Thread Rating:
  • 4 Vote(s) - 3 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Working Timestop!
#1
All known bugs fixed. Time stop is part of the dll framework thing here:
http://www.lf-empire.de/forum/showthread.php?tid=2246

Go get it from there.

Thread locked due to spam.

Code:
.data

timeStop db FALSE

;loop2
loop2_r        dd 00406806h


;frame update
frame_r1 dd 0041FB44h
frame_r2 dd 0041FB4Bh

;movement
mov_r1 dd 0041E692h
mov_r2 dd 0041E697h

;frame sh*t
frameshit_r1 dd 0041e39Bh
frameshit_r2 dd 0041e3A4h

;shaking
shaking_r dd 0042F336h

;create object
co_r dd 004064b6h

.code

create_object proc
    
    MOV DWORD PTR DS:[ESI+418h],EBX
    cmp timeStop,FALSE
    je return
    cmp edi,400
    jg return
    pushad
    mov esi, dword ptr ss:[esp+20h]
    lea eax, dword ptr ds:[memAlloc+edi*4+edi] ;creator
    mov cl, byte ptr ds:[eax]
    lea ebx, dword ptr ds:[memAlloc+esi*4+esi] ;opointed thingy
    mov byte ptr ds:[ebx],cl
    mov ecx, dword ptr ds:[eax+1]
    mov dword ptr ds:[ebx+1],ecx
    popad
    
return:
    jmp [co_r]
create_object endp

shaking proc
    
    cmp timeStop,TRUE
    je return
    mov dword ptr ds:[edx+0b4h],-3

    return:
    jmp [shaking_r]

shaking endp

time_loop proc
    
    MOV EDX,DWORD PTR DS:[450B90h]
    pushad
    mov eax,0
    mov timeStop, FALSE
    looop:
    cmp byte ptr ds:[458B00h+eax+4],0
    je skip
    lea ebx, dword ptr ds:[memAlloc+esi*4+esi]
    cmp byte ptr ds:[ebx],1
    jnz skip
    mov timeStop,TRUE
    jmp return
    
skip:
    inc eax
    cmp eax,190h
    jl looop    
return:
    popad
    ret

time_loop endp

frame_shit proc
    
    MOV ECX,DWORD PTR DS:[450B90h]
    cmp timeStop, FALSE
    je disabled
    push eax
    lea eax, dword ptr ds:[memAlloc+esi*4+esi]
    cmp byte ptr ds:[eax],1
    pop eax
    jnz skip
disabled:
    jmp [frameshit_r1]
    
skip:
    jmp [frameshit_r2]

frame_shit endp

movement proc
    MOV ECX,DWORD PTR DS:[EBX+EDI*4+194h]
    cmp timeStop, FALSE
    je disabled
    push eax
    lea eax, dword ptr ds:[memAlloc+edi*4+edi]
    cmp byte ptr ds:[eax],1
    pop eax
    jnz skip
disabled:
    jmp [mov_r1]
    
skip:
    jmp [mov_r2]    

movement endp

frame_update proc
    
    MOV ECX,DWORD PTR DS:[EBX+EDI*4+194h]
    cmp timeStop, FALSE
    je disabled
    push eax
    lea eax, dword ptr ds:[memAlloc+edi*4+edi]
    cmp byte ptr ds:[eax],1
    pop eax
    jnz skip
disabled:    
    jmp [frame_r1]
    
skip:
    jmp [frame_r2]
frame_update endp


State8xxx proc
        CMP EAX,1F40h
        jl state4xxx
        CMP EAX,2328h
        jge state4xxx
        jmp Transform1
        
state4xxx:
;I didn't bother really understanding the code, just copied it
;there is only 1 line you should edit, I commented it :p

        CMP EAX,0FA0h
        jl next
        CMP EAX,1388h
        jge next
        MOV ECX,DWORD PTR DS:[EBX+7D4h]
        LEA EDX,DWORD PTR DS:[EAX-0FA0h]
        XOR EAX,EAX
        CMP DWORD PTR DS:[ECX+4D82380h],EAX
        JLE a
d:        MOV ESI,DWORD PTR DS:[ECX]
        CMP DWORD PTR DS:[ESI+6F4h],EDX
        JE b
        MOV ESI,DWORD PTR DS:[EBX+7D4h]
        ADD EAX,1
        ADD ECX,4
        CMP EAX,DWORD PTR DS:[ESI+4D82380h]
        JL d
        JMP a
b:        MOV ECX,DWORD PTR DS:[EBX+7D4h]
        MOV ECX,DWORD PTR DS:[ECX+EAX*4h]
        MOV EAX,DWORD PTR DS:[EBX+EDI*4+194h]
        MOV DWORD PTR DS:[EAX+368h],ECX

a:        MOV EDX,DWORD PTR DS:[EBX+EDI*4+194h]
        MOV DWORD PTR DS:[EDX+70h],0 ; this line sets your frame number to 0, remove it if you want
        MOV EAX,DWORD PTR DS:[EBX+EDI*4+194h]

next:    CMP EAX,10000
        jl return
        CMP EAX,20000
        jge return
        sub eax,10000
        push ecx
        lea ecx, dword ptr ds:[memAlloc+edi*4+edi]
        mov dword ptr ds:[ecx+1],eax
        mov byte ptr ds:[ecx],1
        pop ecx
        
return: jmp Transform2
                
        
State8xxx endp

loop2 proc
    
    push eax
    mov eax,dword ptr ss:[esp+18h]
    lea eax, dword ptr ds:[memAlloc+eax*4+eax]
    cmp dword ptr ds:[eax+1],0
    jle remove_timestop
    add dword ptr ds:[eax+1],-1
    jmp return

remove_timestop:
    mov byte ptr ds:[eax],0
    
return:    
    pop eax
    
    MOV ECX,DWORD PTR DS:[EAX+368h]
    jmp [loop2_r]
    
loop2 endp

Code:
    invoke JmpPatch, 0041F63Ch, addr State8xxx
    invoke JmpPatch, 00406800h, addr loop2
    invoke JmpPatch,0041FB3Dh, addr frame_update
    invoke JmpPatch,0041E68Bh, addr movement
    invoke JmpPatch,0041E395h,addr frame_shit
    invoke CallPatch,0041D4AAh, addr time_loop
    invoke WriteMem,0041D4AFh, addr oneNOP,1
    invoke JmpPatch,0042F32Ch,addr shaking
    invoke JmpPatch,004064B0h,addr create_object

You also need this(goes in rarara.asm , replaces the original DllEntryPoint):
Code:
.data?
memAlloc dd ?

.code

DllEntryPoint proc hInstDLL:DWORD, reason:DWORD, unused:DWORD


    mov eax,reason
    .if eax == DLL_PROCESS_ATTACH                                            ; Called when our dll loaded
        
        invoke VirtualAlloc, NULL, 4000, MEM_COMMIT,PAGE_READWRITE
        mov memAlloc,eax
        
        call DLLStartup                                                        ; Memory patches and jmp patches
        
        .elseif reason == DLL_PROCESS_DETACH
        push NULL
        call PostQuitMessage

    .endif
    ret

DllEntryPoint endp

Hopefully you are capable of figuring out where it should go, if you can't , then just give up.

[Image: doty7Xn.gif]

10 ʏᴇᴀʀs sɪɴᴄᴇ ɪʀᴄ ɢᴏᴏᴅ.ɪ ᴡᴀʟᴋ ᴛʜʀᴏᴜɢʜ ᴛʜᴇ ᴇᴍᴘᴛʏ sᴛʀᴇᴇᴛs ᴛʀʏɪɴɢ ᴛᴏ ᴛʜɪɴᴋ ᴏғ sᴏᴍᴇᴛʜɪɴɢ ᴇʟsᴇ ʙᴜᴛ ᴍʏ ᴘᴀᴛʜ ᴀʟᴡᴀʏs ʟᴇᴀᴅs ᴛᴏ ᴛʜᴇ ɪʀᴄ. ɪ sᴛᴀʀᴇ ᴀᴛ ᴛʜᴇ sᴄʀᴇᴇɴ ғᴏʀ ʜᴏᴜʀs ᴀɴᴅ ᴛʀʏ ᴛᴏ sᴜᴍᴍᴏɴ ᴛʜᴇ ɢᴏᴏᴅ ɪʀᴄ. ɪ ᴡᴀᴛᴄʜ ᴏᴛʜᴇʀ ɪʀᴄ ᴄʜᴀɴɴᴇʟs ʙᴜᴛ ɪᴛ ɪs ɴᴏ ɢᴏᴏᴅ. ɪ ᴘᴇsᴛᴇʀ ᴢᴏʀᴛ ᴀɴᴅ ᴛʀʏ ᴛᴏ ʀᴇsɪsᴛ ʜɪs sᴇxɪɴᴇss ʙᴜᴛ ɪᴛ ɪs ᴀʟʟ ᴍᴇᴀɴɪɴɢʟᴇss. ᴛʜᴇ ᴇɴᴅ ɪs ɴᴇᴀʀ.ɪ ᴛʜᴇɴ ᴜsᴜᴀʟʟʏ ʀᴇᴀᴅ sᴏᴍᴇ ᴏʟᴅ ɪʀᴄ ʟᴏɢs ᴀɴᴅ ᴄʀʏ ᴍʏsᴇʟғ ᴛᴏ sʟᴇᴇᴘ.


Thanks given by: Ascor , vandesdelca , TheNave , Beasty , naruto hyuuga
#2
nicework silva i was looking for one like this
Naruto: Dawn Of Era...begins a new era [Image: ndoe.png]own....
Thanks given by:
#3
u are like a walking breathing active god :P
Serously nice work
keep up your activity and help us understanding and expanding lf2
Great thanks

(you would get a 1+ rep if it would be possible)
Thanks given by:
#4
XLF maybe?
Btw, great! that's why i want stop shaking exe for perfectnees of time slow and time stop! Btw you really are one of a great HEX-er that come down from the heaven!
Thanks given by:
#5
now all we need is the shaking code and were done the bugless timestop
Thanks given by:
#6
Updated first post with fully working version :).
[Image: doty7Xn.gif]

10 ʏᴇᴀʀs sɪɴᴄᴇ ɪʀᴄ ɢᴏᴏᴅ.ɪ ᴡᴀʟᴋ ᴛʜʀᴏᴜɢʜ ᴛʜᴇ ᴇᴍᴘᴛʏ sᴛʀᴇᴇᴛs ᴛʀʏɪɴɢ ᴛᴏ ᴛʜɪɴᴋ ᴏғ sᴏᴍᴇᴛʜɪɴɢ ᴇʟsᴇ ʙᴜᴛ ᴍʏ ᴘᴀᴛʜ ᴀʟᴡᴀʏs ʟᴇᴀᴅs ᴛᴏ ᴛʜᴇ ɪʀᴄ. ɪ sᴛᴀʀᴇ ᴀᴛ ᴛʜᴇ sᴄʀᴇᴇɴ ғᴏʀ ʜᴏᴜʀs ᴀɴᴅ ᴛʀʏ ᴛᴏ sᴜᴍᴍᴏɴ ᴛʜᴇ ɢᴏᴏᴅ ɪʀᴄ. ɪ ᴡᴀᴛᴄʜ ᴏᴛʜᴇʀ ɪʀᴄ ᴄʜᴀɴɴᴇʟs ʙᴜᴛ ɪᴛ ɪs ɴᴏ ɢᴏᴏᴅ. ɪ ᴘᴇsᴛᴇʀ ᴢᴏʀᴛ ᴀɴᴅ ᴛʀʏ ᴛᴏ ʀᴇsɪsᴛ ʜɪs sᴇxɪɴᴇss ʙᴜᴛ ɪᴛ ɪs ᴀʟʟ ᴍᴇᴀɴɪɴɢʟᴇss. ᴛʜᴇ ᴇɴᴅ ɪs ɴᴇᴀʀ.ɪ ᴛʜᴇɴ ᴜsᴜᴀʟʟʏ ʀᴇᴀᴅ sᴏᴍᴇ ᴏʟᴅ ɪʀᴄ ʟᴏɢs ᴀɴᴅ ᴄʀʏ ᴍʏsᴇʟғ ᴛᴏ sʟᴇᴇᴘ.


Thanks given by:
#7
not working for me

i tried state 10500 on a ball and then on a char and both aren't excecuting(ie.timestop is not taking place)
Thanks given by:
#8
Re-read the post carefully. For some reason, it works for me, nave + other random people, but it never works for you. I attached a compiled dll anyway.


Attached Files
.rar   rarara.rar (Size: 1.31 KB / Downloads: 117)
[Image: doty7Xn.gif]

10 ʏᴇᴀʀs sɪɴᴄᴇ ɪʀᴄ ɢᴏᴏᴅ.ɪ ᴡᴀʟᴋ ᴛʜʀᴏᴜɢʜ ᴛʜᴇ ᴇᴍᴘᴛʏ sᴛʀᴇᴇᴛs ᴛʀʏɪɴɢ ᴛᴏ ᴛʜɪɴᴋ ᴏғ sᴏᴍᴇᴛʜɪɴɢ ᴇʟsᴇ ʙᴜᴛ ᴍʏ ᴘᴀᴛʜ ᴀʟᴡᴀʏs ʟᴇᴀᴅs ᴛᴏ ᴛʜᴇ ɪʀᴄ. ɪ sᴛᴀʀᴇ ᴀᴛ ᴛʜᴇ sᴄʀᴇᴇɴ ғᴏʀ ʜᴏᴜʀs ᴀɴᴅ ᴛʀʏ ᴛᴏ sᴜᴍᴍᴏɴ ᴛʜᴇ ɢᴏᴏᴅ ɪʀᴄ. ɪ ᴡᴀᴛᴄʜ ᴏᴛʜᴇʀ ɪʀᴄ ᴄʜᴀɴɴᴇʟs ʙᴜᴛ ɪᴛ ɪs ɴᴏ ɢᴏᴏᴅ. ɪ ᴘᴇsᴛᴇʀ ᴢᴏʀᴛ ᴀɴᴅ ᴛʀʏ ᴛᴏ ʀᴇsɪsᴛ ʜɪs sᴇxɪɴᴇss ʙᴜᴛ ɪᴛ ɪs ᴀʟʟ ᴍᴇᴀɴɪɴɢʟᴇss. ᴛʜᴇ ᴇɴᴅ ɪs ɴᴇᴀʀ.ɪ ᴛʜᴇɴ ᴜsᴜᴀʟʟʏ ʀᴇᴀᴅ sᴏᴍᴇ ᴏʟᴅ ɪʀᴄ ʟᴏɢs ᴀɴᴅ ᴄʀʏ ᴍʏsᴇʟғ ᴛᴏ sʟᴇᴇᴘ.


Thanks given by:
#9
quick fix for the opoint stuff:

invoke JmpPatch,0041FCB9h,addr timestop_opoint

.data
;timestop opoint
ts_opoint1 dd 0041FCC9h
ts_opoint2 dd 004203F4h

.code

timestop_opoint proc

cmp timeStop, FALSE
je normal
push eax
lea eax, dword ptr ds:[memAlloc+edi*4+edi]
cmp byte ptr ds:[eax],1
pop eax
jnz skip

normal:
CMP DWORD PTR DS:[ECX+7FCh],EDX
MOV DWORD PTR SS:[ESP+38h],ECX
JLE skip
jmp [ts_opoint1]

skip:
jmp [ts_opoint2]

timestop_opoint endp


Timestop is now also included in the main dll framework thing.
[Image: doty7Xn.gif]

10 ʏᴇᴀʀs sɪɴᴄᴇ ɪʀᴄ ɢᴏᴏᴅ.ɪ ᴡᴀʟᴋ ᴛʜʀᴏᴜɢʜ ᴛʜᴇ ᴇᴍᴘᴛʏ sᴛʀᴇᴇᴛs ᴛʀʏɪɴɢ ᴛᴏ ᴛʜɪɴᴋ ᴏғ sᴏᴍᴇᴛʜɪɴɢ ᴇʟsᴇ ʙᴜᴛ ᴍʏ ᴘᴀᴛʜ ᴀʟᴡᴀʏs ʟᴇᴀᴅs ᴛᴏ ᴛʜᴇ ɪʀᴄ. ɪ sᴛᴀʀᴇ ᴀᴛ ᴛʜᴇ sᴄʀᴇᴇɴ ғᴏʀ ʜᴏᴜʀs ᴀɴᴅ ᴛʀʏ ᴛᴏ sᴜᴍᴍᴏɴ ᴛʜᴇ ɢᴏᴏᴅ ɪʀᴄ. ɪ ᴡᴀᴛᴄʜ ᴏᴛʜᴇʀ ɪʀᴄ ᴄʜᴀɴɴᴇʟs ʙᴜᴛ ɪᴛ ɪs ɴᴏ ɢᴏᴏᴅ. ɪ ᴘᴇsᴛᴇʀ ᴢᴏʀᴛ ᴀɴᴅ ᴛʀʏ ᴛᴏ ʀᴇsɪsᴛ ʜɪs sᴇxɪɴᴇss ʙᴜᴛ ɪᴛ ɪs ᴀʟʟ ᴍᴇᴀɴɪɴɢʟᴇss. ᴛʜᴇ ᴇɴᴅ ɪs ɴᴇᴀʀ.ɪ ᴛʜᴇɴ ᴜsᴜᴀʟʟʏ ʀᴇᴀᴅ sᴏᴍᴇ ᴏʟᴅ ɪʀᴄ ʟᴏɢs ᴀɴᴅ ᴄʀʏ ᴍʏsᴇʟғ ᴛᴏ sʟᴇᴇᴘ.


Thanks given by:




Users browsing this thread: 1 Guest(s)