HOW TO EDIT / ADD / REALOC EXP TABLE 'Tutu"

M

microamazing

Elite Diviner
Trophy Point Collector 10 Happy Years
Joined
Jan 19, 2007
Messages
401
Reaction score
41
ok, software u will need to use to "realoc" exp table...
1) olldbg
2) any hex editor / pe explorer ( i chose pe, i like he =D )

well i will do it with client but for server the steps are the same...

fist you will need to open client in 'pe explorer' and go do dissasembly...wait some minutes for he done... =D
and open cleint with ollydbg too...
ok...
well, if you know something about pt, you see the exp for lvl 1 is 1000 and 1000 for search in hex is
3e80, ok,search for it in PE, you will finde mane values but the exp table aways is like it (
microamazing - HOW TO EDIT / ADD / REALOC EXP TABLE 'Tutu" - RaGEZONE Forums
)
ok. you find-it...
now, you will need to copy some adress in my case [005f3ce8 = start of table ( not is realy start but realoc of he and you dont have any problems)]
now if you see the client add 4 values ... ( 005f3ce8 + 4 = 005f3cec ) ... and lest value is... ( in this picture)
005f3cfc ( exp for lvl 2 or end of lvl 1 i think...) now, you will donw the scroll and see the "push" for lvl 80...
(
microamazing - HOW TO EDIT / ADD / REALOC EXP TABLE 'Tutu" - RaGEZONE Forums
)
copy this adress too, in my case 005f4008 and ( +4 ) 005f400c
going down and you will see the end of table, in my case i am using original kpt game V.1892 ... and exp table go to
lvl 120 only..
going down....
(
microamazing - HOW TO EDIT / ADD / REALOC EXP TABLE 'Tutu" - RaGEZONE Forums
)
now you see many other values..
note all ...
and here are the segred...
you never see some like it ... " 119 : asdsagd , 120 = asuysadgsay " you see only values... the client will cont number
of values to add the lvl...
ok..
the 'fist' value now, is the last lvl... in my case 005f40a0 ... and ( +4 ) 005f40a4
so, now you see the exp values... the realy End the table... note all
to make it easy do somethink like it
---------------------------------
005f40a0 = f5c152b2
005f40a4 = 0000011f
-------------------------
and go write all ...
all PUSH VALUE... i think is some like 15 or 19... or more =X
ok, all write....
now you will search for the adress in pe ( ctrl +f ) im my case i will seach for 005f40a0 ... and other too...
well you will find many references to this value.
this is very important, WRITE ALL like it
---------------------------------
005f40a0 = f5c152b2 - > adasdsd /asdasdsa /sadasdd
005f40a4 = 0000011f _ > dsdsda / asdasd
-------------------------
you will find adress with 4 , 5 ,6 push and other with only one...
write all..
ok... all done for pe..
can close pe now.. wii dont he anymore...
go to olly!!!
open client and you need to have inside he other exp table with hex value for 150 or more..
now find other table and only "realoc"
go to fist adress of table and you take "this adress"
---------------------------------
005f40a0 = f5c152b2 - >>>>>>>> adasdsd /asdasdsa /sadasdd <<<<<<<
005f40a4 = 0000011f _ >>>>>>>> dsdsda / asdasd <<<<<<<<
-------------------------
find it in new table and change with olly, make right and be attention,
to dont wrong any value, or will dont get exp or get dc, or dont see "lvl up"
change all..
dont forgott the lvl 80 and the end of table is bigger value now...
...
all done, right click with olly and go to " copy to executable file" and save it...
only test !!!

all done!!!


sorry for my bad english and for a 'bad' tutorial , i dont have many time, but with u have any
question post here... i will try to help !!!
 
i'll try this m8..tnx

why do u have to add 4?i already copied the addresses..ieven wrote it down.=p so what's next?i'm kinda confused with your tutorial..-_-"
 
Last edited by a moderator:
Im pretty confused too, I already know how to find the XP value in the server/client.exe, but the part about Olly, I dont get.

ok... all done for pe..
can close pe now.. wii dont he anymore...
go to olly!!!
open client and you need to have inside he other exp table with hex value for 150 or more..
now find other table and only "realoc"
go to fist adress of table and you take "this adress"
---------------------------------
005f40a0 = f5c152b2 - >>>>>>>> adasdsd /asdasdsa /sadasdd <<<<<<<
005f40a4 = 0000011f _ >>>>>>>> dsdsda / asdasd <<<<<<<<
-------------------------
find it in new table and change with olly, make right and be attention,
to dont wrong any value, or will dont get exp or get dc, or dont see "lvl up"
change all..
dont forgott the lvl 80 and the end of table is bigger value now...
...
all done, right click with olly and go to " copy to executable file" and save it...
only test !!!
Click to expand...

005f40a0 = f5c152b2 - >>>>>>>> adasdsd /asdasdsa /sadasdd <<<<<<<
005f40a4 = 0000011f _ >>>>>>>> dsdsda / asdasd <<<<<<<<

I found in reference to 005f40a0 & 005f40a4 which is the value for level 118 010FF5C152B2, but since I am using a different client, I actually found them in 005F10A0 - 005F10A5, there are no other values based on this address that I can see.


Also, what client and server version are you using? I am using KPT 1871 and KPT endless tower ultimate realease 2.2.

Thanks
 
Last edited:
>just
does KPT 1871 client EXE support all teleport destination(using teleport core)?...meaning up to ET2...can u give me a link where i can download it?my client is just up to ICE1...tnx

a video would be better...=p
 
Last edited by a moderator:
I don't remember where I got it from, but here's the original one.. the original file date should be 8/25/2007..

To view the content, you need to sign in or register
 
---------------------------------
005f40a0 = f5c152b2 - >>>>>>>> adasdsd /asdasdsa /sadasdd <<<<<<<
005f40a4 = 0000011f _ >>>>>>>> dsdsda / asdasd <<<<<<<<
-------------------------
is like

offset/exptable = ur/push - >>>>> calls of this offset / call2 / call 3/// and keep going..
 
Ok i dunno if this topic is considered "old" or out of date yet, but can somebody please explain it better...im so lost with this whole tutorial...its to unorganized for me to read.

Can anybody just cut the exp table in half, and then give the values, and a tut of how to put them into your server.exe and your client would be better...thanks
 
err.. not tested.. but you guys means this?
Code: 
.text:004419C4 loc_4419C4:                             ; CODE XREF: LevelCheck+19j
.text:004419C4                 cmp     ecx, ds:dword_450E024[eax*8]
.text:004419CB                 jl      short loc_4419E1
.text:004419CD                 jg      short loc_4419D8
.text:004419CF                 cmp     edx, ds:lvl1[eax*8]
.text:004419D6                 jb      short loc_4419E1
.text:004419D8
.text:004419D8 loc_4419D8:                             ; CODE XREF: LevelCheck+17j
.text:004419D8                                         ; LevelCheck+22j ...
.text:004419D8                 inc     eax
.text:004419D9                 cmp     eax, 120 ; Change here to 150
.text:004419DC                 jl      short loc_4419B0
.text:004419DE                 xor     eax, eax
.text:004419E0                 retn
.text:004419E1 ; ---------------------------------------------------------------------------
.text:004419E1
.text:004419E1 loc_4419E1:                             ; CODE XREF: LevelCheck+2Bj
.text:004419E1                                         ; LevelCheck+36j
.text:004419E1                 inc     eax
.text:004419E2                 retn
.text:004419E2 LevelCheck      endp


Code: 
.text:00447F5E loc_447F5E:                             ; CODE XREF: LevelStr2+A4j
.text:00447F5E                 cmp     esi, 120 ; change here to 150
.text:00447F61                 jge     short loc_447FE0
.text:00447F63                 call    sub_441940
.text:00447F68                 mov     ecx, ds:dword_450E4D0
.text:00447F6E                 cmp     ecx, eax
.text:00447F70                 jnz     short loc_447FE0
.text:00447F72                 mov     eax, ds:off_450E4D4
.text:00447F77                 cmp     eax, edx
.text:00447F79                 jnz     short loc_447FE0
.text:00447F7B                 lea     ecx, [esi+1]
.text:00447F7E                 mov     [ebp+3944h], ecx
.text:00447F84                 mov     edx, ds:lvl1[esi*8]
.text:00447F8B                 mov     eax, dword_8EAE28
.text:00447F90                 mov     [eax+39CCh], edx
.text:00447F96                 mov     eax, dword_8EAE28
.text:00447F9B                 mov     ecx, [eax+154h]
.text:00447FA1                 mov     edx, [eax+150h]
.text:00447FA7                 mov     eax, [eax+14Ch]
.text:00447FAD                 push    1
.text:00447FAF                 push    300
.text:00447FB4                 push    ecx
.text:00447FB5                 add     edx, 8192
.text:00447FBB                 push    edx
.text:00447FBC                 push    eax
.text:00447FBD                 call    sub_507A00
.text:00447FC2                 push    400
.text:00447FC7                 push    7
.text:00447FC9                 call    sub_4DE5C0
.text:00447FCE                 add     esp, 1Ch
.text:00447FD1                 call    sub_443C60
.text:00447FD6                 call    sub_553740
.text:00447FDB                 call    sub_558580
.text:00447FE0
.text:00447FE0 loc_447FE0:                             ; CODE XREF: LevelStr2+8Cj
.text:00447FE0                                         ; LevelStr2+96j ...
.text:00447FE0                 pop     esi
.text:00447FE1                 pop     ebp
.text:00447FE2                 pop     edi
.text:00447FE3                 mov     eax, 1
.text:00447FE8                 pop     ebx
.text:00447FE9                 retn
.text:00447FE9 LevelStr2       endp

where lvl1 is:

Code: 
_exp:0450E000                 dd 88CFh, 0
_exp:0450E008                 dd 333C0000h, 6B776148h
_exp:0450E010 LeveltableStart dd 0Ah                  ; DATA XREF: sub_441A60+15r
_exp:0450E010                                         ; sub_447FF0+2Cr ...
_exp:0450E014 dword_450E014   dd 90009h               ; DATA XREF: sub_441A60+1Dr
_exp:0450E014                                         ; sub_447FF0+34r ...
_exp:0450E018 dword_450E018   dd 0                    ; DATA XREF: sub_441940r
_exp:0450E018                                         ; sub_441940+38r ...
_exp:0450E01C dword_450E01C   dd 0                    ; DATA XREF: sub_441940+5r
_exp:0450E01C                                         ; sub_441940+2Fr ...
_exp:0450E020 lvl1            dd 1000                 ; DATA XREF: LevelCheck+2Fr
_exp:0450E020                                         ; LevelStr2+D4r
_exp:0450E024 dword_450E024   dd 0                    ; DATA XREF: LevelCheck:loc_4419C4r
_exp:0450E028                 dd 2500
_exp:0450E02C                 dd 0

just find the references for lvl1 (2 in my case) and change the cmp reg, 120 to cmp reg 150

Btw: This is for panzer, but the samething an be done to game.exe

This should do, i guess...

I
 
You must log in or register to reply here.

RaGEZONE Sponsor

    HyperFilter

About RaGEZONE

RaGEZONE® is the top forum for MMO, MMORPG, and mobile game development. We provide binaries, source codes, and tutorials for your favorite games, making it the go-to resource for developers and fans. You can also find and share private servers, fostering a vibrant gamer community.

Forum Statistics

Members online
933
Guests online
2,530
Total visitors
3,463
Totals may include hidden visitors.

RaGEZONE Partners

    nongamstopbets.com UK sites not on GamStop Casino Deps NZ
Back