Hb Usa Unpacked ^^

juggalo2 · Post by **juggalo2** » Sun May 14, 2006 12:08 am

lol close this posted this sint working why post if it dosnt even work come on now

Post by **binarydata** » Sun May 14, 2006 12:10 am

charlie wrote: no proof.

i told you and you didnt know it existed

Joshua - NIGATOR says:
unpacked 382
Joshua - NIGATOR says:
sex
adam- NIGATOR says:
80% unpacked
adam- NIGATOR says:
doesnt run

thought you were talking about the one klks gave me like a month ago

NOOD

Scale · Post by **Scale** » Sun May 14, 2006 12:36 am

juggalo2 wrote: lol close this posted this sint working why post if it dosnt even work come on now

Huh? it doesnt work?
Runs fine for me....

(and to solve the other problem i saw the post frist kek)

BlueChristmas · Post by **BlueChristmas** » Sun May 14, 2006 12:41 am

Scale wrote:
juggalo2 wrote: lol close this posted this sint working why post if it dosnt even work come on now
Huh? it doesnt work?
Runs fine for me....

(and to solve the other problem i saw the post frist kek)

doesn't run for me

Post by **charlie** » Sun May 14, 2006 12:57 am

yer crashes for me too

KLKS · Post by **KLKS** » Sun May 14, 2006 1:03 am

most prob its because of the hardcoded API offsets but this looks 99% completely unpacked, way better than what i did

u guys should post where it crashes so he can debug it

oh ya scale, on which tutorial did she do api redirection clearing ?

SlammeR · Post by **SlammeR** » Sun May 14, 2006 1:31 am

KLKS wrote: most prob its because of the hardcoded API offsets but this looks 99% completely unpacked, way better than what i did

u guys should post where it crashes so he can debug it

oh ya scale, on which tutorial did she do api redirection clearing ?

i opened, black screen appear, then closed automatic

juggalo2 · Post by **juggalo2** » Sun May 14, 2006 1:56 am

SlammeR wrote:
KLKS wrote: most prob its because of the hardcoded API offsets but this looks 99% completely unpacked, way better than what i did

u guys should post where it crashes so he can debug it

oh ya scale, on which tutorial did she do api redirection clearing ?
i opened, black screen appear, then closed automatic

same for me and otheres i talkied with

KaoZureS · Post by **KaoZureS** » Sun May 14, 2006 4:14 am

Arcivhe .rar Fail :S

snoopy81 · Post by **snoopy81** » Sun May 14, 2006 7:21 am

wish someone had told me of lena before.. so much better then those weird tuts ghost used to give me

<a href='http://www.tuts4you.com/tutorials/lena/' target='_blank'>http://www.tuts4you.com/tutorials/lena/</a>

Just saw the 1st one, it's great!
I was thinking it took me mounths to understand what can be found there !

Scale · Post by **Scale** » Sun May 14, 2006 8:12 am

Ahhh i dont have hb installed just the .exe, (then u just get the msg box saying u need to update)
and it ran after unpacking so that means that its one of 3 things (i hope).

Security check (crc / filesize etc)
incorrect jump
incorrect api

Since it closes without a error msg.
Now my problem is i cant see it lol hb pops up and then i cant see my olly nomore

Scale · Post by **Scale** » Sun May 14, 2006 9:16 am

it seems the problem is inside the call at: 004AED4A.
which goes to stolen bytes so copy the code from a 3.51 and fix it or add its section and redirect them jumps and calls there and it might run but im to lazy atm >D (and to tired)

snoopy81 · Post by **snoopy81** » Sun May 14, 2006 10:05 am

1- There is a HB windower around. Not perfect but may help...

2- there is a local command: /enabletogglescreen. It's in the 382 client too. If it's activated, you may use it... You may even call the "m_DDraw.ChangeDisplayMode(G_hWnd);" in earlly loading stage.
Here is a call sample from your client: ( from ::OnSysKeyUp(..) )

Code: Select all

00452A34  |. A1 14925700              MOV EAX,DWORD PTR DS:[579214]
00452A39  |. 50                       PUSH EAX                              ; /Arg1 => 00000000
00452A3A  |. 81C1 2C8D0000            ADD ECX,8D2C                          ; |
00452A40  |. E8 7BF5FAFF              CALL 00401FC0                          ; \HelGame_.

3- Found strange bytes:
// Generated by Hex Workshop
// HelGame 382 Scale.exe - Starting Offset: 809816 (0x000C5B58) Length: 30 (0x0000001E)

unsigned char rawData[30] = {
0xBF, 0xB9, 0xBB, 0xF3, 0xC4, 0xA1, 0x20, 0xBE, 0xCA, 0xC0, 0xBA, 0x20, 0xB9, 0xF6, 0xB1, 0xD7,
0xC0, 0xD4, 0xB4, 0xCF, 0xB4, 0xD9, 0x2E, 0x20, 0xA4, 0xD0, 0x2E, 0x2E, 0xA4, 0xD0,
} ;
Those bytes are suposed to be a string, and explain a reason for not obtaining a Pandent.
As I don't know what are suposed to be those "stolen bytes" ....

snoopy81 · Post by **snoopy81** » Sun May 14, 2006 1:02 pm

Reversing goes on, here a list of new MSGIDs....

Code: Select all

// reversed 3.60+ MSGIDs by Snoopy
  #define DEF_NOTIFY_SLATE_BERSERK    	0x0BED // Berserk magic casted!
  #define DEF_NOTIFY_LOTERY_LOST    	0x0BEE // You draw a blank. Please try again next time..
  #define DEF_NOTIFY_0BEF      	0x0BEF // Strange behaviour, but Crafting related
  #define DEF_NOTIFY_CRAFTING_SUCCESS    0x0BF0 // Crafting ok
  #define DEF_NOTIFY_CRAFTING_FAIL    	0x0BF1 // Crafting failed


  #define DEF_NOTIFY_ANGELIC_STATS    	0x0BF2 // Sends m_iAngelicStr, Int, Dex, Mag to client
  #define DEF_NOTIFY_ITEM_CANT_RELEASE    0x0BF3 // "Item cannot be released"
  #define DEF_NOTIFY_ANGEL_FAILED    	0x0BF4 // Failed receiving an Angel pandent
  #define DEF_NOTIFY_ANGEL_RECEIVED    	0x0BF5 // "You have received the Tutelary Angel"

  #define DEF_NOTIFY_SPELL_SKILL    	0x0BF6 // Loads Speell list skill list silentlly

#define DEF_COMMONTYPE_CRAFTITEM    0x0A28 // Craft item

And here is reversed client side functions:

Code: Select all

	case DEF_NOTIFY_SLATE_BERSERK:  // reversed by Snoopy: 0x0BED
  AddEventList( DEF_MSG_NOTIFY_SLATE_BERSERK, 10 );//"Berserk magic casted!"
  m_bUsingSlate = TRUE;
  break;
	
	case DEF_NOTIFY_LOTERY_LOST:  // reversed by Snoopy: 0x0BEE:	
  AddEventList( DEF_MSG_NOTIFY_LOTERY_LOST, 10 );//"You draw a blank. Please try again next time.."
  break;

	case DEF_NOTIFY_0BEF:    // 0x0BEF: // Snoopy: ? (Crafting related)
  // I'm noot sure at all of this function's result,
  // It should be a function like:
  _bCheckCraftItemStatus();
  break;

	case DEF_NOTIFY_CRAFTING_SUCCESS:	//reversed by Snoopy: 0x0BF0:
  DisableDialogBox(25);
  AddEventList(NOTIFY_MSG_HANDLER42, 10);  // "Item manufacture success!"
  PlaySound('E', 23, 5);
  switch (m_sPlayerType) {
  case 1:
  case 2:
  case 3:
  	PlaySound('C', 21, 0);
  	break;
  case 4:
  case 5:
  case 6:
  	PlaySound('C', 22, 0);
  	break;
  }
  break;

	case DEF_NOTIFY_CRAFTING_FAIL:  //reversed by Snoopy: 0x0BF1:
  cp = (char *)(pData	+ DEF_INDEX2_MSGTYPE + 2);
  ip = (int *)cp;
  iV1 = *ip; // Error reason
  switch (iV1) {
  case 1: 
  	AddEventList(DEF_MSG_NOTIFY_CRAFTING_NO_PART, 10);  // "There is not enough material"  
  	PlaySound('E', 24, 5);
  	break;
  case 2: 
  	AddEventList(DEF_MSG_NOTIFY_CRAFTING_NO_CONTRIB, 10);	// "There is not enough Contribution Point"	
  	PlaySound('E', 24, 5);
  	break;
  default:
  case 3: 
  	AddEventList(DEF_MSG_NOTIFY_CRAFTING_FAILED, 10);  // "Crafting failed"	
  	PlaySound('E', 24, 5);
  	break;
  }
  break;
	case DEF_NOTIFY_ANGELIC_STATS:  // reversed by Snoopy: 0x0BF2
  cp = (char *)(pData	+ DEF_INDEX2_MSGTYPE + 2);
  ip = (int *)cp;
  m_iAngelicStr = *ip;  // m_iAngelicStr
  cp +=4;
  ip = (int *)cp;
  m_iAngelicInt = *ip;  // m_iAngelicInt
  cp +=4;
  ip = (int *)cp;
  m_iAngelicDex = *ip;  // m_iAngelicDex
  cp +=4;
  ip = (int *)cp;
  m_iAngelicMag = *ip;  // m_iAngelicMag
  break;  	

	case DEF_NOTIFY_ITEM_CANT_RELEASE:	// reversed by Snoopy: 0x0BF3	
  AddEventList(DEF_MSG_NOTIFY_NOT_RELEASED , 10 );//"Item cannot be released"  	
  cp = (char *)(pData	+ DEF_INDEX2_MSGTYPE + 2);
  ItemEquipHandler(*cp);
  break;

	case DEF_NOTIFY_ANGEL_FAILED:  // reversed by Snoopy: 0x0BF4
  cp = (char *)(pData	+ DEF_INDEX2_MSGTYPE + 2);
  ip = (int *)cp;
  iV1 = *ip; // Error reason
  switch (iV1) {
  case 1: // "BFB9BBF3C4A120BECAC0BA20B9F6B1D7C0D4B4CFB4D92E20A4D02E2EA4D0" (Stolen bytes ?)
  	AddEventList(DEF_MSG_NOTIFY_ANGEL_FAILED , 10 ); //"Impossible to get a Tutelary Angel." // Invented by Snoopy.
  	break;
  case 2: //
  	AddEventList(DEF_MSG_NOTIFY_ANGEL_MAJESTIC , 10 );//"You need additional Majesty Points."
  	break;
  case 3: //
  	AddEventList(DEF_MSG_NOTIFY_ANGEL_LOW_LVL , 10 ); //"Only Majesty characters can receive Tutelary Angel"
  	break;
  }
  break;

	case DEF_NOTIFY_ANGEL_RECEIVED:  // reversed by Snoopy: 0x0BF5:	
  AddEventList(DEF_MSG_NOTIFY_ANGEL_RECEIVED, 10 );// "You have received the Tutelary Angel."
  break;

	case DEF_NOTIFY_SPELL_SKILL:  // reversed by Snoopy: 0x0BF6
  cp = (char *)(pData	+ DEF_INDEX2_MSGTYPE + 2);
  for (i = 0; i < DEF_MAXMAGICTYPE; i++)
  {	m_cMagicMastery[i] = *cp;
  	cp++;
  }
  for (i = 0; i < DEF_MAXSKILLTYPE; i++)
  {	m_cSkillMastery[i] = (unsigned char)*cp;
  	if (m_pSkillCfgList[i] != NULL)
    m_pSkillCfgList[i]->m_iLevel = (int)*cp;
  	cp++;
  }
  break;

NB: I did not test all this stuff as I'd need to code it server side too. Any ways, all Angel code released her (even mine) don't use the msg above.
Edit:
As I go on Crafting functions, I enconter a strange behaviour....
- Crafting uses a cfg, client side as Manuf, functions are coded to check if correct parts are present...
- But the Crft Box, is merelly a clip & paste from Alchemy bowl (even the positions are exactelly the sames...) It never cares to check if uses parts are part of a crafting receipe or not!
At this point, either I'm missing something important, or Siementec intended in the 1st place to build a full box system as for Manuf, but never finished it. . .

bolex17 · Post by **bolex17** » Sun May 14, 2006 1:27 pm

link to hb windower if you need it
<a href='http://www.unadvised.net/modules.php?na ... load&cid=5' target='_blank'>http://www.unadvised.net/modules.php?na ... d&cid=5</a>