'Gunz'에 해당되는 글 8건

  1. 2009.06.09 How to find Addresses in Gunz by CEOinIRVINE
  2. 2009.01.10 1.2.3.bmp by CEOinIRVINE
  3. 2009.01.09 Gunz Offset by CEOinIRVINE
  4. 2009.01.01 Gunz Hacking: LOLTASTIC.RAR 12/30/08 by CEOinIRVINE
  5. 2008.12.24 Gunz Hacking by CEOinIRVINE
  6. 2008.12.16 Gunz Hack loltastic.dll by CEOinIRVINE
  7. 2008.09.24 Gunz Online by CEOinIRVINE 1
  8. 2008.09.18 Gunz AWESOME AUTUMN event. (gunz.ijji.com) by CEOinIRVINE

How to find Addresses in Gunz

Hacking 2009. 6. 9. 04:36

This is my second gunz tutorial =3
Today I will teach you all how to find
all your favorite hacking functions in an
unpacked gunz.

remember you cant call some one if you don't
know what their number is correct?
So to call the function that lets say makes a slash
we need to know where it is to call it over and over
again to make a lawnmower hack
and this is exactly what I will be teaching :)

You will need:

Ollydebugger
CurrentUnpackedGunz
OldGunzclient+OldGunzaddresses
JGunzclient+JGunzaddresses
FullGunz.pdbDump

Ok lets start simple lets say we want to make a lawnmower hack
How do we find where the function that makes a slash is located
in the Gunz.exe so open up your unpacked gunz in
olly and take a look.

METHOD 1 "PacketIDs"
The function that makes a slash is ZPostShot and ZPostShotMelee
to find these in your current(or any) unpacked gunz client
go to olly and right click in the CPU window->go down to where
it says "Search for"->find and click on "All Reference Text Strings".
This will search all the gunz.exe for referenced text
and most functions can be found by this method.
To find ZPostShot first click on view on the main top bar
and find "references".
(notice that after you do search for reference
text this window should automatically open and you dont have to do this
step)
Right click in the "Reference Window"->click on "search for text"
a popup will appear with checkboxes, make sure you uncheck
"Case Sensitive" and check "Entire Scope".
Now you not knowing what specific text string ZPostShot is
you should use a text that is in the name i.e "Shot" and press
Ctrl+L to search for next until you find the one you think it is.
But I know what ZPostShot is its "Peer.Shot".
so you find it in reference text and click to find it in the CPU window
just press enter or double click.
and you should see something like this:
Code:
  PUSH Unpacked.0065D0B8
  PUSH 2732
  MOV ECX,DWORD PTR SS:[EBP-1B44]
  CALL Unpacked.0050C920
You see the PUSH 2732?
the four digits ->"2732"<- that is the "PacketID"
With this you can find your function.
Just right click on the line where the packet ID is located
and select "Binary"->"Binary Copy".
Now that you have copied to the clip board
Right click->"Search for"->"Binary String"(Ctrl+B)
and in the "HEX +05" space paste the binary(Ctrl+V)
and hit OK.
That will jump you to the function(it should) and it does not
just press Ctrl+L to keep searching.
If you do find it just scroll up to the start of the function
it should look like this (the full ZPostShot function)
Code:
  PUSH EBP
  MOV EBP,ESP
  PUSH -1
  PUSH Unpacked.006367DB
  MOV EAX,DWORD PTR FS:[0]
  PUSH EAX
  MOV DWORD PTR FS:[0],ESP
  SUB ESP,14
  MOV EAX,DWORD PTR DS:[6D3AD8]
  MOV ECX,DWORD PTR DS:[EAX+30]
  MOV EAX,DWORD PTR DS:[ECX]
  MOV EDX,DWORD PTR DS:[EAX]
  PUSH EBX
  PUSH ESI
  MOV ESI,DWORD PTR SS:[EBP+8]
  FLD DWORD PTR DS:[ESI]
  PUSH EDI
  MOV DWORD PTR SS:[EBP-20],EDX
  CALL Unpacked.005925D0
  FLD DWORD PTR DS:[ESI+4]
  MOV WORD PTR SS:[EBP-1C],AX
  CALL Unpacked.005925D0
  FLD DWORD PTR DS:[ESI+8]
  MOV WORD PTR SS:[EBP-1A],AX
  CALL Unpacked.005925D0
  MOV ESI,DWORD PTR SS:[EBP+C]
  FLD DWORD PTR DS:[ESI]
  MOV WORD PTR SS:[EBP-18],AX
  CALL Unpacked.005925D0
  FLD DWORD PTR DS:[ESI+4]
  MOV WORD PTR SS:[EBP-16],AX
  CALL Unpacked.005925D0
  FLD DWORD PTR DS:[ESI+8]
  MOV WORD PTR SS:[EBP-14],AX
  CALL Unpacked.005925D0
  MOV WORD PTR SS:[EBP-12],AX
  MOV AL,BYTE PTR SS:[EBP+10]
  PUSH 2732
  MOV BYTE PTR SS:[EBP-10],AL
  CALL Unpacked.004C6340
  PUSH 10
  MOV ESI,EAX
  CALL Unpacked.0062C25E
  ADD ESP,8
  MOV DWORD PTR SS:[EBP+8],EAX
  XOR EDI,EDI
  CMP EAX,EDI
  MOV DWORD PTR SS:[EBP-4],EDI
  JE L055
  PUSH 11
  LEA ECX,DWORD PTR SS:[EBP-20]
  PUSH ECX
  MOV ECX,EAX
  CALL Unpacked.0050AC40
  JMP L056
  XOR EAX,EAX
  PUSH EAX
  MOV ECX,ESI
  MOV DWORD PTR SS:[EBP-4],-1
  CALL Unpacked.0050D020
  PUSH ESI
  CALL Unpacked.004C6400
  ADD ESP,4
  MOV DWORD PTR SS:[EBP+8],EDI
  PUSHAD
  MOV EAX,EBP
  ADD EAX,4
  MOV EAX,DWORD PTR DS:[EAX]
  MOV DWORD PTR SS:[EBP+8],EAX
  MOV EAX,Unpacked.00481D90
  MOV DWORD PTR SS:[EBP+C],EAX
  POPAD
  MOV EAX,DWORD PTR SS:[EBP+8]
  CMP EAX,Unpacked.00401000
  JBE L077
  CMP EAX,3000000
  JB L082
  PUSH 238D
  CALL Unpacked.004C6340
  PUSH EAX
  CALL Unpacked.004C6400
  ADD ESP,8
  MOV ECX,DWORD PTR SS:[EBP-C]
  POP EDI
  POP ESI
  MOV DWORD PTR FS:[0],ECX
  POP EBX
  MOV ESP,EBP
  POP EBP
  RETN
There you just found your function.
All ZPost functions will have packetIDs so they are easy
to find but what about other functions like the one used
to make a godmode hack? well this is where our JGunz.exe
comes in.

METHOD 2 (WildCards)
Open JGunz(or OldGunz) in Ollydbg
open JGunz GunzFunction.txt in notepad
and press Ctrl+F in notepad
and type "ZModule_HPAP::SetHP"or"ZModule_HPAP::SetAP"
and press enter you will find that
in JGunz ZModule_HPAP::SetHP is located at 0047DDD0
so copy that address and go to JGunz in olly and
click on this button ->and paste the address there
click Ok or press enter
In JGunz the full ZModule_HPAP::SetHP looks like this:
Code:
  MOV EAX,DWORD PTR SS:[ESP+4]
  PUSH ESI
  PUSH EDI
  MOV EDI,ECX
  XOR ECX,ECX
  TEST EAX,EAX
  SETL CL
  DEC ECX
  AND ECX,EAX
  MOV DWORD PTR SS:[ESP+C],ECX
  FILD DWORD PTR SS:[ESP+C]
  FCOM DWORD PTR DS:[EDI+8]
  FSTSW AX
  TEST AH,5
  JPO L017
  FSTP ST
  FLD DWORD PTR DS:[EDI+8]
  CALL JGunz.005533F8
  MOV DWORD PTR SS:[ESP+C],EAX
  MOV AL,BYTE PTR DS:[EDI+18]
  XOR ESI,ESI
  TEST AL,AL
  JE L038
  CALL JGunz.0048E030
  MOV ESI,EAX
  LEA EDX,DWORD PTR DS:[EDI+10]
  ADD ESI,8
  PUSH EDX
  MOV ECX,ESI
  CALL JGunz.00526370
  TEST EAX,EAX
  JE L038
  MOV ECX,EAX
  CALL JGunz.00526210
  TEST AL,AL
  JNZ L038
  MOV ECX,ESI
  CALL JGunz.00526B00
  FILD DWORD PTR SS:[ESP+C]
  MOV CL,BYTE PTR DS:[EDI+18]
  TEST CL,CL
  LEA EAX,DWORD PTR DS:[EDI+10]
  FADD DWORD PTR DS:[5D0444]
  FSTP DWORD PTR DS:[EAX]
  JE L049
  PUSH 4
  PUSH EAX
  MOV ECX,ESI
  CALL JGunz.005263A0
  POP EDI
  POP ESI
  RETN 4
as you can see there is no packetID so we are going to do a Binary
Copy :)

So highlight alittle bit of the fuction i.e:
Code:
  PUSH ESI
  PUSH EDI
  MOV EDI,ECX
  XOR ECX,ECX
  TEST EAX,EAX
  SETL CL
  DEC ECX
  AND ECX,EAX
  MOV DWORD PTR SS:[ESP+C],ECX
  FILD DWORD PTR SS:[ESP+C]
  FCOM DWORD PTR DS:[EDI+8]
  FSTSW AX
  TEST AH,5
Right click and do a Binary Copy and paste it in notepad it should
look like this
Code:
56 57 8B F9 33 C9 85 C0 0F 9C C1 49 23 C8 89 4C 24 0C DB 44 24 0C D8 57 08 DF E0 F6 C4 05
Now to organize it lets space it how it is in olly like so:
Code:
56 
57 
8B F9 
33 C9 
85 C0 0F 9C C1 
49 
23 C8 
89 4C 24 0C 
DB 44 24 0C 
D8 57 08 
DF E0 
F6 C4 05
That in Binary is the equivelant to the ASM above it :)
Ok so from the first 3 lines and the last 2 lines fill it with "??"
yep question makes.
So like this:
Code:
56 
57 
8B F9 
?? ?? 
?? ?? ?? ?? ?? 
?? 
?? ?? 
?? ?? ?? ?? 
?? ?? ?? ?? 
?? ?? ?? 
DF E0 
F6 C4 05
I am doing it this way since I know it will work
but the general rule is that what ever you copy goes through this process
FF FF (If your binary string looks like this the right side after the space should be filled with "??" so it look like FF ??
FF (If there is only 1 pair then nothing needs to be done
FFFF FF (Any pair after the space should be replaced with "??" like so FFFF ??.

Ok so thats in notepad.
Open up your current unpacked gunz in olly
and press Ctrl+B and paste the OP code you just made in notepad :)
into the HEX +05 space and click ok.

The first one you see should be the new function and at the top is the address
where its located.
It should look like this in the current gunz:
Code:
  PUSH EBP
  MOV EBP,ESP
  PUSH ECX
  FLD DWORD PTR DS:[66571C]
  PUSH EBX
  FCOMP DWORD PTR SS:[EBP+8]
  PUSH ESI
  PUSH EDI
  MOV EDI,ECX
  FSTSW AX
  TEST AH,41
  JNZ L014
  FLD DWORD PTR DS:[66571C]
  JMP L015
  FLD DWORD PTR SS:[EBP+8]
  FCOMP DWORD PTR DS:[EDI+8]
  FSTSW AX
  TEST AH,5
  JPE L026
  FLD DWORD PTR DS:[66571C]
  FCOMP DWORD PTR SS:[EBP+8]
  FSTSW AX
  TEST AH,41
  JNZ L028
  MOV DWORD PTR SS:[EBP+8],0
  JMP L028
  MOV EAX,DWORD PTR DS:[EDI+8]
  MOV DWORD PTR SS:[EBP+8],EAX
  MOV ESI,DWORD PTR DS:[EDI+24]
  TEST ESI,ESI
  JE L051
  FLD DWORD PTR SS:[EBP+8]
  MOV EAX,DWORD PTR DS:[ESI]
  FADD DWORD PTR DS:[6506FC]
  XOR EDI,EDI
  TEST EAX,EAX
  FSTP DWORD PTR SS:[EBP+8]
  JE L039
  MOV EDI,EAX
  PUSH 4
  CALL Unpacked.0062C25E
  MOV ECX,DWORD PTR SS:[EBP+8]
  ADD ESP,4
  TEST EDI,EDI
  MOV DWORD PTR DS:[ESI],EAX
  MOV DWORD PTR DS:[EAX],ECX
  JE L081
  PUSH EDI
  CALL Unpacked.0062C28E
  ADD ESP,4
  JMP L081
  MOV AL,BYTE PTR DS:[EDI+18]
  XOR ESI,ESI
  TEST AL,AL
  JE L070
  CALL Unpacked.0049A4D0
  MOV ESI,EAX
  LEA EDX,DWORD PTR DS:[EDI+10]
  ADD ESI,8
  PUSH EDX
  MOV ECX,ESI
  CALL Unpacked.0055EAA0
  TEST EAX,EAX
  JE L070
  MOV ECX,EAX
  CALL Unpacked.0055E8B0
  TEST AL,AL
  JNZ L070
  MOV ECX,ESI
  CALL Unpacked.0055F230
  FLD DWORD PTR SS:[EBP+8]
  MOV CL,BYTE PTR DS:[EDI+18]
  TEST CL,CL
  FADD DWORD PTR DS:[6506FC]
  LEA EAX,DWORD PTR DS:[EDI+10]
  FSTP DWORD PTR DS:[EAX]
  JE L081
  PUSH 4
  PUSH EAX
  MOV ECX,ESI
  CALL Unpacked.0055EAD0
  MOV DWORD PTR SS:[EBP+8],0
  PUSHAD
  MOV EAX,EBP
  ADD EAX,4
  MOV EAX,DWORD PTR DS:[EAX]
  MOV DWORD PTR SS:[EBP+8],EAX
  MOV EAX,Unpacked.00489480
  MOV DWORD PTR SS:[EBP-4],EAX
  POPAD
  MOV EAX,DWORD PTR SS:[EBP+8]
  CMP EAX,Unpacked.00401000
  JBE L095
  CMP EAX,3000000
  JB L100
  PUSH 238D
  CALL Unpacked.004C6340
  PUSH EAX
  CALL Unpacked.004C6400
  ADD ESP,8
  POP EDI
  POP ESI
  POP EBX
  MOV ESP,EBP
  POP EBP
  RETN 4
Congrats you just found ZModule_HPAP::SetHP =3

Here is a list of some I have already found this is currently working for Ijji as of April,02,09.
Addresses
Next Gunz tutorial I will teach you how to make a simple
Dll Hack !

http://www.lethalgaming.net/forum/showthread.php?t=57725

'Hacking' 카테고리의 다른 글

URL Encoding  (0) 2009.06.10
Hacking with Javascript 2005.FEB.  (0) 2009.06.09
Lolhackerstic.dll (godmode)  (0) 2009.06.09
How to Hack a Yahoo Mail Password  (0) 2009.05.26
Debugging  (0) 2009.05.23
Posted by CEOinIRVINE
l

1.2.3.bmp

Hacking 2009. 1. 10. 10:33

'Hacking' 카테고리의 다른 글

Common Hacking Tools  (0) 2009.01.20
IDA PRO beginner tutorial  (0) 2009.01.11
Hex Calculator  (0) 2009.01.10
111  (0) 2009.01.09
Tricks in preserving registers  (0) 2009.01.09
Posted by CEOinIRVINE
l

Gunz Offset

Hacking 2009. 1. 9. 10:09 
#define pgame 0x006CE818

#define ZPostStageStart 0x0044B600

#define ZPostGameKill 0x004A29A0

#define ZPostWhere 0x00425A30

#define ZPostStageLeaveBattle 0x004349F0

#define ZPostStageEnterBattle 0x004A2840

#define ZPostChannelChat 0x0042AE50

#define ZPostRequestSpawn 0x004B38B0

#define ZPostSkill 0x00480660

#define ZPostShotSp 0x00479520

#define ZPostShot 0x004807B0

#define ZPostWhisper 0x0042BF30

#define ZPostShotMelee 0x004808F0

#define ZPostPeerChatIcon 0x00401680

#define ZPostStageChat 0x00418C50

#define ZPostRequestCharacterItemList 0x00434CA0

#define ZPostRequestTakeOffItem 0x0041ABA0

#define ZPostRequestBringBackAccountItem 0041FDD0

#define ZPostFriendList 0x00422600

#define ZPostRequestStagePlayerList 0x00422CF0

#define ZPostRequestChannelPlayerList 0x00422D70

#define ZPostRequestClanMemberList 0x00422E50

#define ZPostStageFollow 0x004258B0

#define ZPostFriendAdd 0x00425930

#define ZPostFriendRemove 0x004259B0

#define ZPostRequestJoinClan 0x00426180

#define ZPostRequestChangeClanGrade 0x00426260

#define ZPostRequestExpelClanMember 0x00426340

#define ZPostRequestStageJoin 0x00426B90

#define ZPostRequestPrivateStageJoin 0x00426C40

#define ZPostChatRoomChat 0x0042AA10

#define ZPostPeerChat 0x0042AC50

#define ZPostChannelChat 0x0042AE50

#define ZPostClanMsg 0x0042AF90

#define ZPostFriendMsg 0x0042BEB0

#define ZPostChatRoomJoin 0x0042C010

#define ZPostChatRoomLeave 0x0042C0C0

#define ZPostSelectChatRoom 0x0042C170

#define ZPostInviteChatRoom 0x0042C1F0

#define ZPostChangePassword 0x0042C2E0

#define ZPostAdminRequestJjang 0x0042C360

#define ZPostAdminRemoveJjang 0x0042C3E0

#define ZPostChatRoomCreate 0x0042D480

#define ZPostAdminRequestBanPlayer 0x0042D530

#define ZPostAdminRequestSwitchLadderGame 0x0042D5E0

#define ZPostAdminAnnounce 0x0042D690

#define ZPostAdminHalt 0x0042D770

#define ZPostReload 0x00433BB0

#define ZPostConnect 0x00433BD0

#define ZPostChangeWeapon 0x00434730

#define ZPostStageLeave 0x004347B0

#define ZPostRequestStageSetting 0x00434830

#define ZPostStageState 0x004348B0

#define ZPostStageLeaveBattle 0x004349F0

#define ZPostAccountCharInfo 0x00434AC0

#define ZPostRequestBuyItem 0x00434B40

#define ZPostRequestSellItem 0x00434BF0

#define ZPostRequestBringAccountItem 0x00434D20

#define ZPostRequestEquipItem 0x00434DD0

#define ZPostRequestQuickJoin 0x00434EB0

#define ZPostRequestGetCharQuestItemInfo 0x00434F90

#define ZPostRequestBuyQuestItem 0x00435010

#define ZPostRequestSellQuestItem 0x004350C0

#define ZPostRequestRecommendChannel 0x00444B10

#define ZPostChannelRequestJoinFromChannelName 0x00444B60

#define ZPostRequestAccountItemList 0x00444C60

#define ZPostStageCreate 0x0044AD30

#define ZPostStageMap 0x0044AE40

#define ZPostStageTeam 0x0044AEF0

#define ZPostDeleteMyChar 0x0044B030

#define ZPostCreateMyChar 0x0044B110

#define ZPostRequestForcedEntry 0x0044B310

#define ZPostRequestLeaveClan 0x0044B3C0

#define ZPostChannelAllPlayerList 0x0044B440

#define ZPostStageStart 0x0044B600

#define ZPostRequestCloseClan 0x0044B8C0

#define ZPostRequestShopItemList 0x00456D00

#define ZPostRequestDropSacrificeItem 0x00457B60

#define ZPostRequestCallbackSacrificeItem 0x00457C40

#define ZPostRequestQL 0x00457D20

#define ZPostRequestSacrificeSlotInfo 0x00457DA0

#define ZPostStageSetting 0x0045B930

#define ZPostQuestReadyToNewSector 0x00461750

#define ZPostShotSp 0x00479520

#define ZPostDash 0x0047EC20

#define ZPostShot 0x004807B0

#define ZPostSkill 0x00480660

#define ZPostReaction 0x00480A60

#define ZPostNPCRangeShot 0x0048CEA0

#define ZPostQuestRequestNPCDead 0x0048CFB0

#define ZPostQuestPeerNPCDead 0x0048D0F0

#define ZPostNPCSkillStart 0x004910C0

#define ZPostNPCSkillExecute 0x00491200

#define ZPostSpMotion 0x004A25F0

#define ZPostDie 0x004A26C0

#define ZPostLoadingComplete 0x004A2790

#define ZPostStageEnterBattle 0x004A2840

#define ZPostRequestPeerList 0x004A28F0

#define ZPostGameKill 0x004A29A0

#define ZPostRequestTimeSync 0x004A2A70

#define ZPostQuestRequestMovetoPortal 0x004A2AF0

#define ZPostPeerEnchantDamage 0x004AB940

#define ZPostRequestSpawn 0x004B38B0

#define ZPostRequestSpawnWorldItem 0x004B5D30

#define ZPostLocalEventOptainSpecialWorldItem 0x004BEDD0

#define ZPostRequestObtainWorldItem 0x004BF270

#define ZPostClanEmblemReady 0x004C16E0

#define ZPostChannelRequestJoin 0x004C4E80

#define ZPostStartChannelList 0x004C4F30

#define ZPostStopChannelList 0x004C4FE0

#define ZPostRequestSuicide 0x004C5060

#define ZPostRequestGameInfo 0x004C50E0

#define ZPostRequestStageList 0x004C5190

#define ZPostRequestMySimpleCharInfo 0x004C52A0

#define ZPostRequestClanInfo 0x004C5320

#define ZPostRequestEmblemURL 0x004C53D0

#define ZPostRequestCreateClan 0x004763A0

#define ZPostAnswerSponsorAgreement 0x004C8D10

#define ZPostRequestAgreedCreateClan 0x004C8E20

#define ZPostAnswerJoinAgreement 0x004C8FA0

#define ZPostRequestAgreedJoinClan 0x004C9080

#define ZPostRequestProposal 0x004CA7B0

#define ZPostReplyAgreement 0x004CAA30

#define ZPostUserOption 0x004CFE90

#define ZGame_OnPeerHPInfo 0x004A1050

#define ZApplication_GetGameClient 0x004990A0

#define ZGetGame 0x004AD0C0

#define ZGetGameTypeManager 0x004AD100

#define ZGetGameInterface 0x004ACFD0

#define ZGetGameClient 0x004ACFB0

#define ZCharacter_IsTeam 0x004769E0

#define ZCharacter_IsMoveAnimation 0x00476A10

#define ZCharacter_IsMan 0x00476A20

#define ZCharacter_Pick 0x00476A60

#define ZCharacter_GetHP 0x00476A80

#define ZCharacter_GetAP 0x00476A90

#define ZCharacter_SetHP 0x00476AA0

#define ZCharacter_SetAP 0x00476AB0

#define ZCharacter_Die 0x00476AC0

#define ZCharacter_SetDirection 0x00476AD0

#define ZCharacter_TestToggleCharacter 0x00476C40

#define ZCharacter_ChangeLowPolyModel 0x00476CD0

#define ZCharacter_IsAdminName 0x00476E30

#define ZCharacter_OnLevelDown 0x00476E50

#define ZCharacter_OnLevelUp 0x00476E60

#define ZCharacter_LevelUp 0x00476E80

#define ZCharacter_LevelDown 0x00476F00

#define ZCharacter_IsRunWall 0x00476F80

#define ZCharacter_IsAttackable 0x00477000

#define ZCharacter_ColTest 0x00477010

#define ZCharacter_IsGuard 0x00477070

#define ZCharacter_SetLastThrower 0x004771E0

#define ZCharacter_SetAnimationLower 0x004774B0

#define ZCharacter_SetAnimationUpper 0x00477570

#define ZCharacter_InitHPAP 0x00476B40

#define ZMyCharacter_InitRound 0x0047EB10

#define ZMyCharacter_InitSpawn 0x0047EB70

#define ZMyCharacter_OnDraw 0x0047EBD0

#define ZModule_HPAP_GetHP 0x00487FD0

#define ZModule_HPAP_GetAP 0x00488130

#define ZModule_HPAP_ZModule_HPAP 0x00487F90

#define ZModule_HPAP_GetID 0x00488410

#define ZModule_HPAP_SetHP 0x00488000

#define ZModule_HPAP_SetAP 0x00488160

#define ZModule_HPAP_InitStatus 0x004883E0

#define ZModule_HPAP_IsFullHP 0x00489290

#define ZModule_HPAP_IsFullAP 0x004892C0

#define ZRuleBerserker_PenaltyHealth 0x004B4AF0

#define ZRuleBerserker_BounusHealth 0x004B4990

'Hacking' 카테고리의 다른 글

111  (0) 2009.01.09
Tricks in preserving registers  (0) 2009.01.09
Forensic Documents  (0) 2009.01.08
Reverse Engineering MIT Lecture for High School Students  (0) 2009.01.08
Gunz Hacking  (0) 2009.01.06
Posted by CEOinIRVINE
l

Gunz Hacking: LOLTASTIC.RAR 12/30/08

Hacking 2009. 1. 1. 04:03
loltastic.rar
LoltasticSRC+Binary.zip
 

 


------------------------------------------------------------------------
IJJI Loltastic.dll
------------------------------------------------------------------------
Hotkeys:
End Key = Activates Hotkeys.
Alt + M = Not-Insane-Massives toggle
Alt + G = Anti-Godmode toggle
Alt + B = Beep a song.

Not-Insane-Massives, are really shitty insane massives. A massive will spawn everytime you click. But it will go slow as hell.
Anti-Godmode, is me proving that I can bypass the patch ijji put on the previous godmode. Only, I reversed it. It will freeze your hp at 1. Making you pretty much as useful as a poop flavored lollypop.

JUST EXTRACT EVERYTHING IN THE RAR TO YOUR GUNZ FOLDER.
RUN GUNZ NORMALLY. VIEW AN INFORMATIVE VIDEO HERE.

If it says, "cannot access server," you need to delete gunzlauncher.ini from your gunz folder. Then you need to run gunz once to update it. Then, you can move these hacks back to your gunz folder and hack your heart out.

'Hacking' 카테고리의 다른 글

DeFixed_Edition.zip  (0) 2009.01.06
OllydbgKR.zip  (0) 2009.01.06
New Mac Security News  (1) 2008.12.30
Reverse Engineering and Function Calling by Address  (0) 2008.12.27
Win32 Assembler Coding for Crackers by Goppit  (0) 2008.12.25
Posted by CEOinIRVINE
l

Gunz Hacking

Hacking 2008. 12. 24. 06:59

mmk... i guess today you get to learn how to bypass checks on functions


you know how when you try a lawnmower it says hacking attempt detected

can you find ZPostShotMelee in ijji gunz?




can you find ZPostShotMelee in ijji gunz?

00481D10
scroll down
you'll find a PUSHAD
then about 7 lines below that you will find a POPAD


(went to 00401000)
then right click
find all referenced text strings
search for Shot.Melee
press enter
look for the packet id
which for ZPostShotMelee
is 2735
PUSH 2375



right click
binary copy it
ctrl+b
shift + insert to HEX24
search that
then scroll up to PUSH EBP

you would have to bypass checks in ZModule then find the ZCharacter::SetHP and ZCahracter::SetAP functions
kinda odd
ones that aren't in zpost are hard to find.



scroll down the pushad part
the check code
is from pushad
down to popad
then
lower down
a line that syas mov dword ptr ds[]
there are numbers in []
ooops
call dword ptr ds
that line is also a check
just use memcopy to realace all those lines with null or nop
http://gunzhacks.net/tutorials/Lesson%205%20-%20Advanced%20Signatures/

best way to find sethp and setap


it should start with call dword ptr ds

in the dll code
memcpy((DWROD*)Address,(BYTE*)0x90,1);

replace Address with the address we are replacing with nop
which means we do that on all the check code addresses


creat a slash
meaning
calling that many times creates a lawnmower hack
there should be 9 addresses to replace
here are the addresses for ZPostShotMell checks
00481E1C 00481E1D 00481E1F 00481E22 00481E25 00481E28 00481E2D 00481E30 00481E3B


XD a set of those to replace for every function

it's just SetHp and SetAp
ZCharacter::SetHp
controls your character
there is ZPostRequestSpawn
which is respawn
but
you could also use
ZCharacter::Revival
same class










'Hacking' 카테고리의 다른 글

ART Tutorial  (0) 2008.12.25
Hit Tracing by using ollydbg  (0) 2008.12.25
The Control Characters  (0) 2008.12.23
ASCII characters 0 to 127 , Extended ASCII  (0) 2008.12.23
IBM PC Keyboard Scan Codes  (1) 2008.12.23
Posted by CEOinIRVINE
l

Gunz Hack loltastic.dll

Online Game 2008. 12. 16. 08:28
IJJI loltastic.dll 12/12/08
So,
MCInject.exe
loltastic.dll
loltastic_org.dll
analysis(2).zip

analysis.zip
So, I've released a dll that will take you there.
It also has some rather cool functions :D

This is going to get patched very quickly.

-----------------------------------------------------------------
IJJI Loltastic.dll
-----------------------------------------------------------------
It'll beep upon injection.
The END key enables chat commands. It'll beep when you activate this as well =b.

@godmode = Revive godmode. It'll revive you when your hp falls lower than 50.
@ninjaflip = It'll turn your jumps into flips. You'll see what I mean when you use it.
@beep = :D
@revive = revives you.

Its a simple dll. Nothing spectacular about it.

K LOOK AT THIS
To inject, get injex and do the following.
1) Open injex
2) Browse for loltastic.dll
3) Type gunz.exe in the process name box.
4) Go to settings and then pick 2nd instance. Settings > Instance > 2
5) Try about 8000 delay first.
6) Press injex
7) Start gunz.
8) If it doesn't inject correctly or you get an error. Try a different delay. Every computer's delay is different. Faster computers need less delay. Slower computers need more. Just keep trying. It'll be somewhere between 4000 and 10000.
9) If it says injected, but doesn't work. That more than likely means you injected at the wrong time. Try a new delay.
10) Good Luck.

------------------------------------------------------------------
F.A.Q.
------------------------------------------------------------------
Q. How to inject?
A. Heroin.

Q. What?
A. Heroin.

Q. What the hell?
A. Heroin.

Q. What inspires your hacks?
A. Heroin.

Q. Are you on drugs?
A. Heroin.

Q. I'm sending the FBI after you.
A. QUICK DO A BARREL ROLL.

Q. OMG WHEN I TYPE "@godmode" IT SAYS NO CHATROOM.
A. It's supposed to do that. The hack will work as normal.

Q. What to inject with?
A. MCinject or xInject

Q. This dll doesn't work.
A. Works fine.

Q. Doesn't work.
A. Works fine.

Q. Its patched.
A. No it isn't.

Q. You're just advertising.
A. Yea, and i also gave you a working dll?

Q. Can't you just give us the good stuff for free?
A. Nope. Can't be done.

------------------------------------------------------------------
Credits to Mirageofpenguins.com staff
------------------------------------------------------------------
Mirage
Xeffar
Sv3nt3k
HitachiHex
x1nixmzeng

Anyways, visit the website.
I'll be releasing more stuff, better stuff. And, i'm still selling some rather entertaining hacks.
I'm also giving a copy of the expensive dll away. See the website for more details. (Read the news)
Attached Files
File Type: rar loltastic.rar (40.3 KB, 956 views)

'Online Game' 카테고리의 다른 글

World of Warcraft adds another half million subscribers  (0) 2008.12.26
Lunia Chronicle  (0) 2008.12.19
Cooking Up A Blockbuster Game  (0) 2008.11.24
Don't waste Electricity with Consle Games  (0) 2008.11.21
'Faith' Saves The Day (ONLINE GAME)  (0) 2008.11.11
Posted by CEOinIRVINE
l

Gunz Online

Online Game 2008. 9. 24. 07:56

Guz Online

Setting up a GunZ Server - Complete Tutorial

What you are going to need:

(Downloads which have no link can easily be searched for to find the program)

Before you do anything, you are going to need to install Microsoft SQL Server Management Studio Express and Microsoft SQL Server 2005.

Step 1 - Setting up the Database and ODBC:

Creating/Connecting the Database

Open Server Management Studio Express* (SMSE). Within the Object Explorer Panel you will notice the ‘Database’ folder, right click it, click ‘New Database…’.

A ‘New Database’ form will open, and in the text input type ‘GunzDB’ and click OK, your database has been created.

The next thing you are going to want to do is restore the Database. Click File> Open> File… and locate your GunzDB.sql file and open it. You are going to have to connect to the database engine, the settings are alright so all you need to do is click ‘Connect’. Now right click on ‘File’ and allow the ‘SQL Editor’ tool bar to show.

In the toolbar there is a drop-down menu with the ‘master’ database selected, click on the arrow and select the ‘GunzDB’ database and click the button next to the drop-down menu, ‘Execute’. A message showing ‘Command(s) completed successfully.’ should notify you that you have done this all correctly.

Creating the ODBC

Click Start> Run> and in the windows input type ‘odbcad32′. You should already be in the ‘User DSN’ tab so click on ‘Add’. Another window should pop-up. You’ll have to scroll all the way down to the bottom and select ‘SQL Server’ then click ‘Finish’.

Another window/form will pop-up needing information for your new Data Source. For the name, type ‘GunzDB’, for the description you may type whatever you like, but for the SQL server you which to connect to, you must go back into SMSE*, look in the SQL Editor tool bar and click the 2nd icon which will disconnect you from data engine. Now click the 1st icon which will re-connect you, but make sure to copy the ‘Server name’ this time, then click ‘Connect’.

Now having that in hand, you can go back to creating your ODBC and in the ‘Server’ text input, paste in your server name. Click next since the settings are currently fine. Now in the next part, click on the tick box and select ‘GunzDB’ from the drop-down menu and click ‘Next’ and finally click ‘Finish’.

If you would like to check your data source, click ‘Test Data Source…’ in the window or you can just click ‘OK’ to finish. Now to completely finish it, click ‘OK’ again.

Step 2 - Patching GunZ:

Install your GunZ game to a directory of your choice. Now open the Legacy Gamers patch and find the directory where you installed your GunZ game into, and run the patch. After that is done, this step is complete.

Step 3 - Configuring the Server:

Place the server files in your C:\ drive and extract them into a folder with the name ‘GunzServer’. Once in the folder, go to the ‘Locator’ folder and then open the ‘Locator.ini’ file. Somewhere in the file you should see these lines of code:

Quote:

[NETWORK]
IP=”217.0.0.1″
PORT=”8900″

You can either change the ‘217.0.0.0′ to your actual IP or localhost which is ‘127.0.0.1′. Besides that everything else is fine.

Make your way to the MatchServer folder and run ‘MatchServer.exe’, once loaded you may minimize it.

Step 4 - Creating an Account (Manually):

Bring up SMSE and expand the ‘Database’ folder if it hasn’t already been done. Expand ‘GunzDB’, expand ‘Tables’ and right click on ‘dbo.Accounts’ and ‘Open table’.

You do not need to worry about the AID field as that is an automatic generation of account number. In the UserID field, type your account ID, in the Password field, type your account password and in the UGradeID, type in your account grade.

Quote:

Account Grades
Administrator - 255
Developer - 254
Banned - 253
Normal User - *Leave Blank*

After you have typed all of that in, press enter and on the SQL Editor toolbar click ‘Execute’ (The exclamation mark symbol).

Step 5 - Configuring ‘config.xml’ to connect to your server:

With that all done, go to the folder where you installed GunZ/Legacy Gamers Patch and find the file ‘config.xml’. Right click on it and open with notepad, or similar. You will see this portion of code:

Quote:

<SERVER>
<IP>legacygamers.com</IP>
<PORT>6000</PORT>
</SERVER>

You are going to need to change the ‘legacygamers.com’ section to the IP you wrote in the ‘Locator.ini’, if you wrote the localhost IP just change it to read:

Quote:

<SERVER>
<IP>127.0.0.1</IP>
<PORT>6000</PORT>
</SERVER>

Then save the file, File> Save and close it.

Step 6 - Unpacking ’system.mrs’:

Extract ‘mrs.rar’ into your GunZ directory. Create a folder called ‘MRS’ inside your GunZ directory and place the files ‘mrs.exe, zlib.dll and system.mrs’ into that folder.

Now, you will need to open WinRAR, direct yourself to the ‘MRS’ folder in your hard drive. Highlight ’system.mrs’ and click the ‘Add’ button. A window will pop-up, select RAR for the archive format and click ‘OK’. Now go back to your ‘MRS’ folder and create a new ‘Text File’ with any name you like, but in the file type:

Quote:

mrs.exe d system.mrs

Now save it and change the file extension to ‘.bat’ from ‘.txt’. Now run that file and a folder named ’system’ should come up. Go into that folder and copy the file ‘zitem.xml’.

Go back to your ‘MatchServer’ folder and paste the ‘zitem.xml’ over the one that is in there. You might need to run your MatchServer.exe again for it to take changes.

Step 7 - Logging in

Run your GunZ client and type the account ID and account password that you used when you made your account in SMSE, you should login.

Congratulations, you have made your GunZ server, enjoy!

'Online Game' 카테고리의 다른 글

Lunia lunia.ijji.com  (1) 2008.10.10
Gunz Hacking System.mrs tutorial  (0) 2008.10.03
Gunz AWESOME AUTUMN event. (gunz.ijji.com)  (0) 2008.09.18
[Lunia] new ijji online game  (0) 2008.09.15
ijji.com promising online game (guz, drift city, soldier front, lunia and etc.)  (0) 2008.09.15
Posted by CEOinIRVINE
l

Gunz AWESOME AUTUMN event. (gunz.ijji.com)

Online Game 2008. 9. 18. 03:56

Visit a website: gunz.ijji.com

사용자 삽입 이미지

'Online Game' 카테고리의 다른 글

Lunia lunia.ijji.com  (1) 2008.10.10
Gunz Hacking System.mrs tutorial  (0) 2008.10.03
Gunz Online  (1) 2008.09.24
[Lunia] new ijji online game  (0) 2008.09.15
ijji.com promising online game (guz, drift city, soldier front, lunia and etc.)  (0) 2008.09.15
Posted by CEOinIRVINE
l
◀ 이전페이지 1 다음페이지 ▶
블로그 이미지
Information Security & US & Life & Love & Fashion & Hacking & Passion hack, web security, game security, game hack, fps, ava, wow, starcraft II, soldier front, gunz, reverse engineering, SQL injection, XSS, hacking, penetration testings, IT, internet technlogoy, security, penetratoin testing, XSS, XSRF CEOinIRVINE

최근에 올라온 글

공지사항

카테고리

CEOinIRVINE (2282)
Editorials (4)
Finance & EMBA (1)
Fashion (239)
IT (215)
Hacking (266)
Online Game (17)
Vocabulary (14)
iLoveBlackberry (2)
Business (1108)
Politics (165)
US News (115)
World News (63)
Career Consulting (8)
Apple (5)
Car (13)
Travel (5)
Irvine (3)
Sports (3)
recipe (1)
Music (15)
TVs (11)
Spanish (1)
Cyber Law (1)
Perl (3)
Java (1)
Artificial Intelligence (1)
Stock (1)

태그목록

달력

«   2024/05   »
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31

링크

  • Total :
  • Today :
  • Yesterday :
tistory 티스토리 가입하기!
rss

최근에 달린 댓글

최근에 받은 트랙백

글 보관함

티스토리툴바