Unpacked Clients for pRO with ways of finding hex codes

[heero]

sir heero. with regards sa last string

hnd q kc agad nakita 2ng post. nag search muna aq and found

E8 B2 24 DD FF
90 90 90 90 90

hnd gumana,

i tried yours

E8 B2 24 DD FF 3B C6 74 75
90 90 90 90 90 90 90 90 90

under certain circumstance nag g-gravity error

i tried

E8 B2 24 DD FF 3B C6
90 90 90 90 90 90 90

gumana without errors, can you please verify.

yan kc nirelease q sa bapt. pero re-directing mga players to visit your trend.

Godbless.

First off you have to know how assembly language works to figure out why your code and my code are different.
If we used your hex the program would look like this

Code: Select all

* Reference To: kernel32.CreateMutexA, Ord:0000h
                                  |
:0079FE45 FF1580F17F00            Call dword ptr [007FF180]
:0079FE4B 50                      push eax
:0079FE4C FFD7                    call edi
:0079FE4E 85C0                    test eax, eax
:0079FE50 0F85D1000000            jne 0079FF27   <----------------  Multiple client hex
:0079FE56 0FBE05A9CD8900          movsx eax, byte ptr [0089CDA9]
:0079FE5D 0FBE15AACD8900          movsx edx, byte ptr [0089CDAA]
:0079FE64 0FBE0DA8CD8900          movsx ecx, byte ptr [0089CDA8]
:0079FE6B 03D0                    add edx, eax
:0079FE6D 0FBE05A7CD8900          movsx eax, byte ptr [0089CDA7]
:0079FE74 03D1                    add edx, ecx
:0079FE76 0FBE0DA6CD8900          movsx ecx, byte ptr [0089CDA6]
:0079FE7D 03D0                    add edx, eax
:0079FE7F 0FBE05A5CD8900          movsx eax, byte ptr [0089CDA5]
:0079FE86 03D1                    add edx, ecx
:0079FE88 0FBE0DA4CD8900          movsx ecx, byte ptr [0089CDA4]
:0079FE8F 03D0                    add edx, eax
:0079FE91 03D1                    add edx, ecx
:0079FE93 81FAC9020000            cmp edx, 000002C9
:0079FE99 0F8588000000            jne 0079FF27
:0079FE9F B9681E9800              mov ecx, 00981E68
:0079FEA4 E80745FEFF              call 007843B0
:0079FEA9 90                      nop
:0079FEAA 90                      nop
:0079FEAB 90                      nop
:0079FEAC 90                      nop
:0079FEAD 90                      nop
:0079FEAE 90                      nop
:0079FEAF 90                      nop
:0079FEB0 7475                    je 0079FF27

* Possible StringData Ref from Data Obj ->"resNameTable.txt"
                                  |
:0079FEB2 681CE58300              push 0083E51C
:0079FEB7 E834D4DDFF              call 0057D2F0

My hex

Code: Select all

* Reference To: kernel32.CreateMutexA, Ord:0000h
                                  |
:0079FE45 FF1580F17F00            Call dword ptr [007FF180]
:0079FE4B 50                      push eax
:0079FE4C FFD7                    call edi
:0079FE4E 85C0                    test eax, eax
:0079FE50 0F85D1000000            jne 0079FF27   <----------------  Multiple client hex
:0079FE56 0FBE05A9CD8900          movsx eax, byte ptr [0089CDA9]
:0079FE5D 0FBE15AACD8900          movsx edx, byte ptr [0089CDAA]
:0079FE64 0FBE0DA8CD8900          movsx ecx, byte ptr [0089CDA8]
:0079FE6B 03D0                    add edx, eax
:0079FE6D 0FBE05A7CD8900          movsx eax, byte ptr [0089CDA7]
:0079FE74 03D1                    add edx, ecx
:0079FE76 0FBE0DA6CD8900          movsx ecx, byte ptr [0089CDA6]
:0079FE7D 03D0                    add edx, eax
:0079FE7F 0FBE05A5CD8900          movsx eax, byte ptr [0089CDA5]
:0079FE86 03D1                    add edx, ecx
:0079FE88 0FBE0DA4CD8900          movsx ecx, byte ptr [0089CDA4]
:0079FE8F 03D0                    add edx, eax
:0079FE91 03D1                    add edx, ecx
:0079FE93 81FAC9020000            cmp edx, 000002C9
:0079FE99 0F8588000000            jne 0079FF27
:0079FE9F B9681E9800              mov ecx, 00981E68
:0079FEA4 E80745FEFF              call 007843B0
:0079FEA9 90                      nop
:0079FEAA 90                      nop
:0079FEAB 90                      nop
:0079FEAC 90                      nop
:0079FEAD 90                      nop
:0079FEAE 90                      nop
:0079FEAF 90                      nop
:0079FEB0 90                      nop
:0079FEB1 90                      nop

* Possible StringData Ref from Data Obj ->"resNameTable.txt"
                                  |
:0079FEB2 681CE58300              push 0083E51C
:0079FEB7 E834D4DDFF              call 0057D2F0

The command je 0079FF27 would be useless since there is nothing to check so in my code I just removed it thats all. I dont see a difference between using your way or my way from an assembly language point of view. Btw the command jne 0079FF27 is what we hexed out to allow multiple clients (I marked it in our code just to show you) thats why in my code I removed it. Its perfectly fine to use your method but you will still encounter gravity errors even I did with my own hex. Not sure what triggers it but after a reboot the program works again, so I did'nt look into it too much.

[anzei]

The command je 0079FF27 would be useless since there is nothing to check so in my code I just removed it thats all. I dont see a difference between using your way or my way from an assembly language point of view. Btw the command jne 0079FF27 is what we hexed out to allow multiple clients (I marked it in our code just to show you) thats why in my code I removed it. Its perfectly fine to use your method but you will still encounter gravity errors even I did with my own hex. Not sure what triggers it but after a reboot the program works again, so I did'nt look into it too much.

thanks, at least i can ease my mind already. thanks for the explanation.

[anzei]

after the patch (feb 06, 2013) i noticed that the original client supplied by the patch, (anyway i'm playing @ valkyrie server philippines) is quite large. well i thought it's a glitch so i updated my backup RO, but it returned the same result. giving me a 4.6mb original client. tried to unpacked via stripper but seemed to be already unpacked so i decided to use "dasm" the conventional method posted by sir heero doesn't work. so i tried finding the hex codes manually,

anyway got the codes for feb 06, 2013 original client, and hopefully sir heero will update the codes for other users.

anyway sir heero, here are the hex strings.

85 C0 74 07 C6 05 87 5D 98 00 01 33 DB
85 C0 EB 07 C6 05 87 5D 98 00 01 33 DB


85 C0 0F 85 D1 00 00 00 0F BE 05 A9 BD 89 00
85 C0 90 90 90 90 90 90 0F BE 05 A9 BD 89 00


E8 92 26 DD FF 3B C6
90 90 90 90 90 90 90

is it me or did they really changed the way hex string assembly looks compared before?

[bilyakosta]

previous hex still works anyways. just re-paste the hexed exe.

[michie1624]

previous hex still works anyways. just re-paste the hexed exe.

hi sir can you pls send your previous hex.exe to my email kakeroo04@yahoo.com thanks! i forgot to make back up for my previous hex.exe

[anzei]

previous hex still works anyways. just re-paste the hexed exe.

yeah luckily the previous hex still works, but i already tried finding ways to determin the hex strings just in case.

[michie1624]

previous hex still works anyways. just re-paste the hexed exe.

yeah luckily the previous hex still works, but i already tried finding ways to determin the hex strings just in case.

sir can you pls send me the previously hex i forgot to make back up of mine T_T plsss!

kindly send it here kakeroo04@yahoo.com thanks!

[anzei]

previous hex still works anyways. just re-paste the hexed exe.

yeah luckily the previous hex still works, but i already tried finding ways to determin the hex strings just in case.

sir can you pls send me the previously hex i forgot to make back up of mine T_T plsss!

kindly send it here kakeroo04@yahoo.com thanks!

actually it's quite easy to follow sir heeros guide. we highly discourage members downloading files from others. it's better to study and do it yourself. heed my advise. you'll be safer that way.

[michie1624]

actually it's quite easy to follow sir heeros guide. we highly discourage members downloading files from others. it's better to study and do it yourself. heed my advise. you'll be safer that way. [/quote]


oh thanks for the concern sir... actually i figure out how to hex again using the current patch ciao

[anzei]

oh thanks for the concern sir... actually i figure out how to hex again using the current patch ciao

no prob )