Notes: v3.1

Private Discussion on Helbreath Hack Development, (Do not release hacks which are talked about in here to the rest of the forum unless you write the hacks)
Post Reply
charlie
Outpost4lyfe
Posts: 3324
Joined: Sun Apr 06, 2003 12:24 am
Location: Mt GOD
Contact:

Post by charlie »

CODE 

speed trap
----------
00462188  |. 8B8D 98980600            mov    ecx, dword ptr [ebp+69898]

00462188    E9 D6280000              jmp    HelFart.00464A63
0046218D    90                      nop


no cast delay
-------------
00464921  . 8D5424 3C                lea    edx, dword ptr [esp+3C]
00464925  . 8D8D E0D30600            lea    ecx, dword ptr [ebp+6D3E0]
0046492B  . 52                      push    edx
0046492C  . C74424 40 00000000      mov    dword ptr [esp+40], 0
00464934  . E8 B7B90300              call    HelFart.004A02F0
00464939&nbsp; . FF15 64124B00&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; call&nbsp; &nbsp; dword ptr [<&WINMM.timeGetTime>]&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ;&nbsp; WINMM.timeGetTime
0046493F&nbsp; . 8985 74D30600&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov&nbsp; &nbsp; dword ptr [ebp+6D374], eax

00464921&nbsp; &nbsp; EB 22&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; jmp&nbsp; &nbsp; short HelFart.00464945
00464923&nbsp; &nbsp; 90&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; nop
00464924&nbsp; &nbsp; 90&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; nop


magic pause
-----------
.text:00462765&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; push&nbsp; &nbsp; eax
.text:00462766&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov&nbsp; &nbsp; [esp+0F4h+var_D8], esi
.text:0046276A&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; call&nbsp; &nbsp; sub_4A02F0
.text:0046276F&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; call&nbsp; &nbsp; timeGetTime&nbsp; &nbsp; ; Get system time, in milliseconds

00462765&nbsp; . 50&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; push&nbsp; &nbsp; eax
00462766&nbsp; . 897424 1C&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov&nbsp; &nbsp; dword ptr [esp+1C], esi

00462765&nbsp; &nbsp; -E9 36EB1900&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; jmp&nbsp; &nbsp; HelFart.006012A0

006012A0&nbsp; 50&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; push&nbsp; &nbsp; eax
006012A1&nbsp; C74424 1C 01000000&nbsp; &nbsp; &nbsp; &nbsp; mov&nbsp; &nbsp; dword ptr [esp+1C], 1
006012A9&nbsp; -E9 BC14E6FF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; jmp&nbsp; &nbsp; HelFart.0046276A


P2P
---
004552D4&nbsp; |> 56&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; push&nbsp; &nbsp; esi&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ;&nbsp; Case B75 of switch 00451C87
004552D4&nbsp; &nbsp; EB 06&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; jmp&nbsp; &nbsp; short HelFart.004552DC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ;&nbsp; Case B75 of switch 00451C87
004552D6&nbsp; &nbsp; 90&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; nop

0040608B&nbsp; |. 8B95 A4DC0600&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov&nbsp; &nbsp; edx, dword ptr [ebp+6DCA4]
0040608B&nbsp; &nbsp; -E9 10B11F00&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; jmp&nbsp; &nbsp; HelFart.006011A0
00406090&nbsp; &nbsp; 90&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; nop

006011A0&nbsp; 83BD C4D80600 01&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; cmp&nbsp; &nbsp; dword ptr [ebp+6D8C4], 1
006011A7&nbsp; 75 10&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; jnz&nbsp; &nbsp; short HelFart.006011B9
006011A9&nbsp; 83BD BCD80600 00&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; cmp&nbsp; &nbsp; dword ptr [ebp+6D8BC], 0
006011B0&nbsp; 75 07&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; jnz&nbsp; &nbsp; short HelFart.006011B9
006011B2&nbsp; BA 00000000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov&nbsp; &nbsp; edx, 0
006011B7&nbsp; EB 06&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; jmp&nbsp; &nbsp; short HelFart.006011BF
006011B9&nbsp; 8B95 A4DC0600&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov&nbsp; &nbsp; edx, dword ptr [ebp+6DCA4]
006011BF&nbsp; -E9 CD4EE0FF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; jmp&nbsp; &nbsp; HelFart.00406091




This is the notes for the hack I done for v3.1. I'm using unpacked exe with a new section injected at offset 0x600000 (I need the extra section for the extra features etc). You don't need to inject additional section if you don't want to. You can modify the code at 601xxx/602xxx into 400xxx. Use ollydbg to reassemble the code. In my notes the first part of code is usually the original code & below it is the modified code.

My p2p hack is activated only when you press/hold shift (control key must be released) when login in. It is so that I can choose to login with or without p2p.
Girlfriends are dedicated hookers.
binarydata
DBfiller
Posts: 3816
Joined: Fri Oct 31, 2003 5:30 am
Location: San Diego CA, USA
Contact:

Post by binarydata »

ok i have given up on trying to add that stuff, its confusing
<img src='http://img88.exs.cx/img88/2290/7666.jpg' border='0' alt='user posted image' />
shandriz
&lt;3 bd long time
Posts: 866
Joined: Sun Oct 19, 2003 3:48 pm
Location: Las Vegas

Post by shandriz »

binarydata wrote: ok i have given up on trying to add that stuff, its confusing
agreed
ghostspider
Loyal fan
Posts: 402
Joined: Wed Nov 05, 2003 8:03 pm
Location: I've made a nice place inside myself

Post by ghostspider »

theres the tutorial you needed. umm, he did the same things that I did for the p2p hack :P (except that shift thing, too lazy to do such :) )
And if not lazy, I cant do anything with my server running. all those a-hole players complained to me about the server being down the day before yesterday, when I tried some hacking.
Anyways, I'm bored in endless hbhacking. it kind of does not give any new challanges anymore, its just repeating itself all the time, making the old hacks to new version... (exspecially cuz I cant play).
I'll be trying to learn some bot making and packet editing off some simple onlinegame - If I get the change of moving my hbserver to my friends machine for a week or something. lately I've been tired and pissed off :( methinks its because I havent had beer for a long time! and I think I'm getting flue :P
but but, HB is good game to start, the advanced gamehacking stuff, because many people have hacked it and its an easy game to take examples from and make tutorials.
I still think the best tutorials for starting gamehacking are found at:

<a href='http://www.s-i-n.com/chaos' target='_blank'>http://www.s-i-n.com/chaos</a>
^chaos^ has collected all the old tutorials to one site so you dont have to surf all around the net (helped him and same time the hbbuddy came out I released my first public helbreath hack, while I was practicing hackmaking in asm)

also, my friend, ddh's site <a href='http://digigaldh.net' target='_blank'>http://digigaldh.net</a>
has many good links to cracking / hacking / coding sites

I'm writing this because, as you've noticed from my faq at the helbreath hacks section, I'm poor at english and I'm not a good teacher, and those tutorials are really good, exspecially sheep's

--all you need is a bit common sense and trying :) look at me, I'm not the smartest person and I can do alot of stuff if I put my head on it.

--that sounded gay
charlie
Outpost4lyfe
Posts: 3324
Joined: Sun Apr 06, 2003 12:24 am
Location: Mt GOD
Contact:

Post by charlie »

how do you add offsets in ollydbg?
Girlfriends are dedicated hookers.
huhuhaha
Regular
Posts: 30
Joined: Wed Nov 19, 2003 12:10 pm

Post by huhuhaha »

If you mean goto offset the its CTRL-G.
Post Reply