Editing theduel.exe (OllyDBG)
well ,
im trying to make the admin commands
for a normal player
so i can use /admin_wall [MSG]
and those commands
i unpack an encrypted mrs after i found the encrypt code
well i edit almost anything there
but 1 problem
on CHATCMDS.xml even if i am editing the command /h to /admin_wall
in game when i write /admin_wall its still the help command
so after alot of thinkin
i got it
the whole commands built in the gunz.exe/theduel.exe
i tryied to use ollydbg
but its look like other lang O_O
i didnt make it
so i came here to ask help
anyone can help me edit the admin commands for a normal player
any asm coders.. ?
here is the exe if a private server
http://www.mediafire.com/?zmbmw0tdund
thx for anyhelp.
edit:
well i saw alot of tuts on ollydbg
ive found the commands on the file
Code:
CPU Disasm
Address Hex dump Command Comments
0042D6E9 68 F4A45E00 PUSH 5EA4F4 ; ASCII "/admin_ban <charname>"
0042D6EE 6A 01 PUSH 1
0042D6F0 6A 01 PUSH 1
0042D6F2 6A FF PUSH -1
0042D6F4 68 80000000 PUSH 80
0042D6F9 68 50CB4200 PUSH 42CB50
0042D6FE 68 E8A45E00 PUSH 5EA4E8 ; ASCII "admin_ban"
0042D703 6A 00 PUSH 0
0042D705 8BCE MOV ECX,ESI
0042D707 E8 64240000 CALL 0042FB70
0042D70C 68 6C685E00 PUSH 5E686C
0042D711 68 D4A45E00 PUSH 5EA4D4 ; ASCII "/admin_pingtoall"
0042D716 6A 01 PUSH 1
0042D718 6A FF PUSH -1
0042D71A 6A FF PUSH -1
0042D71C 68 80000000 PUSH 80
0042D721 68 E0B94200 PUSH 42B9E0
0042D726 68 C4A45E00 PUSH 5EA4C4 ; ASCII "admin_pingtoall"
0042D72B 6A 00 PUSH 0
0042D72D 8BCE MOV ECX,ESI
0042D72F E8 3C240000 CALL 0042FB70
0042D734 68 6C685E00 PUSH 5E686C
0042D739 68 ACA45E00 PUSH 5EA4AC
0042D73E 6A 01 PUSH 1
0042D740 6A 01 PUSH 1
0042D742 6A FF PUSH -1
0042D744 68 80000000 PUSH 80
0042D749 68 E0CB4200 PUSH 42CBE0
0042D74E 68 A0A45E00 PUSH 5EA4A0 ; ASCII "admin_wall"
0042D753 6A 00 PUSH 0
0042D755 8BCE MOV ECX,ESI
0042D757 E8 14240000 CALL 0042FB70
0042D75C 68 6C685E00 PUSH 5E686C
0042D761 68 94A45E00 PUSH 5EA494 ; ASCII "/admin_halt"
0042D766 6A 01 PUSH 1
0042D768 6A FF PUSH -1
0042D76A 6A FF PUSH -1
0042D76C 68 80000000 PUSH 80
0042D771 68 B0CC4200 PUSH 42CCB0
0042D776 68 88A45E00 PUSH 5EA488 ; ASCII "admin_halt"
0042D77B 6A 00 PUSH 0
0042D77D 8BCE MOV ECX,ESI
0042D77F E8 EC230000 CALL 0042FB70
0042D784 68 6C685E00 PUSH 5E686C
0042D789 68 6CA45E00 PUSH 5EA46C ; ASCII "/admin_switch_laddergame 1"
0042D78E 6A 01 PUSH 1
0042D790 6A FF PUSH -1
0042D792 6A FF PUSH -1
0042D794 68 80000000 PUSH 80
0042D799 68 E0CC4200 PUSH 42CCE0
0042D79E 68 54A45E00 PUSH 5EA454 ; ASCII "admin_switch_laddergame"
0042D7A3 6A 00 PUSH 0
0042D7A5 8BCE MOV ECX,ESI
0042D7A7 E8 C4230000 CALL 0042FB70
0042D7AC 68 6C685E00 PUSH 5E686C
0042D7B1 68 44A45E00 PUSH 5EA444 ; ASCII "/changemaster"
0042D7B6 6A 01 PUSH 1
0042D7B8 6A FF PUSH -1
0042D7BA 6A FF PUSH -1
0042D7BC 68 86000000 PUSH 86
0042D7C1 68 40BA4200 PUSH 42BA40
0042D7C6 68 34A45E00 PUSH 5EA434 ; ASCII "changemaster"
0042D7CB 6A 00 PUSH 0
0042D7CD 8BCE MOV ECX,ESI
0042D7CF E8 9C230000 CALL 0042FB70
0042D7D4 68 6C685E00 PUSH 5E686C
0042D7D9 68 24A45E00 PUSH 5EA424 ; ASCII "/changepassword"
0042D7DE 6A 01 PUSH 1
0042D7E0 6A FF PUSH -1
0042D7E2 6A FF PUSH -1
0042D7E4 68 86000000 PUSH 86
0042D7E9 68 60BA4200 PUSH 42BA60
0042D7EE 68 14A45E00 PUSH 5EA414 ; ASCII "changepassword"
0042D7F3 6A 00 PUSH 0
0042D7F5 8BCE MOV ECX,ESI
0042D7F7 E8 74230000 CALL 0042FB70
0042D7FC 68 6C685E00 PUSH 5E686C
0042D801 68 08A45E00 PUSH 5EA408 ; ASCII "/admin_hide"
0042D806 6A 01 PUSH 1
0042D808 6A FF PUSH -1
0042D80A 6A FF PUSH -1
0042D80C 68 81000000 PUSH 81
0042D811 68 C0BA4200 PUSH 42BAC0
0042D816 68 FCA35E00 PUSH 5EA3FC ; ASCII "admin_hide"
0042D81B 6A 00 PUSH 0
0042D81D 8BCE MOV ECX,ESI
0042D81F E8 4C230000 CALL 0042FB70
0042D824 68 6C685E00 PUSH 5E686C
0042D829 68 F4A35E00 PUSH 5EA3F4 ; ASCII "/hide"
0042D82E 6A 01 PUSH 1
0042D830 6A FF PUSH -1
0042D832 6A FF PUSH -1
0042D834 68 81000000 PUSH 81
0042D839 68 C0BA4200 PUSH 42BAC0
0042D83E 68 ECA35E00 PUSH 5EA3EC ; ASCII "hide"
0042D843 6A 00 PUSH 0
0042D845 8BCE MOV ECX,ESI
0042D847 E8 24230000 CALL 0042FB70
0042D84C 68 6C685E00 PUSH 5E686C
0042D851 68 E4A35E00 PUSH 5EA3E4 ; ASCII "/jjang"
0042D856 6A 01 PUSH 1
0042D858 6A FF PUSH -1
0042D85A 6A FF PUSH -1
0042D85C 68 86000000 PUSH 86
0042D861 68 E0BA4200 PUSH 42BAE0
0042D866 68 DCA35E00 PUSH 5EA3DC ; ASCII "jjang"
0042D86B 6A 00 PUSH 0
0042D86D 8BCE MOV ECX,ESI
0042D86F E8 FC220000 CALL 0042FB70
0042D874 68 6C685E00 PUSH 5E686C
0042D879 68 CCA35E00 PUSH 5EA3CC ; ASCII "/removejjang"
0042D87E 6A 01 PUSH 1
0042D880 6A FF PUSH -1
0042D882 6A FF PUSH -1
0042D884 68 86000000 PUSH 86
0042D889 68 40BB4200 PUSH 42BB40
0042D88E 68 C0A35E00 PUSH 5EA3C0 ; ASCII "removejjang"
0042D893 6A 00 PUSH 0
0042D895 8BCE MOV ECX,ESI
0042D897 E8 D4220000 CALL 0042FB70
0042D89C 68 6C685E00 PUSH 5E686C
0042D8A1 68 ACA35E00 PUSH 5EA3AC ; ASCII "/admin_reload_hash"
0042D8A6 6A 01 PUSH 1
0042D8A8 6A FF PUSH -1
0042D8AA 6A FF PUSH -1
0042D8AC 68 80000000 PUSH 80
0042D8B1 68 00BA4200 PUSH 42BA00
0042D8B6 68 98A35E00 PUSH 5EA398 ; ASCII "admin_reload_hash"
0042D8BB 6A 00 PUSH 0
0042D8BD 8BCE MOV ECX,ESI
0042D8BF E8 AC220000 CALL 0042FB70
0042D8C4 68 6C685E00 PUSH 5E686C
0042D8C9 68 78A35E00 PUSH 5EA378 ; ASCII "/admin_reset_all_hacking_block"
0042D8CE 6A 01 PUSH 1
0042D8D0 6A FF PUSH -1
0042D8D2 6A FF PUSH -1
0042D8D4 68 80000000 PUSH 80
0042D8D9 68 20BA4200 PUSH 42BA20
0042D8DE 68 58A35E00 PUSH 5EA358 ; ASCII "admin_reset_all_hacking_block"
0042D8E3 6A 00 PUSH 0
0042D8E5 8BCE MOV ECX,ESI
0042D8E7 E8 84220000 CALL 0042FB70
0042D8EC 68 A0A45E00 PUSH 5EA4A0 ; ASCII "admin_wall"
0042D8F1 68 50A35E00 PUSH 5EA350
0042D8F6 8BCE MOV ECX,ESI
0042D8F8 E8 13240000 CALL 0042FD10
0042D8FD 68 88A45E00 PUSH 5EA488 ; ASCII "admin_halt"
0042D902 68 48A35E00 PUSH 5EA348
0042D907 8BCE MOV ECX,ESI
0042D909 E8 02240000 CALL 0042FD10
0042D90E 68 2CA35E00 PUSH 5EA32C
0042D913 68 20A35E00 PUSH 5EA320
0042D918 6A 01 PUSH 1
0042D91A 6A 01 PUSH 1
0042D91C 6A FF PUSH -1
0042D91E 6A 01 PUSH 1
0042D920 68 10D14200 PUSH 42D110
0042D925 68 44A25E00 PUSH 5EA244 ; ASCII "go"
0042D92A 6A 00 PUSH 0
0042D92C 8BCE MOV ECX,ESI
0042D92E E8 3D220000 CALL 0042FB70
0042D933 68 6C685E00 PUSH 5E686C
how do i change anything to be used for normal player?
Re: Editing theduel.exe (OllyDBG)
Quote:
how do i change everything to be used for normal player?
You can set every player to rank 252 ...
or juste change admin UGrade Push to 0.
Theese push look like "0x0FF" for 255 rank
and "0x0FE" for 254 rank.
if you change ranks remember to do it server-side
too.
...http://forum.ragezone.com/zoomtube/b...ost_thanks.gif
Re: Editing theduel.exe (OllyDBG)
Quote:
Originally Posted by
belette321
I don't have any gunz files on this computer, but.
Some function, or the function itself, that uses /admin_wall calls ZMyInfo::IsAdminGrade
or ZCharacter::IsAdminName (Something like that)
You will see a block of Assembly code that looks like this:
Code:
CMP EAX, 255
JMP SHORT .....
CMP EAX, 254
JMP SHORT .....
CMP EAX, 252
JMP SHORT .....
(Something like that) - above them is the pointer to your current UGradeID. If your UGradeID is 255, it will take the jump underneath the "CMP EAX, 255" and continue.
Anyway, what you want to do is look for a call to one of them 2 functions and uhh, crap. I can't really say what to do because I can't look at that function, but try NOP'ing that CALL and/or the register(s)/command(s) above that CALL. I'm sorry, I'm terribly tired. But yes, you will also have to edit MatchServer for it to work (like belette said).
Also, the language you are talking about is Assembly.
Edit; that tutorial was intended to add new commands. That tutorial has nothing to do with what your doing. What that function does is check for input of say, "/admin_wall" and will execute the function that is PUSH'ed.
Re: Editing theduel.exe (OllyDBG)
Just do a JMP without comparing the UGradeIDs in the command's function.
Don't forget to do the same for the server though.
Re: Editing theduel.exe (OllyDBG)
Simply enable the admin console announce packet in the MatchServer and change the packet id in the client.
Re: Editing theduel.exe (OllyDBG)
hmm thx anyone can edit the theduel.exe i gave?
i dont understand alot of this
and i dont know how to save ._.
btw
i must change the server side too
or just my client?
cuz if i use dll i mean its look like hmm
usage:/admin_wall
call ZChannelChatPost
some thing like this
but its crash so i want to make the client to make it
alone
