Little Fighter Empire - Forums
Working Timestop! - Printable Version

+- Little Fighter Empire - Forums (https://lf-empire.de/forum)
+-- Forum: Little Fighter 2 Zone (https://lf-empire.de/forum/forumdisplay.php?fid=7)
+--- Forum: [2.0] Exe Editing (https://lf-empire.de/forum/forumdisplay.php?fid=43)
+--- Thread: Working Timestop! (/showthread.php?tid=3331)

Working Timestop! - Boop - 07-29-2009

All known bugs fixed. Time stop is part of the dll framework thing here:
http://www.lf-empire.de/forum/showthread.php?tid=2246

Go get it from there.

Thread locked due to spam.

Code:
.data

timeStop db FALSE

;loop2
loop2_r        dd 00406806h


;frame update
frame_r1 dd 0041FB44h
frame_r2 dd 0041FB4Bh

;movement
mov_r1 dd 0041E692h
mov_r2 dd 0041E697h

;frame sh*t
frameshit_r1 dd 0041e39Bh
frameshit_r2 dd 0041e3A4h

;shaking
shaking_r dd 0042F336h

;create object
co_r dd 004064b6h

.code

create_object proc
    
    MOV DWORD PTR DS:[ESI+418h],EBX
    cmp timeStop,FALSE
    je return
    cmp edi,400
    jg return
    pushad
    mov esi, dword ptr ss:[esp+20h]
    lea eax, dword ptr ds:[memAlloc+edi*4+edi] ;creator
    mov cl, byte ptr ds:[eax]
    lea ebx, dword ptr ds:[memAlloc+esi*4+esi] ;opointed thingy
    mov byte ptr ds:[ebx],cl
    mov ecx, dword ptr ds:[eax+1]
    mov dword ptr ds:[ebx+1],ecx
    popad
    
return:
    jmp [co_r]
create_object endp

shaking proc
    
    cmp timeStop,TRUE
    je return
    mov dword ptr ds:[edx+0b4h],-3

    return:
    jmp [shaking_r]

shaking endp

time_loop proc
    
    MOV EDX,DWORD PTR DS:[450B90h]
    pushad
    mov eax,0
    mov timeStop, FALSE
    looop:
    cmp byte ptr ds:[458B00h+eax+4],0
    je skip
    lea ebx, dword ptr ds:[memAlloc+esi*4+esi]
    cmp byte ptr ds:[ebx],1
    jnz skip
    mov timeStop,TRUE
    jmp return
    
skip:
    inc eax
    cmp eax,190h
    jl looop    
return:
    popad
    ret

time_loop endp

frame_shit proc
    
    MOV ECX,DWORD PTR DS:[450B90h]
    cmp timeStop, FALSE
    je disabled
    push eax
    lea eax, dword ptr ds:[memAlloc+esi*4+esi]
    cmp byte ptr ds:[eax],1
    pop eax
    jnz skip
disabled:
    jmp [frameshit_r1]
    
skip:
    jmp [frameshit_r2]

frame_shit endp

movement proc
    MOV ECX,DWORD PTR DS:[EBX+EDI*4+194h]
    cmp timeStop, FALSE
    je disabled
    push eax
    lea eax, dword ptr ds:[memAlloc+edi*4+edi]
    cmp byte ptr ds:[eax],1
    pop eax
    jnz skip
disabled:
    jmp [mov_r1]
    
skip:
    jmp [mov_r2]    

movement endp

frame_update proc
    
    MOV ECX,DWORD PTR DS:[EBX+EDI*4+194h]
    cmp timeStop, FALSE
    je disabled
    push eax
    lea eax, dword ptr ds:[memAlloc+edi*4+edi]
    cmp byte ptr ds:[eax],1
    pop eax
    jnz skip
disabled:    
    jmp [frame_r1]
    
skip:
    jmp [frame_r2]
frame_update endp


State8xxx proc
        CMP EAX,1F40h
        jl state4xxx
        CMP EAX,2328h
        jge state4xxx
        jmp Transform1
        
state4xxx:
;I didn't bother really understanding the code, just copied it
;there is only 1 line you should edit, I commented it :p

        CMP EAX,0FA0h
        jl next
        CMP EAX,1388h
        jge next
        MOV ECX,DWORD PTR DS:[EBX+7D4h]
        LEA EDX,DWORD PTR DS:[EAX-0FA0h]
        XOR EAX,EAX
        CMP DWORD PTR DS:[ECX+4D82380h],EAX
        JLE a
d:        MOV ESI,DWORD PTR DS:[ECX]
        CMP DWORD PTR DS:[ESI+6F4h],EDX
        JE b
        MOV ESI,DWORD PTR DS:[EBX+7D4h]
        ADD EAX,1
        ADD ECX,4
        CMP EAX,DWORD PTR DS:[ESI+4D82380h]
        JL d
        JMP a
b:        MOV ECX,DWORD PTR DS:[EBX+7D4h]
        MOV ECX,DWORD PTR DS:[ECX+EAX*4h]
        MOV EAX,DWORD PTR DS:[EBX+EDI*4+194h]
        MOV DWORD PTR DS:[EAX+368h],ECX

a:        MOV EDX,DWORD PTR DS:[EBX+EDI*4+194h]
        MOV DWORD PTR DS:[EDX+70h],0 ; this line sets your frame number to 0, remove it if you want
        MOV EAX,DWORD PTR DS:[EBX+EDI*4+194h]

next:    CMP EAX,10000
        jl return
        CMP EAX,20000
        jge return
        sub eax,10000
        push ecx
        lea ecx, dword ptr ds:[memAlloc+edi*4+edi]
        mov dword ptr ds:[ecx+1],eax
        mov byte ptr ds:[ecx],1
        pop ecx
        
return: jmp Transform2
                
        
State8xxx endp

loop2 proc
    
    push eax
    mov eax,dword ptr ss:[esp+18h]
    lea eax, dword ptr ds:[memAlloc+eax*4+eax]
    cmp dword ptr ds:[eax+1],0
    jle remove_timestop
    add dword ptr ds:[eax+1],-1
    jmp return

remove_timestop:
    mov byte ptr ds:[eax],0
    
return:    
    pop eax
    
    MOV ECX,DWORD PTR DS:[EAX+368h]
    jmp [loop2_r]
    
loop2 endp

Code:
    invoke JmpPatch, 0041F63Ch, addr State8xxx
    invoke JmpPatch, 00406800h, addr loop2
    invoke JmpPatch,0041FB3Dh, addr frame_update
    invoke JmpPatch,0041E68Bh, addr movement
    invoke JmpPatch,0041E395h,addr frame_shit
    invoke CallPatch,0041D4AAh, addr time_loop
    invoke WriteMem,0041D4AFh, addr oneNOP,1
    invoke JmpPatch,0042F32Ch,addr shaking
    invoke JmpPatch,004064B0h,addr create_object

You also need this(goes in rarara.asm , replaces the original DllEntryPoint):
Code:
.data?
memAlloc dd ?

.code

DllEntryPoint proc hInstDLL:DWORD, reason:DWORD, unused:DWORD


    mov eax,reason
    .if eax == DLL_PROCESS_ATTACH                                            ; Called when our dll loaded
        
        invoke VirtualAlloc, NULL, 4000, MEM_COMMIT,PAGE_READWRITE
        mov memAlloc,eax
        
        call DLLStartup                                                        ; Memory patches and jmp patches
        
        .elseif reason == DLL_PROCESS_DETACH
        push NULL
        call PostQuitMessage

    .endif
    ret

DllEntryPoint endp

Hopefully you are capable of figuring out where it should go, if you can't , then just give up.

Old Post (Click to View)


RE: Timestop (kinda) - mda - 07-30-2009

nicework silva i was looking for one like this

RE: Timestop (kinda) - Ascor - 07-30-2009

u are like a walking breathing active god :P
Serously nice work
keep up your activity and help us understanding and expanding lf2
Great thanks

(you would get a 1+ rep if it would be possible)

RE: Timestop (kinda) - vandesdelca - 07-30-2009

XLF maybe?
Btw, great! that's why i want stop shaking exe for perfectnees of time slow and time stop! Btw you really are one of a great HEX-er that come down from the heaven!

RE: Timestop (kinda) - naruto hyuuga - 07-30-2009

now all we need is the shaking code and were done the bugless timestop

RE: Working Timestop! - Boop - 07-30-2009

Updated first post with fully working version :).

RE: Working Timestop! - naruto hyuuga - 07-31-2009

not working for me

i tried state 10500 on a ball and then on a char and both aren't excecuting(ie.timestop is not taking place)

RE: Working Timestop! - Boop - 07-31-2009

Re-read the post carefully. For some reason, it works for me, nave + other random people, but it never works for you. I attached a compiled dll anyway.

RE: Working Timestop! - Boop - 08-02-2009

quick fix for the opoint stuff:

invoke JmpPatch,0041FCB9h,addr timestop_opoint

.data
;timestop opoint
ts_opoint1 dd 0041FCC9h
ts_opoint2 dd 004203F4h

.code

timestop_opoint proc

cmp timeStop, FALSE
je normal
push eax
lea eax, dword ptr ds:[memAlloc+edi*4+edi]
cmp byte ptr ds:[eax],1
pop eax
jnz skip

normal:
CMP DWORD PTR DS:[ECX+7FCh],EDX
MOV DWORD PTR SS:[ESP+38h],ECX
JLE skip
jmp [ts_opoint1]

skip:
jmp [ts_opoint2]

timestop_opoint endp


Timestop is now also included in the main dll framework thing.