
Translated for less Head aches by Unzubaru.
Re: Adding a Higher Level Cap Better Translation!
Thanks, with this 'translation' i have added lvl cap 170 on my server.exe =D
Re: Adding a Higher Level Cap Better Translation!
sweet man =D, so did this help? Cause with me it was hard to understand everything that he was saying if i just read it through, so i just thought tohelp i would make it less jumpy :P.
Re: Adding a Higher Level Cap Better Translation!
I didn't struggle too much with the original, I thought it was pretty good for one who is not a native English speaker... But I know I have helped a few people with it. I think it is hard if you are unsure of the technical process. If you have a good general idea what he is trying to do, the few grammatical anomalies are not a great hurdle.
I hope stragefay isn't too upset by your re-work, because this is his guide. I don't know what attempts you may have tried to make to help him improve his guide before re-making it, but I think I would have tried that first before reproducing an already fine work just to clean up some ambiguities.
I would also have posted this in his thread... mods can shift posts between threads, and in the same thread all responses and queries relate to the same article... here, information becomes a little spread out, and could be difficult to find.
But from the number of queries I had, I agree there was some call for improving some of the terms used. I just hope strangefay isn't offended by this that statement, or this thread in general, and I thank you for keeping the credit for the tutorials origin with strangefay.
Re: Adding a Higher Level Cap Better Translation!
Not understand.
Can someone explain?
Re: Adding a Higher Level Cap Better Translation!
Quote:
Originally Posted by
Vahvel
Not understand.
Can someone explain?
It's a tutorial... which means it is an explanation... It's kinda hard to explain an explanation, but it if you tell us which bit you are struggling with, we can try to elaborate. :wink:
---EDIT---
Received via PM:-
Quote:
Originally Posted by Vahvel
Then you can help me here?
I wish you'd help put level 235.
If possible Thanks.
Yes it is possible, but first I would rather do it publicly, so the responses can be searched and used by others.
If you follow this guide by strangefay (or it's originator) you should be able to achieve level 235... or what ever level you want.
If you are struggling with a section, please ask and I and others will surly try to help out. But please be specific, and don't just ask us to re-write the entire guide. I can't answer "How do I follow this guide." in any way other than to say "Read it, then do what it says." Which I'm pretty sure won't help you much.
---EDIT---
Quote:
Originally Posted by Vahvel
I am having trouble doing almost anything in the tutorial level of 235.
If by some chance I have my Game.exe Server.exe and you could put to me? In that case I will study.
I think this will help me and others, only by download.
Not everyone understands this tutorial.
Dude... many people don't understand this tutorial, which is why strangefay linked executables which are already (at least partially) edited.
This is not an easy tutorial by any means. It is not for beginners, and not for the faint of heart. If you can do this, you can consider it a great achievement.:wink:
The only way we will ever get a better tutorial, that people can follow easier is if those who struggle to follow this one try their hardest to work through it, step by step, and ask the community for help... when we, as a community manage to provide answers that people do understand then we will know what information needs to be in a better guide, and how to phrase it.
I don't really have a problem understanding what strangefay has said, but I haven't tried doing it myself yet. I have helped others do it, and I can only say that going over the same stuff again and again in PMs is tiring and unproductive for the larger community... I will now only provide responses in public with the aim of helping us all to understand this better.
Re: Adding a Higher Level Cap Better Translation!
OK.
I do not understand what to do in Olly in the first part of the tutorial.
It speaks Byte to add, but how?
Then say you have to add a section in LordPE, I add and do not understand what they do later.
And my client is 150 level, after all this to work, I can usually ingame Up or I have to edit a level editor?
Re: Adding a Higher Level Cap Better Translation!
I Know Add other methods.
Re: Adding a Higher Level Cap Better Translation!
Okay... the first part is about finding the Exp table in your executable that is being used. This can be problematic, because some .exes have more than one table, where they have been edited before, and the old table was never blanked.
It may be easier to find the table by searching for
Code:
00 00 00 00 00 00 00 00 E8 03 00 00 00 00 00 00
selecting that line in the memory view in Olly and searching for references to it.
That should still lead you back to the same piece of code. strangefay found the code, and noted down some instructions that will be pretty common in all clients and servers, and fairly unique to the level table lookup routines. This is a pretty sure fire (guaranteed) way to locate the information that is used in any executable.
I suspect the confusion is that he did not explain where he got this magical set of instructions to search for.
Code:
pop edi
mov eax, 1
pop ebx
retn
push ebp
push esi
push edi
add eax, 388C
push ebx
push eax
If you still want to try his method (and it's a good one) then right click (context click) on the instructions in the CPU window in Olly, and select "search for" and from that menu "all command sequences" and type in the lines in the code section above.
As in:-
http://a.imagehost.org/0888/OllyLevels1.png
http://a.imagehost.org/0218/OllyLevels2.png
If that turns up no results, I found that reducing the list of command to just the ones after "retn" gave me the right result. :wink:
Many people have complained that LordPE is a pain to use... and it is. A good program, but a pain to use. To add a section, you could also consider referring to Gregoorys' tutorial on using ToPo, or my tutorial on doing it with CFF Explorer Suite. The end result is the same, regardless of the tool used.
Re: Adding a Higher Level Cap Better Translation!
OK ..
I found the table XP 100% as in the tutorial.
Now you have to do something that I did not understand.
To find the part of the table of XP and add a section in LordPE I can.
Now there are certain things then I do not understand.
And I would like to know what your Olly?
My is different.
Re: Adding a Higher Level Cap Better Translation!
Well, I use (usually) the beta version of ODb v2. It's faster, but doesn't support all the nice plugins in the "stable" ODb v1.x versions.
Other than that, it's clear, I think, that I have customised the colour scheme and fonts... other than the "theme" my Olly is pretty much the same as anyone elses. I hope we are able to see past cosmetics. :wink:
Quote:
Now you have to do something that I did not understand.
Can you quote the instruction(s) you "do not understand", as that would give me, and others, a better idea what you need help with.
Re: Adding a Higher Level Cap Better Translation!
yeh this wasnt to cause offence i just thought it was a bit bitty and stuff, i knew StrangeEfay (if he's the same guy XD) well they were both chinese anyway XD.
though i didnt know him well i dont mean to cause offence here. Just helps peeps like Vahvel who's first language isnt english.
Re: Adding a Higher Level Cap Better Translation!
Sorry my English, I'm Brazilian.
The part that I did not understand was after adding a new section.
It speaks before Byte to add, as I add byte? and after I add this new section, I get the section of the table exp? created? and how can I do to make it UP more than the 150 level.
Re: Adding a Higher Level Cap Better Translation!
Quote:
Scroll to the bottom, and insert some bytes I advise you to fill it with int3 or NOP so that, Lord-PE wont butt-rape your PC to hell. do not forget how many bytes you added.
Is this what you mean?
This is already done if you use ToPo or CFF. LordPE only adds a section header, it doesn't increase the size of the executable... so until you add some (initially blank) information in the file, your PE is corrupted.
Basically LordPE only does half the job, and you have to finish it. But not all Hex editors CAN add bytes to the end of a file. Some can only edit bytes that are already there.
But I'm pretty sure the Tutorial tells you to do that bit first, and use LordPE after.
How many bytes you add, is how many bytes you need for your new XP table.
How many bytes that is, depends on how many levels you want to go to.
Basically, if my memory is correct, the formula is 8 times the highest level you want... and add a bit for safety.
Re: Adding a Higher Level Cap Better Translation!
My table XP has space for down.
He comes at level 150, i have a lot of "FFFFFFFFFFFFFFFFFF" and below has no value.
Is there any way to put new level below?
And as I put the server to read those level, for him level of 149 and go up to 150, 151, 152 .....
