Results 1 to 10 of 10
  1. #1
    N3OH4X's Avatar
    Join Date
    Jan 2013
    Gender
    male
    Posts
    67
    Reputation
    10
    Thanks
    87
    My Mood
    Devilish

    Lightbulb .::NℰOH4X::.|| Finding LTClient || Tutorial 1 ||

    .::NℰOH4X::.
    Finding LTClient || Tutorial #1 by .::NℰOH4X:: ||



    Requirements:
    -master131's Module Dumper
    -LordPE
    -OllyDbg

    -------------------------------------------------------------------------------------------
    *VIDEO TUTORIAL*

    -------------------------------------------------------------------------------------------
    *TEXT TUTORIAL*

    First off , we will need to dump cshell.dll to access it via Ollydbg .
    1.)Follow master131's tutorial here , Thanks @master131: ---->http://www.mpgh.net/forum/207-combat...le-dumper.html
    2.)Once you have followed the process of dumping cshell.dll and removing the .dmp extension (Tip : that extension may be hidden and you will need to untick hide extensions in your folder options in control panel / appearance ! )
    we can now move forward to the next process , opening it in OllyDbg .
    Your screen should now look like this :


    Now , once you've opened it and it looks like the above image , right click anywhere , and click on Search for -> All Referenced Text Strings .
    Your screen should now look like this :


    Ok once you screen looks like the above image , scroll ALL the way up than scroll like two or one arrow key down and find " ASCII "invalid vector<T> subscript" " , once you find it CLICK on it than right click on it and click on search for text and type in "ILTModelClient.Default" , once you do , it'll take you to it , !
    Here's an image when finding ( ASCII "invalid vector<T> subscript" ) :

    * Don't mind the square the invalid vector string is behind it *
    Once you get the ILTModelClient.Default highlighted , Press CTRL + L 2 Times ! on the second time it will highlight the red CPU selection press it again rapidly one more time and it should go back to ILTModelClient.Default ! , *It'll take a few tries to get it right !* ,right click on it and click on "Follow in disassembler ! " .
    Here is how it should look after doing CTRL + L 2 Times :


    Now keep scrolling up till you see the first black dot !
    It should look like this ! :

    there should be 8 numbers highlighted in gray in the left . Take those numbers and add a 0x in front of them !
    If you did everything right LTClient should be : 0x3781D678

    --------------------------------------------------------------------------------------------------------------

    ~NℰOH4X~
    I hope this helped anyone wanting to find the LTClient Address , with this method , it can be used to find other different addresses in cshell.dll .
    If this tutorial is too confusing , I will make a video in the afternoon step by step !
    Thanks .
    ~NℰOH4X~
    Last edited by N3OH4X; 01-09-2013 at 05:43 AM.

  2. The Following 8 Users Say Thank You to N3OH4X For This Useful Post:

    [MPGH]Flengo (01-09-2013),gibam761 (01-09-2013),kssiobr (01-11-2013),[MPGH]master131 (01-09-2013),Otaviomorais (01-09-2013),supercarz1991 (01-09-2013),teehee15 (01-09-2013),The Decoder (01-12-2013)

  3. #2
    supercarz1991's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Location
    North of Hell, South of Heaven
    Posts
    6,064
    Reputation
    323
    Thanks
    3,366
    My Mood
    Doh
    funny how many times this has been posted and i still can't do it on any other lithtech based game EXCEPT ca

    commando: You're probably the best non-coder coder I know LOL


  4. #3
    N3OH4X's Avatar
    Join Date
    Jan 2013
    Gender
    male
    Posts
    67
    Reputation
    10
    Thanks
    87
    My Mood
    Devilish
    Quote Originally Posted by supercarz1991 View Post
    funny how many times this has been posted and i still can't do it on any other lithtech based game EXCEPT ca
    I'll try it myself on a other game using that engine and will report with results @supercarz1991

  5. #4
    supercarz1991's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Location
    North of Hell, South of Heaven
    Posts
    6,064
    Reputation
    323
    Thanks
    3,366
    My Mood
    Doh
    oh i've been trying on my own personal FPS game that's on the lithtech Jupiter Engine lol @N3OH4X

    commando: You're probably the best non-coder coder I know LOL


  6. The Following User Says Thank You to supercarz1991 For This Useful Post:

    N3OH4X (01-09-2013)

  7. #5
    N3OH4X's Avatar
    Join Date
    Jan 2013
    Gender
    male
    Posts
    67
    Reputation
    10
    Thanks
    87
    My Mood
    Devilish
    Quote Originally Posted by supercarz1991 View Post
    oh i've been trying on my own personal FPS game that's on the lithtech Jupiter Engine lol @N3OH4X
    Oh , what FPS Game would that be ?
    and if you wanna discuss and get to know each other , you're welcomed to add my MSN , n3oh4x@live.com

  8. #6
    supercarz1991's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Location
    North of Hell, South of Heaven
    Posts
    6,064
    Reputation
    323
    Thanks
    3,366
    My Mood
    Doh
    Quote Originally Posted by N3OH4X View Post
    Oh , what FPS Game would that be ?
    and if you wanna discuss and get to know each other , you're welcomed to add my MSN ,
    it's called TPS... The Private Server. the whole idea behind it is basically like CS:S... community based models, textures, characters, etc.

    i gotta sign on through my phone to add you atm, gimme like 5 minutes lol

    commando: You're probably the best non-coder coder I know LOL


  9. The Following User Says Thank You to supercarz1991 For This Useful Post:

    N3OH4X (01-09-2013)

  10. #7
    N3OH4X's Avatar
    Join Date
    Jan 2013
    Gender
    male
    Posts
    67
    Reputation
    10
    Thanks
    87
    My Mood
    Devilish
    Quote Originally Posted by supercarz1991 View Post
    it's called TPS... The Private Server. the whole idea behind it is basically like CS:S... community based models, textures, characters, etc.

    i gotta sign on through my phone to add you atm, gimme like 5 minutes lol
    Sounds nice , I added you but you no respond , good night haha .

  11. #8
    supercarz1991's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Location
    North of Hell, South of Heaven
    Posts
    6,064
    Reputation
    323
    Thanks
    3,366
    My Mood
    Doh
    Quote Originally Posted by N3OH4X View Post
    Sounds nice , I added you but you no respond , good night haha .
    it wouldn't let me lol said you were offline and it wouldn't send a message

    commando: You're probably the best non-coder coder I know LOL


  12. #9
    ZysorceN's Avatar
    Join Date
    Aug 2012
    Gender
    female
    Location
    California
    Posts
    68
    Reputation
    10
    Thanks
    912
    My Mood
    Aggressive
    Quote Originally Posted by supercarz1991 View Post
    funny how many times this has been posted and i still can't do it on any other lithtech based game EXCEPT ca
    Find a Command String ( Push to console command ) that you are familiar with such as FogEnable SkyFog e.t.c
    find references to it it will point to a push near a call which will be to a virtual function. ( PTC ) find what sets the offset
    Register + Offset to virtual function
    Register will hold the LTClient. if it points to a function none virtual see what the function does it will show you the LTClient
    and using this method you can reverse the entire thing

  13. The Following 4 Users Say Thank You to ZysorceN For This Useful Post:

    Acea (01-10-2013),Code_over_Pussy (01-10-2013),N3OH4X (01-10-2013),supercarz1991 (01-10-2013)

  14. #10
    supercarz1991's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Location
    North of Hell, South of Heaven
    Posts
    6,064
    Reputation
    323
    Thanks
    3,366
    My Mood
    Doh
    Quote Originally Posted by ZysorceN View Post
    Find a Command String ( Push to console command ) that you are familiar with such as FogEnable SkyFog e.t.c
    find references to it it will point to a push near a call which will be to a virtual function. ( PTC ) find what sets the offset
    Register + Offset to virtual function
    Register will hold the LTClient. if it points to a function none virtual see what the function does it will show you the LTClient
    and using this method you can reverse the entire thing
    oh! well thanks. that helps!

    commando: You're probably the best non-coder coder I know LOL


Similar Threads

  1. [Release] How To Find LTClient
    By J in forum CrossFire Hack Coding / Programming / Source Code
    Replies: 1
    Last Post: 01-02-2011, 01:14 PM
  2. How to find LTClient
    By dllbase in forum Combat Arms Hack Coding / Programming / Source Code
    Replies: 14
    Last Post: 10-08-2010, 05:18 PM
  3. [Help] Finding LTClient
    By Sixx93 in forum Combat Arms EU Hack Coding/Source Code
    Replies: 6
    Last Post: 08-03-2010, 07:46 PM
  4. Finding Nemo Tutorial
    By Ryguy in forum Tutorials
    Replies: 27
    Last Post: 06-06-2009, 09:56 PM