Can you do a little explanation about how it is with version 8 please?
I tried all that I know of debugging and I didn't get any results :S
Can you do a little explanation about how it is with version 8 please?
I tried all that I know of debugging and I didn't get any results :S
Tibia is using CreateMutexA and then GetLastError API's to check if there's another client, put break point in CreateMutexA and when it breaks you are at the right place.
I'm gonna write tutorial about it though. (but when I have time)
Thanks for the explanation, it was all that I needed.
I hope some day i wont need that kind of help and can detect it with my own knowledge
Mini tut:
-Open Tibia client
-Open Olly DBG
-Open a Tibia executable with Olly DBG
-Right click -> Search for -> Name (label) in current mode
-Find CreateMutexA -> right click on it -> Set breakpoint on every reference
-click play
-Look at the near instruction "JNZ blablabla" and change it for "JMP blablabla"
-Save the changes
I think this may be the first time I've actually created a thread in any forum that became a sticky. Just a shame it's not working anymore. I had a quick look on 8.1 and I found another way instead of changing the JMP/JNZ as usual I just changed a 0 to a 1.
Have a look at F8715 (004F8715 if you're using olly)
00 to 01.
@UP:
The code you've posted refers to a gamemaster boolean. You can't login to CipSoft Servers with those ones :/
Haha ye I just realized I haven't even tried to log in to tibia since I downloaded it, quite hilarious. Thank you for checking it for me though, I probably never would've noticed it otherwise.
Ok, as noone is posting a videotut, one soon will appear (also with a patch prog!)
There are many possibilities of patching 8.0+ MC, like, patching the cond jump, moving 1 to al where the test al,al is ;p, etc, use your imagination xD!
yes, but jmp takes less clock cycles than cmp jpe
So here we go with video tutorial.Originally Posted by Nitros
Regards, Czepek!
EDIT:
For old clients: (As Jo3Bingham said):
Fire up OllyDBG and load Tibia. Press F9 hotkey.
Click right mouse button somewhere in ASM code, select:
Search for -> All referenced text strings
Find in new window: A Tibia client is already running!
Double click on line. You should be in place like:
[code=asm]0044DE45 . EB 0E JNZ SHORT Tibia.0044DE55
0044DE47 . 6A 30 PUSH 30
0044DE49 . 68 B4DA4800 PUSH Tibia.0048DAB4 ; ASCII "Tibia - Error"
0044DE4E . 68 08ED4800 PUSH Tibia.0048ED08 ; ASCII "A Tibia client is already running!"
0044DE53 .^EB CD JMP SHORT Tibia.0044DE22
0044DE55 > 6A 00 PUSH 0[/code]
Double click on line: JNZ SHORT blabla and replace JNZ for: JMP and press "Assemble".
Now in ASM code click using right mouse button and select:
Copy to executable -> All modifications, select "Copy All".
Once again right mouse button and choose "Save file"
Also video-tutorial for old protocols.
Everything pre-8.0 doesn't use mutex, and the easiest way to do it is to search for all referenced text strings then search for "A Tibia client is already running." (or something like that), and get the address from the JNZ or JMP two lines up. You can see on the left side the value for pre-8.0 adresses hold the value 0x7B instead of 0x75 in 8.0+, but they use the same patch value of 0xEB. I would know because I had the pleasure of making a safe MC for every MC-able client on tibiaclients.com (7.1-8.6).