|
|
|
Portal |
Downloads |
Arcade |
CD-Key Shop |
Register |
FAQ |
|
24th July 2005, 08:05
|
#1 |
|
Nill a Stewbie
Assassin
Join Date: 11th Mar 2004
Posts: 159
|
A lead on detection code
I have found code that accesses all of the data (addresses that hold gravity, etc) every several seconds. I am quite sure that this is the detection code, as it does this recursively throughout the data section.
005AACD7 - the routine that scans the data section (00625000 through 00660000) The routine is thus: Code:
005AACD7 /$ 55 PUSH EBP 005AACD8 |. 8BEC MOV EBP,ESP 005AACDA |. 837D 14 00 CMP DWORD PTR SS:[EBP+14],0 005AACDE |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] 005AACE1 |. 74 03 JE SHORT MapleSto.005AACE6 005AACE3 |. 314D 10 XOR DWORD PTR SS:[EBP+10],ECX 005AACE6 |> 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10] 005AACE9 |. 56 PUSH ESI 005AACEA |. 57 PUSH EDI 005AACEB |. 8B7D 0C MOV EDI,DWORD PTR SS:[EBP+C] 005AACEE |. 83FF 10 CMP EDI,10 005AACF1 |. 0F82 91010000 JB MapleSto.005AAE88 005AACF7 |. 8BF7 MOV ESI,EDI 005AACF9 |. 53 PUSH EBX 005AACFA |. C1EE 04 SHR ESI,4 005AACFD |> 0FB619 /MOVZX EBX,BYTE PTR DS:[ECX] 005AAD00 |. 8BD0 |MOV EDX,EAX 005AAD02 |. C1EA 18 |SHR EDX,18 005AAD05 |. 33D3 |XOR EDX,EBX 005AAD07 |. 8BD8 |MOV EBX,EAX 005AAD09 |. 8B0495 7050660>|MOV EAX,DWORD PTR DS:[EDX*4+665070] 005AAD10 |. C1E3 08 |SHL EBX,8 005AAD13 |. 33C3 |XOR EAX,EBX 005AAD15 |. 0FB659 01 |MOVZX EBX,BYTE PTR DS:[ECX+1] 005AAD19 |. 8BD0 |MOV EDX,EAX 005AAD1B |. C1EA 18 |SHR EDX,18 005AAD1E |. 33D3 |XOR EDX,EBX 005AAD20 |. 8B1495 7050660>|MOV EDX,DWORD PTR DS:[EDX*4+665070] 005AAD27 |. C1E0 08 |SHL EAX,8 005AAD2A |. 33D0 |XOR EDX,EAX 005AAD2C |. 8BC2 |MOV EAX,EDX 005AAD2E |. C1E8 18 |SHR EAX,18 005AAD31 |. C1E2 08 |SHL EDX,8 005AAD34 |. 41 |INC ECX 005AAD35 |. 0FB659 01 |MOVZX EBX,BYTE PTR DS:[ECX+1] 005AAD39 |. 33C3 |XOR EAX,EBX 005AAD3B |. 8B0485 7050660>|MOV EAX,DWORD PTR DS:[EAX*4+665070] 005AAD42 |. 33C2 |XOR EAX,EDX 005AAD44 |. 41 |INC ECX 005AAD45 |. 0FB659 01 |MOVZX EBX,BYTE PTR DS:[ECX+1] 005AAD49 |. 8BD0 |MOV EDX,EAX 005AAD4B |. C1EA 18 |SHR EDX,18 005AAD4E |. 33D3 |XOR EDX,EBX 005AAD50 |. 8B1495 7050660>|MOV EDX,DWORD PTR DS:[EDX*4+665070] 005AAD57 |. C1E0 08 |SHL EAX,8 005AAD5A |. 33D0 |XOR EDX,EAX 005AAD5C |. 41 |INC ECX 005AAD5D |. 0FB659 01 |MOVZX EBX,BYTE PTR DS:[ECX+1] 005AAD61 |. 8BC2 |MOV EAX,EDX 005AAD63 |. C1E8 18 |SHR EAX,18 005AAD66 |. 33C3 |XOR EAX,EBX 005AAD68 |. 8B0485 7050660>|MOV EAX,DWORD PTR DS:[EAX*4+665070] 005AAD6F |. C1E2 08 |SHL EDX,8 005AAD72 |. 33C2 |XOR EAX,EDX 005AAD74 |. 41 |INC ECX 005AAD75 |. 0FB659 01 |MOVZX EBX,BYTE PTR DS:[ECX+1] 005AAD79 |. 8BD0 |MOV EDX,EAX 005AAD7B |. C1EA 18 |SHR EDX,18 005AAD7E |. 33D3 |XOR EDX,EBX 005AAD80 |. 8B1495 7050660>|MOV EDX,DWORD PTR DS:[EDX*4+665070] 005AAD87 |. C1E0 08 |SHL EAX,8 005AAD8A |. 33D0 |XOR EDX,EAX 005AAD8C |. 41 |INC ECX 005AAD8D |. 0FB659 01 |MOVZX EBX,BYTE PTR DS:[ECX+1] 005AAD91 |. 8BC2 |MOV EAX,EDX 005AAD93 |. C1E8 18 |SHR EAX,18 005AAD96 |. 33C3 |XOR EAX,EBX 005AAD98 |. 8B0485 7050660>|MOV EAX,DWORD PTR DS:[EAX*4+665070] 005AAD9F |. C1E2 08 |SHL EDX,8 005AADA2 |. 33C2 |XOR EAX,EDX 005AADA4 |. 41 |INC ECX 005AADA5 |. 0FB659 01 |MOVZX EBX,BYTE PTR DS:[ECX+1] 005AADA9 |. 8BD0 |MOV EDX,EAX 005AADAB |. C1EA 18 |SHR EDX,18 005AADAE |. 33D3 |XOR EDX,EBX 005AADB0 |. 8B1495 7050660>|MOV EDX,DWORD PTR DS:[EDX*4+665070] 005AADB7 |. 41 |INC ECX 005AADB8 |. 0FB659 01 |MOVZX EBX,BYTE PTR DS:[ECX+1] 005AADBC |. C1E0 08 |SHL EAX,8 005AADBF |. 33D0 |XOR EDX,EAX 005AADC1 |. 8BC2 |MOV EAX,EDX 005AADC3 |. 41 |INC ECX 005AADC4 |. C1E8 18 |SHR EAX,18 005AADC7 |. 33C3 |XOR EAX,EBX 005AADC9 |. 8B0485 7050660>|MOV EAX,DWORD PTR DS:[EAX*4+665070] 005AADD0 |. 0FB659 01 |MOVZX EBX,BYTE PTR DS:[ECX+1] 005AADD4 |. C1E2 08 |SHL EDX,8 005AADD7 |. 33C2 |XOR EAX,EDX 005AADD9 |. 41 |INC ECX 005AADDA |. 8BD0 |MOV EDX,EAX 005AADDC |. C1EA 18 |SHR EDX,18 005AADDF |. 33D3 |XOR EDX,EBX 005AADE1 |. 8B1495 7050660>|MOV EDX,DWORD PTR DS:[EDX*4+665070] 005AADE8 |. C1E0 08 |SHL EAX,8 005AADEB |. 33D0 |XOR EDX,EAX 005AADED |. 41 |INC ECX 005AADEE |. 0FB619 |MOVZX EBX,BYTE PTR DS:[ECX] 005AADF1 |. 8BC2 |MOV EAX,EDX 005AADF3 |. C1E8 18 |SHR EAX,18 005AADF6 |. 33C3 |XOR EAX,EBX 005AADF8 |. 8B0485 7050660>|MOV EAX,DWORD PTR DS:[EAX*4+665070] 005AADFF |. 0FB659 01 |MOVZX EBX,BYTE PTR DS:[ECX+1] 005AAE03 |. C1E2 08 |SHL EDX,8 005AAE06 |. 33C2 |XOR EAX,EDX 005AAE08 |. 8BD0 |MOV EDX,EAX 005AAE0A |. C1EA 18 |SHR EDX,18 005AAE0D |. 33D3 |XOR EDX,EBX 005AAE0F |. 8B1495 7050660>|MOV EDX,DWORD PTR DS:[EDX*4+665070] 005AAE16 |. C1E0 08 |SHL EAX,8 005AAE19 |. 33D0 |XOR EDX,EAX 005AAE1B |. 41 |INC ECX 005AAE1C |. 0FB659 01 |MOVZX EBX,BYTE PTR DS:[ECX+1] 005AAE20 |. 8BC2 |MOV EAX,EDX 005AAE22 |. C1E8 18 |SHR EAX,18 005AAE25 |. 33C3 |XOR EAX,EBX 005AAE27 |. 8B0485 7050660>|MOV EAX,DWORD PTR DS:[EAX*4+665070] 005AAE2E |. C1E2 08 |SHL EDX,8 005AAE31 |. 33C2 |XOR EAX,EDX 005AAE33 |. 41 |INC ECX 005AAE34 |. 0FB659 01 |MOVZX EBX,BYTE PTR DS:[ECX+1] 005AAE38 |. 8BD0 |MOV EDX,EAX 005AAE3A |. C1EA 18 |SHR EDX,18 005AAE3D |. 33D3 |XOR EDX,EBX 005AAE3F |. 8B1495 7050660>|MOV EDX,DWORD PTR DS:[EDX*4+665070] 005AAE46 |. 41 |INC ECX 005AAE47 |. 0FB659 01 |MOVZX EBX,BYTE PTR DS:[ECX+1] 005AAE4B |. C1E0 08 |SHL EAX,8 005AAE4E |. 33D0 |XOR EDX,EAX 005AAE50 |. 41 |INC ECX 005AAE51 |. 8BC2 |MOV EAX,EDX 005AAE53 |. C1E8 18 |SHR EAX,18 005AAE56 |. 33C3 |XOR EAX,EBX 005AAE58 |. 8B0485 7050660>|MOV EAX,DWORD PTR DS:[EAX*4+665070] 005AAE5F |. 0FB659 01 |MOVZX EBX,BYTE PTR DS:[ECX+1] 005AAE63 |. C1E2 08 |SHL EDX,8 005AAE66 |. 33C2 |XOR EAX,EDX 005AAE68 |. 41 |INC ECX 005AAE69 |. 8BD0 |MOV EDX,EAX 005AAE6B |. C1EA 18 |SHR EDX,18 005AAE6E |. 33D3 |XOR EDX,EBX 005AAE70 |. 8B1495 7050660>|MOV EDX,DWORD PTR DS:[EDX*4+665070] 005AAE77 |. C1E0 08 |SHL EAX,8 005AAE7A |. 33C2 |XOR EAX,EDX 005AAE7C |. 41 |INC ECX 005AAE7D |. 83EF 10 |SUB EDI,10 005AAE80 |. 4E |DEC ESI 005AAE81 |.^0F85 76FEFFFF \JNZ MapleSto.005AACFD 005AAE87 |. 5B POP EBX 005AAE88 |> 85FF TEST EDI,EDI 005AAE8A |. 76 1A JBE SHORT MapleSto.005AAEA6 005AAE8C |> 0FB631 /MOVZX ESI,BYTE PTR DS:[ECX] 005AAE8F |. 8BD0 |MOV EDX,EAX 005AAE91 |. C1EA 18 |SHR EDX,18 005AAE94 |. 33D6 |XOR EDX,ESI 005AAE96 |. 8B1495 7050660>|MOV EDX,DWORD PTR DS:[EDX*4+665070] 005AAE9D |. C1E0 08 |SHL EAX,8 005AAEA0 |. 33C2 |XOR EAX,EDX 005AAEA2 |. 41 |INC ECX 005AAEA3 |. 4F |DEC EDI 005AAEA4 |.^75 E6 \JNZ SHORT MapleSto.005AAE8C 005AAEA6 |> 5F POP EDI 005AAEA7 |. 5E POP ESI 005AAEA8 |. 5D POP EBP 005AAEA9 \. C3 RETN It is as follows: Code:
0043BEFB |> 33DB /XOR EBX,EBX 0043BEFD |. 53 |PUSH EBX ; /Arg4 => 00000000 0043BEFE |. 53 |PUSH EBX ; |Arg3 => 00000000 0043BEFF |. 6A 02 |PUSH 2 ; |Arg2 = 00000002 0043BF01 |. 56 |PUSH ESI ; |Arg1 0043BF02 |. E8 D0ED1600 |CALL MapleSto.005AACD7 ; \MapleSto.005AACD7 0043BF07 |. 83C4 10 |ADD ESP,10 0043BF0A |. 8945 F0 |MOV DWORD PTR SS:[EBP-10],EAX 0043BF0D |> 8B87 98000000 |/MOV EAX,DWORD PTR DS:[EDI+98] 0043BF13 |. 85C0 ||TEST EAX,EAX 0043BF15 |. 74 20 ||JE SHORT MapleSto.0043BF37 0043BF17 |. 3B58 FC ||CMP EBX,DWORD PTR DS:[EAX-4] 0043BF1A |. 73 1B ||JNB SHORT MapleSto.0043BF37 0043BF1C |. 6A 01 ||PUSH 1 ; /Arg4 = 00000001 0043BF1E |. FF75 F0 ||PUSH DWORD PTR SS:[EBP-10] ; |Arg3 0043BF21 |. 8D04D8 ||LEA EAX,DWORD PTR DS:[EAX+EBX*8] ; | 0043BF24 |. FF70 04 ||PUSH DWORD PTR DS:[EAX+4] ; |Arg2 0043BF27 |. FF30 ||PUSH DWORD PTR DS:[EAX] ; |Arg1 0043BF29 |. E8 A9ED1600 ||CALL MapleSto.005AACD7 ; \MapleSto.005AACD7 0043BF2E |. 83C4 10 ||ADD ESP,10 0043BF31 |. 8945 F0 ||MOV DWORD PTR SS:[EBP-10],EAX 0043BF34 |. 43 ||INC EBX 0043BF35 |.^EB D6 |\JMP SHORT MapleSto.0043BF0D 0043BF37 |> 6A 00 |PUSH 0 0043BF39 |. 6A 0E |PUSH 0E 0043BF3B |. 8D4D E0 |LEA ECX,DWORD PTR SS:[EBP-20] 0043BF3E |. E8 FBCF0A00 |CALL MapleSto.004E8F3E 0043BF43 |. FF75 F0 |PUSH DWORD PTR SS:[EBP-10] 0043BF46 |. 8365 FC 00 |AND DWORD PTR SS:[EBP-4],0 0043BF4A |. 8D4D E0 |LEA ECX,DWORD PTR SS:[EBP-20] 0043BF4D |. E8 07DFFEFF |CALL MapleSto.00429E59 0043BF52 |. FF36 |PUSH DWORD PTR DS:[ESI] 0043BF54 |. 8D47 64 |LEA EAX,DWORD PTR DS:[EDI+64] 0043BF57 |. 6A 01 |PUSH 1 0043BF59 |. 56 |PUSH ESI 0043BF5A |. 6A 05 |PUSH 5 0043BF5C |. 50 |PUSH EAX 0043BF5D |. 8D4D E0 |LEA ECX,DWORD PTR SS:[EBP-20] 0043BF60 |. E8 4AD00A00 |CALL MapleSto.004E8FAF 0043BF65 |. 6A 00 |PUSH 0 0043BF67 |. 6A 04 |PUSH 4 0043BF69 |. 56 |PUSH ESI 0043BF6A |. E8 99621B00 |CALL MapleSto.005F2208 0043BF6F |. 834D FC FF |OR DWORD PTR SS:[EBP-4],FFFFFFFF 0043BF73 |. 83C4 0C |ADD ESP,0C 0043BF76 |. 8D4D E4 |LEA ECX,DWORD PTR SS:[EBP-1C] 0043BF79 |. 8906 |MOV DWORD PTR DS:[ESI],EAX 0043BF7B |. E8 BFBD0D00 |CALL MapleSto.00517D3F 0043BF80 |. 0FB706 |MOVZX EAX,WORD PTR DS:[ESI] 0043BF83 |. 6A 1F |PUSH 1F 0043BF85 |. 99 |CDQ 0043BF86 |. 59 |POP ECX 0043BF87 |. F7F9 |IDIV ECX 0043BF89 |. 85D2 |TEST EDX,EDX 0043BF8B |.^0F84 6AFFFFFF \JE MapleSto.0043BEFB ~nog_lorp
__________________
moo? Last edited by noglorp; 24th July 2005 at 08:17.. |
|
|
|
24th July 2005, 09:28
|
#2 |
|
#include <DeeZNutZ>
Necromancer of the Light
Join Date: 24th Apr 2005
Posts: 669
|
good now u dont have to find the address again when updates come
as for the memory editing, u cant, you must add your own in a empty region |
|
|
|
|
24th July 2005, 10:35
|
#3 |
|
Permanently Banned
Join Date: 13th Jul 2005
Location: NewJersey
Posts: 9
|
Even tho it would still be the same thing -_- zzzz
|
|
|
|
|
25th July 2005, 19:32
|
#4 |
|
L33T B4ND1T
Dark Lord
Join Date: 8th Jul 2005
Posts: 42
|
yea i see ecx is holding the address of gravity,etc. and incremented each time.. but wats with edx and 665070? that address is a 0, i tried changing and freezing it it d/c's.. this is a very good post lets keep it goinnn
|
|
|
|
 |
| Bookmarks |
| Thread Tools | |
|
|
 |
 |
