No Clip address

[Rainson12]

Hi,
i saw your post about the no clip address. Would you mind telling how you found the address off trose.exe+B630D?

[konserwa1992]

Sure. I wil try write for you simple instruction.

[konserwa1992]

Client sends to server packet with collision information, he looks like this:
10 00 71 07 D1 58 77 A3 01 49 6C 18 F6 48 9F 0A

71 07- is Opcode for collision instruction

1. Attach cheat engine to ROSE process
2. Find send packet function, today(29/05/2023) is trose.exe+0x26913 and put there breakpoint
3. Try move character towards object and make character collide
   

If data in adress RDX[A] is start with 10 00 71 07 thats mean game try send packet about collision. Now you have to look at call stack[B]. We will look at trose.exe+B6692 (2dbbae is send packet executon so i ignore it).

we want to prevent this call and other collision instructions, so we change je instruction to jmp at Trose.exe+B665D(this may not work for all collisions so change jp[trose.exe+B665B] to nop also).

[Rainson12]

Thanks a lot for the nice instructions. Will try it today!!

[konserwa1992]

This is my approach, maybe if you could take character position and check what code changes/acces values of it. You could get that same results( there is nine variables with could lead to solution). Feel free to ask anything.

[Rainson12]

i saw you requested to get details about reading the vcf / idx file. I have disassembled it and can give you details in case you still need them

[konserwa1992]

i saw you requested to get details about reading the vcf / idx file. I have disassembled it and can give you details in case you still need them

i already made extractor. Maybe this also will interest you
https://github.com/roseboii/RosePatcher

If you have any documentation about game packets., please shere :).