Search
 
 

Display results as :
 


Rechercher Advanced Search

Latest topics
» ~=?{The future is here, TastyExploit officially open to the public}?=~
Tue Mar 02, 2010 11:00 pm by Dami

» My first aa script
Tue Mar 02, 2010 7:00 am by wafflemaster

» the real story behind Maverin
Tue Mar 02, 2010 1:33 am by SoundOfDeat

» Random spam
Mon Mar 01, 2010 11:52 pm by Danny1994

» [Request] EMS v56 Exe
Mon Mar 01, 2010 12:39 am by Dami

» [Blacklist] NX-Trading Blacklist.
Mon Mar 01, 2010 12:38 am by Danny1994

» I have a question regarding the meso farmer
Sat Feb 27, 2010 10:30 pm by Dami

» What are you listening to now?
Sat Feb 27, 2010 7:57 pm by Noname111111

» Video(s) Of The Day
Sat Feb 27, 2010 7:37 pm by Noname111111

Navigation
 Portal
 Index
 Memberlist
 Profile
 FAQ
 Search
Affiliates
free forum
 



Updating/Finding Addresses

Go down

Updating/Finding Addresses

Post by Dami on Thu Aug 13, 2009 5:08 pm

One good tutorial for you people.
Though i would have preferred the one i read on cef few years ago, but i believe this is at least half good as it was Smile

Credits for Altalavista from - Gamerzneeds

Astalavista - gamerzneeds wrote:Although this was written a while ago for an early version of
MapleStory, the concepts are still applicable and there is extremely
useful information here for those who "want to learn how to hack"
-MadHatter

"Table of Contents"

Section 1
Array of Bytes
Section 2
Recognizing and Removing Variables From You AoBs
Section 3
Updating Using Gamevision
Section 4
Updating using ollydbg
Section 5
Updating Using .CEMs
Section 6
Updating addresses with opcode using a CE
Section 7
Updating A Script
Section 8
Updating Pointers
Section 9
Attachments

Section 1

By Soliunasm

["Array Of Bytes"]

Well it's that season, with hackers flying around. A little boy came up
from the ground. He asked "Why do I die?" The answer was "Because you
need godmode -BADWORD filtered by Aksha filter-". The little boy looked
gleefully, at the brave man. He wanted to know how to get this great
hack. He went to MPC forums and what did he discover? He had become a
leecher, like any other. He asked for hacks all around, fleeing to the
sticky's with everything found. A new patch came, he remained so sad.
Until the people found more for this clan. He took all the addys and
what did he discover "How come I can't get these" he asked his mother.

All right, with that out of the way *clears throat*. The point of that
story was the child or something wanted to know how people find hacks.
Well I'm here to teach you :knockedout:

We Need You To Learn How To Find Them
1. Log in to maple and bypass and such.
2. When you are logged in, go to the Cheat Table and where it says "4 Byte", double-click that and select "Array of Bytes".
3. The value should have changed to "00 00 00 00" or something like that.
4. Copy that and put it into notepad or something.
5. That is how you find the Array of Bytes

Video Tutorial:By ICE}

Picture Tutorial:Here

How To Find An Address
1. Go to "Memory View" and right-click on the bottom box (Do not I repeat do NOT click any of those letters past the addresses or else it will Blue-Screen you).
2. Select "Search Memory".
3. Tick the box that says "(Array of) byte" and put in the Array you have.
4. If you followed these steps correctly, it will lead you to the address!

Video Tutorial:By WsTsK8eR

Picture Tutorial:Here


Section 2

By Sponge

"Recognizing and Removing Variables From You AoBs"

Situation:

MapleStory
just went through a patch. You find you're AOB's and start searching.
Oh no!!! They don't work... Chances are, you have variables in your
AOB's. This will also help port things from one version of MS to
another.


Solution:

Lets first look at...

Little Endian:

I will be using an address near the No Soft-Keyboard address.
Code:
004805BB |. A1 74607D00 MOV EAX,DWORD PTR DS:[7D6074]

To understand how little endian works we have to look at the address part of the script.

Human Language: 7D6074
Computer Language: 74607D

If you can conceptualize what I'm trying to say...
Little Endian stores in hex the bytes in a backwords order.
This will help you quickly recognize offsets and addresses in AOB's.

Common Variables:

Offsets, jumps, and addresses are likely to change between versions of MS and patches.

XX = Variable (I'll later show you how to add that into the AOB.)

Jumps:
Code:
Short jump: 75 XX
Long jumps: 0F XX XX XX XX XX or if you're sure the conditional jump type is the same 0F [Don't make this byte a variable] XX XX XX XX.

Offsets:
004805C0 |. 8D48 04 LEA ECX,DWORD PTR DS:[EAX+4]
The offset is 4 at this address. It is subject to change.

Code:
8D 48 XX

Addresses:
Look back at the address used to show how little endian works.
MOV EAX,DWORD PTR DS:[7D6074] The AOB should be...

Code:
A1 XX XX XX 00



Turning it into a searchable AOB:

I'll be using the first address introduced to show you how to add variables into the AOB.

For easier reading I will represent variables as underscores/_.
However variables are represented by spaces in CE.

Thanks to Drkgodz and prolific... if it is easier for you, you may use ?? for the variable byte.

1. Type in the first byte with a space in between bytes.
Code:
A1

2. Add in the first variable byte with no space in between bytes.
Code:
A1 _

3. Continue with the rest of the AOB.
Code:
A1 ___00

The final result should be:
Code:
A1 00

A simple way to calculate the number of spaces is to get
number of bytes+1. So you have 2 variable bytes +1 which makes 3 spaces.
__________________________________________________ __________________________________________

Offtopic Tip:
Sometimes when you write codecaves(allocs are codecaves) you use
opcodes that modify flags. Conditional jumps are decided whether to
jump or not by flags. So it is advisable to use pushf before you start and popf
before you jump back to normal MS code. No you do not need to use popfd
or pushfd, Uzeil and I already discussed that pushfd and popfd push
higher level flags and that we do not need to use those.

Section 3

By SpiffySlayer



If you don't know what GameVision is, search for it.


How to people update address/scripts so fast?

This shows how to add more address to update in a single click.


If you're not Tech-Savy, there's no point for you to try it. I'll be skipping a lot of common sense steps.

A. I'm assuming you have GV.

1. Open RegEdit.

2. Local machine --> Software ---> GameVision.

3. Open the MapleStory Directory.

-------------------------------------------

B. How to add your own.

1. Right-Click MapleStory Dir, New--> Key

2. Rename that to whatever hack you're going to use. Not neccesary, but helps when organizing.

3. Right click the new dir --> New -- > String Value.

4. Rename it to "Identify"

5. Then, for the value, add a "%" and whatever you want to call it.

I.E --> %Godmode or --> %Stubi

6. Right click the dir --> New --> String Value.

7. Rename as "Search"

8. Add the value as the AOB of the address, WITHOUT SPACES:

I.E Instead of
Code:
89 07 8B 5D 14 85 DB 74 58 FF B6 84 00 00 00 8D

You want

Code:
89078B5D1485DB7458FFB6840000008D

9. Open the MapleStory Dir, There should be a file called

"TextFormat".

10. Under here, write how you want your address to appear, using your "Identify" name.

Ie.

Godmode: %Godmode (Taken from example above).

Once again, if you don't know what this means, go google GameVision. Or something else. It is a file made by the godly Shu.


Section 4

By SpiffySlayer

Updating Using olly dbg

First of all, it's a tutorial made in flash, since it's easier to show you. And, it's 12 mb.

For those people who are confused about the AOB'S changing - How to find the addresses, even with different AOB'S.

Credits : Camtasia for an awesome screen recorder.(and instant demo)
Olly Dbg - oleh yuschuck

Video TuT
Download Video TuT


Section 5

By duffy290

Updating Using .CEMs
~~~~~~~Updating Hax~~~~~~~~
~~~~~~Quick Duff Guide~~~~~~~


#Loading CEM's#
1.Load two cheat engines such as game cheetah
2.Goto open process, usally top left icon or file > open process
3.Click open file and load v37.cem in first engine & v38.cem in 2nd engine

#Update Example (One Level Map v37)#


We will refer to which engine to goto as V37 (one with v37 cem load) & V38 (38.cem loaded)

Code:
[enable]
00548d73:
fstp st(1)
[disable]
00548d73:
fstp st(0)

#V37 Engine#
1.As you cem region starts from 00400000 we need to minus this amount from the address first so
548d73 = 148d73
2.Goto memory view and right click goto address 148d73 it will shoe the
opcode fstp st(0) from the disable section (orginal opcode)
3.Ok so now we know we are at the correct address, now right click in
the bottom half off the memory view screen and select goto address
and enter the same addie 148d73, no left click on the HEX that shows on the top row and copy it.
4.Should be the same as this
DD D8 DD 45 D4 8B 45 0C DD 19, maby more bytes at the end if you copied more than me

#v38 Engine#
1.On the front of you engine should be a drop down menu with value type next to it, click on it and select array of bytes
2.Copy the DD D8 DD 45 D4 8B 45 0C DD 19 into the text box above it (this is you v37 AOB's) and click on first scan
3.One or more addies will show up to the left, if one addie this is your new address congratz on updating your first hack.
For this only one addie will show 0014a5a2 the new v38 address
4.If more than one you need to filter through them to find a working one Razz
5. As we subtrated 00400000 we need to add this again so 14a5a2 =
5145a2. Dont wry if your confused you get used to adding subtracting
quickly


Ok let's update the hack

548d73 = v37 address which we updated to 54a5a2 so just add it into the existing script


Code:
[enable]
0054a5a2:
fstp st(1)
[disable]
0054a5a2:
fstp st(0)

Congratz on updating...

#TIPS#

1. AOB's dont produce results? Try scanning for the address above or below the original hack
then when you find new version of it goto the address above or below again to update your hack Razz
2. Still no luck? If it has a searchable opcode like SSEAX then goto memory view and click search menu
and choose find assembly code, then enter your opcode and click ok Razz
SSEAX Y for example is mov [ebp+0c],eax
3. Sometimes you need to remove some AOB's till you get results i.e
DD D8 DD 45 D4 8B 45 0C DD 19 could = 0 results
where as
DD D8 DD 45 could = 1 or more results


Last edited by Dami3n on Thu Aug 13, 2009 5:18 pm; edited 5 times in total
avatar
Dami
Dragon
Dragon

Posts : 1414
Join date : 2009-08-10
Age : 29
Location : Finland

Back to top Go down

Re: Updating/Finding Addresses

Post by Dami on Thu Aug 13, 2009 5:08 pm

Astalavista - gamerzneeds wrote:Section 6

By brycez0rz

[Tutorial On Updating Addresses Via Opcodes Using a Cheat Engine]


Introduction

Seeing that I see a few requests about people wanting to know how to
update their addresses without the AOB's when a patch comes, incase the
AOB's change, I decided to make this tutorial. I know I'll probably get
flamed and whatever, but I don't care as long as one person learns
something. I know there is a different, easier way in OllyDBG, but I'm
not very familiar with Olly.

What you'll need:
Something to save opcodes in (eg notepad, comment them out in a script, I reccomend notepad so it stays neat)
An undetected Cheat Engine.
Some knowledge.

On with the tutorial!

1. First, open your CE and attatch to MapleStory.

2. Once you've attatched to MapleStory, open up memory viewer and find the address that you want to save.

3. See that opcode next to it, that's the operation code. Double click that opcode and you'll have this window come up.

Copy that line into a blank notepad file.

4. Do the same with the 2 addresses above it, and the 2 underneath it. You should have something similar to mine.

*Note: You will not have the same opcodes as me, I just attatched to
Windows Explorer and did this, I couldn't be bothered opening up
MapleStory.

5. See how I have it very similar to how it is in memory view? I have it like

Code:
mov esi,[esi+08]
test esi,esi
je 0044460 <<< The address I want to find after it's AOB's change.
push esi
push edi

I have it like that so I know what address I am looking for
and what the opcodes above it are and what the ones underneath it are.
If I had it like this:

Code:
je 0044460
push esi
push edi
mov esi,[esi+08]
test esi,esi

How would I know what opcode belongs where? I wouldn't.

Now that you have your opcodes saved, imagine MapleStory updates.. Now how do you find the addresses with these? Simple.
I'll explain that now

Open memory view and go to Search > Find Assembly Code. It is located near the File button.

See how I saved a jump? The address something jumps to can change too,
so in the window that came up, I would type "push esi","test esi,esi",
"mov esi,[esi+08]" or "push edi", After you've typed in the opcode you
want to look for, press enter. If you're looking for a jump, search for
the opcode above it or under it. I pointed this out because a large
amount of the MapleStory hacks are jumps.

In my case I'm searching for "mov esi,[esi+08]", these were my
results.

Now if I double click on the addresses that appear, I go to that
address in memory viewer. So just double click through them addresses
until you find the one with the same or very similar instructions. If
you get a lot of addresses from one opcode search, try searching
another opcode and see if you get less addresses.

Thats all for now

Hope you learnt something ~

P.s. Sorry it's not indepth and extremely step by step, I just thought
you should need at least some knowledge and skills at following
instructions to do this :\\



Section 7

By Iamok

Updating A Script
(If this helped you out please let me know) ;D

Well many of you are new and are leechers. That's the truth, don't deny it.
Now after every patch I know most of you are lost until someone like
Devilsin comes to save you with a CT. So I'm here to help you update
scripts of your own, so you won't have to wait.


First you need the new addresses. To get them you need to use array of bytes. Go here for help on arrays. - credit to WsTsK8eR



Now that you have your addresses it's time to learn how to update a script.


The first line after the [enable] is the actual address. Type it in.


Now see the "je" part, well that line is called the opcode.


To find it just follow these simple steps.

1. Start up maplestory, make sure your UCE is attached
2. Go into Memory View
3. Right Click, and find 63F487( the address of godmode)
4. Right Click on 63F487and click Assemble
5. The code that is highlighted is the original opcode

Now, this is the script for .33 GMS (GODMODE)

Code:
[enable]
63F487: // the address
je 0063FC12 //the opcode
[disable]
63F487: //the address (repeated)
jne 0063FC12 //the opcode (repeated)

DO NOT change the actual script itself otherwise you'll screw it up.

Simply remove the address and the opcodes. (This is what it looks like without the addresses.)

Code:
[enable]
(address) :
je (opcode#)
[disable]
(address):
jne (opcode#)

You do not need to change the "jne" and the "je" part, ever



Now add the current address where the old addresses were. This is the finished product.

Code:
[enable]
64356A: //new address
je 00643CF5 //new opcode
[disable]
64356A:
jne 00643CF5

----------------------------------------------------------------------------------------------------

Now let's try updating a more difficult script like mouse vac.

This is the .36 Mouse vac
Code:
[Enable]
Alloc(MouserX,512)
Alloc(MouserY,512)
label(back)
label(return)

6B68F6: // use the AoBs to find the new address
jmp MouserX
back:

6B695B: // use the AoBs to find the new address
jmp MouserY
return:

MouserX:
mov eax, [7D5360]// // The X mouse pointer address (needs to be updated)
mov eax, [eax+978] // offset #1 (may need to be updated)
mov eax, [eax+80] // offset #2 (may need to be updated)
mov [ebx], eax
mov edi,[ebp+10]
jmp back

MouserY:
mov eax, [7D5360] // // The Y mouse pointer address (needs to be updated)
mov eax, [eax+978] // offset #1 (may need to be updated)
mov eax, [eax+84] // offset #2 (may need to be updated)
mov [edi], eax
mov ebx,[ebp+14]
jmp return

[Disable]
6B68F6: // the original address repeated, don't forget to update this one.
mov [ebx], eax
mov edi,[ebp+10]

6B695B: // the original address repeated, don't forget to update this one.
mov [edi],eax
mov ebx,[ebp+14]
dealloc(MouserX)
dealloc(MouserY)

Notice how I didn't say update the opcode? That's because
we only update opcodes that have an address in them, but this script
doesn't have one..

Code:
[Enable]
Alloc(MouserX,512)
Alloc(MouserY,512)
label(back)
label(return)

006b621b: // new .37 address
jmp MouserX
back:

006b6280: / new .37 address
jmp MouserY
return:

MouserX:
mov eax, [7d4360] // the new X Mouse Pointer address
mov eax, [eax+978] // stayed the same
mov eax, [eax+80] // stayed the same
mov [ebx], eax
mov edi,[ebp+10]
jmp back

MouserY:
mov eax, [7d4360] // the new Y mouse pointer address
mov eax, [eax+978] // stayed the same
mov eax, [eax+84] //stayed the same
mov [edi], eax
mov ebx,[ebp+14]
jmp return

[Disable]
006b621b: // the new .37 address repeated
mov [ebx], eax
mov edi,[ebp+10]

006b6280: // the new .37 address repeated
mov [edi],eax
mov ebx,[ebp+14]
dealloc(MouserX)
dealloc(MouserY)




Section 8

By frosty5689

Updating A Pointer

This is more on updating the pointer. Let's say u have the updated

wallvac pointer for v.34 and ur no breath,character coordinate pointers

are for v.33. You also have wallvac pointer for v.33. What you do is look

@ pointer of wall vac v.33 and no breath v.33. Whichever is bigger u

minus it with the smaller address. Then u get the diffrence. If wall vac is

bigger then u take the v.34 pointer for wall vac and minus the diffrence.

If no breath pointer is bigger then u take the v.34 walll vac address
and add the diffrence. This is the most logical and likely way of
getting the right one.


Note: This has been working for me for as long as i discovered this. I
used this method serveral times because it's easiest to update pointer
and also good to revive old pointer that i have no idea of how to find
the dynamic address.

Section 9

I hope you learned something!

Game Vision detector

mediafire.com ?d4drnwofejr
avatar
Dami
Dragon
Dragon

Posts : 1414
Join date : 2009-08-10
Age : 29
Location : Finland

Back to top Go down

Re: Updating/Finding Addresses

Post by gOt2b on Thu Aug 13, 2009 6:11 pm

nice TUT ^^

gOt2b
New member
New member

Posts : 32
Join date : 2009-08-13
Age : 24
Location : Hungary

Back to top Go down

Re: Updating/Finding Addresses

Post by Sponsored content


Sponsored content


Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum