SolarStrike Software

Posted: **Sun Jun 19, 2011 11:10 am**

Lisa, how did you get started using Ollydbg? Are there any websites you visited?

Posted: **Sun Jun 19, 2011 12:31 pm**

Admin mentioned it here and I just played around with it for many hours. I tried to find some online info but I think all I found wasn't in english, well not an english that I understood lol

I am very new to memory stuff.
I just click on everything and see what it does.
Also reading the update.lua file gave me a huge insight as to what I was looking for aswell. It basically does automatically what I was doing manually. The benefit of doing it manually is I also got to read a lot of other things in the memory and got a better understanding of what stuff does =)

Posted: **Sun Jun 19, 2011 2:36 pm**

CHAPTER IV HACKS

Swim

addon_swimhack.lua: Swim Ch4; (2.93 KiB) Downloaded 484 times

Speed

addon_speedhack.lua: Speed Ch4; (1.22 KiB) Downloaded 486 times

Wall

addon_wallhack.lua: Wall Ch4; (1 KiB) Downloaded 495 times

Happy botting

Posted: **Sun Jun 19, 2011 7:42 pm**

Hi Tsutomu, I wasn't sure if you were still with us, nice to see you again =)

Posted: **Sun Jun 19, 2011 8:16 pm**

Thanks for the updates! Fly works, but I'm getting a critical error shortly after the function is called... in two different waypoint files, in two different zones. No crash if I quote out fly().

Posted: **Sun Jun 19, 2011 9:36 pm**

Tsutomu wrote:Swim
addon_swimhack.lua

I see you are still using a timer. With those addresses being changed, the pointer value doesn't get reset so why do you use a timer?

I tried the following without the timer and it still works.

Code: Select all

local NOP=144;
local staticcharbase_address = addresses.staticbase_char;
local offsets = {0x598, 0xEC, 0xB4};
local active = 4;
local proc=getProc();

function fly()
	memoryWriteByte(getProc(), 0x44ABF0, NOP);
	memoryWriteByte(getProc(), 0x44ABF1, NOP);
	memoryWriteByte(getProc(), 0x44ABF2, NOP);
	memoryWriteByte(getProc(), 0x44ABF3, NOP);
	memoryWriteByte(getProc(), 0x44ABF4, NOP);
	memoryWriteByte(getProc(), 0x44ABF5, NOP);
	memoryWriteIntPtr(getProc(), staticcharbase_address, offsets, active);
	printf("Swimhack ACTIVATED!\n");
end

function flyoff()
	memoryWriteByte(getProc(), 0x44ABF0, 137);
	memoryWriteByte(getProc(), 0x44ABF1, 131);
	memoryWriteByte(getProc(), 0x44ABF2, 180);
	memoryWriteByte(getProc(), 0x44ABF3, 0);
	memoryWriteByte(getProc(), 0x44ABF4, 0);
	memoryWriteByte(getProc(), 0x44ABF5, 0);
	printf("Swimhack DEactivated.\n");
end

Also, what are those ublazi functions?

Posted: **Sun Jun 19, 2011 9:48 pm**

interesting, it seems to me you are using
ublaziPad()
and it is constantly turning fly on and off with different timers.
I don't know why though

Posted: **Mon Jun 20, 2011 12:48 am**

Lisa I went to that web page and tried following what it said but I must be missing something.

This is what I did.
1. Start ollydbg
2. Select "File/Open" and open client.exe
3. Rightclick the tope left window and select "Search For/Constant".
4. Enter a static address from addresses.lua eg. the castingBarPtr (A19B78).
5. Click ok.

This is what happens. The bottom bar flashes yellow for a second but otherwise I see nothing has changed.

Is that right? Is something supposed to happen?

Posted: **Mon Jun 20, 2011 12:50 am**

If it flashes yellow that means it didn't find anything referencing to the search constant you chose.

going to swap PC's and I'll have a look.

I show castingbar_Ptr as
00A19A8C

search for A19A8C still gets the right result

bah that address is actionbarPtr. lol gimme a sec

Posted: **Mon Jun 20, 2011 12:56 am**

Ok search for A19B78 gets it's first result at 0063211F

Make sure to tick entire block, otherwise it just searches either up or down depending on which has the tick

Posted: **Mon Jun 20, 2011 12:57 am**

A19A8C didn't work for me either.

Posted: **Mon Jun 20, 2011 12:59 am**

Make sure to tick entire block, otherwise it just searches either up or down depending on which has the tick

Posted: **Mon Jun 20, 2011 1:01 am**

Entire block is ticked. What do the signed and unsigned values mean?

On the bottom bar it says
"Single step event a ntdll.77DEF9CD - use Shift+F7/F8/F9 to pass exception to program"

Posted: **Mon Jun 20, 2011 1:06 am**

Hmm haven't seen that before, maybe a permission thing from win 7?
I run win 7 aswell but haven't had that.

Maybe try control + A to analyze the client.exe

Posted: **Mon Jun 20, 2011 1:21 am**

Yours looks different to mine. Maybe you are using a different version? Mine says v1.10.

Posted: **Mon Jun 20, 2011 1:27 am**

ahh yeah, when you go to the download link, on the left side there is the list of versions, I got to 2.01 (alpha 3) which is listed as 200.zip

http://www.ollydbg.de/odbg200.zip

Posted: **Mon Jun 20, 2011 1:29 am**

Never mind.

Did another search for ollydbg and found version 2.01 aplha 3. The search box looks like yours and it worked.

Now I can continue experimenting with it. If I have any other questions, Ill let you know.

Posted: **Wed Jun 22, 2011 1:21 am**

lisa wrote:interesting, it seems to me you are using
ublaziPad()
and it is constantly turning fly on and off with different timers.
I don't know why though

Lisa, i'll look into it, don't have time for testing right now, and my bot is not working so i just changed the addresses for the swim value, and nop the function (also updated the address)...

The ublaziPad() is a function that softens the fall that's what it means on Serbian softenFall() -- ublaziPad()
It activates and deactivates the swimhack few times so we take damage only few times per 1k HP as we would take damage of 80% HP for entire fall.
This way i get 4k HP damage instead of 22-23k HP on KS canyon fall and leaves me without need for a rest()

If you can point me at the right working rombot for newest Ch.4 version of client i might solve the hack problems quicly...

I have no time ATM for searching through threads here...

Thx

Posted: **Wed Jun 22, 2011 1:44 am**

local swimfunction_ptr = 0x44ABF0
local staticcharbase_address = 0x9C57EC;
local wallhack_addr = 0x97326C;

rev 609 has latest addresses and works, just do a svn update.

Posted: **Wed Jun 22, 2011 10:48 am**

I have pritty big problem with swim hack. I'm doing waypoint for party farming WD (farming for new epic weapon) but when character start swimming up allways crash game. I tryed for smaller steps but problems is same. Is something wrong with WD?

SolarStrike Software

Idea: RoMbot + MultiHack (keypress collaboration)

Re: Idea: RoMbot + MultiHack (keypress collaboration)

Re: Idea: RoMbot + MultiHack (keypress collaboration)

Re: Idea: RoMbot + MultiHack (keypress collaboration)

Re: Idea: RoMbot + MultiHack (keypress collaboration)

Re: Idea: RoMbot + MultiHack (keypress collaboration)

Re: Idea: RoMbot + MultiHack (keypress collaboration)

Re: Idea: RoMbot + MultiHack (keypress collaboration)

Re: Idea: RoMbot + MultiHack (keypress collaboration)

Re: Idea: RoMbot + MultiHack (keypress collaboration)

Re: Idea: RoMbot + MultiHack (keypress collaboration)

Re: Idea: RoMbot + MultiHack (keypress collaboration)

Re: Idea: RoMbot + MultiHack (keypress collaboration)

Re: Idea: RoMbot + MultiHack (keypress collaboration)

Re: Idea: RoMbot + MultiHack (keypress collaboration)

Re: Idea: RoMbot + MultiHack (keypress collaboration)

Re: Idea: RoMbot + MultiHack (keypress collaboration)

Re: Idea: RoMbot + MultiHack (keypress collaboration)

Re: Idea: RoMbot + MultiHack (keypress collaboration)

Re: Idea: RoMbot + MultiHack (keypress collaboration)

Re: Idea: RoMbot + MultiHack (keypress collaboration)