[Development] Season XII Source Chinesse Team - based on X-TEAM

[Pyke]

Hi RageZone!

I would like to announce that I will undertake work, using source codes, which I will provide below.

Source Code is by Chinesse Team called L.S.T.

Link Source:

You must be registered to see links

Util:

You must be registered to see links

MuServer:

You must be registered to see links

Client ENG:

You must be registered to see links

Update 1
-DataServer fixed (DataServer must be compile Release_EX401 mode)
-Clean Projects, no errors
-Hunting Log fixed

You must be registered to see links

Update 1.1
Full MUServer Compiled Clean

You must be registered to see links

Client ENG modded by me, 100% working with compiled files

You must be registered to see links

Main DLL Source, no errors clean

You must be registered to see links

​

 

[bolliks]

I can join on development im mainly web developer but have some C#/C++ knowlages have fixed some things on IGCN source S12 n poop so if i can be usefull i can spent some time

 

[xuanthanhyt]

scoure Client pls

 

[lst]

I don't know where your source code comes from.
The client part of the source code for you
Client:1.18.70

// lst.cpp : 定义 DLL 应用程序的导出函数。//


#include "stdafx.h"
#include "HookManager.h"
#include "PacketManager.h"
#include "Protocol.h"
Crack g_Crack;


LPBYTE g_CrackAttachHookAddr = (LPBYTE)GetProcAddress(GetModuleHandle("kernel32.dll"), "GetStartupInfoA");
LPBYTE g_MultiByteToWideChar = (LPBYTE)GetProcAddress(GetModuleHandle("kernel32.dll"), "MultiByteToWideChar");
LPBYTE g_WideCharToMultiByte = (LPBYTE)GetProcAddress(GetModuleHandle("kernel32.dll"), "WideCharToMultiByte");


//LPBYTE g_CrackReturnAddr = (LPBYTE)0x00CD1960;




void Crack::Load()
{




	GetBuffer((LPVOID)g_CrackAttachHookAddr, this->m_AttachRestoreBuff, 5);


	SetOp((LPVOID)g_CrackAttachHookAddr, (LPVOID)Crack::ProcAttach, JMP);
	GetBuffer((LPVOID)g_MultiByteToWideChar, this->m_MultiByteToWideChar, 5);
	GetBuffer((LPVOID)g_WideCharToMultiByte, this->m_WideCharToMultiByte, 5);
}
__declspec(naked) void Crack::ProcAttach()
{
	__asm
	{
		pushad
		pushfd
		call dword ptr ds : [Crack::ProcLoading]
		popfd
		popad
		jmp dword ptr ds : [g_CrackAttachHookAddr]
	}


}
void Crack::ProcLoading()
{
	
	g_Crack.ProcCrack();
	
	SetBuffer((LPVOID)g_CrackAttachHookAddr, g_Crack.m_AttachRestoreBuff, 5);




}
void Crack::ProcCrack()
{






	HookThis_JMP((DWORD)&ParsePacket, 0x00C19CF5); // 1.18.70
	HookThis_JMP((DWORD)&SendPacket, 0x00BAEBDD); // 1.18.70


	//char MUName[] = "<LST>奇迹S12";
	//char *NameAddress = (char*)(0x14C5948);
	//memset(NameAddress, 0, strlen(MUName)+1);
	//memcpy(NameAddress, MUName, strlen(MUName));




	HookThis_JMP(0x00A3A86EF, 0x00BAEEC5);//1.18.70




	//0A31625F - 0F84 F6348CF6   je main.00BD975B
	//JE>>jmp
	HookThis_JMP(0x00BEAA7F, 0x0A327E33);//1.18.70
	SetRange((LPVOID)0x0A327E38, 1, 0x90);//1.18.70


	//00510FD3    E8 AEE1FFFF     call main.0050F186
	//0A2D539E    55              push ebp


	HookThis(0x0A317ED0, 0x0051087E);
	HookThis(0x0A317ED0, 0x00511238);
	HookThis(0x0A317ED0, 0x0051196A);
	HookThis(0x0A317ED0, 0x00511DB6);


	////ERROR
	//setNumeric<BYTE>(0x00C36002, SJMP);


	//跳MU
	BYTE MU_JMP[] = { 0xEB,0x4B };
	SetBuffer((LPVOID)0x005069DC, MU_JMP, sizeof(MU_JMP));//1.18.70
	BYTE MU_JMP1[] = { 0xE9,0xBA,0x00,0x00,0x00,0x90 };
	SetBuffer((LPVOID)0x00506E1E, MU_JMP1, sizeof(MU_JMP1));//1.18.70
	//MuError Disable Enc Text	
	SetRange((LPVOID)0x00D42114, 32, 0x90);//1.18.70
	//跳GG Disable redirect gg start
	BYTE GG_JMP[] = { 0xE9,0x88,0x00,0x00,0x00,0x90 };
	SetBuffer((LPVOID)0x00507524, GG_JMP, sizeof(GG_JMP));//1.18.70
	BYTE GG_JMP1[] = { 0xEB,0x19 };
	SetBuffer((LPVOID)0x005074E1, GG_JMP1, sizeof(GG_JMP1));//1.18.70
	//Remove GameGuard
	setNumeric<BYTE>(0x0050CFD2, SJMP);//1.18.70
	setNumeric<BYTE>(0x00CC296F, SJMP);//1.18.70


	setNumeric<BYTE>(0x00CC2AA8, SJMP);//1.18.70
	//中文
	setNumeric<BYTE>(0x015964E0, 0x86);//1.18.70
	//创建中文角色
	SetRange((LPVOID)0x00460DE2, 13,0x90);
	SetByte(0x004BC12C, 0xEB);
	SetByte(0x00AD5F93, 0xEB);
	SetByte(0x00AD5F94, 0x43);
	SetByte(0x00B100D2, 0xEB);
	////二次加密跳过
	SetRange((LPVOID)0x00C7B11C, 2, 0x90);//1.18.70
	//加速
	//setNumeric<BYTE>(0x00512F62 + 1, 1);//1.18.70
	//setNumeric<BYTE>(0x00512F8A + 3, 1);//1.18.70
	//NPC
	//setNumeric<BYTE>(0x00BFAB9B+1, 0x35);//1.18.70
	//跳ItemtooltipBmd
	setNumeric<BYTE>(0x0085216E, 0xEB);//1.18.70
	//跳itemsetoptiontext
	setNumeric<BYTE>(0x00529b6c, 0xEB);//1.18.70
	//masterskillTooltip
	setNumeric<BYTE>(0x00b02eb5, 0xEB);//1.18.70
	//SkillToolTipText
	BYTE SKILL_JMP[] = { 0xE9,0xAD,0x00,0x00,0x00,0x90 };
	SetBuffer((LPVOID)0x00CCA2F8, SKILL_JMP, sizeof(SKILL_JMP));//1.18.70
	char ip[256] = { '\0' };
	int Prot;
	char path[256] = { '\0' };
	GetModuleFileName(NULL, ip, MAX_PATH);
	int nSize = strlen(ip);
	do
	{
		if (ip[nSize] == '\\')
		{
			ip[nSize + 1] = '\0';
			break;
		}


		nSize--;
	} while (nSize != 0);


	wsprintfA(path, "%s\\%s", ip, "config.ini");


	GetPrivateProfileStringA("LOGIN", "IpAddress", "127.0.0.1", ip, 256, ".\\config.ini");
	//sscanf("qiji.mpc.cn","%s", ip);
	CopyMemory((LPVOID)0x01596520, ip, strlen(ip) + 1);//1.18.70


	Prot = GetPrivateProfileInt("LOGIN", "Port", 44405, ".\\config.ini");
	setNumeric<int>(0x01595A54, Prot);//1.18.70


	char MainVersion[6] = "23446";
	char *Version = (char*)(0x0159F3C8);//1.18.70
	memset(Version, 0, 6);
	memcpy(Version, MainVersion, strlen(MainVersion));


	char MainSerial[17] = "fughy683dfu7teqg";
	char *SERIAL = (char*)(0x0159F3C8 + 8);//1.18.70
	memset(SERIAL, 0, 17);
	memcpy(SERIAL, MainSerial, strlen(MainSerial));


	//HookThis_JMP((DWORD)&MyMultiByte, 0x0051e968); // S13
	//HookThis_JMP((DWORD)&MyMultiByte1, 0x0051E9A8); // S13
	//HookThis_JMP((DWORD)&MyWideChar, 0x00A34ADD); // S12
	//HookThis_JMP((DWORD)&MyWideChar1, 0x00A34B0E); // S12
	//SetRange((LPVOID)0x0A2DA30A, 9, 0x90);


	//HookThis_JMP((DWORD)&MySendp, 0x0A2DA30A);


}
void __declspec(naked)  MySendp()
{
	//0A2DA30A    8B45 08         mov eax, dword ptr ss : [ebp + 0x8]
	//	0A2DA30D    8985 F8FAFFFF   mov dword ptr ss : [ebp - 0x508], eax
	//	0A2DA313    81BD F8FAFFFF F>cmp dword ptr ss : [ebp - 0x508], 0xFD
	static DWORD MyJmp = 0x0A2DA313;
	__asm
	{
		mov eax, dword ptr ss : [ebp + 0x0C]; 
		push eax;
		call gLog;
		mov eax, dword ptr ss : [ebp + 0x8];
		mov dword ptr ss : [ebp - 0x508], eax;
		jmp[MyJmp];
	}
}


void gLog(BYTE * pMsg)
{
	BYTE iLen;
	switch (pMsg[0])
	{
	case 0xC1:
		iLen = pMsg[1];
		break;
	case 0xC2:
		iLen = pMsg[2];
	default:
		break;
	}
	char buff[_MAX_PATH] = { 0 };
	_getcwd(buff, sizeof(buff));
	strcat(buff, "\\Send.txt");
	std::ofstream ofs(buff, std::ios::app);//建立ofstream对像。
	ofs << std::hex;
	for (int i = 0; i<iLen; i++)
	{


		ofs << "0x" << (static_cast<short>(pMsg[i]) & 0xff) << " ";
	}
	ofs << "\r\n";


	ofs.close();
	return;
}
void __declspec(naked)MyWideChar()
{
	static DWORD MyAddr = 0x3A8;
	static DWORD MyJmp = 0x00A34AE5;
	__asm
	{
		push MyAddr;
		call WideCharToMultiByte;
		jmp[MyJmp];
	}


}
void __declspec(naked)MyWideChar1()
{
	static DWORD MyAddr = 0x3A8;
	static DWORD MyJmp = 0x00A34B16;
	__asm
	{
		push MyAddr;
		call WideCharToMultiByte;
		jmp[MyJmp];
	}
}


void __declspec(naked)MyMultiByte()
{
	static DWORD MyAddr = 0x3A8;
	static DWORD MyJmp = 0x0051e973;
	
	__asm
	{
	push eax;
	push 0;
	push MyAddr
	call dword ptr ds : [0x137E210];
	jmp[MyJmp];
	}
}




void __declspec(naked)MyMultiByte1()
{
	static DWORD MyAddr = 0x3A8;
	static DWORD MyJmp = 0x0051E9B3;
	__asm
	{
		push eax;
		push 0;
		push MyAddr;
		call dword ptr ds : [0x137E210];
		jmp[MyJmp];
	}
}




// -------------------------------------------------------------------------------
void __declspec(naked) muSendPacket(BYTE* buff, int len)
{
	__asm
	{
		PUSH EBP;
		MOV EBP, ESP;
		MOV EAX, len;
		PUSH EAX;
		PUSH buff;
		MOV ECX, DWORD PTR DS : [MU_SENDER_CLASS];
		MOV EDX, MU_SEND_PACKET;
		CALL EDX;
		MOV ESP, EBP;
		POP EBP;
		RETN;
	}
}
void SendPacket(BYTE* lpMsg, DWORD size, int enc, int unk1)
{
	
	//if (lpMsg[2] == 0x0E || lpMsg[2] == 0x03 || lpMsg[2] == 0x19 || lpMsg[2] == 0x32)
	//{
	//	lpMsg[0] = 0xC3;
	//}
	static BYTE send[8192];


	memcpy(send, lpMsg, size);
	if (enc)
	{
		if (lpMsg[0] == 0xC1)
		{
			BYTE save = lpMsg[1];


			lpMsg[1] = (*(BYTE*)(MAIN_PACKET_SERIAL))++;


			size = gPacketManager.Encrypt(&send[2], &lpMsg[1], (size - 1)) + 2;


			lpMsg[1] = save;


			send[0] = 0xC3;
			send[1] = size;
		}
		else if (lpMsg[0] == 0xC2)
		{
			BYTE save = lpMsg[2];


			lpMsg[2] = (*(BYTE*)(MAIN_PACKET_SERIAL))++;


			size = gPacketManager.Encrypt(&send[3], &lpMsg[2], (size - 2)) + 3;


			lpMsg[2] = save;


			send[0] = 0xC4;
			send[1] = HIBYTE(size);
			send[2] = LOBYTE(size);
		}
	}
	muSendPacket(send, size);
}
void ParsePacket(void* PackStream, int unk1, int unk2)
{
	BYTE* buff;
	while (true)
	{
		__asm {
			MOV ECX, PackStream;
			MOV EDX, PARSE_PACKET_STREAM;
			CALL EDX;
			MOV buff, EAX;
		}
		if (!buff)
			break;


		BYTE DecBuff[7024];
		unsigned int DecSize;


		int proto;
		int size;
		int enc;




		switch (buff[0])
		{
		case 0xC1:
			proto = buff[2];
			size = buff[1];
			enc = 0;
			break;
		case 0xC2:
			proto = buff[3];
			size = *(WORD*)&buff[1];
			enc = 0;
			break;
		case 0xC3:
			enc = 1;
			size = buff[1];
			DecSize = gPacketManager.Decrypt(&DecBuff[1], &buff[2], size - 2);
			DecBuff[0] = 0xC1;
			DecBuff[1] = DecSize + 2;
			size = DecSize + 2;
			buff = DecBuff;
			proto = DecBuff[2];
			break;
		case 0xC4:
			enc = 1;
			size = MAKEWORD(buff[2], buff[1]);
			DecSize = gPacketManager.Decrypt(&DecBuff[2], &buff[3], size - 3);
			DecBuff[0] = 0xC2;
			DecBuff[2] = LOBYTE(DecSize + 3);
			DecBuff[1] = HIBYTE(DecSize + 3);
			size = DecSize + 3;
			buff = DecBuff;
			proto = buff[3];
			break;
		}


		if (unk1 == 1)
		{
			typedef int(*tProtocolCore2)(int, int, BYTE*, int, int);
			tProtocolCore2 ProtocolCore2 = (tProtocolCore2)PROTOCOL_CORE1;
			ProtocolCore2(unk2, proto, buff, size, enc);
		}
		else
		{
			typedef int(*tProtocolCore)(int, BYTE*, int, int);
			tProtocolCore ProtocolCore = (tProtocolCore)PROTOCOL_CORE2;
			bool bUseClientProtocolCore = CliProtocolCore(buff, proto, size, enc); // DLL protocolcore
			if (bUseClientProtocolCore)
			{
				ProtocolCore(proto, buff, size, enc); // Main.exe protocolcore
			}


		}




	}
}

 

[solarismu]

I don't know where your source code comes from.
The client part of the source code for you
Client:1.18.70

// lst.cpp : 定义 DLL 应用程序的导出函数。//


#include "stdafx.h"
#include "HookManager.h"
#include "PacketManager.h"
#include "Protocol.h"
Crack g_Crack;


LPBYTE g_CrackAttachHookAddr = (LPBYTE)GetProcAddress(GetModuleHandle("kernel32.dll"), "GetStartupInfoA");
LPBYTE g_MultiByteToWideChar = (LPBYTE)GetProcAddress(GetModuleHandle("kernel32.dll"), "MultiByteToWideChar");
LPBYTE g_WideCharToMultiByte = (LPBYTE)GetProcAddress(GetModuleHandle("kernel32.dll"), "WideCharToMultiByte");


//LPBYTE g_CrackReturnAddr = (LPBYTE)0x00CD1960;




void Crack::Load()
{




    GetBuffer((LPVOID)g_CrackAttachHookAddr, this->m_AttachRestoreBuff, 5);


    SetOp((LPVOID)g_CrackAttachHookAddr, (LPVOID)Crack::ProcAttach, JMP);
    GetBuffer((LPVOID)g_MultiByteToWideChar, this->m_MultiByteToWideChar, 5);
    GetBuffer((LPVOID)g_WideCharToMultiByte, this->m_WideCharToMultiByte, 5);
}
__declspec(naked) void Crack::ProcAttach()
{
    __asm
    {
        pushad
        pushfd
        call dword ptr ds : [Crack::ProcLoading]
        popfd
        popad
        jmp dword ptr ds : [g_CrackAttachHookAddr]
    }


}
void Crack::ProcLoading()
{
    
    g_Crack.ProcCrack();
    
    SetBuffer((LPVOID)g_CrackAttachHookAddr, g_Crack.m_AttachRestoreBuff, 5);




}
void Crack::ProcCrack()
{






    HookThis_JMP((DWORD)&ParsePacket, 0x00C19CF5); // 1.18.70
    HookThis_JMP((DWORD)&SendPacket, 0x00BAEBDD); // 1.18.70


    //char MUName[] = "<LST>奇迹S12";
    //char *NameAddress = (char*)(0x14C5948);
    //memset(NameAddress, 0, strlen(MUName)+1);
    //memcpy(NameAddress, MUName, strlen(MUName));




    HookThis_JMP(0x00A3A86EF, 0x00BAEEC5);//1.18.70




    //0A31625F - 0F84 F6348CF6   je main.00BD975B
    //JE>>jmp
    HookThis_JMP(0x00BEAA7F, 0x0A327E33);//1.18.70
    SetRange((LPVOID)0x0A327E38, 1, 0x90);//1.18.70


    //00510FD3    E8 AEE1FFFF     call main.0050F186
    //0A2D539E    55              push ebp


    HookThis(0x0A317ED0, 0x0051087E);
    HookThis(0x0A317ED0, 0x00511238);
    HookThis(0x0A317ED0, 0x0051196A);
    HookThis(0x0A317ED0, 0x00511DB6);


    ////ERROR
    //setNumeric<BYTE>(0x00C36002, SJMP);


    //跳MU
    BYTE MU_JMP[] = { 0xEB,0x4B };
    SetBuffer((LPVOID)0x005069DC, MU_JMP, sizeof(MU_JMP));//1.18.70
    BYTE MU_JMP1[] = { 0xE9,0xBA,0x00,0x00,0x00,0x90 };
    SetBuffer((LPVOID)0x00506E1E, MU_JMP1, sizeof(MU_JMP1));//1.18.70
    //MuError Disable Enc Text    
    SetRange((LPVOID)0x00D42114, 32, 0x90);//1.18.70
    //跳GG Disable redirect gg start
    BYTE GG_JMP[] = { 0xE9,0x88,0x00,0x00,0x00,0x90 };
    SetBuffer((LPVOID)0x00507524, GG_JMP, sizeof(GG_JMP));//1.18.70
    BYTE GG_JMP1[] = { 0xEB,0x19 };
    SetBuffer((LPVOID)0x005074E1, GG_JMP1, sizeof(GG_JMP1));//1.18.70
    //Remove GameGuard
    setNumeric<BYTE>(0x0050CFD2, SJMP);//1.18.70
    setNumeric<BYTE>(0x00CC296F, SJMP);//1.18.70


    setNumeric<BYTE>(0x00CC2AA8, SJMP);//1.18.70
    //中文
    setNumeric<BYTE>(0x015964E0, 0x86);//1.18.70
    //创建中文角色
    SetRange((LPVOID)0x00460DE2, 13,0x90);
    SetByte(0x004BC12C, 0xEB);
    SetByte(0x00AD5F93, 0xEB);
    SetByte(0x00AD5F94, 0x43);
    SetByte(0x00B100D2, 0xEB);
    ////二次加密跳过
    SetRange((LPVOID)0x00C7B11C, 2, 0x90);//1.18.70
    //加速
    //setNumeric<BYTE>(0x00512F62 + 1, 1);//1.18.70
    //setNumeric<BYTE>(0x00512F8A + 3, 1);//1.18.70
    //NPC
    //setNumeric<BYTE>(0x00BFAB9B+1, 0x35);//1.18.70
    //跳ItemtooltipBmd
    setNumeric<BYTE>(0x0085216E, 0xEB);//1.18.70
    //跳itemsetoptiontext
    setNumeric<BYTE>(0x00529b6c, 0xEB);//1.18.70
    //masterskillTooltip
    setNumeric<BYTE>(0x00b02eb5, 0xEB);//1.18.70
    //SkillToolTipText
    BYTE SKILL_JMP[] = { 0xE9,0xAD,0x00,0x00,0x00,0x90 };
    SetBuffer((LPVOID)0x00CCA2F8, SKILL_JMP, sizeof(SKILL_JMP));//1.18.70
    char ip[256] = { '\0' };
    int Prot;
    char path[256] = { '\0' };
    GetModuleFileName(NULL, ip, MAX_PATH);
    int nSize = strlen(ip);
    do
    {
        if (ip[nSize] == '\\')
        {
            ip[nSize + 1] = '\0';
            break;
        }


        nSize--;
    } while (nSize != 0);


    wsprintfA(path, "%s\\%s", ip, "config.ini");


    GetPrivateProfileStringA("LOGIN", "IpAddress", "127.0.0.1", ip, 256, ".\\config.ini");
    //sscanf("qiji.mpc.cn","%s", ip);
    CopyMemory((LPVOID)0x01596520, ip, strlen(ip) + 1);//1.18.70


    Prot = GetPrivateProfileInt("LOGIN", "Port", 44405, ".\\config.ini");
    setNumeric<int>(0x01595A54, Prot);//1.18.70


    char MainVersion[6] = "23446";
    char *Version = (char*)(0x0159F3C8);//1.18.70
    memset(Version, 0, 6);
    memcpy(Version, MainVersion, strlen(MainVersion));


    char MainSerial[17] = "fughy683dfu7teqg";
    char *SERIAL = (char*)(0x0159F3C8 + 8);//1.18.70
    memset(SERIAL, 0, 17);
    memcpy(SERIAL, MainSerial, strlen(MainSerial));


    //HookThis_JMP((DWORD)&MyMultiByte, 0x0051e968); // S13
    //HookThis_JMP((DWORD)&MyMultiByte1, 0x0051E9A8); // S13
    //HookThis_JMP((DWORD)&MyWideChar, 0x00A34ADD); // S12
    //HookThis_JMP((DWORD)&MyWideChar1, 0x00A34B0E); // S12
    //SetRange((LPVOID)0x0A2DA30A, 9, 0x90);


    //HookThis_JMP((DWORD)&MySendp, 0x0A2DA30A);


}
void __declspec(naked)  MySendp()
{
    //0A2DA30A    8B45 08         mov eax, dword ptr ss : [ebp + 0x8]
    //    0A2DA30D    8985 F8FAFFFF   mov dword ptr ss : [ebp - 0x508], eax
    //    0A2DA313    81BD F8FAFFFF F>cmp dword ptr ss : [ebp - 0x508], 0xFD
    static DWORD MyJmp = 0x0A2DA313;
    __asm
    {
        mov eax, dword ptr ss : [ebp + 0x0C]; 
        push eax;
        call gLog;
        mov eax, dword ptr ss : [ebp + 0x8];
        mov dword ptr ss : [ebp - 0x508], eax;
        jmp[MyJmp];
    }
}


void gLog(BYTE * pMsg)
{
    BYTE iLen;
    switch (pMsg[0])
    {
    case 0xC1:
        iLen = pMsg[1];
        break;
    case 0xC2:
        iLen = pMsg[2];
    default:
        break;
    }
    char buff[_MAX_PATH] = { 0 };
    _getcwd(buff, sizeof(buff));
    strcat(buff, "\\Send.txt");
    std::ofstream ofs(buff, std::ios::app);//建立ofstream对像。
    ofs << std::hex;
    for (int i = 0; i<iLen; i++)
    {


        ofs << "0x" << (static_cast<short>(pMsg[i]) & 0xff) << " ";
    }
    ofs << "\r\n";


    ofs.close();
    return;
}
void __declspec(naked)MyWideChar()
{
    static DWORD MyAddr = 0x3A8;
    static DWORD MyJmp = 0x00A34AE5;
    __asm
    {
        push MyAddr;
        call WideCharToMultiByte;
        jmp[MyJmp];
    }


}
void __declspec(naked)MyWideChar1()
{
    static DWORD MyAddr = 0x3A8;
    static DWORD MyJmp = 0x00A34B16;
    __asm
    {
        push MyAddr;
        call WideCharToMultiByte;
        jmp[MyJmp];
    }
}


void __declspec(naked)MyMultiByte()
{
    static DWORD MyAddr = 0x3A8;
    static DWORD MyJmp = 0x0051e973;
    
    __asm
    {
    push eax;
    push 0;
    push MyAddr
    call dword ptr ds : [0x137E210];
    jmp[MyJmp];
    }
}




void __declspec(naked)MyMultiByte1()
{
    static DWORD MyAddr = 0x3A8;
    static DWORD MyJmp = 0x0051E9B3;
    __asm
    {
        push eax;
        push 0;
        push MyAddr;
        call dword ptr ds : [0x137E210];
        jmp[MyJmp];
    }
}




// -------------------------------------------------------------------------------
void __declspec(naked) muSendPacket(BYTE* buff, int len)
{
    __asm
    {
        PUSH EBP;
        MOV EBP, ESP;
        MOV EAX, len;
        PUSH EAX;
        PUSH buff;
        MOV ECX, DWORD PTR DS : [MU_SENDER_CLASS];
        MOV EDX, MU_SEND_PACKET;
        CALL EDX;
        MOV ESP, EBP;
        POP EBP;
        RETN;
    }
}
void SendPacket(BYTE* lpMsg, DWORD size, int enc, int unk1)
{
    
    //if (lpMsg[2] == 0x0E || lpMsg[2] == 0x03 || lpMsg[2] == 0x19 || lpMsg[2] == 0x32)
    //{
    //    lpMsg[0] = 0xC3;
    //}
    static BYTE send[8192];


    memcpy(send, lpMsg, size);
    if (enc)
    {
        if (lpMsg[0] == 0xC1)
        {
            BYTE save = lpMsg[1];


            lpMsg[1] = (*(BYTE*)(MAIN_PACKET_SERIAL))++;


            size = gPacketManager.Encrypt(&send[2], &lpMsg[1], (size - 1)) + 2;


            lpMsg[1] = save;


            send[0] = 0xC3;
            send[1] = size;
        }
        else if (lpMsg[0] == 0xC2)
        {
            BYTE save = lpMsg[2];


            lpMsg[2] = (*(BYTE*)(MAIN_PACKET_SERIAL))++;


            size = gPacketManager.Encrypt(&send[3], &lpMsg[2], (size - 2)) + 3;


            lpMsg[2] = save;


            send[0] = 0xC4;
            send[1] = HIBYTE(size);
            send[2] = LOBYTE(size);
        }
    }
    muSendPacket(send, size);
}
void ParsePacket(void* PackStream, int unk1, int unk2)
{
    BYTE* buff;
    while (true)
    {
        __asm {
            MOV ECX, PackStream;
            MOV EDX, PARSE_PACKET_STREAM;
            CALL EDX;
            MOV buff, EAX;
        }
        if (!buff)
            break;


        BYTE DecBuff[7024];
        unsigned int DecSize;


        int proto;
        int size;
        int enc;




        switch (buff[0])
        {
        case 0xC1:
            proto = buff[2];
            size = buff[1];
            enc = 0;
            break;
        case 0xC2:
            proto = buff[3];
            size = *(WORD*)&buff[1];
            enc = 0;
            break;
        case 0xC3:
            enc = 1;
            size = buff[1];
            DecSize = gPacketManager.Decrypt(&DecBuff[1], &buff[2], size - 2);
            DecBuff[0] = 0xC1;
            DecBuff[1] = DecSize + 2;
            size = DecSize + 2;
            buff = DecBuff;
            proto = DecBuff[2];
            break;
        case 0xC4:
            enc = 1;
            size = MAKEWORD(buff[2], buff[1]);
            DecSize = gPacketManager.Decrypt(&DecBuff[2], &buff[3], size - 3);
            DecBuff[0] = 0xC2;
            DecBuff[2] = LOBYTE(DecSize + 3);
            DecBuff[1] = HIBYTE(DecSize + 3);
            size = DecSize + 3;
            buff = DecBuff;
            proto = buff[3];
            break;
        }


        if (unk1 == 1)
        {
            typedef int(*tProtocolCore2)(int, int, BYTE*, int, int);
            tProtocolCore2 ProtocolCore2 = (tProtocolCore2)PROTOCOL_CORE1;
            ProtocolCore2(unk2, proto, buff, size, enc);
        }
        else
        {
            typedef int(*tProtocolCore)(int, BYTE*, int, int);
            tProtocolCore ProtocolCore = (tProtocolCore)PROTOCOL_CORE2;
            bool bUseClientProtocolCore = CliProtocolCore(buff, proto, size, enc); // DLL protocolcore
            if (bUseClientProtocolCore)
            {
                ProtocolCore(proto, buff, size, enc); // Main.exe protocolcore
            }


        }




    }
}

The Client DLL look like a decompiled source from IGC.DLL ?

I don't know where your source code comes from.

They got your PC. RIP !

 

[florus]

Anyone have link for

1.18.70 client?​

 

[Pyke]

Uplouding the Client Files, i will edit this post @lst thank you

Client link:

You must be registered to see links

 

[lst]

I only have this link


链接:

You must be registered to see links

提取码: 8nwb



Encryption and decryption use XTeam, Protrcol uses IGC

 

[florus]

I only have this link

链接:

You must be registered to see links

提取码: 8nwb



​

- - - Updated - - -​

Encryption and decryption use XTeam, Protrcol uses IGC​

Can you share your HookManager? need methods like GetBuffer,setNumeric,HookThis_JMP and other​

 

[bolliks]

Can you please post libery for compiling source ?

 

[ashlay]

Well i have made some progress.

 

[lst]

Can you share your HookManager? need methods like GetBuffer,setNumeric,HookThis_JMP and other​

Xteam Client source Copy

 

[xuanthanhyt]

Well i have made some progress.

Plz, share full server and client, thanks

 

[LTPTeam]

Xteam Client source Copy

x-team client dont have it. I found it in IGCN sources.

 

[shadfly]

Well i have made some progress.

You can share main 1.18.70 cracked

 

[LTPTeam]

Xteam Client source Copy

X-Team client dont have it. I found it in IGCN sources.



Some progress:

 

[shadfly]

X-Team client dont have it. I found it in IGCN sources.



Some progress:

Is it equally effective?

How to get IGCN client 1.18.70 sources

 

[LTPTeam]

How to get IGCN client 1.18.70 sources

no way. IGCN dont use this client.



Anyone have offset PARSE_PACKET_STREAM?

 

[bolliks]

Well i have made some progress.

How did you manage compile source ? can you share libary that you used and with version of Visual studio you used.
And can you share me dataserver.ini ?

 

[LTPTeam]

Anyone have offsets PROTOCOL_CORE1 and PROTOCOL_CORE2?