Ok well a new version of rPT has come out and now no body can hack. I haven't taken a look into seeing if any "real" protection has been put into place but the most probable answer is finding new Array of Bytes included in the following code of the PTApocalypse source code:


\x0F\xBF\x80\x24\x01\x00\x00
\x8B\x81\x3C\x01\x00\x00\x8B
\x8B\x44\x24\x04\x6A\x00\x50\xE8\x94
\x53\x57\xE8 \x8B\xD8\xA1 \x8B\xFA\x3B\xF8
\x8B\x54\x24\x04\xB9\x01\x00\x00\x00\xB8
\x83\xEC\x08\x56\x8B\x74\x24\x10\x8D\x44\x24\x04
\x83\xEC\x08\x8B\x44\x24\x0C\x85\xC0
\x33\xF9\x89\xB8\x10\x3A\x00\x00
\x33\xDB\x33\xD2\x33\xC9


A simple debugger should be able to assist you in finding the new Array of Bytes. Good luck and leave reasonable questions if you're stuck. :)

Edit:

Here's a link to download the old rPT Game.exe: http://www.speedyshare.com/393758509.html

Here's the link to download Visual Studio 2008 in order to open the .cpp:
http://www.microsoft.com/downloads/details.aspx?FamilyId=B98A61BA-99B0-40B7-AB6E-5386A2B94217&displaylang=en

Also read all the posts in this topic in order to find out how to find the new Array of Bytes.

People who are able to get me the AOB's will get added hack bonuses including Attack Speed Increase and Attack Range Increase ;)

Ok well a new version of rPT has come out and now no body can hack. I haven't taken a look into seeing if any "real" protection has been put into place but the most probable answer is finding new Array of Bytes included in the following code of the PTApocalypse source code:


\x0F\xBF\x80\x24\x01\x00\x00
\x8B\x81\x3C\x01\x00\x00\x8B
\x8B\x44\x24\x04\x6A\x00\x50\xE8\x94
\x53\x57\xE8 \x8B\xD8\xA1 \x8B\xFA\x3B\xF8
\x8B\x54\x24\x04\xB9\x01\x00\x00\x00\xB8
\x83\xEC\x08\x56\x8B\x74\x24\x10\x8D\x44\x24\x04
\x83\xEC\x08\x8B\x44\x24\x0C\x85\xC0
\x33\xF9\x89\xB8\x10\x3A\x00\x00
\x33\xDB\x33\xD2\x33\xC9


A simple debugger should be able to assist you in finding the new Array of Bytes. Good luck and leave reasonable questions if you're stuck. :)

where did u get that "Array of Bytes" how do i change the old one then how do i find it? great if u can give tips :). if you end up doing it can u record it all plz i wana see what u do :) IF u WANT to not sayin u have to :) thx going to learn how to do it Google.com :) aight get back when u are free.

where did u get that "Array of Bytes" how do i change the old one then how do i find it? great if u can give tips :). if you end up doing it can u record it all plz i wana see what u do :) IF u WANT to not sayin u have to :) thx going to learn how to do it Google.com :) aight get back when u are free.

Those array of bytes are from the PTApocalypse source code. You can find the new ones by searching up the code. Array of bytes basically equate into a line of code in debugging, so finding that line of code again will get you your array of bytes.

I bet they only changed a couple of opcodes so that the code is different but the process is the same. The addresses should be near enough the same since they wouldn't have been able to re-arrange anything (unless code-caves have been used, in which case there will be a jump at the address instead).
A tip if you're gonna try and find the new ones:
Don't include any addresses, only the static opcodes. That's why in a couple of those patterns there are spaces (4 spaces = 4 bytes). You need to change the mask aswell, put an 'x' for any known bytes and something else (like '?') for unknown/skipped bytes (i.e. addresses).

Shard, could you take a look at it and then explain how we can do it? or upload a new rPT-Client.exe?

Aff my english is not good and i dont know programming wat i do to repair this hack?? ty

Finding the array's is no problem at all. Yes rPT changed them around a bit but they're so close together all you have to do is change one number in the address. For example I wanted to find the new AOB for the teleport address:
\x83\xEC\x08\x56\x8B\x74\x24\x10\x8D\x44\x24\x04 - 00430B10 - sub esp,08

So I went about finding it not by searching up the AOB with ?? and missing pieces but instead looking up the code sub esp,08 and came across the following:
\x83\xEC\x08\x56\x8D\x44\x24\x04\x8B\x74\x24\x10 - 00430D10 - sub esp,08

And done, that is the new AOB you need to substitute in. All you have to do is find the code in rPT's old client (Fortunately the old game client is still downloadable on the site) and then look it up in the new one. Easy as that.

Finding the array's is no problem at all. Yes rPT changed them around a bit but they're so close together all you have to do is change one number in the address. For example I wanted to find the new AOB for the teleport address:
\x83\xEC\x08\x56\x8B\x74\x24\x10\x8D\x44\x24\x04 - 00430B10 - sub esp,08

So I went about finding it not by searching up the AOB with ?? and missing pieces but instead looking up the code sub esp,08 and came across the following:
\x83\xEC\x08\x56\x8D\x44\x24\x04\x8B\x74\x24\x10 - 00430D10 - sub esp,08

And done, that is the new AOB you need to substitute in. All you have to do is find the code in rPT's old client (Fortunately the old game client is still downloadable on the site) and then look it up in the new one. Easy as that.

let's leave our argument we had , i have a question , let's say u fix the adress problme , game.exe will still kick u out so ... what are u gonna do about that
?

let's leave our argument we had , i have a question , let's say u fix the adress problme , game.exe will still kick u out so ... what are u gonna do about that
?

I haven't gone that far since I don't play rPT, but I highly doubt they'd put effective protection in that would kick out you out. The only real cyclic redundancy check (CRC) in the game is the validation addresses which Shard included so that bannings and logs wouldn't occur.

Finding the array's is no problem at all. Yes rPT changed them around a bit but they're so close together all you have to do is change one number in the address. For example I wanted to find the new AOB for the teleport address:
\x83\xEC\x08\x56\x8B\x74\x24\x10\x8D\x44\x24\x04 - 00430B10 - sub esp,08

So I went about finding it not by searching up the AOB with ?? and missing pieces but instead looking up the code sub esp,08 and came across the following:
\x83\xEC\x08\x56\x8D\x44\x24\x04\x8B\x74\x24\x10 - 00430D10 - sub esp,08

And done, that is the new AOB you need to substitute in. All you have to do is find the code in rPT's old client (Fortunately the old game client is still downloadable on the site) and then look it up in the new one. Easy as that.

Wait go back a step how did u find the new AOB in the first place? and like lets say i do find them SOME HOW how do i like replace the AOB in the old EXE do i change the EXE like the rPT-Client.exe or the Dll that we use to inject? and if i do want to change it how? like in c++ or what ever i need to use to change the AOB.

PS: i started to learn C++ :) i can make a little calculator lol.. not much use in find AOB cuz i dont even know what that is .. haha.. thx :)

Edit: oh and i was looking at the AOB \x83\xEC\x08\x56\x8B\x74\x24\x10\x8D\x44\x24\x04 - 00430B10 - sub esp,08 and i dont get it what are all the X.. and why do u use \ and what is the adress preffering to the 00430B10 and what does sub esp, 08 mean if would be REALLY help full if one of u guys can explain EACH parts of the AOB in detail or aleast what they do and mean :) srry if i am asking to make a TUT :P :)

Wait go back a step how did u find the new AOB in the first place? and like lets say i do find them SOME HOW how do i like replace the AOB in the old EXE do i change the EXE like the rPT-Client.exe or the Dll that we use to inject? and if i do want to change it how? like in c++ or what ever i need to use to change the AOB.

PS: i started to learn C++ :) i can make a little calculator lol.. not much use in find AOB cuz i dont even know what that is .. haha.. thx :)

You need to use a debugger such as Cheat Engine. I'll list what I did in steps.
1. Open Cheat Engine and us dxWND to open the OLD client of rPT.
2. Attach CE to Game.exe
3. Take the Array of byte (The numbers and letters between the /x's) and search it until you get your address.
4. Look at the opcode beside the address such as sub esp,08 and remember it.
5. Close the old rPT and open the new one and attach CE to game.exe
6. Go to the memory region near the address you found, and then search up the opcode (sub esp,08) from there.
7. Go to the new address and compare that AOB to the one in the PTApocalypse source code, if similar then that's what you're looking for.

The process of making a dll is a bit complicated so if you can give me the new AOB's then I'll compile the dll for you. :)

Edit: Let me split it up a bit so it makes more sense.

\x83\xEC\x08\x56\x8B\x74\x24\x10\x8D\x44\x24\x04 - 00430B10 - sub esp,08

\x83\xEC\x08\x56\x8B\x74\x24\x10\x8D\x44\x24\x04 Is how you write an AOB in c++. In debugging all you search up is 83 EC 08 56 8B 74 24 10 8D 44 24 04.

00430B10 Is the address which the array of byte codes for. Almost every address has a different array of byte.

sub esp,08 is the operation code (opcode) found at the address 00430B10. Addresses in general have different operation codes.

For more advanced users (You don't have to know this if you're just wanting to find the AOB's) sub esp,08 means subtract 8 from esp.

Tip: Since the new AOB is a tiny bit different than the old, the Address will be very similar (notice the tiny difference between the old address, 00430B10, and the new one, 00430D10.). The opcode will still be the same though.

does this work on rpt?, or could you just upload the good one?

does this work on rpt?, or could you just upload the good one?

That's only one of 9 AOB's, the rest you have to find and I won't be uploading a new dll unless I feel like it.

well what if i asked you really desperate and nice? :)

well what if i asked you really desperate and nice? :)

Unless you can give me the AOB's there's nothing more I'll do for you. :)

i can understand u information in programming i get 0points :S:Swere can i see the new code??

You need to use a debugger such as Cheat Engine. I'll list what I did in steps.
1. Open Cheat Engine and us dxWND to open the OLD client of rPT.
2. Attach CE to Game.exe
3. Take the Array of byte (The numbers and letters between the /x's) and search it until you get your address.
4. Look at the opcode beside the address such as sub esp,08 and remember it.
5. Close the old rPT and open the new one and attach CE to game.exe
6. Go to the memory region near the address you found, and then search up the opcode (sub esp,08) from there.
7. Go to the new address and compare that AOB to the one in the PTApocalypse source code, if similar then that's what you're looking for.

The process of making a dll is a bit complicated so if you can give me the new AOB's then I'll compile the dll for you. :)

Edit: Let me split it up a bit so it makes more sense.

\x83\xEC\x08\x56\x8B\x74\x24\x10\x8D\x44\x24\x04 - 00430B10 - sub esp,08

\x83\xEC\x08\x56\x8B\x74\x24\x10\x8D\x44\x24\x04 Is how you write an AOB in c++. In debugging all you search up is 83 EC 08 56 8B 74 24 10 8D 44 24 04.

00430B10 Is the address which the array of byte codes for. Almost every address has a different array of byte.

sub esp,08 is the operation code (opcode) found at the address 00430B10. Addresses in general have different operation codes.

For more advanced users (You don't have to know this if you're just wanting to find the AOB's) sub esp,08 means subtract 8 from esp.

Tip: Since the new AOB is a tiny bit different than the old, the Address will be very similar (notice the tiny difference between the old address, 00430B10, and the new one, 00430D10.). The opcode will still be the same though.

AIGht THX !! for the info i will use the old AOB you posted on top and will try to find the new ones :) with the info u gave me on this post :) after that u can compile the dll if u want :P or else any one if they feel they want to...

PS: this is my first tiem trring to find the AOB so they might turn out ugly.. meaning wrong lol cuz i dont know WTF i am doing :. that is how everyone starts out right? :) aight have to go somewere righ tnow but will try it when i have time :)

Oh and plz someone have the old exe file? like the game and the launger plz upload it i deleted mine :P thx :)

AIGht THX !! for the info i will use the old AOB you posted on top and will try to find the new ones :) with the info u gave me on this post :) after that u can compile the dll if u want :P or else any one if they feel they want to...

PS: this is my first tiem trring to find the AOB so they might turn out ugly.. meaning wrong lol cuz i dont know WTF i am doing :. that is how everyone starts out right? :) aight have to go somewere righ tnow but will try it when i have time :)

Oh and plz someone have the old exe file? like the game and the launger plz upload it i deleted mine :P thx :)

Ok, good luck. :) Let me know if you get any where close to finding the AOB's. If you do I'll compile the dll for you.

Here's a download link for the old rPT Game.exe:

http://www.speedyshare.com/393758509.html

Ok, good luck. :) Let me know if you get any where close to finding the AOB's. If you do I'll compile the dll for you.

Here's a download link for the old rPT Game.exe:

http://www.speedyshare.com/393758509.html

THx you so much will look at the old and the new and compare the AOB later when i get back tonight :) hope will get the AOB by tommor or the day after.. :)

dos that source code is v.b .net 2005 code?

becouse i can't open it with vb2005

my vb studio ask for vcproj , saying it missing and need to be installed , where can i get it?

dos that source code is v.b .net 2005 code?

becouse i can't open it with vb2005

my vb studio ask for vcproj , saying it missing and need to be installed , where can i get it?

It's a visual c++ project so try downloading the new 2008 Beta 2 version off of microsoft.com or you can just open PTApocalypseDLL.cpp in notepad. Once you get the AOB's you can give them to me and I'll compile the new DLL for your use only. :)

Oh, and here's another AOB. 7/9 to go.

Old:

0F BF 80 24 01 00 00 - 004B82C5 - movsx eax,word ptr [eax+00000124]

New:

0F BF 80 24 01 00 00 - 004B8546 - movsx eax,word ptr [eax+00000124]


Well, that AOB wasn't changed around. Easy one to find. :)

Edit: Oh, and people who are able to get me the AOB's will get added hack bonuses including Attack Speed Increase and Attack Range Increase ;)

It's a visual c++ project so try downloading the new 2008 Beta 2 version off of microsoft.com or you can just open PTApocalypseDLL.cpp in notepad. Once you get the AOB's you can give them to me and I'll compile the new DLL for your use only. :)

Oh, and here's another AOB. 7/9 to go.

Old:

0F BF 80 24 01 00 00 - 004B82C5 - movsx eax,word ptr [eax+00000124]

New:

0F BF 80 24 01 00 00 - 004B8546 - movsx eax,word ptr [eax+00000124]


Well, that AOB wasn't changed around. Easy one to find. :)

Edit: Oh, and people who are able to get me the AOB's will get added hack bonuses including Attack Speed Increase and Attack Range Increase ;)


i did tried to open with note pad but all i c is :
t׃U‹לƒל ƒהנְT$|$l$‹T$‹D

things like that

only thing i can c clearly is that name of maps u can teleport to and lvup rankup and that all :|

i need help to chage code into new patch who can help me?? ty i cant open format(.dll) with wat program can i open this??


plzplzplz post new hack:'(

When I try to compile the dll, my VC++ 2008 give me missing file error, what libs I need to compile? I have the news AOBs but no PM :[

for now ty, and sry for bad english...

i did tried to open with note pad but all i c is :
t׃U‹לƒל ƒהנְT$|$l$‹T$‹D

things like that

only thing i can c clearly is that name of maps u can teleport to and lvup rankup and that all :|

Ok, you'll need Visual Studio to open it. You can download it here:

http://www.microsoft.com/downloads/details.aspx?FamilyId=B98A61BA-99B0-40B7-AB6E-5386A2B94217&displaylang=en

i need help to chage code into new patch who can help me?? ty i cant open format(.dll) with wat program can i open this??


plzplzplz post new hack:'(

As I said just above, download Visual Studio from that link. It'll be able to open the .cpp. Also read my other posts in this topic to find out how to find the new AOB's.

When I try to compile the dll, my VC++ 2008 give me missing file error, what libs I need to compile? I have the news AOBs but no PM :[

for now ty, and sry for bad english...

Message me the AOB's and I'll compile the new dll for you. I'll also include attack speed increase and attack range increase. :)

ok so now i am tryin to find the new AOB BUT the old EXE that you uploaded wont run it askes for some dll so i put it on the game folder and when ever i clikc it just closes it wont stay running so i cant get the AOB ? how do i get the AOB if the game wont run -_- any help?

ok so now i am tryin to find the new AOB BUT the old EXE that you uploaded wont run it askes for some dll so i put it on the game folder and when ever i clikc it just closes it wont stay running so i cant get the AOB ? how do i get the AOB if the game wont run -_- any help?

You have to put the game.exe in the same folder as rPT so it over writes the new one. Run it with dxWND so you have window mode and there you go.

OK OK sweet i am getint this will have the list up in like 20-30 mins :)

ok one more question about
0F BF 80 24 01 00 00 00 4B82c5 movsx eax,word ptr [eax+00000124]

how come it shows up as 0F BF 80 24 01 00 00 90 33 05 28 CF BA 01 C3 90 and you dont use the rest after the 00 00 like th e00.. do i include that in the list?

OK OK sweet i am getint this will have the list up in like 20-30 mins :)

ok one more question about
0F BF 80 24 01 00 00 00 4B82c5 movsx eax,word ptr [eax+00000124]

how come it shows up as 0F BF 80 24 01 00 00 90 33 05 28 CF BA 01 C3 90 and you dont use the rest after the 00 00 like th e00.. do i include that in the list?

A full AOB is 16 byte's long however since there's so many combinations of AOB's, there will almost never be the same one out there thus why you can use a much shorter version to find the address you need.

i will send check it

i will send check it

I'll take a look at it tomorrow and compile the new dll for you. There is however, one more part to overcome after finding the new AOB's. Turns out they actually did implement a new method of protection (thus why the new 700kb increase in the client) but I only took 5 minutes to look into it because I'm going to bed soon. Looks pretty simple to me, "PTApocalypse" comes up a few times in the client meaning when it's process is detected the game will close. There's a couple solutions ranging from hiding the process from being the detected (may be possible), unpacking and packing (difficult), and others.

I'll take a look at it tomorrow and compile the new dll for you. There is however, one more part to overcome after finding the new AOB's. Turns out they actually did implement a new method of protection (thus why the new 700kb increase in the client) but I only took 5 minutes to look into it because I'm going to bed soon. Looks pretty simple to me, "PTApocalypse" comes up a few times in the client meaning when it's process is detected the game will close. There's a couple solutions ranging from hiding the process from being the detected (may be possible), unpacking and packing (difficult), and others.

oh man ok thx for the info will try to do something about it right now :) aight Gn get some sleep take to you in the morning :) by the way were u from? cuz its only 5:10 pm right here(california)

yeah absence thats what i tohught. i knew it wasnt just a change of aob. anyways good luck on all this.

hope fully we get someone to help us mod the exe or someone finds a way to bypass it.

Ps: cant u run the game and then inject the dll? like after the proection ends or something cuz the logo go away after like 2 secs.. so what if u run the dll after you log in or something... this when we have a working dll :P

I'll take a look at it tomorrow and compile the new dll for you. There is however, one more part to overcome after finding the new AOB's. Turns out they actually did implement a new method of protection (thus why the new 700kb increase in the client) but I only took 5 minutes to look into it because I'm going to bed soon. Looks pretty simple to me, "PTApocalypse" comes up a few times in the client meaning when it's process is detected the game will close. There's a couple solutions ranging from hiding the process from being the detected (may be possible), unpacking and packing (difficult), and others.
Ah, this could be fun. Upload the exe here, I will have a look at it. ;)

Sweet Thank you :) i have uplaoded the New Game Exe and the new rpt-client.exe cuz i think the protection is in client maybe? dunno.. havnt looked at anything yet :P kind of late here so will see tommore hope full we get the working dll after the AOB ... put togeater :) but any ways here is the link:

http://www.sendspace.com/file/zn8y7h

Sweet Thank you :) i have uplaoded the New Game Exe and the new rpt-client.exe cuz i think the protection is in client maybe? dunno.. havnt looked at anything yet :P kind of late here so will see tommore hope full we get the working dll after the AOB ... put togeater :) but any ways here is the link:

http://www.sendspace.com/file/zn8y7h

The protection should be in both exe's or else there'd be no point in having it. :P As for a way around it, I'll take a look at it now.

Oh, and I live in the UK which is +8 hours ahead of California. I used to live there a year ago so I know I'm missing out a lot on the weather. :P

Ah, this could be fun. Upload the exe here, I will have a look at it. ;)

Shard, I'm going to need you to take a look at this AOB:
old AOB 33 F9 89 B8 10 3A 00 00
It seems there was a rather drastic change including noppings and a call procedure.

I'll go through them all when I get them.

First byte pattern:
They've kept this one the same, but changed the code after it so the offset is wrong. All you have to do is change
pdwUserData = *(PDWORD*)( dwAddress - 4 );
pXorHP = *(short**)( dwAddress + 9 );
with
pdwUserData = *(PDWORD*)( dwAddress - 5 );
pXorHP = *(short**)( dwAddress + 10 );

and then we could cheat again ? :D and if we can , could someone upload these exe files :=) , so the noobies like me could understand smth 2 :)

and then we could cheat again ? :D and if we can , could someone upload these exe files :=) , so the noobies like me could understand smth 2 :)

:bunny: good idea bout the upload the exe, i dont understand anything from it

:bunny: good idea bout the upload the exe, i dont understand anything from it

If you're talking about the game exe's then I uploaded the old one in the first post. If you're asking for a bypass then have patience.

k i'll wait for bypass :)

absence, i dont get one thing lol :P how do i know if the NEw array of bits are right like and how do u know the old ones? like how do u find them in the first place?? maybe shard knows this.. but like you know how u get the opcode or soemthing and check that area.. how do i know which one is the write one because sometimes there are some AOB that are really close or sometime there are non that are close.. is there way of checking?? like and how do u know what the AOB do in the game... like how do u know if its HP hack for XP hack or tele or what ever...

[QUOTE=absence;1898169]The protection should be in both exe's or else there'd be no point in having it. :P As for a way around it, I'll take a look at it now.

Oh, and I live in the UK which is +8 hours ahead of California. I used to live there a year ago so I know I'm missing out a lot on the weather. :P

:) yea the weather here OWNs ALL :)

Ok, you'll need Visual Studio to open it. You can download it here:

http://www.microsoft.com/downloads/details.aspx?FamilyId=B98A61BA-99B0-40B7-AB6E-5386A2B94217&displaylang=en


ty , dowloading now and i hope i will give some help even with my poor knowledge in vb

ty , dowloading now and i hope i will give some help even with my poor knowledge in vb

everyones knowledge is poor at first as you start to do things using your weak knowledge it builds UP :) and thank you for actually trying to help :) not somepeople just are like "HAX PLz OK i Wll Waitzz" :)

I'll go through them all when I get them.

First byte pattern:
They've kept this one the same, but changed the code after it so the offset is wrong. All you have to do is change
pXorHP = *(short**)( dwAddress + 9 );
with
pXorHP = *(short**)( dwAddress + 10 );

How is that? The old AOB doesn't find anything until 04xxxxxx which gives the wrong address.

everyones knowledge is poor at first as you start to do things using your weak knowledge it builds UP :) and thank you for actually trying to help :) not somepeople just are like "HAX PLz OK i Wll Waitzz" :)

will be nice if any1 willhelp me a bit with this hacking thing , like hw to get those adress u get from the game.exe and stuff

if any1 interest explaining me this , my msnger is amitish@walla.co.il

:) as u can c , i really wonna learn and be part of the secces :rambo:

absence, i dont get one thing lol :P how do i know if the NEw array of bits are right like and how do u know the old ones? like how do u find them in the first place?? maybe shard knows this.. but like you know how u get the opcode or soemthing and check that area.. how do i know which one is the write one because sometimes there are some AOB that are really close or sometime there are non that are close.. is there way of checking?? like and how do u know what the AOB do in the game... like how do u know if its HP hack for XP hack or tele or what ever...



Yeah id like to know that as well. if i could get a solid answer, i think i might take a look at this too. doesnt seem too complex. If i knew how you find it in the first place, i think i might be able to understand better. Thanks.

since 04xxxxxx, there's a an offset of 200h. I sent an email to Shard for him to confirm

The new rpt vlient make it hard for cheating.

but an easy soln. check the new version, use ur old client (u might need to patch if using old kpt) and change the version.

if u dunno how to check client version and change it , I wont say anymore...

*TIps: client version is not the version that u see in game*

hahahoho have you tried it and has it worked?

The new rpt vlient make it hard for cheating.

but an easy soln. check the new version, use ur old client (u might need to patch if using old kpt) and change the version.

if u dunno how to check client version and change it , I wont say anymore...

*TIps: client version is not the version that u see in game*

Laugh out loud. It's harder than changing the registry version... trust me I've tried that a long long time ago. :)

anyone any luck on the new AOB? and dll

anyone any luck on the new AOB? and dll

Yeah, sorry. I've just been waiting for confirmation on some parts from Shard. I'll get you the new dll asap :)

oh ok thx :)

I wonder: which file calls the TerminateThread API? no way it can be the game.exe

Finding the array's is no problem at all. Yes rPT changed them around a bit but they're so close together all you have to do is change one number in the address. For example I wanted to find the new AOB for the teleport address:
\x83\xEC\x08\x56\x8B\x74\x24\x10\x8D\x44\x24\x04 - 00430B10 - sub esp,08

So I went about finding it not by searching up the AOB with ?? and missing pieces but instead looking up the code sub esp,08 and came across the following:
\x83\xEC\x08\x56\x8D\x44\x24\x04\x8B\x74\x24\x10 - 00430D10 - sub esp,08

And done, that is the new AOB you need to substitute in. All you have to do is find the code in rPT's old client (Fortunately the old game client is still downloadable on the site) and then look it up in the new one. Easy as that.


How come AOB can be different for a same opcode, I mean, what is the relation between AOB<->opcode? operators always have the same corresponding code but not the rest

hahahoho have you tried it and has it worked?

working. waiting to be banned at rpt lol

Laugh out loud. It's harder than changing the registry version... trust me I've tried that a long long time ago. :)
Stop talking something u dont know.
its as simple as 99 x 99

working. waiting to be banned at rpt lol


Stop talking something u dont know.
its as simple as 99 x 99

insted of saying u can ' prove it !

pictures !


bahh takes so long to download this visual studio 2008 zzz

3.6 gb with slow internet connection zzzzzzzzzzzzzzzzzzzz

How come AOB can be different for a same opcode, I mean, what is the relation between AOB<->opcode? operators always have the same corresponding code but not the rest

An AOB corresponds to the function of an opcode and is used at a much more basic level of debugging. Say you have two opcodes at different addresses:
00480000 - mov eax, 01 and 00530000 - mov eax,01

Basically that says to move one byte into eax. You noticed how an AOB looks something like xx xx xx xx xx xx xx xx and so on. When addresses have the same opcode they will have the same first couple bytes in the AOB for example "xx xx xx xx" xx xx xx xx ("xx" is the first same couple bytes). But, the rest of the bytes after that will differ because there has to be a way to differentiate all the other addresses with the same opcode. That is done with the rest of the bytes in the AOB, and why are they different? It's because of all of the rest of the code in that memory region. You'll notice how there's many different opcodes such as jmp xxxxxxxx, sub esp, xx and so on. When all those opcodes come together the value at certain points change which is why almost no AOB is the same.


Stop talking something u dont know.
its as simple as 99 x 99

Oh really? I'd like to see a video of you doing this. Getting an acceptance message isn't as easy as changing the register. The version is built into the game so either you'd have to debug it or unpack and pack it up again.

An AOB corresponds to the function of an opcode and is used at a much more basic level of debugging. Say you have two opcodes at different addresses:
00480000 - mov eax, 01 and 00530000 - mov eax,01

Basically that says to move one byte into eax. You noticed how an AOB looks something like xx xx xx xx xx xx xx xx and so on. When addresses have the same opcode they will have the same first couple bytes in the AOB for example "xx xx xx xx" xx xx xx xx ("xx" is the first same couple bytes). But, the rest of the bytes after that will differ because there has to be a way to differentiate all the other addresses with the same opcode. That is done with the rest of the bytes in the AOB, and why are they different? It's because of all of the rest of the code in that memory region. You'll notice how there's many different opcodes such as jmp xxxxxxxx, sub esp, xx and so on. When all those opcodes come together the value at certain points change which is why almost no AOB is the same.



Oh really? I'd like to see a video of you doing this. Getting an acceptance message isn't as easy as changing the register. The version is built into the game so either you'd have to debug it or unpack and pack it up again.

Like i said stop talking stuffs that u dont know...

i'm feeling abit generous,
It's just required a basic knowledge of setting up server.
tools that u need and tutorials... u can use any kpt base client provided below.hex workshop and stripper link is also included,

http://forum.ragezone.com/f286/resources-files-resources-thread-rft-242297/

if u still dunno how? , i guess u should just give up and play fair LOL...

i've just finished downloading the visual studio 2008 , installing now

i just hope there is still something to help with ^_^

edit:

ok all installed , now i need some1 to guid me pls cos i really wonna learn and help as much as possible :)

euhm, man i want to cheat again, but i cant help cause i dont know anything about these things you need to do

euhm, man i want to cheat again, but i cant help cause i dont know anything about these things you need to do

dude trust me just google stuff eventuly u will find info on how to do something or just read this fourm cuz absence told u a bit on how to help but that part is done.. however you can just try it to learn how to do it so the next time you can tell someone to just complire the dll cuz that still dontknow yet :P

The best way to get around it is to do what hahahoho said, to create your own custom game.exe and make it version 1865. I haven't gotten around to making the new exe because I've been so busy lately, and I have school in 2 days. Good luck, and I will still compile dll's if needed.

hahahoho gave some tips but still stay confused.

The part of the reg+ldata is easy but I don't get to know what to do with the unpacking/repacking stripper part.

The best way to get around it is to do what hahahoho said, to create your own custom game.exe and make it version 1865. I haven't gotten around to making the new exe because I've been so busy lately, and I have school in 2 days. Good luck, and I will still compile dll's if needed.

aww so u might not compile the dll at all? cuz that is what i need to try the bypasses and stuff i am tryin.. but yea i have school tommor. -_- suxs bad

Guys,

Look at the new updating of RPT, maybe change the direction of the elaboration of the hack.


Patch 1868 Update List
Friday, August 17, 2007

Hello rPT players :)

The following list is the update list of Patch Update 1868 that will be released on Saturday 18th of August:
- Added new map! Endless Tower Floor 1
- Added new map! Endless Tower Floor 2
- Added 12 new monsters
- Added 20 new items!
- Teleport Core will contain Endless Tower Floor 1 and 2 as teleport destinations
- Teleport Price increased to 75k excl. tax
- Nied price decreased
- Several other small changes and fixes

Detailed information:
- Endless Tower Floor 1 and 2 (105):
* You can enter the Endless Tower dungeon by visiting Milter (NPC) in Lost Temple in front of the Temple


http://72.232.241.154/index.asp?news=86

its not changing any antihack protection so i dont think it will matter.

absence if u could help me out on msn add me Insane_Killa2001@yahoo.com thanks

Guys,

Look at the new updating of RPT, maybe change the direction of the elaboration of the hack.


Patch 1868 Update List
Friday, August 17, 2007

Hello rPT players :)

The following list is the update list of Patch Update 1868 that will be released on Saturday 18th of August:
- Added new map! Endless Tower Floor 1
- Added new map! Endless Tower Floor 2
- Added 12 new monsters
- Added 20 new items!
- Teleport Core will contain Endless Tower Floor 1 and 2 as teleport destinations
- Teleport Price increased to 75k excl. tax
- Nied price decreased
- Several other small changes and fixes

Detailed information:
- Endless Tower Floor 1 and 2 (105):
* You can enter the Endless Tower dungeon by visiting Milter (NPC) in Lost Temple in front of the Temple


http://72.232.241.154/index.asp?news=86

use ur own custom client, patch it using the given tool. see the link provided on the page before, if u have tried to search it and tried it out but stuck at something, then i'm willing to help out. but specify what's ur prob.

ok hey hahahoho thank you im gonna say wat ive done and tryed and it hasnt worked... ok anyways I have try every old kpt version I have found even the old rpt game client I open the new client in hex editor I search for Ver: I copy all the code after that down to where it begins something like tooltip I paste that over rPT: then code or the other kpt version Ver: then code... and like it doesnt change the game version... any pointers.. I tryed stripper but it just gives me cannot unpack errors. thank for any help... also im very familiar with setting up own private server ive done this before thanks.

ok hey hahahoho thank you im gonna say wat ive done and tryed and it hasnt worked... ok anyways I have try every old kpt version I have found even the old rpt game client I open the new client in hex editor I search for Ver: I copy all the code after that down to where it begins something like tooltip I paste that over rPT: then code or the other kpt version Ver: then code... and like it doesnt change the game version... any pointers.. I tryed stripper but it just gives me cannot unpack errors. thank for any help... also im very familiar with setting up own private server ive done this before thanks.

u are not supposed to copy paste . read what i said above u need to manually patch it.

ok so I understand what your saying now the thing is I have windows vista and every game.exe client I try to unpack doesnt unpack it just says the file hasnt been created also I tryed this with stripper didnt work so I found a nice stripper here its called quick unpack it works with vista, xp, all versions of windows heres link
http://qunpack.ahteam.org/wp-content/uploads/2007/06/quickunpack101.zip

anyways I know u have to unpack the file before u go to hex cause if u dont then its impossible to read so anypointers, I really dont know wat version to use cause ive went to the private server setup page and try XPT1855 cause I cant find any other versions.. I even tryed download kpt but the game.exe wont run at all with rpt files.

thank in advice.

http://img407.imageshack.us/my.php?image=untitledps1.jpg

If you could also maybe add the client u used to patch this with, it would help out alot thx bro ;)

Hey guys I have only one question: Is the PTA still working for the new patch?
If it is, please tell me where can i download it..thanks

ok so I understand what your saying now the thing is I have windows vista and every game.exe client I try to unpack doesnt unpack it just says the file hasnt been created also I tryed this with stripper didnt work so I found a nice stripper here its called quick unpack it works with vista, xp, all versions of windows heres link
http://qunpack.ahteam.org/wp-content/uploads/2007/06/quickunpack101.zip

anyways I know u have to unpack the file before u go to hex cause if u dont then its impossible to read so anypointers, I really dont know wat version to use cause ive went to the private server setup page and try XPT1855 cause I cant find any other versions.. I even tryed download kpt but the game.exe wont run at all with rpt files.

thank in advice.

http://img407.imageshack.us/my.php?image=untitledps1.jpg

If you could also maybe add the client u used to patch this with, it would help out alot thx bro ;)

there is a latest kpt custom, kpt client release for download at the link provided. just download that and edit the reg so it will connect to the destination ip.

or u can dwonload the kpt test client. yeah its big -.-... but u dont have to do anything then just change the ip at the reg.

Hey guys I have only one question: Is the PTA still working for the new patch?
If it is, please tell me where can i download it..thanks

it works but depends on the server u playing.

there is a latest kpt custom, kpt client release for download at the link provided. just download that and edit the reg so it will connect to the destination ip.

or u can dwonload the kpt test client. yeah its big -.-... but u dont have to do anything then just change the ip at the reg.



it works but depends on the server u playing.

i can't find the kpt server :|

can u pls upload the game.exe from the kpt client ( not the 1 that u already edited)

i have slow internet connection so it can really help , and i really wonna try

thanks.

HOME_URL= local web server path??? I don't know what's the deal with the register page

Somebody could make step by step of as to use the AoB:wank: