Theres a bug in 3.51+ servers where you can bring up the resurretion window and revive yourself without the spell ever being casted this is a major bug for those who know how its the window value at value 45 it will open the window
good luck
Revival Bug (take 2)
Due to gayass server roll back im repeating this
Theres a bug in 3.51+ servers where you can bring up the resurretion window and revive yourself without the spell ever being casted this is a major bug for those who know how its the window value at value 45 it will open the window
good luck
Theres a bug in 3.51+ servers where you can bring up the resurretion window and revive yourself without the spell ever being casted this is a major bug for those who know how its the window value at value 45 it will open the window
good luck
Girlfriends are dedicated hookers.
with this bug you hack the client can auto revive yourself to 1/2 of your hp everytime the hp drop below certain level, maybe 50-100? That is like near invicibility. Warriors can solo nonstop. 
i dont have the skills to add that into a client you could even bypass the window -
binarydata
- DBfiller
- Posts: 3816
- Joined: Fri Oct 31, 2003 5:30 am
- Location: San Diego CA, USA
- Contact:
wow, what a cool bug
<img src='http://img88.exs.cx/img88/2290/7666.jpg' border='0' alt='user posted image' />
I need to know how to link these so you instantly revive when you die halp 
when you die code
revival code
when you die code
Code: Select all
00485C64 |. 66:8B86 DC2F07>MOV AX,WORD PTR DS:[ESI+72FDC]
00485C6B |. 66:3D 0100 CMP AX,1
00485C6F |. 7C 28 JL SHORT __HelGam.00485C99
00485C71 |. 66:3D 0600 CMP AX,6
00485C75 |. 7F 22 JG SHORT __HelGam.00485C99
00485C77 |. 66:8B86 D62F07>MOV AX,WORD PTR DS:[ESI+72FD6]
00485C7E |. 66:8B8E D82F07>MOV CX,WORD PTR DS:[ESI+72FD8]
00485C85 |. 889E EA330700 MOV BYTE PTR DS:[ESI+733EA],BL
00485C8B |. 66:8986 F02F07>MOV WORD PTR DS:[ESI+72FF0],AX
00485C92 |. 66:898E F22F07>MOV WORD PTR DS:[ESI+72FF2],CX
00485C99 |> 8D5424 0C LEA EDX,DWORD PTR SS:[ESP+C]
00485C9D |. 8BCF MOV ECX,EDI
00485C9F |. 52 PUSH EDX
00485CA0 |. 895C24 10 MOV DWORD PTR SS:[ESP+10],EBX
00485CA4 |. E8 07130200 CALL __HelGam.004A6FB0
00485CA9 |. 6A 01 PUSH 1
00485CAB |. 6A 0A PUSH 0A
00485CAD |. 68 04614C00 PUSH __HelGam.004C6104 ; ASCII "you have died!"
00485CB2 |. 8BCE MOV ECX,ESI
00485CB4 |. E8 E7BAF8FF CALL __HelGam.004117A0
00485CB9 |. 6A 01 PUSH 1
00485CBB |. 6A 0A PUSH 0A
00485CBD |. 68 C8604C00 PUSH __HelGam.004C60C8 ; ASCII " Click the restart button in the system menu to start again"
00485CC2 |. 8BCE MOV ECX,ESI
00485CC4 |. E8 D7BAF8FF CALL __HelGam.004117A0
00485CC9 |. 6A 01 PUSH 1
00485CCB |. 6A 0A PUSH 0A
00485CCD |. 68 A0604C00 PUSH __HelGam.004C60A0 ; ASCII " or click the Log Out button to exit"
00485CD2 |. 8BCE MOV ECX,ESI
00485CD4 |. E8 C7BAF8FF CALL __HelGam.004117A0
00485CD9 |. 5F POP EDI
00485CDA |. 5E POP ESI
00485CDB |. 5B POP EBX
00485CDC |. 59 POP ECX
00485CDD \. C2 0400 RETN 4
00485CE0 /$ 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
00485CE6 |. 6A FF PUSH -1
00485CE8 |. 68 FE554B00 PUSH __HelGam.004B55FE
00485CED |. 50 PUSH EAX
00485CEE |. 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+10]
00485CF2 |. 64:8925 000000>MOV DWORD PTR FS:[0],ESP
00485CF9 |. 83EC 7C SUB ESP,7C
00485CFC |. 83C0 06 ADD EAX,6
00485CFF |. 83C0 04 ADD EAX,4
00485D02 |. 53 PUSH EBXCode: Select all
00476CC6 |. E8 55730200 CALL __HelGam.0049E020 ; \__HelGam.0049E020
00476CCB |> 0FBFDE MOVSX EBX,SI
00476CCE |. 8DB7 1C7F0000 LEA ESI,DWORD PTR DS:[EDI+7F1C]
00476CD4 |. 8BCE MOV ECX,ESI
00476CD6 |. E8 A5BBF8FF CALL __HelGam.00402880
00476CDB |. 0FBFED MOVSX EBP,BP
00476CDE |. 8D43 14 LEA EAX,DWORD PTR DS:[EBX+14]
00476CE1 |. 8D8D C8000000 LEA ECX,DWORD PTR SS:[EBP+C8]
00476CE7 |. 8D50 0F LEA EDX,DWORD PTR DS:[EAX+F]
00476CEA |. 52 PUSH EDX ; /Bottom
00476CEB |. 51 PUSH ECX ; |Right
00476CEC |. 50 PUSH EAX ; |Top
00476CED |. 8D45 07 LEA EAX,DWORD PTR SS:[EBP+7] ; |
00476CF0 |. 50 PUSH EAX ; |Left
00476CF1 |. 8D4424 20 LEA EAX,DWORD PTR SS:[ESP+20] ; |
00476CF5 |. 50 PUSH EAX ; |pRect
00476CF6 |. FF15 14724B00 CALL DWORD PTR DS:[<&user32.SetRect>] ; \SetRect
00476CFC |. 6A 00 PUSH 0
00476CFE |. 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
00476D02 |. 68 A4474C00 PUSH __HelGam.004C47A4 ; ASCII "Someone intend to resurrect you."
00476D07 |. 51 PUSH ECX
00476D08 |. 8BCE MOV ECX,ESI
00476D0A |. E8 D1BBF8FF CALL __HelGam.004028E0
00476D0F |. 8BCE MOV ECX,ESI
00476D11 |. E8 AABBF8FF CALL __HelGam.004028C0
00476D16 |. 8BCE MOV ECX,ESI
00476D18 |. E8 63BBF8FF CALL __HelGam.00402880
00476D1D |. 8D43 23 LEA EAX,DWORD PTR DS:[EBX+23]
00476D20 |. 8D8D C8000000 LEA ECX,DWORD PTR SS:[EBP+C8]
00476D26 |. 8D50 0F LEA EDX,DWORD PTR DS:[EAX+F]
00476D29 |. 52 PUSH EDX ; /Bottom
00476D2A |. 51 PUSH ECX ; |Right
00476D2B |. 50 PUSH EAX ; |Top
00476D2C |. 8D45 07 LEA EAX,DWORD PTR SS:[EBP+7] ; |
00476D2F |. 50 PUSH EAX ; |Left
00476D30 |. 8D4424 20 LEA EAX,DWORD PTR SS:[ESP+20] ; |
00476D34 |. 50 PUSH EAX ; |pRect
00476D35 |. FF15 14724B00 CALL DWORD PTR DS:[<&user32.SetRect>] ; \SetRect
00476D3B |. 6A 00 PUSH 0
00476D3D |. 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
00476D41 |. 68 8C474C00 PUSH __HelGam.004C478C ; ASCII "Will you revive here?"
00476D46 |. 51 PUSH ECX
00476D47 |. 8BCE MOV ECX,ESI
00476D49 |. E8 92BBF8FF CALL __HelGam.004028E0
00476D4E |. 8BCE MOV ECX,ESI
00476D50 |. E8 6BBBF8FF CALL __HelGam.004028C0
00476D55 |. 0FBF7424 24 MOVSX ESI,WORD PTR SS:[ESP+24]
00476D5A |. 8D45 1E LEA EAX,DWORD PTR SS:[EBP+1E]
00476D5D |. 3BF0 CMP ESI,EAX
00476D5F |. 7C 33 JL SHORT __HelGam.00476D94
00476D61 |. 8D55 68 LEA EDX,DWORD PTR SS:[EBP+68]
00476D64 |. 3BF2 CMP ESI,EDX
00476D66 |. 7F 2C JG SHORT __HelGam.00476D94
00476D68 |. 0FBF4C24 28 MOVSX ECX,WORD PTR SS:[ESP+28]
00476D6D |. 8D53 41 LEA EDX,DWORD PTR DS:[EBX+41]
00476D70 |. 3BCA CMP ECX,EDX
00476D72 |. 7C 20 JL SHORT __HelGam.00476D94
00476D74 |. 8D53 55 LEA EDX,DWORD PTR DS:[EBX+55]
00476D77 |. 3BCA CMP ECX,EDX
00476D79 |. 7F 19 JG SHORT __HelGam.00476D94
00476D7B |. 8B8F 48820300 MOV ECX,DWORD PTR DS:[EDI+38248]
00476D81 |. 85C9 TEST ECX,ECX
00476D83 |. 74 30 JE SHORT __HelGam.00476DB5
00476D85 |. 8B97 78250700 MOV EDX,DWORD PTR DS:[EDI+72578]
00476D8B |. 6A 00 PUSH 0
00476D8D |. 6A 00 PUSH 0
00476D8F |. 52 PUSH EDXGirlfriends are dedicated hookers.
nope, I don't really play/explore HB since 3.2 update.charlie wrote: huhuhaha you aware of the slate bug? bring up window 43 and fill the slate in once then cancel then bring the window up again and you can make unlimited slates
The actual revival code is
Code: Select all
.text:004470F0 push 0
.text:004470F2 push 0
.text:004470F4 push 0
.text:004470F6 push 0
.text:004470F8 push 0
.text:004470FA push 0
.text:004470FC push 0
.text:004470FE push 0FC94214h
.text:00447103 mov ecx, esi ; move the base address to ecx
.text:00447105 call sub_405900
charlie I suggest u get IDA Pro. Exploring & analysing the code is much easier with it.
*note: I use injected section for easier reading.
Code: Select all
Auto-Revive
-----------
00457A60 . EA754500 dd HelFart.004575EA ; dead msg jump, dont change unless u want it ON by default
00457A60 . 00296000 dd HelFart.00602900
00602900 6A 00 push 0
00602902 6A 00 push 0
00602904 6A 00 push 0
00602906 6A 00 push 0
00602908 6A 00 push 0
0060290A 6A 00 push 0
0060290C 6A 00 push 0
0060290E 68 1442C90F push 0FC94214
00602913 8BCD mov ecx, ebp
00602915 E8 E62FE0FF call HelFart.00405900
0060291A -E9 CB4CE5FF jmp HelFart.004575EA
0060291F 90 nop
F12
---
004519A4 27124500 dd HelFart.00451227 ; F12 jumptable
004519A4 30296000 dd HelFart.00602930
00602930 83BD C42A0700 01 cmp dword ptr [ebp+72AC4], 1 ; CONTROL-key flag
00602937 -0F85 EAE8E4FF jnz HelFart.00451227 ; original jump loc
0060293D 33C0 xor eax, eax
0060293F 3905 20296000 cmp dword ptr [602920], eax ; Auto-Revive flag
00602945 75 12 jnz short HelFart.00602959
00602947 40 inc eax
00602948 C705 607A4500 00296000 mov dword ptr [457A60], HelFart.00602900 ; modify jumptable
00602952 BA A0296000 mov edx, HelFart.006029A0 ; ASCII "Auto-Revive ON"
00602957 EB 0F jmp short HelFart.00602968
00602959 BA B0296000 mov edx, HelFart.006029B0 ; ASCII "Auto-Revive OFF"
0060295E C705 607A4500 EA754500 mov dword ptr [457A60], HelFart.004575EA
00602968 A3 20296000 mov dword ptr [602920], eax
0060296D 6A 01 push 1
0060296F 6A 0A push 0A
00602971 52 push edx
00602972 8BCD mov ecx, ebp
00602974 E8 27EEE0FF call HelFart.004117A0
00602979 -E9 81EFE4FF jmp HelFart.004518FF
006029A0 db 'Auto-Revive ON'
006029B0 db 'Auto-Revive OFF'
or you prefer CTL-SHIFT-F12 to revive instead of auto-revive.
Code: Select all
Revive
------
004519A4 27124500 dd HelFart.00451227
004519A4 00286000 dd HelFart.00602800
00602800 83BD C42A0700 00 cmp dword ptr [ebp+72AC4], 0
00602807 -0F84 1AEAE4FF je HelFart.00451227
0060280D 83BD CC2A0700 00 cmp dword ptr [ebp+72ACC], 0
00602814 -0F84 0DEAE4FF je HelFart.00451227
0060281A 6A 00 push 0
0060281C 6A 00 push 0
0060281E 6A 00 push 0
00602820 6A 00 push 0
00602822 6A 00 push 0
00602824 6A 00 push 0
00602826 6A 00 push 0
00602828 68 1442C90F push 0FC94214
0060282D 8BCD mov ecx, ebp
0060282F E8 CC30E0FF call HelFart.00405900
00602834 -E9 C6F0E4FF jmp HelFart.004518FF
00602839 90 nop
now int is down 
Did this slate bug still work? how does it work actually? if u mean u can continue producing ancient slates even when your bag is empty then this is another stupid bug.charlie wrote: huhuhaha you aware of the slate bug? bring up window 43 and fill the slate in once then cancel then bring the window up again and you can make unlimited slates