mmk... i guess today you get to learn how to bypass checks on functions
you know how when you try a lawnmower it says hacking attempt detected
can you find ZPostShotMelee in ijji gunz?
can you find ZPostShotMelee in ijji gunz?
00481D10
scroll down
you'll find a PUSHAD
then about 7 lines below that you will find a POPAD
(went to 00401000)
then right click
find all referenced text strings
search for Shot.Melee
press enter
look for the packet id
which for ZPostShotMelee
is 2735
PUSH 2375
right click
binary copy it
ctrl+b
shift + insert to HEX24
search that
then scroll up to PUSH EBP
you would have to bypass checks in ZModule then find the ZCharacter::SetHP and ZCahracter::SetAP functions
kinda odd
ones that aren't in zpost are hard to find.
scroll down the pushad part
the check code
is from pushad
down to popad
then
lower down
a line that syas mov dword ptr ds[]
there are numbers in []
ooops
call dword ptr ds
that line is also a check
just use memcopy to realace all those lines with null or nop
http://gunzhacks.net/tutorials/Lesson%205%20-%20Advanced%20Signatures/
best way to find sethp and setap
it should start with call dword ptr ds
in the dll code
memcpy((DWROD*)Address,(BYTE*)0x90,1);
replace Address with the address we are replacing with nop
which means we do that on all the check code addresses
creat a slash
meaning
calling that many times creates a lawnmower hack
there should be 9 addresses to replace
here are the addresses for ZPostShotMell checks
00481E1C 00481E1D 00481E1F 00481E22 00481E25 00481E28 00481E2D 00481E30 00481E3B
XD a set of those to replace for every function
it's just SetHp and SetAp
ZCharacter::SetHp
controls your character
there is ZPostRequestSpawn
which is respawn
but
you could also use
ZCharacter::Revival
same class
'Hacking' 카테고리의 다른 글
| ART Tutorial (0) | 2008.12.25 |
|---|---|
| Hit Tracing by using ollydbg (0) | 2008.12.25 |
| The Control Characters (0) | 2008.12.23 |
| ASCII characters 0 to 127 , Extended ASCII (0) | 2008.12.23 |
| IBM PC Keyboard Scan Codes (1) | 2008.12.23 |
