How to get a correct THook multiplier?

[MariusK]

Good day,

could anyone give me some tips on what is the best method to find THook multiplier?

The only way I think of getting it at the moment, is to try every integer from [-2147483647, 2147483647] (since I know the pattern and what correct value should be).

However, since I know that there is auto-updater for THooks, I am pretty sure there should be a much more efficient method.

Thank you.

[Kyle]

Good day,

could anyone give me some tips on what is the best method to find THook multiplier?

The only way I think of getting it at the moment, is to try every integer from [-2147483647, 2147483647] (since I know the pattern and what correct value should be).

However, since I know that there is auto-updater for THooks, I am pretty sure there should be a much more efficient method.

Thank you.

Well assuming that you don't want to make a updater, or something of the sorts (if so, then I would suggest checking out Brandons tutorial on it) the easiest way is to look at the Runescape gamepack. The multiplier is used on any Int's or Longs and uses the overflow value as the actual. In bytecode, a non Static field typically is in the Pattern:

Code:

ALOAD
GETFIELD
LDC
IMUL

if Static:

Code:

GETSTATIC
LDC
IMUL

In the current revision, for Item.ID the Multi is -1162569333, in the gamepack the bytecode is:

Code:

aload14
getfield i.p:int
ldc -1162569333 (java.lang.Integer)
imul

and the java:

Code:

final ae p4 = av.p(m.p * -1162569333, 346149938);

Where m is of course the Item created in the method. You have to be cafefull when trying to find the multi's manually, since if it is a dummy method you're looking in, it might be a dummy call on the Field, and the multi would be fake. The way I do it in my updater is to just check the entire client for the patterns shown above for each int/long and take the multi used most often.

Since I do that AFTER I deob the client, it works quite well.

[MariusK]

...

elfyyy,

I tried to check your example and I found the multi without a problem. Thanks.

However, what I am looking for is a combat level. I assume that the field is not a dummy method, because it displays exact same value for people who are the same combat.

The thing is that it is taking some value from other class before performing multiplication. (or atleast that's what I am thinking lol)

Here's the code: (the field is d.r)

Code:

this.r = (paramdg.g(1932394717) * 179983097);

Do you know how to deal with this?

BTW, how are you looking at the gamepack? I am using jd-gui.

[Kyle]

elfyyy,

I tried to check your example and I found the multi without a problem. Thanks.

However, what I am looking for is a combat level. I assume that the field is not a dummy method, because it displays exact same value for people who are the same combat.

The thing is that it is taking some value from other class before performing multiplication. (or atleast that's what I am thinking lol)

Here's the code: (the field is d.r)

Code:

this.r = (paramdg.g(1932394717) * 179983097);

Do you know how to deal with this?

BTW, how are you looking at the gamepack? I am using jd-gui.

No, that isn't a multiplier for d.r, It is with the dg.g field which is a field in the buffer class, though it isn't the multiplier for that either..

The correct multi is 1623183177 as seen:

Code:

                    if (n5 == 8) {
                        p2 = es.hr.r * 1623183177;

Bytecode:

Code:

                   }

         L26 {
             iload7
             bipush 8
             if_icmpne L27
             getstatic es.hr:d
             getfield d.r:int
             ldc 1623183177 (java.lang.Integer)
             imul
             istore8
         }

I use The bytecode viewer.

I would suggest looking at the bytecode more so than the native java, and spend time learning bytecode, as once you do, it's much easier to look at, since it typically is neater and broken up into the blocks better.

[MariusK]

...

Now I get it. Thank you!

Would it be possible to have you add this hook to your hooks updater?

Code:

Player_Combat: THook =               ['r', 1623183177];

And this function to Players.simba:

Code:

function TReflectPlayer.GetCombat: integer;
begin
  Result := Reflect.Smart.GetFieldInt(Self.Reference, Player_Combat);
end;

Maybe someone will find it useful.

[Kyle]

Now I get it. Thank you!

Would it be possible to have you add this hook to your hooks updater?

Code:

Player_Combat: THook =               ['r', 1623183177];

And this function to Players.simba:

Code:

function TReflectPlayer.GetCombat: integer;
begin
  Result := Reflect.Smart.GetFieldInt(Self.Reference, Player_Combat);
end;

Maybe someone will find it useful.

Sure thing, I'll do that when I next have a chance!

[MariusK]

...

I just got a couple more questions, which I hope you can answer:

1. What is the quickest method to look through all the classes? Is there any app or should I just write my own script?
2. Is there any way to recognize a dummy method right off the bat?
3.

if so, then I would suggest checking out Brandons tutorial on it

It seems I can't find it. Is it on higher boards?

[Kyle]

..

1) I don't exactly understand your question.. In terms of writing an updater? Most people just use java with a bytecode library such as ASM or BCEL.

2) No. For the most part if the method is a constructor, abstract, has interfaces, is overwritten, another method overwrites it, it is real. (I may be forgetting some, not on my PC atm)

3) https://villavu.com/forum/showthread.php?t=111556