Unpacked Clients for pRO with ways of finding hex codes

[vhonn]

Trys this codes

Multiple Clients:

Search: 85 C0 74 07 C6 05 EF D9 98 00 01 33 DB

Replace: 85 C0 EB 07 C6 05 EF D9 98 00 01 33 DB

Search: 85 C0 0F 85 D1 00 00 00 0F BE 05 A1 2F 8A 00

Repalce: 85 C0 90 90 90 90 90 90 0F BE 05 A1 2F 8A 00

Removing GameGuard:

Search: E8 A2 13 DD FF 3B C6 74 75

Replace: 90 90 90 90 90 90 90 90 90

Strings based on unpacked ragexe/valexe last patch June 5 2013
I hope this will help!

Still doesn't work for me. Thanks anyway.

Do you have the unpacked client?

[amp_kid37]

Do you have the unpacked client?

Yes sir, I already tried the ones on the first page.

[amp_kid37]

Any MOD online? I have something to check onto, I'm having problem uploading it, dunno why. Could you please give me your dummy email, so you can check if there is something malicious in it. Thank you in advance.

[bgamez23]

can you unpacked the latest client patch?thanks in advance.

[bianka]

i cant open the stripper 2.07 on win 7 32 bit





what should I do?

[itsjayem]

i cant open the stripper 2.07 on win 7 32 bit
what should I do?

It can't be used with windows 7/8
you need to run it on windows XP, either had it as dual boot, vmware or ask someone who has XP OS.
you may also use an unpacked client from someone you trust or ask him to unpack it for you if he has XP pc.

[hippo]

Updated 05/18/2013
You can use either one of these unpacked ragexe
unpacked ragexe.exe by noobotter, http://www.mediafire.com/download/8ib64 ... Ragexe.rar
unpacked ragexe.exe by heero, http://www.mediafire.com/download/hpfss ... 8-2013.zip
unpacked sakexe.exe by heero, http://www.mediafire.com/download/5mja4 ... 5-2013.zip

Currently only sakexe.exe can be used for almost all servers of pRO so if your from any other server use the unpacked sakexe.exe and just rename it to your specific server. (valexe.exe for Valkyrie, lokiexe.exe for New Loki, and so on)
The file above is for people who don't know how to unpack Ragnarok exe

figured I should post this since people have been having problems with multiple window hexing
Belladonas - credit for the original posts
Old guide - http://forums.openkore.com/viewtopic.php?p=33

Files used along with this post:
Ragexe.exe unpacker - http://www.mediafire.com/?8ie73qzx9bnz0ll (may be reported as a trojan use at your own risk)
URSoft W32DASM V8.93 - http://www.exetools.com/disassemblers.htm
XVI32 Hex Editor - http://www.chmaas.handshake.de/delphi/f ... /xvi32.htm

Use the old method listed on this link to find the hex codes.
http://forums.openkore.com/viewtopic.ph ... &start=160

The method listed below is obsolete and only kept for future reference.
OPENING MULTIPLE CLIENTS OF RAGNAROK
First step is to search for WINMM.timeBeginPeriod it should look like the code below

Code: Select all

* Reference To: WINMM.timeBeginPeriod, Ord:0090h
                                  |
:0079FC15 FF15F8E77F00            Call dword ptr [007FE7F8]

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0079FBE6(C)
|
:0079FC1B E83087EEFF              call 00688350
:0079FC20 56                      push esi
:0079FC21 FF150CEA7F00            call dword ptr [007FEA0C]
:0079FC27 6A3F                    push 0000003F
:0079FC29 8D942425030000          lea edx, dword ptr [esp+00000325]
:0079FC30 56                      push esi
:0079FC31 52                      push edx
:0079FC32 C684242C03000000        mov byte ptr [esp+0000032C], 00
:0079FC3A E825F30000              call 007AEF64

* Possible StringData Ref from Data Obj ->"Surface"
                                  |
:0079FC3F 68A4BD8900              push 0089BDA4
:0079FC44 8D842430030000          lea eax, dword ptr [esp+00000330]
:0079FC4B 68F8D48300              push 0083D4F8
:0079FC50 50                      push eax
:0079FC51 FF15B0E77F00            call dword ptr [007FE7B0]
:0079FC57 83C418                  add esp, 00000018
:0079FC5A 56                      push esi
:0079FC5B 8D8C2424030000          lea ecx, dword ptr [esp+00000324]
:0079FC62 51                      push ecx
:0079FC63 56                      push esi
:0079FC64 56                      push esi
:0079FC65 FF157CE17F00            call dword ptr [007FE17C]
:0079FC6B 50                      push eax
:0079FC6C FFD7                    call edi
:0079FC6E 85C0                    test eax, eax
:0079FC70 0F85D1000000            jne 0079FD47  <----------------- This is what we need to edit first
:0079FC76 0FBE05A9BD8900          movsx eax, byte ptr [0089BDA9]
:0079FC7D 0FBE15AABD8900          movsx edx, byte ptr [0089BDAA]
:0079FC84 0FBE0DA8BD8900          movsx ecx, byte ptr [0089BDA8]
:0079FC8B 03D0                    add edx, eax
:0079FC8D 0FBE05A7BD8900          movsx eax, byte ptr [0089BDA7]
:0079FC94 03D1                    add edx, ecx
:0079FC96 0FBE0DA6BD8900          movsx ecx, byte ptr [0089BDA6]
:0079FC9D 03D0                    add edx, eax
:0079FC9F 0FBE05A5BD8900          movsx eax, byte ptr [0089BDA5]
:0079FCA6 03D1                    add edx, ecx
:0079FCA8 0FBE0DA4BD8900          movsx ecx, byte ptr [0089BDA4]
:0079FCAF 03D0                    add edx, eax
:0079FCB1 03D1                    add edx, ecx
:0079FCB3 81FAC9020000            cmp edx, 000002C9
:0079FCB9 0F8588000000            jne 0079FD47
:0079FCBF B9680A9800              mov ecx, 00980A68
:0079FCC4 E80745FEFF              call 007841D0
:0079FCC9 E89226DDFF              call 00572360  <---------------- This is for disabling GameGuard
:0079FCCE 3BC6                    cmp eax, esi
:0079FCD0 7475                    je 0079FD47
:0079FCD2 68E4D48300              push 0083D4E4
:0079FCD7 E814D6DDFF              call 0057D2F0
:0079FCDC 8BC8                    mov ecx, eax
:0079FCDE E85DC3DDFF              call 0057C040
:0079FCE3 8B942480030000          mov edx, dword ptr [esp+00000380]
:0079FCEA 8B442418                mov eax, dword ptr [esp+18]
:0079FCEE 52                      push edx
:0079FCEF 50                      push eax
:0079FCF0 E8BBECFFFF              call 0079E9B0  <---------------- Take note of this line you will need it later
:0079FCF5 83C408                  add esp, 00000008
:0079FCF8 85C0                    test eax, eax
:0079FCFA 744B                    je 0079FD47
:0079FCFC 8D4C2440                lea ecx, dword ptr [esp+40]

The first line I marked above is what we need to edit.

Search:
85 C0 0F 85 D1 00 00 00 0F BE 05 A9 BD 89 00
Replace:
85 C0 90 90 90 90 90 90 0F BE 05 A9 BD 89 00

Now remember the line I wanted you to take note of call 0079E9B0 we must search for :0079E9B0 (dont forget the colon thats important) when you find :0079E9B0 it should look like the lines below

Code: Select all

* Referenced by a CALL at Address:
|:0079FCF0   
|
:0079E9B0 83EC60                  sub esp, 00000060
:0079E9B3 A170E78900              mov eax, dword ptr [0089E770]
:0079E9B8 33C4                    xor eax, esp
:0079E9BA 8944245C                mov dword ptr [esp+5C], eax
:0079E9BE A138C18800              mov eax, dword ptr [0088C138]
:0079E9C3 53                      push ebx
:0079E9C4 55                      push ebp
:0079E9C5 56                      push esi
:0079E9C6 8B742470                mov esi, dword ptr [esp+70]
:0079E9CA 57                      push edi
:0079E9CB 50                      push eax
:0079E9CC 50                      push eax
:0079E9CD 89742428                mov dword ptr [esp+28], esi
:0079E9D1 8935685D9800            mov dword ptr [00985D68], esi
:0079E9D7 FF1528E77F00            call dword ptr [007FE728]
:0079E9DD 85C0                    test eax, eax
:0079E9DF 7407                    je 0079E9E8  <----------------- This is what we need to look for
:0079E9E1 C605875D980001          mov byte ptr [00985D87], 01

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0079E9DF(C)
|
:0079E9E8 33DB                    xor ebx, ebx
:0079E9EA 6A77                    push 00000077
:0079E9EC 56                      push esi
:0079E9ED 895C242C                mov dword ptr [esp+2C], ebx
:0079E9F1 C744243090E17900        mov [esp+30], 0079E190
:0079E9F9 895C2434                mov dword ptr [esp+34], ebx
:0079E9FD 895C2438                mov dword ptr [esp+38], ebx
:0079EA01 8974243C                mov dword ptr [esp+3C], esi
:0079EA05 FF152CE77F00            call dword ptr [007FE72C]
:0079EA0B 68007F0000              push 00007F00
:0079EA10 53                      push ebx
:0079EA11 89442440                mov dword ptr [esp+40], eax
:0079EA15 FF1548E77F00            call dword ptr [007FE748]
:0079EA1B 6A04                    push 00000004
:0079EA1D 89442440                mov dword ptr [esp+40], eax
:0079EA21 FF1570E07F00            call dword ptr [007FE070]
:0079EA27 89442440                mov dword ptr [esp+40], eax
:0079EA2B A138C18800              mov eax, dword ptr [0088C138]
:0079EA30 8D4C2424                lea ecx, dword ptr [esp+24]
:0079EA34 51                      push ecx
:0079EA35 895C2448                mov dword ptr [esp+48], ebx
:0079EA39 8944244C                mov dword ptr [esp+4C], eax
:0079EA3D FF1530E77F00            call dword ptr [007FE730]

Now we just search for the line we marked.

Search:
85 C0 74 07 C6 05 87 5D 98 00 01 33 DB
Replace:
85 C0 EB 07 C6 05 87 5D 98 00 01 33 DB

That should enable you to run multiple ragnarok clients now.

To disable GameGuard just look at the above code for WINMM.timeBeginPeriod and look down a bit I marked it already.

Search:
E8 92 26 DD FF 3B C6 74 75
Replace:
90 90 90 90 90 90 90 90 90

That should disable GameGuard for the pRO client.

thx u

[kaBOTi]

anybody knows the hex code for reading data folder? or a guide on how to trace it?

[subkristen]

Hi Everyone/Admins.

I'm confused on the codes provided in this thread since there are lots hex strings posted by contributors and admins.
I don't really know which one is official.
Can someone update the first post and put a quote on it so it would be easy for the readers to identify which is the correct one?
I dont even know if the codes on the 1st post are for tutorial purposes or the updated hex strings.

I appreciate your help.

Suggested template should be added on first post.

Updated (insert date here)

Disable Gameguard
Search: XX XX XX XX XX XX XX
Replace: XX XX XX XX XX XX XX

Multiple Window
Search: XX XX XX XX XX XX XX
Replace: XX XX XX XX XX XX XX

Search: XX XX XX XX XX XX XX
Replace: XX XX XX XX XX XX XX

Search: XX XX XX XX XX XX XX
Replace: XX XX XX XX XX XX XX

[rpacx]

For those who downloaded the new client title Ragnarok : Hall of Abyss Patch this code is to hex f2pexe. you can also use this hexed f2p to Ragexe and Sakexe . you need to rename it.

hexed your own client for safety . The same method but this is updated. This is for exe name f2pexe

Search:
85 C0 74 07 C6 05 CF CD 98 00 01
Replace:
85 C0 EB 07 C6 05 CF CD 98 00 01

Search:
85 C0 0F 85 D1 00 00 00 0F BE 15 C9 21 8A 00
Replace:
85 C0 90 90 90 90 90 90 0F BE 15 C9 21 8A 00

Search:
E8 72 2B DD FF 3B C6 74 75
Replace:
90 90 90 90 90 90 90 90 90

*If you dont trust me then follow heero procedure . Download the unpacker, dissassembler and xvi32 . Then, Follow this procedure by noobooter http://forums.openkore.com/viewtopic.ph ... &start=160