Aug 5, Shaiya Patched

[vvayinsane]

If you have not already noticed shaiya has been patched once again..

[nknwn666]

creating nogg multiclient and climb now just woke up

LE: http://www.4shared.com/file/123265816/b ... /game.html

[shakey]

http://www.fileplanet.com/files/200000/203374.shtml

here is another Enjoy!

[Yorkshire]

TYTYTYTY Save my ass again ty all if anyones got a no gg guide could you send it to me pls pls would really like to do it my self but cant find the info tnx.

[Yorkshire]

nknwn666 what adresses are you using pls thx.

[nknwn666]

nogg+multiclient

Code: Select all

Before you begin:
Make a backup of your game.exe file. I normally just make a copy of it in the same folder, except rename it to game.bak. That way, if you screw things up, you can easily delete the bad file, and then rename game.bak back to game.exe.

STEP 1

Download OllyDbg. Download links are at the bottom of this post
Install and open OllyDbg.
Click File>Open or press F3
Navigate to the folder Shaiya is installed in. (this is probably in C:\AERIA GAMES\Shaiya, depending on install)
Open game.exe



STEP 2
In the big section that pops up, do the following:

Right Click>Search For>All intermodular Calls
In the window that appears /fills up with information, sort the results by destination. (this can be done by clicking on the column header)


Now remember that procedure. In the rest of this tutorial i will only be referring to it as searching for IC's.

STEP 3

So search for IC's and scroll down until you find kernel32.CreatMutexA. (in the destination column)
Double click on the first kernel32.CreatMutexA
3 lines under the line that is now highlighed (the kernel32.CreatMutexA), you should see JNZ SHORT game.<random numbers here> in the middle column.
Double click the JNZ bit, and in the small window that pops up, change JNZ to JMP and click Assemble


Code:

1: Search for All intermodular calls
2: Sort by Destination
3: Scroll down till u find USER32.FindWindowA, and double click on it
4: Under the command TEST EAX,EAX change 1st JE to JMP


STEP 4

Search for IC's
Scroll to find kernel32.GetCurrentProcessId, and double click on the first one.
A couple of lines up in the middle column should be JNZ game.(numbers)
Double click on it, and change the JNZ to JMP, and click Assemble.



STEP 5

Search for IC's
Scroll to find kernel32.CreateProcessA, and double click on the second last one.
Above that, about 5 or 6 lines up, will be PUSH 1, and InheritHandles = TRUE.
Double click on it, and change the PUSH 1 to PUSH 0, and click Assemble



STEP 6

Press Ctrl+F
In the Find Command window that appears, copy in MOV EAX,262
In the line that Olly navigates to, double click it, and change to the MOV EAX,262 to MOV EAX,755 then click Assemble



STEP 7

Right Click>Search for>All referenced text strings
Scroll to find ASCII "start game", and double click on it
About 5 lines under you should see JE game.(numbers)
Double click on it, and change the JE to JMP



STEP 8

Right Click>Search for>All referenced text strings
Scroll to find ASCII "nProtect GameGuard", and double click on it
Directly under it you should see JNZ SHORT game.(numbers)
Double click on it, and change the JNZ to JMP



STEP 9

Right Click>Copy to executable>All modifications
In the new window that appears, Right Click>Save File and save it in the Shaiya folder.



STEP 10

Make a copy of the shorcut on your desktop/start menu, and called it "No GG Shaiya" or something. You probably shouldnt delete the original shortcut, so that you can update shaiya when you need to. Sometimes an update will not patch the game.exe, but when it does then just follow the above steps again.
In the new shortcut you made, Right Click>Properties
In the bit that says "C:\Aeria Games\Shaiya\game.exe", add start game to the end.
Your new shortcut should look like "C:\Aeria Games\Shaiya\game.exe" start game
Click Ok and you are done!


Credits:
Jewbacca (Ploxoraus).
ZeroSignal.
Everyone else who contributed.

climb:

Code: Select all

Tools needed:

CE 5.x or higher
ollydbg

Steps:

1. Locate your X cood using CE.
2. Search using Float, Truncated, ie: If your X is 1234.56789 use 1234 as the initial search paramater.
3. After getting around 8-12 resutls, test your findings by adding +10/-10 to each of the results... If your character moves, then you've located your correct X coord. ( This is also tele hack )
4. onces obtained the X Coord " Find out what access this address ", There should be a sequences of op codes it follows, the one your interested in is as follows:

mov ebx,[edx]
After that you want to open memory viewer.
The following should be:

MOV
CMP
then follow by a Jump code

hint: change the JNZ to JMP
You have got yourself climb anywhere hack.

Get the address, open ollydbg and make the modification in the GAME.EXE respectively. Then your done.

I'm not here to spoon feed, I'm not here to give you step by step 100% spoon feed methods. I've already given WAY TOO MUCH hints... Anymore might result in a perma patch.

Regards,

Runner.

and how to nogg is already posted on the forum...http://www.solarstrike.net/phpBB3/viewt ... f=23&t=312

[Yorkshire]

Quick reply tyvm