Results 1 to 5 of 5
  1. #1
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,222
    Thanks Thanks Given 
    211
    Thanks Thanks Received 
    2,230
    Thanked in
    292 Posts
    Rep Power
    10

    [Guide] Client modification

    Client modification
    Soon I’ll post a guide with explanation how to remove the client version check, how to unfreeze video etc.


    1. How to remove “Screenshot was saved…” after taking the screenshot

    Find string “Screenshot”

    004373F2  |.  68 98BA9200   PUSH OFFSET elementclient.0092BA98       ; ASCII "%sScreenshots"

    You can make BP at the beginning of the function and press “Print Screen” when client window is active. After tracing, at the end of function, when the screen shot is already created, there is another CALL 00413EA0:

    0043796D  |> /8B49 24       MOV ECX,DWORD PTR DS:[ECX+24]
    00437970 |. |50 PUSH EAX ; /Arg2
    00437971 |. |68 FF0000FF PUSH FF0000FF ; |Arg1 = FF0000FF
    00437976 |. |E8 25C5FDFF CALL 00413EA0

    Inside CALL 00413EA0 we see first instruction JE, and it’s clear that this instruction is unnecessary for us:

    00413EC3     /0F84 31010000      JE 00413FFA
    ->
    00413EC3 /E9 32010000 JMP 00413FFA



    2. How to unfreeze the client window
    Try to find following string “CECGame::Run(), break because CECGameRun::Tick return false”

    0042DD17  |.  68 40AB9200   PUSH OFFSET elementclient.0092AB40       ; ASCII "CECGame::Run(), break because CECGameRun::Tick return false"
    0042DD1C |. 6A 01 PUSH 1
    0042DD1E |. E8 FD5B3100 CALL 00743920
    0042DD23 |. BA B0BB9800 MOV EDX,OFFSET elementclient.0098BBB0
    0042DD28 |. 83C4 08 ADD ESP,8
    0042DD2B |. 85D2 TEST EDX,EDX
    0042DD2D |. EB 30 JMP SHORT 0042DD5F
    0042DD2F |> 389E 28040000 CMP BYTE PTR DS],BL
    0042DD35 |. 0F84 84000000 JE 0042DDBF

    We must NOP two instructions:
    0042DD2D  |.  EB 30         JMP SHORT 0042DD5F
    0042DD2F |> 389E 28040000 CMP BYTE PTR DS],BL

    The result will be:
    0042DD17  |.  68 40AB9200        PUSH OFFSET 0092AB40       ; ASCII "CECGame::Run(), break because CECGameRun::Tick return false"
    0042DD1C |. 6A 01 PUSH 1
    0042DD1E |. E8 FD5B3100 CALL 00743920
    0042DD23 |. BA B0BB9800 MOV EDX,OFFSET 0098BBB0
    0042DD28 |. 83C4 08 ADD ESP,8
    0042DD2B |. 85D2 TEST EDX,EDX
    0042DD2D 90 NOP
    0042DD2E 90 NOP
    0042DD2F 90 NOP
    0042DD30 90 NOP
    0042DD31 90 NOP
    0042DD32 90 NOP
    0042DD33 90 NOP
    0042DD34 90 NOP
    0042DD35 0F84 84000000 JE 0042DDBF

    Note: this modification will cause high CPU consumption


    3. Bypass Launcher
    Piece of cake. Find the string which appear with message box, when you try to launch the client directly: “Please start game from launcher”

    0043C5FD  |.  75 29         JNE SHORT 0043C628
    0043C5FF |. 6A 10 PUSH 10 ; /Type = MB_OK|MB_ICONHAND|MB_DEFBUTTON1|MB_APPLMODAL
    0043C601 |. 68 6CA99200 PUSH OFFSET elementclient.0092A96C ; |Caption = "ERROR"
    0043C606 |. 68 E4C89200 PUSH OFFSET elementclient.0092C8E4 ; |Text = "Please start game from launcher"
    0043C60B |. 50 PUSH EAX ; |hOwner
    0043C60C |. FF15 88268B00 CALL DWORD PTR DS:[<&USER32.MessageBoxA> ; USER32.MessageBoxA

    The JNE instruction is a key

    0043C5FD  |.  75 29         JNE SHORT 0043C628
    ->
    0043C5FD EB 29 JMP SHORT 0043C628

    Now we can start the client without Launcher


    4. Multi-client
    As was written above, and as usual, we must find string “Game is currently running”

    0043D66B  |.  74 1E         JE SHORT 0043D68B
    0043D66D |. 6A 10 PUSH 10
    0043D66F |. 68 6CA99200 PUSH OFFSET 0092A96C ; |Caption = "ERROR"
    0043D674 |. 68 1CCB9200 PUSH OFFSET 0092CB1C ; |Text = "Game is currently running. You can't start another process!"
    0043D679 |. 6A 00 PUSH 0 ; |hOwner = NULL
    0043D67B |. FF15 88268B00 CALL DWORD PTR DS:[<&USER32.MessageBoxA> ; USER32.MessageBoxA

    The JE instruction before calling MessageBoxA is useless
    0043D66B  |.  74 1E         JE SHORT 0043D68B
    ->
    0043D66B EB 1E JMP SHORT 0043D68B

    Now we can run multiple client


    In the attachment you will find simple patcher for Russian official server.


    В скором времени, здесь будет выложен материал по модификации клиента: запуск без апдейтера, обход проверки версии клиента, многооконность, разморозка видео и т.д.

    Для тех, кто не хочет читать или ждать, в приложении небольшой патчер для русского клиента PW.
    P.S. Патчер был написан давно, но, если не ошибаюсь, с того времени основные исполняемые модули клиента не менялись.

    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  2. The Following User Says Thank You to Dwar For This Useful Post:


  3. #2
    wongfei888
    wongfei888 is offline
    Guest
    Join Date
    2010 Aug
    Posts
    3
    Thanks Thanks Given 
    2
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0

    Re: [Guide] Client modification

    in Indonesia if the job venomancer/archer attack/skills, out writing skills can not be used, unless aggressive monsters, and in there bot cannot multi client again, can ollydbg do this job, for using skill first or bot multi client again like before, thx so much

  4. #3
    vogel
    vogel is offline
    Guest
    Join Date
    2011 Apr
    Posts
    2
    Thanks Thanks Given 
    1
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0
    Ждём продолжения.

  5. #4
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,222
    Thanks Thanks Given 
    211
    Thanks Thanks Received 
    2,230
    Thanked in
    292 Posts
    Rep Power
    10
    Quote Originally Posted by vogel View Post
    Ждём продолжения.
    Sorry, but now I really have no time for continuing this guide or something else related to PW. Moreover I completely lost the situation with PW client and didn't checked it during last 6 month
    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  6. #5
    krukovis
    krukovis is offline
    New member
    Join Date
    2010 Jul
    Posts
    36
    Thanks Thanks Given 
    7
    Thanks Thanks Received 
    1
    Thanked in
    1 Post
    Rep Power
    0

    Exclamation Вопрос по отключению текстур.

    Dwar, приветствую!
    Как то, страшно сказать, пару лет назад Вы говорили адрес для отключения текстур в игре. Не могли бы дать наводку как найти функцию отвечающую за включение/отключение текстур в клиенте Perfect World. Я занимаюсь разработкой мульти-патчера (если интересно вот тут [Программа] PW Patcher 7.2 - Удаляет горны, блокировку чатов и многое другое - навсегда! - Zhyk.Ru Forums), хотелось бы добавить подобную функцию. Но не знаю как подступиться к этой задаче.
    Заранее благодарен.
    Если Вы не отзоветесь, мы напишем в Спортлото!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •