Ok i know this has probably rumbled through peeps head one time or another and maybe im totally insane if i think this could work. Funny i have all these damn ideas but no knowledge to make them work. Plus im sure they have all been tried but.......
Say you copy your entire ravenshield folder pack onto another harddrive or another portion of your harddrive. Is there anyway to load up all the scripts that everyone worked on such as norecoil, no smoke, etc.. however when pb does a search for the correct scripts it searches the path that the original ravenshield folder was installed thus reading the untouched scripts leaving you free to use your fastmover scripts and all without the hassel of pb scanning the modified files but the original ones that came on the cd? if this is attainable could someone please steer me in the right direction?

ok first of all you would have to copy ALL files, that includes the registry files, and i highly doubt you could do that, you also need to copy the pb files (wich should be in your system folder with all your scripts) that mean pb will scan you ravenshield directory it will also scan the entire drive that you run the ravenshield.exe from (pb will only scan the drive if you run the ravenshield.exe thats on that drive[i believe thats the only way that the scripts can work too])

but what ever the case it aint gunna work to easily

I've described this process hundreds of time before. Goddamnit noone listens to me :ninja::dead::hurt::sleep::mad::alien:

My latest post regarding this: http://www.mpcforum.com/showpost.php?p=861423&postcount=49 :(

I've described this process hundreds of time before. Goddamnit noone listens to me :ninja::dead::hurt::sleep::mad::alien:

My latest post regarding this: http://www.mpcforum.com/showpost.php?p=861423&postcount=49 :(


Well you have to excuse the fact that i dont know what the hell im doing im trying to learn so sorry i didnt quite grasp the idea of you call to write proccess. i figured there might have been an easier way.

Calling WriteProcessMemory has nothing to do with what you want to do. Nothing.

The information in the latter ppart of my post was what you were looking for, I'll quote it.I'm also surprised noone has had the brains to get around CVars flawlessly. Look at it this way: The game knows the original files will be in it's directory, right? And the game hashes those files and checks them against bad data, right? Well what would happen if you changed where the game thought the original files were but still loaded the ones in the directory like it's supposed to? Consider this.

Game knows original files are in "C:\Originals". But you want to change the game so it doesn't load the originals. Put the originals in "C:\Backup", and alter the games calls to hash those, but keep it so it loads from "C:\Originals". You just got by CVars.

And before you say "How the hell are we supposed to do that?", also consider the following information: The data your looking to change is a string. Also remember that data entered into the stack is in reverse order, and that when you use Pop to remove data from the stack it is done in a FIFO (First In = First Out) order.

So this:push ecx
push eax
Would be in this order:
And you would want to pop in this order:pop eax
pop ecx

What tools do we need to break this down? Are we breaking down the .exe file?

Actually you can achieve this without copying your ravenshield directory anywhere.

For break you can use softice , ollydbg

$T$, in order to get passed CVar checks properly you must provide the proper hashes to the server. There are two good ways to decieve the system: Grab the hash data from the original file on the fly using second copies of the main files, or by sending all the required information cardcoded. I prefer the first way, it means less effort is spent keeping the cheat's up-to date.

As for software, OllyDbg/SoftICE and Win32DASM are really the only tools I use to write most of my code.

Yeah well i dont have that much money to buy softice considering im only an E-4 in the military are the free ones as good as softice. Ive read a lot about softice everyone says its the top one?

for most poeple know how crack programme they use softice , but you can do all things for game hack whit ollydbg ( my opinion )

@DyslexicCheater i know you need grab hash , i dont know where exactly i need too search like rvs.exe---> core.dll or wahtever thx for reply :)


sorry for my bad english :)

Heres a nice website with lots of tuts on it ranging in diffirent fileds hope you all find this useful.

http://biw.rult.at/index.php?page=tuts

Silvertar: I use SoftICE in conjunction with Win32DASM. OllyDbg is substitutable though, in place of SoftICE.

All of the above software is free, except for SoftICE.

aaYaa: You get the MD5 Hash by using the MD5 (Message Digest 5) Algorithm on the file.

Below is a copy of my home-brew MD5 Algorithm Class Module. It handles the hashing exceptionally well, though it is written in Visual Basic 6. I would convert it to C++ if I had enough need to do so. MD5 for those that don't know is a very popular open-source one-way encryption cipher.'/*
' Message Digest 5 (MD5) Algorithm Class Module (Visual Basic 6)
' Written by DyslexicCheater/Dyndrilliac
'*/
Option Explicit

'= Class Constants
Private Const OFFSET_4 = 4294967296#
Private Const MAXINT_4 = 2147483647
Private Const S11 = 7
Private Const S12 = 12
Private Const S13 = 17
Private Const S14 = 22
Private Const S21 = 5
Private Const S22 = 9
Private Const S23 = 14
Private Const S24 = 20
Private Const S31 = 4
Private Const S32 = 11
Private Const S33 = 16
Private Const S34 = 23
Private Const S41 = 6
Private Const S42 = 10
Private Const S43 = 15
Private Const S44 = 21

'= Class Variables
Private State(4) As Long
Private ByteCounter As Long
Private ByteBuffer(63) As Byte

'= Class Properties
Property Get RegisterA() As String
RegisterA = State(1)
End Property
'-
Property Get RegisterB() As String
RegisterB = State(2)
End Property
'-
Property Get RegisterC() As String
RegisterC = State(3)
End Property
'-
Property Get RegisterD() As String
RegisterD = State(4)
End Property

'= Class Functions
'// Function to quickly digest a file into a hex string
Public Function DigestFileToHexStr(FileName As String) As String
Open FileName For Binary Access Read As #1
MD5Init
Do While Not EOF(1)
Get #1, , ByteBuffer
If Loc(1) < LOF(1) Then
ByteCounter = ByteCounter + 64
MD5Transform ByteBuffer
End If
Loop
ByteCounter = ByteCounter + (LOF(1) Mod 64)
Close #1
MD5Final
DigestFileToHexStr = GetValues
End Function

'// Function to digest a text string and output the result as a string
'// of hexadecimal characters.
Public Function DigestStrToHexStr(SourceString As String) As String
MD5Init
MD5Update Len(SourceString), StringToArray(SourceString)
MD5Final
DigestStrToHexStr = GetValues
End Function

'// A utility function which converts a string into an array of
'// bytes.
Private Function StringToArray(InString As String) As Byte()
Dim i As Integer
Dim bytBuffer() As Byte
ReDim bytBuffer(Len(InString))
For i = 0 To Len(InString) - 1
bytBuffer(i) = Asc(Mid(InString, i + 1, 1))
Next i
StringToArray = bytBuffer
End Function

'// Concatenate the four state vaules into one string
Public Function GetValues() As String
GetValues = LongToString(State(1)) & LongToString(State(2)) & LongToString(State(3)) & LongToString(State(4))
End Function

'// Convert a Long to a Hex string
Private Function LongToString(Num As Long) As String
Dim a As Byte
Dim b As Byte
Dim c As Byte
Dim d As Byte

a = Num And &HFF&
If a < 16 Then
LongToString = "0" & Hex(a)
Else
LongToString = Hex(a)
End If

b = (Num And &HFF00&) \ 256
If b < 16 Then
LongToString = LongToString & "0" & Hex(b)
Else
LongToString = LongToString & Hex(b)
End If

c = (Num And &HFF0000) \ 65536
If c < 16 Then
LongToString = LongToString & "0" & Hex(c)
Else
LongToString = LongToString & Hex(c)
End If

If Num < 0 Then
d = ((Num And &H7F000000) \ 16777216) Or &H80&
Else
d = (Num And &HFF000000) \ 16777216
End If

If d < 16 Then
LongToString = LongToString & "0" & Hex(d)
Else
LongToString = LongToString & Hex(d)
End If
End Function

'// Initialize the class - This must be called before a digest calculation
'// is started
Public Sub MD5Init()
ByteCounter = 0
State(1) = UnsignedToLong(1732584193#)
State(2) = UnsignedToLong(4023233417#)
State(3) = UnsignedToLong(2562383102#)
State(4) = UnsignedToLong(271733878#)
End Sub

'// MD5 Final SubRoutine
Public Sub MD5Final()
Dim dblBits As Double

Dim padding(72) As Byte
Dim lngBytesBuffered As Long

padding(0) = &H80

dblBits = ByteCounter * 8

' Pad out
lngBytesBuffered = ByteCounter Mod 64
If lngBytesBuffered <= 56 Then
MD5Update 56 - lngBytesBuffered, padding
Else
MD5Update 120 - ByteCounter, padding
End If


padding(0) = UnsignedToLong(dblBits) And &HFF&
padding(1) = UnsignedToLong(dblBits) \ 256 And &HFF&
padding(2) = UnsignedToLong(dblBits) \ 65536 And &HFF&
padding(3) = UnsignedToLong(dblBits) \ 16777216 And &HFF&
padding(4) = 0
padding(5) = 0
padding(6) = 0
padding(7) = 0

MD5Update 8, padding
End Sub

'// Break up input stream into 64 byte chunks
Public Sub MD5Update(InputLen As Long, InputBuffer() As Byte)
Dim II As Integer
Dim i As Integer
Dim J As Integer
Dim K As Integer
Dim lngBufferedBytes As Long
Dim lngBufferRemaining As Long
Dim lngRem As Long

lngBufferedBytes = ByteCounter Mod 64
lngBufferRemaining = 64 - lngBufferedBytes
ByteCounter = ByteCounter + InputLen
'// Use up old buffer results first
If InputLen >= lngBufferRemaining Then
For II = 0 To lngBufferRemaining - 1
ByteBuffer(lngBufferedBytes + II) = InputBuffer(II)
Next II
MD5Transform ByteBuffer

lngRem = (InputLen) Mod 64
'// The transfer is a multiple of 64 lets do some transformations
For i = lngBufferRemaining To InputLen - II - lngRem Step 64
For J = 0 To 63
ByteBuffer(J) = InputBuffer(i + J)
Next J
MD5Transform ByteBuffer
Next i
lngBufferedBytes = 0
Else
i = 0
End If

'// Buffer any remaining input
For K = 0 To InputLen - i - 1
ByteBuffer(lngBufferedBytes + K) = InputBuffer(i + K)
Next K

End Sub

'// MD5 Transformation SubRoutine
Private Sub MD5Transform(Buffer() As Byte)
Dim x(16) As Long
Dim a As Long
Dim b As Long
Dim c As Long
Dim d As Long

a = State(1)
b = State(2)
c = State(3)
d = State(4)

Decode 64, x, Buffer

' Round 1
FF a, b, c, d, x(0), S11, -680876936
FF d, a, b, c, x(1), S12, -389564586
FF c, d, a, b, x(2), S13, 606105819
FF b, c, d, a, x(3), S14, -1044525330
FF a, b, c, d, x(4), S11, -176418897
FF d, a, b, c, x(5), S12, 1200080426
FF c, d, a, b, x(6), S13, -1473231341
FF b, c, d, a, x(7), S14, -45705983
FF a, b, c, d, x(8), S11, 1770035416
FF d, a, b, c, x(9), S12, -1958414417
FF c, d, a, b, x(10), S13, -42063
FF b, c, d, a, x(11), S14, -1990404162
FF a, b, c, d, x(12), S11, 1804603682
FF d, a, b, c, x(13), S12, -40341101
FF c, d, a, b, x(14), S13, -1502002290
FF b, c, d, a, x(15), S14, 1236535329

' Round 2
GG a, b, c, d, x(1), S21, -165796510
GG d, a, b, c, x(6), S22, -1069501632
GG c, d, a, b, x(11), S23, 643717713
GG b, c, d, a, x(0), S24, -373897302
GG a, b, c, d, x(5), S21, -701558691
GG d, a, b, c, x(10), S22, 38016083
GG c, d, a, b, x(15), S23, -660478335
GG b, c, d, a, x(4), S24, -405537848
GG a, b, c, d, x(9), S21, 568446438
GG d, a, b, c, x(14), S22, -1019803690
GG c, d, a, b, x(3), S23, -187363961
GG b, c, d, a, x(8), S24, 1163531501
GG a, b, c, d, x(13), S21, -1444681467
GG d, a, b, c, x(2), S22, -51403784
GG c, d, a, b, x(7), S23, 1735328473
GG b, c, d, a, x(12), S24, -1926607734

' Round 3
HH a, b, c, d, x(5), S31, -378558
HH d, a, b, c, x(8), S32, -2022574463
HH c, d, a, b, x(11), S33, 1839030562
HH b, c, d, a, x(14), S34, -35309556
HH a, b, c, d, x(1), S31, -1530992060
HH d, a, b, c, x(4), S32, 1272893353
HH c, d, a, b, x(7), S33, -155497632
HH b, c, d, a, x(10), S34, -1094730640
HH a, b, c, d, x(13), S31, 681279174
HH d, a, b, c, x(0), S32, -358537222
HH c, d, a, b, x(3), S33, -722521979
HH b, c, d, a, x(6), S34, 76029189
HH a, b, c, d, x(9), S31, -640364487
HH d, a, b, c, x(12), S32, -421815835
HH c, d, a, b, x(15), S33, 530742520
HH b, c, d, a, x(2), S34, -995338651

' Round 4
II a, b, c, d, x(0), S41, -198630844
II d, a, b, c, x(7), S42, 1126891415
II c, d, a, b, x(14), S43, -1416354905
II b, c, d, a, x(5), S44, -57434055
II a, b, c, d, x(12), S41, 1700485571
II d, a, b, c, x(3), S42, -1894986606
II c, d, a, b, x(10), S43, -1051523
II b, c, d, a, x(1), S44, -2054922799
II a, b, c, d, x(8), S41, 1873313359
II d, a, b, c, x(15), S42, -30611744
II c, d, a, b, x(6), S43, -1560198380
II b, c, d, a, x(13), S44, 1309151649
II a, b, c, d, x(4), S41, -145523070
II d, a, b, c, x(11), S42, -1120210379
II c, d, a, b, x(2), S43, 718787259
II b, c, d, a, x(9), S44, -343485551


State(1) = LongOverflowAdd(State(1), a)
State(2) = LongOverflowAdd(State(2), b)
State(3) = LongOverflowAdd(State(3), c)
State(4) = LongOverflowAdd(State(4), d)

'// Zeroize sensitive information.
'// MD5_memset ((POINTER)x, 0, sizeof (x));
End Sub

Private Sub Decode(Length As Integer, OutputBuffer() As Long, InputBuffer() As Byte)
Dim intDblIndex As Integer
Dim intByteIndex As Integer
Dim dblSum As Double

intDblIndex = 0
For intByteIndex = 0 To Length - 1 Step 4
dblSum = InputBuffer(intByteIndex) + _
InputBuffer(intByteIndex + 1) * 256# + _
InputBuffer(intByteIndex + 2) * 65536# + _
InputBuffer(intByteIndex + 3) * 16777216#
OutputBuffer(intDblIndex) = UnsignedToLong(dblSum)
intDblIndex = intDblIndex + 1
Next intByteIndex
End Sub

'// FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
'// Rotation is separate from addition to prevent recomputation.
Private Function FF(a As Long, _
b As Long, _
c As Long, _
d As Long, _
x As Long, _
s As Long, _
ac As Long) As Long
a = LongOverflowAdd4(a, (b And c) Or (Not (b) And d), x, ac)
a = LongLeftRotate(a, s)
a = LongOverflowAdd(a, b)
End Function

Private Function GG(a As Long, _
b As Long, _
c As Long, _
d As Long, _
x As Long, _
s As Long, _
ac As Long) As Long
a = LongOverflowAdd4(a, (b And d) Or (c And Not (d)), x, ac)
a = LongLeftRotate(a, s)
a = LongOverflowAdd(a, b)
End Function

Private Function HH(a As Long, _
b As Long, _
c As Long, _
d As Long, _
x As Long, _
s As Long, _
ac As Long) As Long
a = LongOverflowAdd4(a, b Xor c Xor d, x, ac)
a = LongLeftRotate(a, s)
a = LongOverflowAdd(a, b)
End Function

Private Function II(a As Long, _
b As Long, _
c As Long, _
d As Long, _
x As Long, _
s As Long, _
ac As Long) As Long
a = LongOverflowAdd4(a, c Xor (b Or Not (d)), x, ac)
a = LongLeftRotate(a, s)
a = LongOverflowAdd(a, b)
End Function

'// Rotate a long to the right
Function LongLeftRotate(Value As Long, Bits As Long) As Long
Dim lngSign As Long
Dim lngI As Long
Bits = Bits Mod 32
If Bits = 0 Then LongLeftRotate = Value: Exit Function
For lngI = 1 To Bits
lngSign = Value And &HC0000000
Value = (Value And &H3FFFFFFF) * 2
Value = Value Or ((lngSign < 0) And 1) Or (CBool(lngSign And _
&H40000000) And &H80000000)
Next
LongLeftRotate = Value
End Function

'// Function to add two unsigned numbers together as in C.
'// Overflows are ignored!
Private Function LongOverflowAdd(Val1 As Long, Val2 As Long) As Long
Dim lngHighWord As Long
Dim lngLowWord As Long
Dim lngOverflow As Long

lngLowWord = (Val1 And &HFFFF&) + (Val2 And &HFFFF&)
lngOverflow = lngLowWord \ 65536
lngHighWord = (((Val1 And &HFFFF0000) \ 65536) + ((Val2 And &HFFFF0000) \ 65536) + lngOverflow) And &HFFFF&
LongOverflowAdd = UnsignedToLong((lngHighWord * 65536#) + (lngLowWord And &HFFFF&))
End Function

'// Function to add four unsigned numbers together as in C.
'// Overflows are ignored!
Private Function LongOverflowAdd4(Val1 As Long, Val2 As Long, Val3 As Long, Val4 As Long) As Long
Dim lngHighWord As Long
Dim lngLowWord As Long
Dim lngOverflow As Long

lngLowWord = (Val1 And &HFFFF&) + (Val2 And &HFFFF&) + (Val3 And &HFFFF&) + (Val4 And &HFFFF&)
lngOverflow = lngLowWord \ 65536
lngHighWord = (((Val1 And &HFFFF0000) \ 65536) + _
((Val2 And &HFFFF0000) \ 65536) + _
((Val3 And &HFFFF0000) \ 65536) + _
((Val4 And &HFFFF0000) \ 65536) + _
lngOverflow) And &HFFFF&
LongOverflowAdd4 = UnsignedToLong((lngHighWord * 65536#) + (lngLowWord And &HFFFF&))
End Function

'// Convert an unsigned double into a long
Private Function UnsignedToLong(Value As Double) As Long
If Value < 0 Or Value >= OFFSET_4 Then Error 6 ' Overflow
If Value <= MAXINT_4 Then
UnsignedToLong = Value
Else
UnsignedToLong = Value - OFFSET_4
End If
End Function

'// Convert a long to an unsigned double
Private Function LongToUnsigned(Value As Long) As Double
If Value < 0 Then
LongToUnsigned = Value + OFFSET_4
Else
LongToUnsigned = Value
End If
End Function

nice dC :) very thx .

but you can have md5 hash whit hexeditor . (and many others )

my question was : where i need too break for reverse that .

nice dC :) very thx .

but you can have md5 hash whit hexeditor . (and many others )

my question was : where i need too break for reverse that .
Well, I don't know of any hex editors that supply the MD5 Hash of the files viewed with them.

What exactly are you trying to reverse? The key to uncovering the path the game takes is tying events you can control with a value you can access.

Ok i got a copy of driverstudios 3.1 dont ask wont tell, anyways when i try to run softice it freezes my pc dont know whats going on. Im using it with xp sp2 any reasons as to why this is happening? How can i fix it?

http://www.learn2crack.com/08.txt
http://www.learn2crack.com/Greythorne's%20Tutorial%20SoftICE%20Setup.htm