Login

Boop · (This post was last modified: 08-02-2009, 04:22 PM by Boop.)

All known bugs fixed. Time stop is part of the dll framework thing here:
http://www.lf-empire.de/forum/showthread.php?tid=2246

Go get it from there.

Thread locked due to spam.

Code:
.data

timeStop db FALSE

;loop2

loop2_r        dd 00406806h

;frame update

frame_r1 dd 0041FB44h

frame_r2 dd 0041FB4Bh

;movement

mov_r1 dd 0041E692h

mov_r2 dd 0041E697h

;frame sh*t

frameshit_r1 dd 0041e39Bh

frameshit_r2 dd 0041e3A4h

;shaking

shaking_r dd 0042F336h

;create object

co_r dd 004064b6h

.code

create_object proc

    MOV DWORD PTR DS:[ESI+418h],EBX

    cmp timeStop,FALSE

    je return

    cmp edi,400

    jg return

    pushad

    mov esi, dword ptr ss:[esp+20h]

    lea eax, dword ptr ds:[memAlloc+edi*4+edi] ;creator

    mov cl, byte ptr ds:[eax]

    lea ebx, dword ptr ds:[memAlloc+esi*4+esi] ;opointed thingy

    mov byte ptr ds:[ebx],cl

    mov ecx, dword ptr ds:[eax+1]

    mov dword ptr ds:[ebx+1],ecx

    popad

return:

    jmp [co_r]

create_object endp

shaking proc

    cmp timeStop,TRUE

    je return

    mov dword ptr ds:[edx+0b4h],-3

    return:

    jmp [shaking_r]

shaking endp

time_loop proc

    MOV EDX,DWORD PTR DS:[450B90h]

    pushad

    mov eax,0

    mov timeStop, FALSE

    looop:

    cmp byte ptr ds:[458B00h+eax+4],0

    je skip

    lea ebx, dword ptr ds:[memAlloc+esi*4+esi]

    cmp byte ptr ds:[ebx],1

    jnz skip

    mov timeStop,TRUE

    jmp return

skip:

    inc eax

    cmp eax,190h

    jl looop    

return:

    popad

    ret

time_loop endp

frame_shit proc

    MOV ECX,DWORD PTR DS:[450B90h]

    cmp timeStop, FALSE

    je disabled

    push eax

    lea eax, dword ptr ds:[memAlloc+esi*4+esi]

    cmp byte ptr ds:[eax],1

    pop eax

    jnz skip

disabled:

    jmp [frameshit_r1]

skip:

    jmp [frameshit_r2]

frame_shit endp

movement proc

    MOV ECX,DWORD PTR DS:[EBX+EDI*4+194h]

    cmp timeStop, FALSE

    je disabled

    push eax

    lea eax, dword ptr ds:[memAlloc+edi*4+edi]

    cmp byte ptr ds:[eax],1

    pop eax

    jnz skip

disabled:

    jmp [mov_r1]

skip:

    jmp [mov_r2]    

movement endp

frame_update proc

    MOV ECX,DWORD PTR DS:[EBX+EDI*4+194h]

    cmp timeStop, FALSE

    je disabled

    push eax

    lea eax, dword ptr ds:[memAlloc+edi*4+edi]

    cmp byte ptr ds:[eax],1

    pop eax

    jnz skip

disabled:    

    jmp [frame_r1]

skip:

    jmp [frame_r2]

frame_update endp

State8xxx proc

        CMP EAX,1F40h

        jl state4xxx

        CMP EAX,2328h

        jge state4xxx

        jmp Transform1

state4xxx:

;I didn't bother really understanding the code, just copied it

;there is only 1 line you should edit, I commented it :p

        CMP EAX,0FA0h

        jl next

        CMP EAX,1388h

        jge next

        MOV ECX,DWORD PTR DS:[EBX+7D4h]

        LEA EDX,DWORD PTR DS:[EAX-0FA0h]

        XOR EAX,EAX

        CMP DWORD PTR DS:[ECX+4D82380h],EAX

        JLE a

d:        MOV ESI,DWORD PTR DS:[ECX]

        CMP DWORD PTR DS:[ESI+6F4h],EDX

        JE b

        MOV ESI,DWORD PTR DS:[EBX+7D4h]

        ADD EAX,1

        ADD ECX,4

        CMP EAX,DWORD PTR DS:[ESI+4D82380h]

        JL d

        JMP a

b:        MOV ECX,DWORD PTR DS:[EBX+7D4h]

        MOV ECX,DWORD PTR DS:[ECX+EAX*4h]

        MOV EAX,DWORD PTR DS:[EBX+EDI*4+194h]

        MOV DWORD PTR DS:[EAX+368h],ECX

a:        MOV EDX,DWORD PTR DS:[EBX+EDI*4+194h]

        MOV DWORD PTR DS:[EDX+70h],0 ; this line sets your frame number to 0, remove it if you want

        MOV EAX,DWORD PTR DS:[EBX+EDI*4+194h]

next:    CMP EAX,10000

        jl return

        CMP EAX,20000

        jge return

        sub eax,10000

        push ecx

        lea ecx, dword ptr ds:[memAlloc+edi*4+edi]

        mov dword ptr ds:[ecx+1],eax

        mov byte ptr ds:[ecx],1

        pop ecx

return: jmp Transform2

State8xxx endp

loop2 proc

    push eax

    mov eax,dword ptr ss:[esp+18h]

    lea eax, dword ptr ds:[memAlloc+eax*4+eax]

    cmp dword ptr ds:[eax+1],0

    jle remove_timestop

    add dword ptr ds:[eax+1],-1

    jmp return

remove_timestop:

    mov byte ptr ds:[eax],0

return:    

    pop eax

    MOV ECX,DWORD PTR DS:[EAX+368h]

    jmp [loop2_r]

loop2 endp

Code:
    invoke JmpPatch, 0041F63Ch, addr State8xxx

    invoke JmpPatch, 00406800h, addr loop2

    invoke JmpPatch,0041FB3Dh, addr frame_update

    invoke JmpPatch,0041E68Bh, addr movement

    invoke JmpPatch,0041E395h,addr frame_shit

    invoke CallPatch,0041D4AAh, addr time_loop

    invoke WriteMem,0041D4AFh, addr oneNOP,1

    invoke JmpPatch,0042F32Ch,addr shaking

    invoke JmpPatch,004064B0h,addr create_object

You also need this(goes in rarara.asm , replaces the original DllEntryPoint):

Code:
.data?

memAlloc dd ?

.code

DllEntryPoint proc hInstDLL:DWORD, reason:DWORD, unused:DWORD

    mov eax,reason

    .if eax == DLL_PROCESS_ATTACH                                            ; Called when our dll loaded

        invoke VirtualAlloc, NULL, 4000, MEM_COMMIT,PAGE_READWRITE

        mov memAlloc,eax

        call DLLStartup                                                        ; Memory patches and jmp patches

        .elseif reason == DLL_PROCESS_DETACH

        push NULL

        call PostQuitMessage

    .endif

    ret

DllEntryPoint endp

Hopefully you are capable of figuring out where it should go, if you can't , then just give up.

Old Post (Click to View)

mda · 07-30-2009, 01:39 AM

nicework silva i was looking for one like this

Ascor · 07-30-2009, 05:03 AM

u are like a walking breathing active god :P
Serously nice work
keep up your activity and help us understanding and expanding lf2
Great thanks

(you would get a 1+ rep if it would be possible)

vandesdelca · 07-30-2009, 08:07 AM

XLF maybe?
Btw, great! that's why i want stop shaking exe for perfectnees of time slow and time stop! Btw you really are one of a great HEX-er that come down from the heaven!

naruto hyuuga · 07-30-2009, 08:22 AM

now all we need is the shaking code and were done the bugless timestop

Boop · 07-30-2009, 02:48 PM

Updated first post with fully working version

.

naruto hyuuga · 07-31-2009, 06:14 PM

not working for me

i tried state 10500 on a ball and then on a char and both aren't excecuting(ie.timestop is not taking place)

Boop · 07-31-2009, 06:19 PM

Re-read the post carefully. For some reason, it works for me, nave + other random people, but it never works for you. I attached a compiled dll anyway.

Boop · 08-02-2009, 04:21 PM

quick fix for the opoint stuff:

invoke JmpPatch,0041FCB9h,addr timestop_opoint

.data
;timestop opoint
ts_opoint1 dd 0041FCC9h
ts_opoint2 dd 004203F4h

.code

timestop_opoint proc

cmp timeStop, FALSE
je normal
push eax
lea eax, dword ptr ds:[memAlloc+edi*4+edi]
cmp byte ptr ds:[eax],1
pop eax
jnz skip

normal:
CMP DWORD PTR DS:[ECX+7FCh],EDX
MOV DWORD PTR SS:[ESP+38h],ECX
JLE skip
jmp [ts_opoint1]

skip:
jmp [ts_opoint2]

timestop_opoint endp

Timestop is now also included in the main dll framework thing.

Login
Username:
Password:	Lost Password?
	Remember me