Bikin UCE and Search Address

Neh ada tutor ambil dari forum tetangga..
Bahasa Inggris Kale..........

~ UCE Tutorial ~
02/03/2007
Tutorial compiled together by me, from other peoples tut's. Credits at the bottom.

1. Programs Needed
- Actual Search and Replace v2.6.5 (Not neccesary, but makes things easier.)
Code:
Actual Search & Replace key:
IKiZhZL170UUvtoyVN5ginTgPygyaoVTh1+lRilFhOUMZaSlznNQKzPyWCxer7XsmolMvwx+hj5kblpQ
5ZJ6FE1

- Delphi7
- Windows Driver Development Kit
- CE Source

Keep a piece of paper and a pencil handy, or just open NotePad/WordPad.
You will be changing string's to different names so you'll need to know
what you changed them to.

2. Making the DBK32.sys

2a. Locate and open the file Driver.dat in the main CE Source with
NotePad. Then you will rename the variables to something of your choice.
(*Note: I have changed all the variables in to the word 'Whatever' with
a number, starting with 1 and so on.)

CEDRIVER53 ---> Whatever1
DBKProcList53 ---> Whatever2
DBKThreadList53 ---> Whatever3
dbk32.sys ---> Whatever.sys



2b. Open the DBKKernel folder, then open DBKDrvr.c with NotePad.
Use the find function and type in "hideme".
Ignore the first result, and the second search result that appears
should say: "//hideme (DriverObject)". Delete the // in front of hideme.

(*Note: This may cause the Blue Screen of Death for some users.)



2c. Open the files "SOURCES" and "sources.ce" with NotePad in the DBKKernel folder and replace them.

"TARGETNAME=DBK32" ---> "TARGETNAME=Whatever"

2d.
Using ASR, Path:(Main Source Folder)with the mask (memscan.c; DBKDrvr.c),
(Include Subfolders)
search and replace the following:

KeStackAttachProcess((PKPROCESS)selectedprocess,&apc_state); ----> KeAttachProcess((PEPROCESS)selectedprocess);
KeUnstackDetachProcess(&apc_state); ----> KeDetachProcess();

2e. Step Deleted - I don't know why this step doesn't work, but its not really needed.

2f. Now we'll compile the Whatever.sys (the file you changed DBK32.sys into).
Go to the DBKKernel directory and copy the address.
(*Note: Mine is "C:\Cheat Engine Delphi\Cheat Engine Delphi\DBKKernel" you may have saved yours some where else.)

Now open Windows XP Free Build, or Windows 2000 Free Build (Whichever version of windows your using.)

Start > All Programs > Development Kits > Windows DDK >
Build Environment > Windows XP > Windows XP Free Build Environment


When it opens, it will look like the DOS Prompt. All you do is type "cd "
(*Note: Add a space after 'cd' then Right Click > Paste. Press Enter.

After, that, type in "ce" and press Enter again. You'll see a lot of
text scramble by. Once it finishes, you should see "7 files compiled, 1
executable built", now you can close out.



3. Replacing Detected Strings

Open dbk32 folder, and open up "dbk32.dpr" with Delphi.
Go to View > Project Manager and expand "dbk32.dll".
Double click on "DBK32functions" to open.
Now Replace the following:

CEDRIVER52 ---> Whatever1 (This is the same thing as CEDRIVER53)
DBKProcList51 ---> Whatever2 (This is the same thing as DBKProcList53)
DBKThreadList51) ---> Whatever3 (This is the same thing as DBKThreadList53)



Once finished, Save all and close.

Now open Actual Search and Replace.

Go to File > Settings > Editor. Find your "delphi32.exe" file. Then press ok.
(*Note: It will most likely be under: "C:\Program Files\Borland\Delphi7\Bin\delphi32.exe"

Under the 'Options' tab, tick the box that says "include subfolders".
(*Note: Remember where this box is, you will be using it a lot.)

Under "Masks" enter: newkernelhandler.pas; DBK32funcionts.pas; DBK32.dpr
(*Note: Make sure you use a(n) semi-colon ( ; ) after each.)

Under "Path" input your main Cheat Engine directory.

Finally, tick the box under Mask that says "whole words".
(*Note: Whenver you press modify, you are modifying a file, NOT a line.)





Here are the list of detected strings you will be renaming:
(*Note: I went ahead and renamed them all, keeping with the "Whatever#"
theme. This is where the piece of paper & pencil / Note/WordPad come
in handy.)

VQE ---> Whatever4
OP ---> Whatever5
OT ---> Whatever6
NOP ---> Whatever7
RPM ---> Whatever8
WPM ---> Whatever9
VAE ---> Whatever10
CreateRemoteAPC ---> Whatever11
ReadPhysicalMemory ---> Whatever12
WritePhysicalMemory ---> Whatever13
GetPhysicalAddress ---> Whatever14
GetPEProcess ---> Whatever15
GetPEThread ---> Whatever16
ProtectMe ---> Whatever17
UnprotectMe ---> Whatever18
IsValidHandle ---> Whatever19
GetCR4 ---> Whatever20
GetCR3 ---> Whatever21
SetCR3 ---> Whatever22
GetSDT ---> Whatever23
GetSDTShadow ---> Whatever24
setAlternateDebugMethod ---> Whatever25
getAlternateDebugMethod ---> Whatever26
DebugProcess ---> Whatever27
StopDebugging ---> Whatever28
StopRegisterChange ---> Whatever29
RetrieveDebugData ---> Whatever30
GetThreadsProcessOffset ---> Whatever31
GetThreadListEntryOffset ---> Whatever32
GetDebugportOffset ---> Whatever33
GetProcessnameOffset ---> Whatever34
StartProcessWatch ---> Whatever35
WaitForProcessListData ---> Whatever36
GetProcessNameFromID ---> Whatever37
GetProcessNameFromPEProcess ---> Whatever38
GetIDTCurrentThread ---> Whatever39
GetIDTs ---> Whatever40
MakeWritable ---> Whatever41
GetLoadedState ---> Whatever42
ChangeRegOnBP ---> Whatever43
DBKSuspendThread ---> Whatever44
DBKResumeThread ---> Whatever45
DBKSuspendProcess ---> Whatever46
DBKResumeProcess ---> Whatever47
KernelAlloc ---> Whatever48
GetKProcAddress ---> Whatever49
Protect2 ---> Whatever50
test ---> Whatever51
useIOCTL ---> Whatever52
DBKGetDC ---> Whatever53

3a. Now it's time to save newkernelhandler.pas, DBK32functions.pas, and DBK32.dpr as new names.

Open the 3 files mentioned above. (Newkernelhandler is found in the main
directory. The other 2 files are located in the DBK32 Folder)

After opening them, go to File > Save As.

DBK32.dpr ---> Whatever.dpr (Save in dbk32 folder. You'll notice that "library DBK32" has changed to "library whatever")

DBK32functions.pas ---> Whateverfunctions.pas (Save in dbk32 folder.
You'll notice in Project Manager that "DBK32functions.pas" has changed
to "whateverfunctions.pas")

NewKernelHandler.pas ---> Whateverhandler.pas (Save in the main CE folder.)

Save All and Close.

3b. Now, search & replace the following in all files. Set "Mask" as *.* (Include Subfolders)

dbk32.sys ---> whatever.sys

dbk32.dll ---> whatever.dll



Now open whatever.dpr in Delphi. We will now compile whatever.dll.
Go to Project > Compile whatever.
Now, if you get "[Warning]" or "[Hint]" your fine. If you get "[Error]"
then you've done something wrong and have to recheck all the steps.



If you didn't recieve any errors, then whatever.dll will be in your main CE folder.

3c. Making CEHook

Use Actual Search and Replace again; Search for "myhook" (Include subfolders).

Rename myhook in the files CEHook.dpr and hypermode.pas ONLY.

myhook ---> Whatever54

Open CEHook.dpr with Delphi, located in the CEHook folder.

We'll comment out "system;" under "uses".
(*Note: To comment out, Add "//" before 'system'.)

After commenting it out, compile it.



3d. Creating Stealth

Go to Stealth folder, and open up stealth.dpr.

Compile it. ~ Thats it for this step!

3e. Renaming NewKernelHandler and CeFuncProc

Open cheatengine.dpr from your main CE folder.

Go to Project Manager and open 'NewKernelHandler.pas' & 'CeFuncProc.pas'.

Go to File > Save As. Save into your main CE folder.

NewKernelHandler.pas ---> WhateverHandler.pas (*Note: It will ask you if you want to replace, select 'Yes'.)

CeFuncProc.pas ---> Whatever55.pas

Save and close.

Use search and replace, and search for NewKernelHandler and CeFuncProc. (Do NOT include subfolders!). Mask is *.*

NewKernelHandler ---> WhateverHandler (Change it in every file EXCEPT the "NewKernelHandler.pas" file.)

CeFuncProc ---> Whatever55

3f. Changing Value Strings (Hex Values)

The values that we will be changing are: 00400000 , 7FFFFFFF , 80000000.
(*Note: We will be changing them into different values, NOT into letters/names.)

We'll use the basic windows calculator.

Go to Start > All Programs > Accesories > Calculator

Once open, click View > Scientific > Hex



Now, first enter one of the values (eg. 00400000).
Then, click the 'Dec' button and add a number. (Ex. +5. Do not subtract, as it may lead to errors in the future.)
Now, after you added a #, click on the 'Hex' button again and you will get your new value.

Now use Search and Replace and replace the old values with the new ones. (Include Subfolders!) Mask is *.*

Below are the examples I'm using, in which I added 5 to all.

00400000 ---> 00400005

7FFFFFFF ---> 80000004

80000000 ---> 80000005

3g. Changing words within the CheatEngine GUI

Now search (Do NOT include subfolders) and change:

nextscanbutton ---> Whatever56

scanvalue ---> Whatever57

scanvalue2 ---> Whatever58

ScanType ---> Whatever59

VarType ---> Whatever60

newscan ---> Whatever61

ScanText ---> Whatever62

syndic.com/ce ---> live.com (Change it to any website you want)

Next open up MainUnit.pas with Delphi and locate the following:

if messagedlg('Do you want to try out the tutorial?',mtconfirmation,[mbyes,mbno],0)=mryes then
shellexecute(0,'open','Tutorial.exe','','',sw_show);

Replace the "Tutorial" with "Project1" like this:

if messagedlg('Do you want to try out the tutorial?',mtconfirmation,[mbyes,mbno],0)=mryes then
shellexecute(0,'open','Project1.exe','','',sw_show);

Now save and close it

Now open up OpenSave.pas with Delphi and locate the following:

7 "Tutorial.exe":Application processname
Replace "Tutorial" with "Project1" like so:

7 "Project1.exe":Application processname (This is not detected, but change it so it will open up Project1 when prompted)

Then in openSave.pas with Delphi and locate the following: (this is only for CE 5.3)

if x<>'WhateverEngine' then
raise exception.Create('This is not a valid Whatever Engine table');
Now comment it out like so:

//if x<>'WhateverEngine' then
//raise exception.Create('This is not a valid Whatever Engine table');

Doing this will allow you to open other Cheat Tables(.CT), which are not saved by your engine.

Now save and close it .

3h. Now use search again. (Do NOT include subfolders) Mask is *.pas.
Change the following:

CheatEngine ---> WhateverEngine

cheat engine ---> Whatever Engine

3i. Configuring the Cheat Engine GUI

Open cheatengine.bpg from the main CE directory.
Using Project Manager, open "MainUnit" which is under "Cheatengine.exe".
Double clicking it will make the Cheat Engine GUI pop up.



In the GUI, look for the words "scan type" and "value type" faded in
grey. Click on the drag down box next to scan type. Here we are just
checking if you changed your strings correctly. After clicking the drop
down menu box. Look to the left of the screen under Object Treeview and
Object Inspector. Hopefully under Object Treeview, Whatever59 is
highlighted. Now look at Object Inspector and scroll down until you see
"name". Hopefully right next to it, there is a box that says Whatever59
also.

If you did this step correctly, repeat it with 'value type'.

Finally, click on the labels "ProtectMe2" and "crash me" which are next
to the red pointer on the GUI. Click on them and look inside 'Object
Inspector'. Go to "caption" and delete the words there. Do NOT click on
them and press delete, we still want them to be there, just no captions.


3j. Compiling cheatengine.exe

View project manager and click on the drop down menu.
Make sure 'Cheatengine.exe' is selected and NOT cheatengine.DEU, cheatengine.NLD, or cheatengine.RUS



Now, minimized Delphi and go to your main CE folder.
Right click in any empty space and select New > Text Document.
Rename that text document to "trainerwithassembler.exe"

Now go back into Delphi and Compile it.

After you attempt to compile, you WILL get errors. The first error you will get is:

[Error] autoassembler.pas(531): Undeclared identifier: 'KernelAlloc'

Look back to all the files you renamed (that you either wrote down or
typed in Note/WordPad). Find what you renamed it to and change it. In
this tutorial I used 'Whatever50'.

Now, After you've fixed this error, re compile it. You may / may not get
more errors, if you do, fix them and re compile until you have no
errors left.

4. Finishing

4a. Compiling Needed Files for UCE

Open Delphi.

(With Delphi) Open "systemcallsignal.dpr" in the 'SystemcallRetriever' folder. Compile.

Open "Systemcallretriever.dpr" in 'SystemcallRetriever' folder. (You will get some errors, so change them.)

Open "Kernelmoduleunloader.dpr" in the sub folder 'dbk32 \ kernelmodule unloader' folder.

4b. Other Stuff

First, make a copy of your edited source before you proceed, in case you make a mistake.

Now, Open "cheatengine.bpg" from your main directory; then "Save As" whateverengine.bpg in main directory. Then Close.

Reopen "cheatengine.bpg" from the main directory and Right Click on "cheatengine.exe" and select "View Source".

Save "cheatengine.dpr" as whateverengine.dpr & compile it and you will get "WhateverEngine.exe" (Your CE executable)
(*Note: The name "cheatengine.exe" in your Project Manager should change to "whateverengine.exe".)

4c. Compile all of these using Delphi:

- Pscan.dll (Pscan.dpr in injectedpointerscan folder)

- emptydll.dll (emptydll.dpr in SystemcallRetriever folder)

- emptyprocess.exe (emptyprocess.dpr in SystemcallRetriever folder)

- systemcallsignal.exe (systemcallsignal.dpr in SystemcallRetriever folder)

- Systemcallretriever.exe(change anything if needed) (Systemcallretriever.dpr in SystemcallRetriever folder)

- Kernelmoduleunloader.exe (Kernelmoduleunloader.dpr in "dbk32\Kernelmodule unloader" folder)

- Project1.exe (Project1.dpr in Tutorial folder)

4d. Files

Now you should have all of these files, so make a new folder and put them in it.

whateverengine.exe

driver.dat

whatever.sys

whatever.dll

stealth.dll

cehook.dll

PScan.dll

systemcallsignal.exe

systemcallretriever.exe

kernelmoduleunloader.exe

emptydll.dll

emptyprocess.exe

Project1.exe

5. Testing Your UCE

Open your CE & change the settings according to the pictures below.
They will most likely work, but if not, just mess with it a little.




File Associations ---> Don't tick ANYTHING

Plugins ---> Don't tick ANYTHING







IF reboot. Then dbk32.sys is detected. Remove it. IF detected again
dbk32.dll detected. Remove. IF deteced AGAIN, just play around. I can't
help you from there.

Optional Stuff

Changing Version Info. - Select Cheatengine.exe in Project Manager and
"right click > Options". Click "Version Info" tab. If you do not want
anything at the bottom to show, untick the box that says "include
version.....". Other than that, you can also edit the words at the
bottom like Company Name and File Description.
Changing Application Name, Help File and Icon. - Click the tab "Application" and from there, stuff is pretty self explanatory.
Changing Settings and About section. - In Project Manager, open up the
files "formsettingsunit" and "aboutunit". Click on the things that you
want to edit and change the captions in Object Inspector. (Give credz to
Dark Byte for making this source).


~ Credits ~
DarkByte
coolnammy1
rolling dice
romy
Zander
Thinso
sppow93
Me - for wasting my time compiling other people's tutorials into one decent (hopefully easy to understand) Tutorial.
MapleStory - for the game we love to hack ;o)
GameGuard - if it wasn't for them, I wouldn't be doing this right now =P
[You must be registered and logged in to see this link.]

(* The best forum in my opinion, even with all the leechers =/ )
GameGuardAttackerForum

[You must be registered and logged in to see this link.]

Disclaimer:
The contents provided in this document are for information purposes
only. If you get caught hacking; or banned from a game; with use of any
information within this document, I nor the web service provider will
not be held responsible. If you decide to, use at your own risk. Any
damages your computer may encounter while using any of the provided
information is strictly upon your own doing, and no one but yourself is
to be held responsible

TuTOr HexInG dan juga Search Memory Address..
Dapet Dari Forum Nyit~Nyit yg dolo wa kumpulin jadi satu..
________________________________________________________________________________
___________________
Sebenarnya ini sudah lama...............

Tutorial ini ditujukan untuk teman2 yg pengin belajar cracking.Saya
tidak akan menjelaskan langkah2 dari awal, saya anggap teman2 bisa
mencari sendiri procedure umum untuk cracking.Saya sengaja menempatkan
topik ini di forum [JaMu], soalnya tutor ini lebih mengarah ke cracking.

Baiklah kita langsung saja.

1. DISABLE LOAD NPROTECT
tujuan, agar so3d tidak menjalankan nprotect.

Hal pertama yg perlu diperhatikan adalah isi dari register eax.
kisi2: gunakan senjata utama cracker, BREAK POINT dan STEP BY STEP.

Set Breakpoint Tepat Sebelum Nprotect Load.

Nprotect Load !
Breakpoint: 638ED7 < Looping Eax !
Conditional BreakPoint : 638EE4 ESI>6A91BB

dari code bisa dilihat jika eax berisi 0, maka eksekusi jmp akan
dilaksanakan.kita hanya perlu melihat kode pada offset berapa nprotect
diload, setelah kita dapatkan, tinggal kita cari offset penyimpan offset
tsb.

This !:
EAX=00000000
Jump from 00638EE6

DS:[006A91C0]=0065955F (_so3d.0065955F) Patch Ke Ds:[006A91C0]=0000000
kita temui pada ds:[006A91C0] <== isi dari offset ini harus 0 agar nprotect tidak diload.

Setelah itu, patch dng hexa editor atau lain2nya.

2. So3d tanpa process update.
tujuan, biar so3d.exe bisa langsung diklick tanpa melalui process update.

cari breakpoint pada kotak pesan yg mengatakan "Jangan, Jangan lakukan ini...." <= kek perawan aja.

PARAMETER <> Jangan2 Lakukan INI
005091C8 |. 68 94956600 PUSH _so3d.00669594 ASCII "!@#$%^&*12qwaszx34erdfcv?!@#$%^&*"
005091CD |. 50 PUSH EAX
005091CE |. E8 8DB61200 CALL _so3d.00634860
005091D3 |. 85C0 TEST EAX,EAX
005091D5 |. 59 POP ECX
005091D6 |. 59 POP ECX
005091D7 75 21 JNZ SHORT _so3d.005091FA ;

Patch :
005091D7 EB 21 JMP SHORT _so3d.005091FA

note: langkah ini bisa di SKIP, diganti dengan menambahkan parameter
!@#$%^&*12qwaszx34erdfcv?!@#$%^&* saat menjalankan so3d.exe
tanpa process update.


3. NPROTECT SELF CHECKING
walaupun sudah di [JaMu], masih ada rutin yg selalu men-cek apakah nprotect hidup atau dikubur.
kisi2: breakpoin pada saat muncul popup "System Pencegahan Error[0]"

507F20 Call XXXX <== System Pencegahan Hack Error !

ORIGIN
004FD8CE |. 3B05 98696900 CMP EAX,DWORD PTR DS:[696998]
004FD8D4 |. A3 FC246D00 MOV DWORD PTR DS:[6D24FC],EAX
004FD8D9 0F84 BC000000 JE so3d.004FD99B <== Replace with Jmp 4FD99B
004FD8DF |. B9 9B000000 MOV ECX,9B
004FD8E4 |. 3BC1 CMP EAX,ECX

Replace:004FD8D9 E9 BD000000 JMP so3d.004FD99B
004FD8DE 90 NOP

search = 0F84 BC000000 B9 9B000000 3BC1
Replace = E9 BD000000 90


-Game AKAN TERHENTI OLEH SYSTEM PENCEGAHAN HACK[0] !

00504748 |. D81D 5CDE6500 FCOMP DWORD PTR DS:[65DE5C]
0050474E |. DFE0 FSTSW AX
00504750 |. F6C4 41 TEST AH,41
00504753 |. 75 4F JNZ SHORT _so3d.005047A4
00504755 |. E8 96301200 CALL _so3d.006277F0
0050475A |. 3B05 588C6900 CMP EAX,DWORD PTR DS:[698C58]
00504760 |. A3 AC456D00 MOV DWORD PTR DS:[6D45AC],EAX
00504765 |. 74 3D JE SHORT _so3d.005047A4 <== Replace With Jmp
00504767 |. 68 00010000 PUSH 100
0050476C |. BF 68446D00 MOV EDI,_so3d.006D4468 ; ASCII "Kode Error: Game akan berhenti oleh sistem

pencegahan Hack."
00504771 |. 57 PUSH EDI
00504772 |. 68 B1000000 PUSH 0B1
00504777 |. E8 F4C5F7FF CALL _so3d.00480D70
0050477C |. FF35 AC456D00 PUSH DWORD PTR DS:[6D45AC] ; /<%d> = 0
00504782 |. 57 PUSH EDI ; |<%s>
00504783 |. 68 9C826600 PUSH _so3d.0066829C ; |Format = "%s [%d] "
00504788 |. BF 68436D00 MOV EDI,_so3d.006D4368 ; |

PATCH :
00504765 EB 3D JMP SHORT _so3d.005047A4

- PENCEGAHAN HACK(0)

004F47F8 |. 3B05 588C6900 CMP EAX,DWORD PTR DS:[698C58]
004F47FE |. A3 AC456D00 MOV DWORD PTR DS:[6D45AC],EAX
004F4803 |. 74 3E JE SHORT _so3d.004F4843 <== PATCH menjadi JMP short 004f4843
004F4805 |. 68 00010000 PUSH 100
004F480A |. BE 68446D00 MOV ESI,_so3d.006D4468
004F480F |. 56 PUSH ESI
004F4810 |. 68 B1000000 PUSH 0B1
004F4815 |. E8 56C5F8FF CALL _so3d.00480D70


4. BUILD IN CHEAT.
HOT BLOOD ! (Khusus Warrior, job lain aku gak main soalnya.....hehhehee)
Fungsi ini adalah, kalau anda mengaktifkan hotblood, maka hotblood tidak akan pernah hilang selama tidak ganti map.

004E0A63 |. FF75 D8 PUSH DWORD PTR SS:[EBP-28] ; /Arg4
004E0A66 D80D FCCE6500 FMUL DWORD PTR DS:[65CEFC] < nop kan ! selamanya Hot Blood004E0A6C |. 8BF8 MOV EDI,EAX ; |
004E0A6E |. 56 PUSH ESI ; |Arg3
004E0A6F |. 51 PUSH ECX ; |Arg2
004E0A70 |. 8B0D CCB06D00 MOV ECX,DWORD PTR DS:[6DB0CC] ; |
004E0A76 |. D91C24 FSTP DWORD PTR SS:[ESP] ; |
004E0A79 |. 6A 02 PUSH 2 ; |Arg1 = 00000002

Itu saja, mudah2an bisa membantu.

interest :
- coba cari skill lain/job lain, biar bertahan selamanya spt hotblood.

Bagi yang tidak mau pusing2.Silakan Download so3d(N).exe disini, isinya
ada dua file, so3d(N).exe dan nsoftect.dll(penggantinya nprotect,
jamilah gi "M" jadi perlu pembalut).
extract file tsb ke folder seal, nama file so3d(n).exe tidak perlu
diganti, jadi tidak akan menimpa so3d.exe yang asli.untuk menjalankan
[JaMu], klik aja so3d(n).exe, untuk menjalankan seal yg asli, klik di
desktop spt biasa.

BUILT IN CHEAT:
warrior ya, aku gak main job lain soalnya, cheat lainnya cari sendiri deh.

- XP tidak akan pernah berkurang dalam 1 map.jadi kamu bisa combo terus.
- SKILL HOTBLOOD tidak akan hilang dalam 1 map(ngirit mp kali)

CHEAT LAIN:
karena sudah di [JaMu], maka tsearch dan wpe bisa digunakan.
- Pet 1 jam bisa siap evo. kisi2, wpe.
- rose, bisa didapatkan kapanpun anda mau, kisi2 tsearch.
- level, bisa diedit untuk clientside, gunanya, kita bisa masuk tambang
coin walaupun lebih dari lvl 70++, dan yg penting, kita bisa pakai
scrool lvl 60 kebawah untuk warp ke kota, kan ngirit cuma 2000 cegel.Yg
ini temuan dari VETON, so CREDIT GOES TO HIM.
- reputasi, hehehhe....pernah lihat apprentice lvl 70 ? itu reputasi dah
118k.Saya mo nambah reputasi lagi males, banyak yg nanya2 soalnya,
huehuehuee......kisi2, gunakan tsearch.
- memancing, yang ini temuan dari CyberX (THANKS TO HIM), kisi2 WPE.
- REAL HARI PACARAN, ini adalah menambah jumlah hari pacaran secara
real, artinya, data akan disimpan di server.kisi2, WPE.yg ini temuan
dari MupenK, SO CREDIT GOES TO HIM ALSO !
- LAINNYA, saya malas nyari sebetulnya masi banyak yg kemungkinan bisa, cuma, kapan saya naik level kalau ngubrek2 cheat terus ?

NAH, SILAKAN BER CHEAT RIA WITH NYIT-NYIT, Klo mo sabar nunggu, tutorial
yg lebih jelas mungkin akan disampaikan oleh MupenK,VETON,atau CYBERX.

DOWNLOAD DI SINI
SO3D-CRACKED

NB:
- "Bagi SPOT DONK, level gak naik2 nih gara2 gak dapet spot"
- Please REspect To NYIT GUILD(server ARUS OR DURAN).

regards,
[You must be registered and logged in to see this link.]

tuh gw kutip dari forum laen....uda ngak bisa se cracked so3d.exenya tp
ada yang ngerti ngak bagian hotbloodnya.....@.@ itu diliaat di memory
view CE kah ??

Cheat XP ngak abis2
________________________________________
1. gebuk piya
2. pas XP nambah search unknown inttial value 2 bytes
3. gebuk lagi trus search has increased valuenya
4. ulang lagi tahap no 3.
5. relogin char --> search 0 karena XPnya masih 0
6. uda ulang2 aja terus ampe dapet 1 address frezze jadi 200..
7. happy combo ^^,

[tutor]bypass Hackshield Seal
________________________________________
pendahuluan:
mengapa saya ingin memberikannya ?? karena beberapa hari yang lalu saya
merasa prihatin atas kejadian yg saya lihat..yaitu ada seorang pengguna
cheat yg tidak sengaja menawarkan cheat kepada saya di game seal
tersebut..dia menjualnya in rp/cegel..betapa kagetnya saya melihat hal
tersebut...pertama gw cmn pura2 bodoh..trus gw tanya ke dia supaya dia
memperlihatkan beberapa pertunjukan..supaya saya bisa menanyakan siapa
dia sebenarnya..but sayangnya dia ga kasih tau..sampe akhirnya gw bilang
ke dia.."darimanapun kamu dapat neh cheat,saya cmn mo bilang klo lo itu
bodoh...pake jual2 segala..lagian kalo ada yg gratis napain gw musti
kluar duid ??" kemudian saya jg ikut make tuh cheat kec gerak trus gw
tunjukin ke dia...sampe akhirnya dia langsung logout..
saya sangat berharap besar kepada teman teman seperjuangan di
nyit2..siapapun kalian..semua yg didapat dari sini adalah gratis !!! dan
tidak untuk diperjual belikan !!!

BAB 1 : Bahan2 yg digunakan
BAB 2 : Cara menyeting bahan
BAB 3 : Cara bypass

BAB 1 : Bahan
sebelumnya gw cmn merasa aneh sama tmn2 semua..kenapa ngak bs menemukan
hal yg begini mudahnya...toh dari nyit2 kuning kemaren gw dah bilang
progienya ngak selalu ada di bagian seal..bisa dari game
laen...buktinya..program penting untuk bypass adalah
GGK[GameGuardKiller] yg sebenarnya sudah beberapa yg punya programnya
tapi ngak mao di tes...[seperti C****Y]
program tersebut banyak dijumpai di berbagai situs luar yg terletak pada
bagian game Maple Story sayangnya temen2 pada males baca neh
keknya...program ke 2 sudah saya kasih tao di bagian search adres..yaitu
SerbioEngineyg merupakan progie CE yang sangat sulit
didapatkan[tenang...gw langsung kasih kok]

BAB 2 : SETTING CE
buka SerbioEngine lalu buka bagian settingnya[di bagian kanan..dkt lambang serbio engine]
berikut settingannya:

General Setting
centang semuanya

Scan Setting
[X]enable hyperscan when posible
[X]MEM_PRIVATE
[X]MEM_IMAGE

File Associations
ga ada yg perlu dicentang

Code Finder
[X]Use debug register
[X]Try to prevent detection

Assembler
centang semua kecuali use int3 instruction

Extra
[X]query memory
[X]read/write proces
[X]undo changes to CE
[X]Force memory to writable
[X]enable use process watcher
[X]use kernelmode debugger
[X]stealth mode [kernelmode]
di bagian sebelah stealth mode ada more nya..klik trus pilih prevent all modules

done

BAB 3 : Cara bypass
buka GGK ama SerbioEngine nya...trus buka auto update seal..jng klik
mulai maen dolo...siap2 dolo di serbioengine untuk open process..trus
targetkan ke autoupdate[tapi bukan autoupdate]klik mulai main trus ntar
di serbioengine langsung tekan process list..tar auto updatenya berubah
jadi SO3D.exe
done..kamu udah bypass

Credit by : Goggle.com+baca2+pembuat program

[TUTOR]search adress cheat seal
________________________________________
Credit by: [MupenK],dan di share lagi di seal kemaren oleh Netz >.<

INFO:need bypass !!

search bwat pet lapar nonstop
1.setelah login sampe ke game seal nya..alt+tab ke progie CE loe
2.search tipe text menggunakan PW[password] kamu
3.akan muncul 1 adress kemudian klik kanan->browse memori region
4.kira2 2 adress dibawah adress PW kamu ada 3 angka yg bergerak
contoh:
0123456 01 02 03 04 05 06 07 08 09 password loe
1234567 02 03 04 05 06 07 08 09 10 ngak ngaruh apa²
2345678 03 04 05 06 07 08 09 10 11 adress pet !!
Angka yg gw beri warna merah adalah adress pet yg benar..cara masokin ke
kotak cheat list adalah posisikan pointer mouse pada angka tersebut
kemudian klik kanan->add to cheat list...lakukan untuk ke 2 adress
laennya
alt+tab ke seal kamu hingga pet kamu dalam kondisi lapar..alt+tab ke CE kamu..lalu tinggal kamu freeze..done..

search ASPD
1.gunakan eq apapun yg ada opsi aspd[beda dengan netz yg menggunakan baju kostum ber opsi aspd..karena gw nyoba2 dan sukses]
2.alt+tab ke CE lalu search type 4 byte dengan value opsi aspd eq tersebut..misalkan opsi nya aspd 2 maka search value 2
3.alt+tab ke seal lagi..lepas eq tersebut
4.alt+tab ke CE lalu search value 0
5.alt+tab ke seal lagi trus pake eq tadi trus lakukan langkah 2
6.lakukan cara 2-5 sampai kamu mendapat 3 adress[klo lebih/kurang dari 3 adress biasa ad yang salah]
7.masukan ke 3 adres ke kolom cheat lalu ubah value aspd tadi...misalnya
2 .. lalu kamu tinggal ubah sesuai keiinginan kamu[klo setau gw max
aspd 180an..soalnya gw tes ubah ke 500 ga ngaruh..ttp sama]..setelah itu
tinggal di freeze..
8.masok ke seal..coba lawan musuh apa aja..misalnya aspd lo ga
nambah..lo musti lepas salah satu eq[bebas eq mana aja]..lalu tinggal
pake lagi tuh eq[klo ga mao pake jg gpp]..maka aspd kamu akan
meningkat..done

Search Kec.Gerak
sama seperti aspd..tapi yg satu ini pastinya hanya menggunakan eq
sepatu/aksesoris..karena hanya sepatu/aksesoris yg pya eq opsi kec.gerak
..selanjutnya sama caranya dng search aspd..klo blom berubah..lakukan cara yg sama jg..lepas eq trus pake lagi..done

Search hari pacaran
pastikan dalam 1 id kamu ada 2 char yg udah pacaran dengan hari pacaran yg berbeda..
1.pilih salah satu char kamu...lihat hari pacaran..misalnya 10 hari
2.alt+tab ke CE search 4byte value 10
3.masok lg ke seal..ganti char yg hari pacaran laen..misal 3 hari
4.alt+tab ke CE search value 3
5.lakukan berulang2 sampe dapat kira2 3 adres..pindahkan ke kolom
chet..set valuenya..freeze..masok ke seal..lihat apakah berubah..jika
tidak kamu cmn perlu sleep/pindah map/ngomong ma npc

Search level
sama dengan hari pacaran...tapi yang ini hanya tampilan clientside...but
jangan salah !! bayangkan jika kamu masih lv 10an..kamu ubah ke lv
30..nah kamu bisa tuh ambil skill PVP/DUEL but kamu hanya bs duel tapi
ngak bisa nge damage tmn duel lo..sedangkan tmn duel lo ga bisa mukul lo
!!! keren kan ??...dan satu lagi !! kamu bisa teriak lohhhh walaupun
masi lv 1
bisa jg bwat ambil skill laen..seperti buka bank walaupun blom lv
8..misal lo bwat char baru bwat quest naek lv 10..lo tinggal set lv trus
ambil skill bank..buka tuh bank trus tarik tabungan..kalo lo malas
ngemis ma orang aja seh..fungsi laennya kalian experimen sendiri ya..

sebenarnya masih banyak lagi...but terlalu panjang neh..capek ngetik
soalnya yg dolo ga gw backup...klo yg laen seh coba2 aja dengan cara2 di
atas..


saya hanya ingin menyampaikan masalah progie yang di gunakan blom dpt
saya berikan...karena masih dianggap private..n banyak yg menyalah
gunakan..saya masih menunggu keputusan para ketua2 yang laen..apakah
baik untuk di publish/ttp private...sekali lagi saya mohon maaf jika ada
yg merasa saya tidak bs memberikan progie tersebut ^^

Cheat XP ngak abis2
________________________________________
1. gebuk piya
2. pas XP nambah search unknown inttial value 2 bytes
3. gebuk lagi trus search has increased valuenya
4. ulang lagi tahap no 3.
5. relogin char --> search 0 karena XPnya masih 0
6. uda ulang2 aja terus ampe dapet 1 address frezze jadi 200..
7. happy combo ^^,

pertama cmn ingin saya sampaikan kalau ini adalah tutor lama tapi memakai program baru...

Step 1 :
Bypass

bahan yang kamu perlu hanya 2 yaitu :
-SerbioEngine [sejenis CE langka]
-GGK [GameGuardKiller]

download from rapidshare :
SerbioEngine
GGK

cara bypass :
-setting SerbioEngine kamu sebagai berikut:

general setting
>> centang semua

scan setting
>> centang enable hyperscan, mem_private, mem_image

file association
>> tidak ada yg dicentang !!

code finder
>> use debug register, try to prevent detection of the debugger

assembler
>> centang semua KECUALI use int3 instruction !!

extra
>> centang semua mulai dari atas, kecuali use APC to inject, use APC to create ama use stealth mode[usermode]......
lihat bagian more di sebelah stealth mode[kernelmode] buka lalu centang yg atas..

Done..setting selesai...

Setelah selesai dengan setting...maka buka GGK trus dibiarin aja GGK nya..jng di apa2 in...trus buka serbio engine nya...
di serbioengine tekan open procces [yg di bagian kiri atas warna merah
itu loh]..lalu akan muncul kolom tempat pemilihan target...
jalankan autoupdate seal..klik mulai main...
bagian terpenting !!!! saat loading HackShield seal...segera pencet
procces list di kolom target tadi sampe muncul tar SO3D segera targetkan
dan klik OK/double klik.......lanjutkan ke seal hingga kamu berhasil
login

DONE !!! kamu berhasil bypass

screenshoot open target :



Step 2 :
search Address

tentunya kalian pernah belajar kan cara cari address ?? cuman yg ini ada beberapa yg harus memakai browse memory region...

-Search address pet [dipakek bwat pet lapar nonstop/ngak lapar2]
pada bagian serbio engine ..ganti value type[1] dengan cara menekan
tombol panah bawah[2] lalu ganti ke text[3]..masukkan password id kamu
di kolom search nya...[diwajibkan pake password biar mudah]...tekan
first scan..lalu tunggu beberapa saat hingga muncul 1
address[dikarenakan menggunakan text pencarian password maka munculnya
cmn 1 address biar cpt !!]..setelah muncul 1 address tadi..maka klik
kanan pada address tadi lalu pilih browse memory region...lalu lihat
screenshoot memory region...angka 1 adalah password kamu..sedangkan
angka 2 adalah address pet...perhatikan lingkaran yg saya beri warna
merah..klik kanan di angka tersebut lalu add ke kolom list...lakukan
untuk ke 3 angka yg saya beri warna merah[ingat !!! klik kanan nya di
angka tersebut !!]...setelah itu lanjut ke seal..jika ingin pet lapar
nonstop maka keluar kota..tunggu pet lapar..kembali ke
serbienginenya..lalu freeze ke 3 address dari angka
tersebut..done...jika ingin pet tidak pernah lapar..kluar kota langsung
freeze aja..dijamin pet ngak akan pernah lapar....

screenshoot value type,dsb :



untuk search aspd/kec.gerak :
pastikan kamu punya eq yg ber opsi aspd/kec gerak tersebut...
pertama..gunakan eq opsi aspd misalnya bgm opsi aspd 2...
back ke serbioengine..search type 4 byte [sama seperti search tipe text
pada bagian pet..tapi yg ini diganti jadi 4 byte]...pada kolom search
masukkan value opsi tadi..yaitu 2...kembali ke seal..lepas eq
tadi...back to serbio...next scan dengan value 0..kembali ke seal..pake
lagi trus back ke serbio..next scan dengan value 2...lakukan hingga
dapat 3 address...pindahkan semua ke kolom cheat list...ubah value tadi
sesuka kamu..freeze..done....cara ini sama untuk search kec.gerak...

bwat yg laen experiment sendiri yach....misalnya search level..reputasi..dsb...

neh tambahan address bwat yg males cari [but ngak semua bisa sama loh...masing2 ada yg beda..tapi kalo bisa tinggal pake aja]

025EEC84 kec gerak
026271F0
02628870

025EEDD8 aspd
02627344
02628880

025EF348 pet
025EF349
025EF34A