Updated 10/28/2011
Unpacked ragexe.exe
http://www.mediafire.com/?wdt7uwcfmobqhxo
This is for people who don't know how to unpack ragexe.exe
figured I should post this since people have been having problems with multiple window hexing
Belladonna - credit for the original posts
OPENING MULTIPLE CLIENT WINDOWS
For the first string, search for USER32.FindWindowA until you find the block that looks something like this:
Code: Select all
* Reference To: user32.FindWindowA, Ord:0000h
|
:00706E18 FF15B0F37400 Call dword ptr [0074F3B0]
:00706E1E 85C0 test eax, eax
:00706E20 7407 je 00706E29 <----------------- This is what we need to look for
:00706E22 C60530F0850001 mov byte ptr [0085F030], 01
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00706E20(C)
|
:00706E29 53 push ebx
:00706E2A 33FF xor edi, edi
:00706E2C 6A77 push 00000077
Search:
85 C0 74 07 C6 05 30 F0 85 00 01 53 33 FF 6A 77
Replace:
85 C0 EB 07 C6 05 30 F0 85 00 01 53 33 FF 6A 77
For the second string, search for KERNEL32.CreateMutexA
The values needed are actually under KERNEL32.WaitForSingleObject as seen below
Code: Select all
* Reference To: kernel32.CreateMutexA, Ord:0000h
|
:007080E5 FF1534F17400 Call dword ptr [0074F134]
:007080EB 50 push eax
* Reference To: kernel32.WaitForSingleObject, Ord:0000h
|
:007080EC FF1528F27400 Call dword ptr [0074F228]
:007080F2 85C0 test eax, eax
:007080F4 0F85CC010000 jne 007082C6 <----------------- This is what we need to look for
:007080FA 0FBE0542217B00 movsx eax, byte ptr [007B2142]
Search:
85 C0 0F 85 CC 01 00 00 0F BE 05 42 21 7B 00
Replace:
85 C0 90 90 90 90 90 90 0F BE 05 42 21 7B 00
The reason for using 90 90 90 90 90 90 is because the old code had je <address> this new code had jne <address> which means it will only need to jump if its not equal so we can just use NOP (90) to ignore the condition and let the code run.
For the third string, search for mss32._AIL_open_3D_provider@4 until you find the block that looks something like this:
Code: Select all
* Reference To: mss32._AIL_open_3D_provider@4, Ord:0000h
|
:0041C80A FF1504F67400 Call dword ptr [0074F604]
:0041C810 85C0 test eax, eax
:0041C812 7409 je 0041C81D <----------------- This is what we need to look for
:0041C814 5F pop edi
:0041C815 5E pop esi
:0041C816 32C0 xor al, al
:0041C818 5B pop ebx
:0041C819 8BE5 mov esp, ebp
:0041C81B 5D pop ebp
:0041C81C C3 ret
Search:
85 C0 74 09 5F 5E 32 C0 5B 8B E5 5D C3
Replace:
85 C0 EB 09 5F 5E 32 C0 5B 8B E5 5D C3
That should enable you to run multiple ragnarok clients now.
To disable GameGuard do this
Search for KERNEL32.CreateMutexA then scroll down until you see the code similar to the one below. I have pointed out the code we need to look for.
Code: Select all
* Reference To: kernel32.CreateMutexA, Ord:0000h
|
:007080E5 FF1534F17400 Call dword ptr [0074F134]
:007080EB 50 push eax
* Reference To: kernel32.WaitForSingleObject, Ord:0000h
|
:007080EC FF1528F27400 Call dword ptr [0074F228]
:007080F2 85C0 test eax, eax
:007080F4 0F85CC010000 jne 007082C6
:007080FA 0FBE0542217B00 movsx eax, byte ptr [007B2142]
:00708101 0FBE0D41217B00 movsx ecx, byte ptr [007B2141]
:00708108 0FBE1540217B00 movsx edx, byte ptr [007B2140]
:0070810F 03C1 add eax, ecx
:00708111 0FBE0D3F217B00 movsx ecx, byte ptr [007B213F]
:00708118 03C2 add eax, edx
:0070811A 0FBE153E217B00 movsx edx, byte ptr [007B213E]
:00708121 03C1 add eax, ecx
:00708123 0FBE0D3D217B00 movsx ecx, byte ptr [007B213D]
:0070812A 03C2 add eax, edx
:0070812C 0FBE153C217B00 movsx edx, byte ptr [007B213C]
:00708133 03C1 add eax, ecx
:00708135 03C2 add eax, edx
:00708137 3DC9020000 cmp eax, 000002C9
:0070813C 0F8584010000 jne 007082C6
:00708142 B978AB8500 mov ecx, 0085AB78
:00708147 E824B9FBFF call 006C3A70
:0070814C E8DF47E4FF call 0054C930 <----------------- This is what we need to look for
:00708151 85C0 test eax, eax
:00708153 0F846D010000 je 007082C6
Search:
E8 DF 47 E4 FF
Replace:
90 90 90 90 90
That should disable GameGuard for Valkyrie/New Chaos.