Results 1 to 5 of 5
  1. #1
    gm3x
    gm3x is offline
    Member-in-training gm3x's Avatar
    Join Date
    2011 Feb
    Location
    Rio Grande, RS - Brazil
    Posts
    92
    Thanks Thanks Given 
    4
    Thanks Thanks Received 
    56
    Thanked in
    16 Posts
    Rep Power
    0

    Xtrap goind down?

    Hi guys ^^'

    PHP Code:
    0041DCAE  |. 51             PUSH ECX
    0041DCAF     90             NOP
    0041DCB0     90             NOP
    0041DCB1     90             NOP
    0041DCB2     90             NOP
    0041DCB3     90             NOP
    0041DCB4  
    |. 83C4 08        ADD ESP,8
    0041DCB7  
    |. E8 34481C00    CALL AIKABRUN.005E24F0
    0041DCBC  
    |. 85C0           TEST EAX,EAX
    0041DCBE  
    |. 74 21          JE SHORT AIKABRUN.0041DCE1
    0041DCC0  
    |. 6A 00          PUSH 0                                   ; /Style MB_OK|MB_APPLMODAL
    0041DCC2  
    |. 68 A4A96000    PUSH AIKABRUN.0060A9A4                   ; |Title "Error"
    0041DCC7  |. 68 B8E66000    PUSH AIKABRUN.0060E6B8                   ; |Text "Cannot Init Xtrap"
    0041DCCC  |. 6A 00          PUSH 0                                   ; |hOwner NULL
    0041DCCE  
    |. FF15 10124202  CALL DWORD PTR DS:[<&user32.MessageBoxA>>; \MessageBoxA 


    I've put NOP on a call above the messagebox, and the result was this:



    So, this is one of the calls to NOP right?

    Now I must find other to ignore this warning?

    Thanks.

  2. #2
    mottapesbr
    mottapesbr is offline
    Member-in-training mottapesbr's Avatar
    Join Date
    2010 Sep
    Location
    Pelotas-RS
    Posts
    83
    Thanks Thanks Given 
    12
    Thanks Thanks Received 
    11
    Thanked in
    2 Posts
    Rep Power
    0
    yes or maybe change the nop for jump.

  3. #3
    gm3x
    gm3x is offline
    Member-in-training gm3x's Avatar
    Join Date
    2011 Feb
    Location
    Rio Grande, RS - Brazil
    Posts
    92
    Thanks Thanks Given 
    4
    Thanks Thanks Received 
    56
    Thanked in
    16 Posts
    Rep Power
    0
    Quote Originally Posted by mottapesbr View Post
    yes or maybe change the nop for jump.
    Dwar said that are 3/4 calls to nop/jmp, I made this one, but can't find the others, if that nop'ed call made xtrap don't initialize, I think that now I must find a way to jump over it right?

    And the jump that you say can be the JE changed to JNZ right above it? instead of NOP??


    [EDIT]

    Now I think I've found the second call, now the game opens without xtrap, but closes after 2 sec aprox. with no error window.

    I think that now I'm closer, so I can't understand why game closes right before I open it, any Idea?

    What I did:

    >NOPed a call right above the "Xtrap Init error" message

    PHP Code:
    0041DCAE  |. 51             PUSH ECX 
    0041DCAF     90             NOP 
    0041DCB0     90             NOP 
    0041DCB1     90             NOP 
    0041DCB2     90             NOP 
    0041DCB3     90             NOP 
    0041DCB4  
    |. 83C4 08        ADD ESP,
    0041DCB7  
    |. E8 34481C00    CALL AIKABRUN.005E24F0 
    0041DCBC  
    |. 85C0           TEST EAX,EAX 
    0041DCBE  
    |. 74 21          JE SHORT AIKABRUN.0041DCE1 
    0041DCC0  
    |. 6A 00          PUSH 0                                   ; /Style MB_OK|MB_APPLMODAL 
    0041DCC2  
    |. 68 A4A96000    PUSH AIKABRUN.0060A9A4                   ; |Title "Error" 
    0041DCC7  |. 68 B8E66000    PUSH AIKABRUN.0060E6B8                   ; |Text "Cannot Init Xtrap" 
    0041DCCC  |. 6A 00          PUSH 0                                   ; |hOwner NULL 
    0041DCCE  
    |. FF15 10124202  CALL DWORD PTR DS:[<&user32.MessageBoxA>>; MessageBoxA 


    >Changed JE to JNZ to jump the Xtrap error message

    PHP Code:
    0041DCBC  |. 85C0           TEST EAX,EAX
    0041DCBE  
    |. 75 21          JE SHORT AIKABR.0041DCE1
    0041DCC0  
    |. 6A 00          PUSH 0                                   ; /Style MB_OK|MB_APPLMODAL
    0041DCC2  
    |. 68 A4A96000    PUSH AIKABR.0060A9A4                     ; |Title "Error"
    0041DCC7  |. 68 B8E66000    PUSH AIKABR.0060E6B8                     ; |Text "Cannot Init Xtrap"
    0041DCCC  |. 6A 00          PUSH 0                                   ; |hOwner NULL
    0041DCCE  
    |. FF15 10124202  CALL DWORD PTR DS:[<&user32.MessageBoxA>>; \MessageBoxA 
    TO

    PHP Code:
    0041DCBC  |. 85C0           TEST EAX,EAX
    0041DCBE  
    |. 75 21          JNZ SHORT AIKABR.0041DCE1
    0041DCC0  
    |. 6A 00          PUSH 0                                   ; /Style MB_OK|MB_APPLMODAL
    0041DCC2  
    |. 68 A4A96000    PUSH AIKABR.0060A9A4                     ; |Title "Error"
    0041DCC7  |. 68 B8E66000    PUSH AIKABR.0060E6B8                     ; |Text "Cannot Init Xtrap"
    0041DCCC  |. 6A 00          PUSH 0                                   ; |hOwner NULL
    0041DCCE  
    |. FF15 10124202  CALL DWORD PTR DS:[<&user32.MessageBoxA>>; \MessageBoxA 


    >NOPed the kernel terminateprocess

    (Obvious, don't need code)


    So what now? I'm trying some lucky NOPs but nothing works....

    Game opens without xtrap, but closes imediately, what do I have to do? Someone give a light *-*
    (I deleted Xtrap folder and xtrapva3.dll and game runs ^^)




    AIKA LOG (IF ITS HELPFUL)


    >>> Logging System turn on.
    08/08 21:11:18 - Read ItemList..OK
    08/08 21:11:18 - Read Skilldata..ok
    08/08 21:11:18 - Read PI..OK
    08/08 21:11:18 - Init ServerList
    08/08 21:11:18 - Init Timer Manager
    08/08 21:11:18 - Init Render Device
    08/08 21:11:19 - VertexShader HW Accel Enabled
    08/08 21:11:19 - Init Network Manager
    Last edited by gm3x; 2011-08-09 at 01:47 AM. Reason: New progress

  4. #4
    mottapesbr
    mottapesbr is offline
    Member-in-training mottapesbr's Avatar
    Join Date
    2010 Sep
    Location
    Pelotas-RS
    Posts
    83
    Thanks Thanks Given 
    12
    Thanks Thanks Received 
    11
    Thanked in
    2 Posts
    Rep Power
    0
    I think it lacks some nop / jump yet because the automatic closure does not seem to be due to lack of Xtrap's packets, after find this call to terminate process do you have find any away of emulate the xtrap packets. if you make this, will work.
    Last edited by mottapesbr; 2011-08-09 at 02:19 AM.

  5. #5
    gm3x
    gm3x is offline
    Member-in-training gm3x's Avatar
    Join Date
    2011 Feb
    Location
    Rio Grande, RS - Brazil
    Posts
    92
    Thanks Thanks Given 
    4
    Thanks Thanks Received 
    56
    Thanked in
    16 Posts
    Rep Power
    0
    Quote Originally Posted by mottapesbr View Post
    I think it lacks some nop / jump yet because the automatic closure does not seem to be due to lack of Xtrap's packets, after find this call to terminate process do you have find any away of emulate the xtrap packets. if you make this, will work.
    And how do I can find terminateprocess calls? I'm trying but I can't find nothing that call for terminateprocess here...

    Any Idea mottapes?
    Dwar? ^^



    Before it loads bmp background of "loading screen", it closes, it's very fast, BUT THIS BLACK SCREEN LOADS WITHOUT XTRAP ON TASK BAR..

    ---------- Post added at 05:40 PM ---------- Previous post was at 03:26 AM ----------

    Man it's too haaaaaard =( 2 days searching the last (I think) Line to change to make game not closes after execute :/

    Someone please help

    ---------- Post added 2011-08-10 at 01:27 PM ---------- Previous post was 2011-08-09 at 05:40 PM ----------




    AIKA Opens without xtrap and loads, but only when I execute it on Alt+F9 (Execute until user code) line by line...

    It pauses on this line:

    PHP Code:
    0041DD98  |. E8 531D0000    CALL AIKABR.0041FAF0 



    And that CALL go to this:



    PHP Code:
    0041FAF0  /$ 83EC 1C        SUB ESP,1C
    0041FAF3  
    |. 53             PUSH EBX
    0041FAF4  
    |. 56             PUSH ESI
    0041FAF5  
    |. 57             PUSH EDI
    0041FAF6  
    |. 6A 6D          PUSH 6D                                  ; /TableName 6D
    0041FAF8  
    |. 8BF1           MOV ESI,ECX                              ; |
    0041FAFA  |. 6A 00          PUSH 0                                   ; |hInst NULL
    0041FAFC  
    |. FF15 98124202  CALL DWORD PTR DS:[<&user32.LoadAccelera>; \LoadAcceleratorsA
    0041FB02  
    |. 8B1D 9C124202  MOV EBX,DWORD PTR DS:[<&user32.PeekMessa>;  user32.PeekMessageA
    0041FB08  
    |. 6A 00          PUSH 0                                   ; /RemoveMsg PM_NOREMOVE
    0041FB0A  
    |. 8BF8           MOV EDI,EAX                              ; |
    0041FB0C  |. 6A 00          PUSH 0                                   ; |MsgFilterMax WM_NULL
    0041FB0E  
    |. 6A 00          PUSH 0                                   ; |MsgFilterMin WM_NULL
    0041FB10  
    |. 8D4424 18      LEA EAX,DWORD PTR SS:[ESP+18]            ; |
    0041FB14  |. 6A 00          PUSH 0                                   ; |hWnd NULL
    0041FB16  
    |. 50             PUSH EAX                                 ; |pMsg
    0041FB17  
    |. C74424 24 0000>MOV DWORD PTR SS:[ESP+24],0              ; |
    0041FB1F  |. FFD3           CALL EBX                                 ; \PeekMessageA
    0041FB21  
    |. 837C24 10 12   CMP DWORD PTR SS:[ESP+10],12
    0041FB26  
    |. 0F84 90000000  JE AIKABR.0041FBBC
    0041FB2C  
    |. 55             PUSH EBP
    0041FB2D  
    |. 8B2D A0124202  MOV EBP,DWORD PTR DS:[<&user32.GetMessag>;  user32.GetMessageA
    0041FB33  
    |> 8A86 4C0A0000  /MOV AL,BYTE PTR DS:[ESI+A4C]
    0041FB39  |. 84C0           |TEST AL,AL
    0041FB3B  
    |. 74 11          |JE SHORT AIKABR.0041FB4E
    0041FB3D  
    |. 6A 01          |PUSH 1
    0041FB3F  
    |. 6A 00          |PUSH 0
    0041FB41  
    |. 6A 00          |PUSH 0
    0041FB43  
    |. 8D4C24 1C      |LEA ECX,DWORD PTR SS:[ESP+1C]
    0041FB47  |. 6A 00          |PUSH 0
    0041FB49  
    |. 51             |PUSH ECX
    0041FB4A  
    |. FFD3           |CALL EBX
    0041FB4C  
    |. EB 0D          |JMP SHORT AIKABR.0041FB5B
    0041FB4E  
    |> 6A 00          |PUSH 0
    0041FB50  
    |. 6A 00          |PUSH 0
    0041FB52  
    |. 8D5424 18      |LEA EDX,DWORD PTR SS:[ESP+18]
    0041FB56  |. 6A 00          |PUSH 0
    0041FB58  
    |. 52             |PUSH EDX
    0041FB59  
    |. FFD5           |CALL EBP
    0041FB5B  
    |> 85C0           |TEST EAX,EAX
    0041FB5D  
    |. 0F95C0         |SETNE AL
    0041FB60  
    |. 84C0           |TEST AL,AL
    0041FB62  
    |. 74 34          |JE SHORT AIKABR.0041FB98
    0041FB64  
    |. 85FF           |TEST EDI,EDI
    0041FB66  
    |. 74 18          |JE SHORT AIKABR.0041FB80
    0041FB68  
    |. 8B46 20        |MOV EAX,DWORD PTR DS:[ESI+20]
    0041FB6B  |. 85C0           |TEST EAX,EAX
    0041FB6D  
    |. 74 11          |JE SHORT AIKABR.0041FB80
    0041FB6F  
    |. 8D4C24 10      |LEA ECX,DWORD PTR SS:[ESP+10]
    0041FB73  |. 51             |PUSH ECX                                ; /pMsg
    0041FB74  
    |. 57             |PUSH EDI                                ; |hAccel
    0041FB75  
    |. 50             |PUSH EAX                                ; |hWnd
    0041FB76  
    |. FF15 A4124202  |CALL DWORD PTR DS:[<&user32.TranslateAc>; \TranslateAcceleratorA
    0041FB7C  
    |. 85C0           |TEST EAX,EAX
    0041FB7E  
    |. 75 30          |JNZ SHORT AIKABR.0041FBB0
    0041FB80  
    |> 8D5424 10      |LEA EDX,DWORD PTR SS:[ESP+10]
    0041FB84  |. 52             |PUSH EDX                                ; /pMsg
    0041FB85  
    |. FF15 A8124202  |CALL DWORD PTR DS:[<&user32.TranslateMe>; \TranslateMessage
    0041FB8B  
    |. 8D4424 10      |LEA EAX,DWORD PTR SS:[ESP+10]
    0041FB8F  |. 50             |PUSH EAX                                ; /pMsg
    0041FB90  
    |. FF15 AC124202  |CALL DWORD PTR DS:[<&user32.DispatchMes>; \DispatchMessageA
    0041FB96  
    |. EB 18          |JMP SHORT AIKABR.0041FBB0
    0041FB98  
    |> 8A86 4C0A0000  |MOV AL,BYTE PTR DS:[ESI+A4C]
    0041FB9E  |. 84C0           |TEST AL,AL
    0041FBA0  
    |. 74 0E          |JE SHORT AIKABR.0041FBB0
    0041FBA2  
    |. 8BCE           |MOV ECX,ESI
    0041FBA4  
    |. E8 47130000    |CALL AIKABR.00420EF0
    0041FBA9  
    |. 8BCE           |MOV ECX,ESI
    0041FBAB  
    |. E8 60190000    |CALL AIKABR.00421510
    0041FBB0  
    |> 837C24 14 12   |CMP DWORD PTR SS:[ESP+14],12
    0041FBB5  
    |.^0F85 78FFFFFF  \JNZ AIKABR.0041FB33
    0041FBBB  
    |. 5D             POP EBP
    0041FBBC  
    |> 85FF           TEST EDI,EDI
    0041FBBE  
    |. 74 07          JE SHORT AIKABR.0041FBC7
    0041FBC0  
    |. 57             PUSH EDI                                 ; /hAccel
    0041FBC1  
    |. FF15 B0124202  CALL DWORD PTR DS:[<&user32.DestroyAccel>; \DestroyAcceleratorTable
    0041FBC7  
    |> 8D8E 6C0A0000  LEA ECX,DWORD PTR DS:[ESI+A6C]
    0041FBCD  |. FF15 00154202  CALL DWORD PTR DS:[<&aikasensnet.?termin>;  aikasens.?terminate@AikaSensNetChecker@@QAEJXZ
    0041FBD3  
    |. 8B4424 14      MOV EAX,DWORD PTR SS:[ESP+14]
    0041FBD7  |. 5F             POP EDI
    0041FBD8  
    |. 5E             POP ESI
    0041FBD9  
    |. 5B             POP EBX
    0041FBDA  
    |. 83C4 1C        ADD ESP,1C
    0041FBDD  
    \. C3             RETN 
    And on description it says "WINTRUST.dll" when debug its on line 0041DD98 , after some time it opens the aika login screen, without xtrap, but if i try to execute it without debug, it stays on the error of open and close... What can be it?

    ---------- Post added at 02:00 PM ---------- Previous post was at 01:27 PM ----------




    SpeedHack on

    But the problem continues, I can only run pefectly AIKA if I run on debugger line by line (alt+f9), Why?

    ---------- Post added at 02:16 PM ---------- Previous post was at 02:00 PM ----------

    08/10 11:10:34 - Init Network Manager

    When I run by f9 or by executing the client stops on the line of "Init Network manager" on dbg....


    I think thats left one NOP/JNZ

    Speedhack crashes 95% of times when activating it, packet monitors crash game too, remembering I'm running it on ollydbg by alt+f9...

    What's left to it run by itself?
    Last edited by gm3x; 2011-08-10 at 05:53 PM.

Similar Threads

  1. I have bypassed Xtrap, what now?
    By AikaOnline in forum Aika Online
    Replies: 18
    Last Post: 2011-12-31, 02:38 PM
  2. xTrap bypass
    By Dilof in forum Martial Empires
    Replies: 4
    Last Post: 2011-06-10, 05:04 AM
  3. Xtrap
    By bhebhe in forum Aika Online
    Replies: 1
    Last Post: 2010-12-03, 09:44 PM
  4. how to remove Xtrap
    By simpletouch in forum Anti-Cheat Systems
    Replies: 4
    Last Post: 2010-12-02, 04:09 AM
  5. byPass xtrap
    By bhebhe in forum Aika Online
    Replies: 0
    Last Post: 2010-11-10, 07:45 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •