Make some guide

-StrikeR- · Post by **-StrikeR-** » Thu Jun 17, 2004 3:24 am

Hey guys i know charlie had left the forum, but the ones that are left why don´t you help out the newbies as i and make a sort of a guide for inserting the less complex codes as fast pot or fast cast plsss

Cyas

mistdreamz · Post by **mistdreamz** » Thu Jun 17, 2004 2:16 pm

launch ollydbg
in ollydbg load the client
once it has loaded the client push ctrl-g (goto address)
then right-click, binary, edit (cntrl-E)
key in the codes provided in this thread

for instance,
control-G

Code: Select all

004502A4

to go to the line
cntrl-E to edit and key in this code

Code: Select all

 C686 2FE80400 00

for no delay restart
then right click aniwhere after keying in the code, copy to executable>>all modifications
a new window should appear, right click aniwhere in and "save

mistdreamz · Post by **mistdreamz** » Thu Jun 17, 2004 2:19 pm

sorry bout the double post
but there's alredy a post teaching how to insert codes
<a href='http://unadvised.net/forum/index.php?showtopic=2614' target='_blank'>http://unadvised.net/forum/...?showtopic=2614</a>

-StrikeR- · Post by **-StrikeR-** » Thu Jun 17, 2004 6:06 pm

Yeah i have seen that guide, but can some1 can explain for example in no cast delay :

No cast delay
---------------
0045960F |. 8D5424 50 LEA EDX,DWORD PTR SS:[ESP+50]
00459613 |. 8D8D A4DD0400 LEA ECX,DWORD PTR SS:[EBP+4DDA4]
00459619 |. 52 PUSH EDX
0045961A |. C74424 54 0000>MOV DWORD PTR SS:[ESP+54],0
00459622 |. E8 19840300 CALL 2_20.00491A40
00459627 |. FF15 48224A00 CALL DWORD PTR DS:[<&winmm.timeGetTime>]; WINMM.timeGetTime
0045962D |. 8985 38DD0400 MOV DWORD PTR SS:[EBP+4DD38],EAX
00459633 |. 8D4424 30 LEA EAX,DWORD PTR SS:[ESP+30]

0045960F EB 22 JMP SHORT 2_20.00459633
00459611 90 NOP
00459612 90 NOP

here we can see the first column, that is the adress?

then we can see this: 8D5424 50 WTF is this, is the new code i have to insert??

and then we see this: LEA EDX,DWORD PTR SS:[ESP+50] what is this also??

In this code it is more easy to see what is each thing, but fot example in this code:

uninterruptible
---------------
.text:00484695 mov ecx, 5 ; case 0x6
.text:0048469A lea edi, [ebp+6E08Dh]
.text:004846A0 lea esi, [esp+0DCh+var_90]
.text:004846A4 xor edx, edx
.text:004846A6 repe cmpsw
.text:004846A9 jnz loc_48474C
.text:004846AF * lea eax, [esp+0DCh+var_B8]
.text:004846B3 xor edi, edi
.text:004846B5 * push eax
.text:004846B6 * lea ecx, [ebp+6D8A8h]
.text:004846BC * mov [esp+0E0h+var_B8], edi
.text:004846C0 * call sub_4A0640
.text:004846C5 lea esi, [ebp+6DBBCh]
.text:004846CB * mov dword ptr [ebp+6DCECh], 0FFFFFFFFh
.text:004846D5 mov ecx, esi
.text:004846D7 * mov [ebp+0Ch], di
.text:004846DB call sub_4A0660
.text:004846E0 cmp eax, 1
.text:004846E3 jnz short loc_48473C
.text:004846E5 push eax
.text:004846E6 push 0Ah
.text:004846E8 push offset aStoppedUsingTh; "Stopped using the skill."

004846AF . 8D4424 24 lea eax, dword ptr [esp+24]
004846B3 . 33FF xor edi, edi
004846B5 . 50 push eax
004846B6 . 8D8D A8D80600 lea ecx, dword ptr [ebp+6D8A8]
004846BC . 897C24 28 mov dword ptr [esp+28], edi
004846C0 . E8 7BBF0100 call HelFart.004A0640
004846C5 . 8DB5 BCDB0600 lea esi, dword ptr [ebp+6DBBC]
004846CB . C785 ECDC0600 FFFFFFFF mov dword ptr [ebp+6DCEC], -1
004846D5 . 8BCE mov ecx, esi
004846D7 . 66:897D 0C mov word ptr [ebp+C], di

004846AF 33FF xor edi, edi
004846B1 8DB5 BCDB0600 lea esi, dword ptr [ebp+6DBBC]
004846B7 8BCE mov ecx, esi
004846B9 EB 20 jmp short HelFart.004846DB
004846BB 90 nop(32)

in this code, WTf are the words that are at the right of the code??

pls explain those things :rolleyes:

mistdreamz · Post by **mistdreamz** » Fri Jun 18, 2004 2:41 pm

Code: Select all

No cast delay
---------------
0045960F |. 8D5424 50 LEA EDX,DWORD PTR SS:[ESP+50]
00459613 |. 8D8D A4DD0400 LEA ECX,DWORD PTR SS:[EBP+4DDA4]
00459619 |. 52 PUSH EDX
0045961A |. C74424 54 0000>MOV DWORD PTR SS:[ESP+54],0
00459622 |. E8 19840300 CALL 2_20.00491A40
00459627 |. FF15 48224A00 CALL DWORD PTR DS:[<&winmm.timeGetTime>]; WINMM.timeGetTime
0045962D |. 8985 38DD0400 MOV DWORD PTR SS:[EBP+4DD38],EAX
00459633 |. 8D4424 30 LEA EAX,DWORD PTR SS:[ESP+30]

o..i c wad u mean
this first part is the original code shown in odbg, unedited

the final result shud be like this wan:

Code: Select all

0045960F  EB 22 JMP SHORT 2_20.00459633
00459611     90 NOP
00459612     90 NOP

thus u cntr+E to key in the codes as stated in the prev post
these codes are the middle portion of the code above ^^^^^^^^

hope u are clearer now

asdfg · Post by **asdfg** » Sat Jul 24, 2004 7:08 pm

-StrikeR- wrote: Yeah i have seen that guide, but can some1 can explain for example in no cast delay :

No cast delay
---------------
0045960F |. 8D5424 50 LEA EDX,DWORD PTR SS:[ESP+50]
00459613 |. 8D8D A4DD0400 LEA ECX,DWORD PTR SS:[EBP+4DDA4]
00459619 |. 52 PUSH EDX
0045961A |. C74424 54 0000>MOV DWORD PTR SS:[ESP+54],0
00459622 |. E8 19840300 CALL 2_20.00491A40
00459627 |. FF15 48224A00 CALL DWORD PTR DS:[<&winmm.timeGetTime>]; WINMM.timeGetTime
0045962D |. 8985 38DD0400 MOV DWORD PTR SS:[EBP+4DD38],EAX
00459633 |. 8D4424 30 LEA EAX,DWORD PTR SS:[ESP+30]

0045960F EB 22 JMP SHORT 2_20.00459633
00459611 90 NOP
00459612 90 NOP

here we can see the first column, that is the adress?

then we can see this: 8D5424 50 WTF is this, is the new code i have to insert??

and then we see this: LEA EDX,DWORD PTR SS:[ESP+50] what is this also??

In this code it is more easy to see what is each thing, but fot example in this code:

uninterruptible
---------------
.text:00484695 mov ecx, 5 ; case 0x6
.text:0048469A lea edi, [ebp+6E08Dh]
.text:004846A0 lea esi, [esp+0DCh+var_90]
.text:004846A4 xor edx, edx
.text:004846A6 repe cmpsw
.text:004846A9 jnz loc_48474C
.text:004846AF * lea eax, [esp+0DCh+var_B8]
.text:004846B3 xor edi, edi
.text:004846B5 * push eax
.text:004846B6 * lea ecx, [ebp+6D8A8h]
.text:004846BC * mov [esp+0E0h+var_B8], edi
.text:004846C0 * call sub_4A0640
.text:004846C5 lea esi, [ebp+6DBBCh]
.text:004846CB * mov dword ptr [ebp+6DCECh], 0FFFFFFFFh
.text:004846D5 mov ecx, esi
.text:004846D7 * mov [ebp+0Ch], di
.text:004846DB call sub_4A0660
.text:004846E0 cmp eax, 1
.text:004846E3 jnz short loc_48473C
.text:004846E5 push eax
.text:004846E6 push 0Ah
.text:004846E8 push offset aStoppedUsingTh; "Stopped using the skill."

004846AF . 8D4424 24 lea eax, dword ptr [esp+24]
004846B3 . 33FF xor edi, edi
004846B5 . 50 push eax
004846B6 . 8D8D A8D80600 lea ecx, dword ptr [ebp+6D8A8]
004846BC . 897C24 28 mov dword ptr [esp+28], edi
004846C0 . E8 7BBF0100 call HelFart.004A0640
004846C5 . 8DB5 BCDB0600 lea esi, dword ptr [ebp+6DBBC]
004846CB . C785 ECDC0600 FFFFFFFF mov dword ptr [ebp+6DCEC], -1
004846D5 . 8BCE mov ecx, esi
004846D7 . 66:897D 0C mov word ptr [ebp+C], di

004846AF 33FF xor edi, edi
004846B1 8DB5 BCDB0600 lea esi, dword ptr [ebp+6DBBC]
004846B7 8BCE mov ecx, esi
004846B9 EB 20 jmp short HelFart.004846DB
004846BB 90 nop(32)

in this code, WTf are the words that are at the right of the code??

pls explain those things :rolleyes:

sorry, but the link that apeears in the post up, dosen't work, if you could tellme were did you find this, i would be very happy

thx

borgx · Post by **borgx** » Thu Jul 29, 2004 7:19 am

lmao oh thats a good one a self named newbie jumps right into uninterruptible.
*classic*