Results 1 to 10 of 10

Threaded View

  1. 01-08-2013 #1
    N3OH4X
    N3OH4X is offline
    Banned
    BANNED!
    N3OH4X's Avatar
    Join Date
    Jan 2013
    Gender
    male
    Posts
    67
    Reputation
    10
    Thanks
    87
    My Mood
    Devilish
    Send a message via Birdie™ to N3OH4X United States

    Lightbulb .::NℰOH4X::.|| Finding LTClient || Tutorial 1 ||

    .::NℰOH4X::.
    Finding LTClient || Tutorial #1 by .::NℰOH4X:: ||


    Requirements:
    -master131's Module Dumper
    -LordPE
    -OllyDbg

    -------------------------------------------------------------------------------------------
    *VIDEO TUTORIAL*

    -------------------------------------------------------------------------------------------
    *TEXT TUTORIAL*

    First off , we will need to dump cshell.dll to access it via Ollydbg .
    1.)Follow master131's tutorial here , Thanks @master131: ---->https://www.mpgh.net/forum/207-combat...le-dumper.html
    2.)Once you have followed the process of dumping cshell.dll and removing the .dmp extension (Tip : that extension may be hidden and you will need to untick hide extensions in your folder options in control panel / appearance ! )
    we can now move forward to the next process , opening it in OllyDbg .
    Your screen should now look like this :


    Now , once you've opened it and it looks like the above image , right click anywhere , and click on Search for -> All Referenced Text Strings .
    Your screen should now look like this :


    Ok once you screen looks like the above image , scroll ALL the way up than scroll like two or one arrow key down and find " ASCII "invalid vector<T> subscript" " , once you find it CLICK on it than right click on it and click on search for text and type in "ILTModelClient.Default" , once you do , it'll take you to it , !
    Here's an image when finding ( ASCII "invalid vector<T> subscript" ) :

    * Don't mind the square the invalid vector string is behind it *
    Once you get the ILTModelClient.Default highlighted , Press CTRL + L 2 Times ! on the second time it will highlight the red CPU selection press it again rapidly one more time and it should go back to ILTModelClient.Default ! , *It'll take a few tries to get it right !* ,right click on it and click on "Follow in disassembler ! " .
    Here is how it should look after doing CTRL + L 2 Times :


    Now keep scrolling up till you see the first black dot !
    It should look like this ! :

    there should be 8 numbers highlighted in gray in the left . Take those numbers and add a 0x in front of them !
    If you did everything right LTClient should be : 0x3781D678

    --------------------------------------------------------------------------------------------------------------

    ~NℰOH4X~
    I hope this helped anyone wanting to find the LTClient Address , with this method , it can be used to find other different addresses in cshell.dll .
    If this tutorial is too confusing , I will make a video in the afternoon step by step !
    Thanks .
    ~NℰOH4X~
    Last edited by N3OH4X; 01-09-2013 at 05:43 AM.

  2. The Following 8 Users Say Thank You to N3OH4X For This Useful Post:

    [MPGH]Flengo (01-09-2013),gibam761 (01-09-2013),kssiobr (01-11-2013),[MPGH]master131 (01-09-2013),Otaviomorais (01-09-2013),supercarz1991 (01-09-2013),teehee15 (01-09-2013),The Decoder (01-12-2013)
« Previous Thread | Next Thread »

Similar Threads

  1. [Release] How To Find LTClient
    By J in forum CrossFire Hack Coding / Programming / Source Code
    Replies: 1
    Last Post: 01-02-2011, 01:14 PM
  2. How to find LTClient
    By dllbase in forum Combat Arms Hack Coding / Programming / Source Code
    Replies: 14
    Last Post: 10-08-2010, 05:18 PM
  3. [Help] Finding LTClient
    By Sixx93 in forum Combat Arms EU Hack Coding/Source Code
    Replies: 6
    Last Post: 08-03-2010, 07:46 PM
  4. Finding Nemo Tutorial
    By Ryguy in forum Tutorials
    Replies: 27
    Last Post: 06-06-2009, 09:56 PM