Can someone remove or disable all the anti cheats in the dll or with CE of the latest version of Lost Castle 2.11
so I can make an updated table?
I tried deleting all the codestage anti cheats in the dll but the game won't load.
I am also trying these things but I don't know if it will work.
!-Setting all cryptokeys to 0. 2- setting set encrypted inited to false. 3-Setting inited to false at the beginning of script but I think doing this on one causes a game over at the start of the game.
Someone please help because I don't know what the hell I'm doing.
There use to be a user on here I think named t.o.x.i.c that used to remove anti cheats from dll's on games, but I don't know what happen to him.
Let me make a correction on this. Remove all OFFLINE anti cheats in game, leave ONLINE anti cheats. Only remove the ONLINE anti cheats that interferes with OFFLINE game hacking. I won't be able to do anything until all the anti cheats have been removed or disabled for this game.
Last edited by fallenjack2000 on Fri Nov 25, 2022 3:29 am, edited 1 time in total.
I'm so ready to make an updated table for this game.
What ever you need, the game or just the DLL's, I will give them to you,
of course if you can remove them with just the DLL's that will be better,
No one can claim copyright violation on just DLL's but if you need to
borrow the game to get it done, I will take the chance and it will
be on me.
Well, it looks like no one here wants to take this so I am in contact with someone that might somewhere else.
She download the game V2.11 and said she would look at it.
If she wants payment for this request then I will have to sell the hacked file but if someone
here does it for free then it will be free here.
I'm still waiting to hear from my contact on removing or disabling the anti cheats.
She stays busy so I don't know when I will hear from her but I hope it's soon.
It is a pain in the ass to mod stuff right now, but you will just have to play around with values
as they are encrypted. I beat the game one time with modded values, max hp, hp, atk, def and crit. You can find max hp, hp, atk, def and crit by searching for this array of bytes,
20 00 50 00 6C 00 65 00 61 00 73 00 65 00 20 00 76 00 65 00 72 00 69 00 66 00 79 00 20 00 79 00 6F 00 75 00 20 00 68 00 61 00 76 00 65 00 20 00
it will be above this array of bytes. I just found out there is no 63 in the hex anymore, it changed, so you want be able to do an array search for the
stats themselves but the stats are always above that array.
Some one here might could do this request faster.
Last edited by fallenjack2000 on Mon Nov 28, 2022 10:16 am, edited 3 times in total.
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(UsesFloat,1)
alloc(CallMethod,1)
TypeName:
db '3 byte',0
ByteSize:
dd 3
PREFEREDALIGNMENT:
db 1
UsesFloat:
db 0 //Change to 1 if this custom type should be treated as a float
CallMethod:
db 1 //Remove or change to 0 for legacy call mechanism
//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: cdecl int ConvertRoutine(unsigned char *input, PTR_UINT address);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
//rdx=address
mov eax,[rcx] //eax now contains the bytes 'input' pointed to
and eax,00ffffff //strip off bit 24 to 31
ret
[/64-bit]
[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=address of input
//[ebp+c]=address
//example:
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov eax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value
and eax,00ffffff //strip off bit 24 to 31
pop ebp
ret
[/32-bit]
//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: cdecl void ConvertBackRoutine(int i, PTR_UINT address, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address
//r8=address of output
//example:
mov [r8],cx //first 16 bits
shr ecx,#16 //move the upper 16 bits of ecx to the lower
mov [r8+2],cl //this results in bits 16 to 23 to be written to r8+2
ret
[/64-bit]
[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address
//[ebp+10]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+10] //load the output address into ebx
mov word [ebx],ax
shr eax,#16
mov [ebx+2],al
pop ebx
pop eax
pop ebp
ret
[/32-bit]
Thanks for downloading if you did and feel free to modify the table in any kind and shape.
