Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
AI copying [Part 2]
#1
This is a better explanation on how to add the D>A to AI.

Right click > goto > expression > 004093B5.

You will see some code like this:
Code:
004093B5  |. 83F8 02        CMP EAX,2
004093B8  |. 74 31          JE SHORT lf2.004093EB
>>>004093BA<<<  |. 83F8 04        CMP EAX,4

Replace :
Code:
CMP EAX,2

With(You can jump anywhere you want, I just choose a random place) :
Code:
JMP 0044280D
This line will overwrite the CMP and JE in the next line, this is suppoused to happen.

Now right click>goto>expression> 0044280D(or where ever you jumped to). First thing that has to be done is writing the code we over wrote, so write this:
Code:
CMP EAX,2
JE 004093EB

Now we begin adding our own ID's to the code. This is done by writing CMP EAX, ID and then a JE 004093EB after it. After all adding all your ID's you have to jump back to the rest of the code, so write "JMP 004093BA" ( look at the first snippet of code if you don't understand where I got the number from).

Here is an example of how your code can look:

Code:
004093B5     E9 53940300    JMP lf2.0044280D
004093BA  |. 83F8 04        CMP EAX,4

Code:
0044280D     83F8 02        CMP EAX,2
00442810    ^0F84 D56BFCFF  JE lf2.004093EB
00442816     83F8 40        CMP EAX,40
00442819    ^0F84 CC6BFCFF  JE lf2.004093EB
0044281F     83F8 45        CMP EAX,45
00442822    ^0F84 C36BFCFF  JE lf2.004093EB
00442828    ^E9 8D6BFCFF    JMP lf2.004093BA

The same code appears at 004094B2, it is basically the same except you have to change the numbers. I won't bother explaining it all again and I'll just show you how the code should look like.

Code:
004094B2     E9 56950300    JMP lf2.00442A0D
004094B7  |. 83F8 04        CMP EAX,4

Code:
00442A0D     83F8 02        CMP EAX,2
00442A10    ^0F84 D26AFCFF  JE lf2.004094E8
00442A16     83F8 40        CMP EAX,40
00442A19    ^0F84 C96AFCFF  JE lf2.004094E8
00442A1F     83F8 45        CMP EAX,45
00442A22    ^0F84 C06AFCFF  JE lf2.004094E8
00442A28    ^E9 8A6AFCFF    JMP lf2.004094B7

Notice how the JE's and JMP's go to different places than before. Anyway you are done :)
[Image: doty7Xn.gif]

10 ʏᴇᴀʀs sɪɴᴄᴇ ɪʀᴄ ɢᴏᴏᴅ.ɪ ᴡᴀʟᴋ ᴛʜʀᴏᴜɢʜ ᴛʜᴇ ᴇᴍᴘᴛʏ sᴛʀᴇᴇᴛs ᴛʀʏɪɴɢ ᴛᴏ ᴛʜɪɴᴋ ᴏғ sᴏᴍᴇᴛʜɪɴɢ ᴇʟsᴇ ʙᴜᴛ ᴍʏ ᴘᴀᴛʜ ᴀʟᴡᴀʏs ʟᴇᴀᴅs ᴛᴏ ᴛʜᴇ ɪʀᴄ. ɪ sᴛᴀʀᴇ ᴀᴛ ᴛʜᴇ sᴄʀᴇᴇɴ ғᴏʀ ʜᴏᴜʀs ᴀɴᴅ ᴛʀʏ ᴛᴏ sᴜᴍᴍᴏɴ ᴛʜᴇ ɢᴏᴏᴅ ɪʀᴄ. ɪ ᴡᴀᴛᴄʜ ᴏᴛʜᴇʀ ɪʀᴄ ᴄʜᴀɴɴᴇʟs ʙᴜᴛ ɪᴛ ɪs ɴᴏ ɢᴏᴏᴅ. ɪ ᴘᴇsᴛᴇʀ ᴢᴏʀᴛ ᴀɴᴅ ᴛʀʏ ᴛᴏ ʀᴇsɪsᴛ ʜɪs sᴇxɪɴᴇss ʙᴜᴛ ɪᴛ ɪs ᴀʟʟ ᴍᴇᴀɴɪɴɢʟᴇss. ᴛʜᴇ ᴇɴᴅ ɪs ɴᴇᴀʀ.ɪ ᴛʜᴇɴ ᴜsᴜᴀʟʟʏ ʀᴇᴀᴅ sᴏᴍᴇ ᴏʟᴅ ɪʀᴄ ʟᴏɢs ᴀɴᴅ ᴄʀʏ ᴍʏsᴇʟғ ᴛᴏ sʟᴇᴇᴘ.


Reply
Thanks given by:
#2
Damn Silva, you're amazing!
Reply
Thanks given by:
#3
what about the code
CMP EAX,40 and CMP EAX,45???
is that the id`s AI you copy and the id`s AI you copy to???
Reply
Thanks given by:
#4
Yes, those are the ID's I copied.
[Image: doty7Xn.gif]

10 ʏᴇᴀʀs sɪɴᴄᴇ ɪʀᴄ ɢᴏᴏᴅ.ɪ ᴡᴀʟᴋ ᴛʜʀᴏᴜɢʜ ᴛʜᴇ ᴇᴍᴘᴛʏ sᴛʀᴇᴇᴛs ᴛʀʏɪɴɢ ᴛᴏ ᴛʜɪɴᴋ ᴏғ sᴏᴍᴇᴛʜɪɴɢ ᴇʟsᴇ ʙᴜᴛ ᴍʏ ᴘᴀᴛʜ ᴀʟᴡᴀʏs ʟᴇᴀᴅs ᴛᴏ ᴛʜᴇ ɪʀᴄ. ɪ sᴛᴀʀᴇ ᴀᴛ ᴛʜᴇ sᴄʀᴇᴇɴ ғᴏʀ ʜᴏᴜʀs ᴀɴᴅ ᴛʀʏ ᴛᴏ sᴜᴍᴍᴏɴ ᴛʜᴇ ɢᴏᴏᴅ ɪʀᴄ. ɪ ᴡᴀᴛᴄʜ ᴏᴛʜᴇʀ ɪʀᴄ ᴄʜᴀɴɴᴇʟs ʙᴜᴛ ɪᴛ ɪs ɴᴏ ɢᴏᴏᴅ. ɪ ᴘᴇsᴛᴇʀ ᴢᴏʀᴛ ᴀɴᴅ ᴛʀʏ ᴛᴏ ʀᴇsɪsᴛ ʜɪs sᴇxɪɴᴇss ʙᴜᴛ ɪᴛ ɪs ᴀʟʟ ᴍᴇᴀɴɪɴɢʟᴇss. ᴛʜᴇ ᴇɴᴅ ɪs ɴᴇᴀʀ.ɪ ᴛʜᴇɴ ᴜsᴜᴀʟʟʏ ʀᴇᴀᴅ sᴏᴍᴇ ᴏʟᴅ ɪʀᴄ ʟᴏɢs ᴀɴᴅ ᴄʀʏ ᴍʏsᴇʟғ ᴛᴏ sʟᴇᴇᴘ.


Reply
Thanks given by:
#5
First off, thanks for sharing all this juicy info with us :D.

Ok onto what this is about.. Since I found your thread about AI Copying (Part 1) the other day i've been trying to copy an AI. Though there were a couple speed bumps i eventually succeeded in copying firen's ai (id: 7) to id: 326 (boy was i happy :p). However this part is a bit confusing for me.

Ok here is what i have.

0004280D 83F8 02 CMP EAX,2
00042810 ^0F84 D56BFCFF JE 000093EB
00042816 3D 26030000 CMP EAX,326 - ID i want D>A to be copied to.
0004281B ^0F84 CA6BFCFF JE 000093EB
00042821 ^E9 946BFCFF JMP 000093BA

Now.. is the ID i want D>A to be copied to supposed to be in hex? 326 in hex would be 146 i believe, but it also does not work.

Secondly
Quote:"what about the code
CMP EAX,40 and CMP EAX,45???
is that the id`s AI you copy and the id`s AI you copy to??? "
Quote:Yes, those are the ID's I copied.

I'm a little confused about this question and your answer to it. So i'll see if i understood the question first.
Quote:Is CMP EAX,40 the id that you are copying D>A from and CMP EAX,45 is the id you want to copy D>A to?
However you say those are the id's that are copied. If i correctly interpreted the question then the answer didn't make any sense. Sorry if this sounds stupid i'm not very normal Redface Redface
Reply
Thanks given by:
#6
I think its my fault actually, I didn't read the question properly :p. Basically 90% of all the ID's run the EXACT same code for D>A . So whats happening is your copying the D>A code (which is the same for 90% of all characters) to more ID's. In this case I made (40 in hex)64 and 69(in hex) run the same D>A code as the rest of the characters. As you can see they should be in hex.

The problem with your code is you are forgetting the 4.
000093EB >>> 004093EB
000093BA >>> 004093BA

Also remember that you are basically doing the same thing twice. One time from 004093B5 and another time from 004094B2.
[Image: doty7Xn.gif]

10 ʏᴇᴀʀs sɪɴᴄᴇ ɪʀᴄ ɢᴏᴏᴅ.ɪ ᴡᴀʟᴋ ᴛʜʀᴏᴜɢʜ ᴛʜᴇ ᴇᴍᴘᴛʏ sᴛʀᴇᴇᴛs ᴛʀʏɪɴɢ ᴛᴏ ᴛʜɪɴᴋ ᴏғ sᴏᴍᴇᴛʜɪɴɢ ᴇʟsᴇ ʙᴜᴛ ᴍʏ ᴘᴀᴛʜ ᴀʟᴡᴀʏs ʟᴇᴀᴅs ᴛᴏ ᴛʜᴇ ɪʀᴄ. ɪ sᴛᴀʀᴇ ᴀᴛ ᴛʜᴇ sᴄʀᴇᴇɴ ғᴏʀ ʜᴏᴜʀs ᴀɴᴅ ᴛʀʏ ᴛᴏ sᴜᴍᴍᴏɴ ᴛʜᴇ ɢᴏᴏᴅ ɪʀᴄ. ɪ ᴡᴀᴛᴄʜ ᴏᴛʜᴇʀ ɪʀᴄ ᴄʜᴀɴɴᴇʟs ʙᴜᴛ ɪᴛ ɪs ɴᴏ ɢᴏᴏᴅ. ɪ ᴘᴇsᴛᴇʀ ᴢᴏʀᴛ ᴀɴᴅ ᴛʀʏ ᴛᴏ ʀᴇsɪsᴛ ʜɪs sᴇxɪɴᴇss ʙᴜᴛ ɪᴛ ɪs ᴀʟʟ ᴍᴇᴀɴɪɴɢʟᴇss. ᴛʜᴇ ᴇɴᴅ ɪs ɴᴇᴀʀ.ɪ ᴛʜᴇɴ ᴜsᴜᴀʟʟʏ ʀᴇᴀᴅ sᴏᴍᴇ ᴏʟᴅ ɪʀᴄ ʟᴏɢs ᴀɴᴅ ᴄʀʏ ᴍʏsᴇʟғ ᴛᴏ sʟᴇᴇᴘ.


Reply
Thanks given by:
#7
I really wonder how i forgot something so simple as a 4. lol@myself.

Really though thank you very much for the clarification! I believe i have it right now. Evidence being that mr. lindwurm is now spouting fireballs almost as often as firen.

I can't believe i forgot to mention this lol. I'd like to thank you for sharing all this juicy stuff with us not only that but creating tutorials for us hex-illiterate people :)

I'll be taking a stab at "id specific mp regeneration" later. Wish me luck!
Reply
Thanks given by:
#8
In fact, the AI of D>A has five parts.


Part 1.
This part is the condition of use D>A.

004093AF |. 8B80 F4060000 mov eax,dword ptr ds:[eax+6F4]
004093B5 |. 83F8 02 cmp eax,2
004093B8 |. 74 31 je short lf2.004093EB
004093BA |. 83F8 04 cmp eax,4
004093BD |. 74 2C je short lf2.004093EB
004093BF |. 83F8 06 cmp eax,6
004093C2 |. 74 27 je short lf2.004093EB
004093C4 |. 83F8 09 cmp eax,9
004093C7 |. 74 22 je short lf2.004093EB
004093C9 |. 83F8 0A cmp eax,0A
004093CC |. 74 1D je short lf2.004093EB
004093CE |. 83F8 0B cmp eax,0B
004093D1 |. 74 18 je short lf2.004093EB
004093D3 |. 83F8 08 cmp eax,8
004093D6 |. 74 13 je short lf2.004093EB
004093D8 |. 83F8 07 cmp eax,7
004093DB |. 74 0E je short lf2.004093EB
004093DD |. 83F8 21 cmp eax,21
004093E0 |. 74 09 je short lf2.004093EB
004093E2 |. 83F8 22 cmp eax,22
004093E5 |. 0F85 B4000000 jnz lf2.0040949F
004093EB |> 8B9C9E 94010000 mov ebx,dword ptr ds:[esi+ebx*4+194]
004093F2 |. DD43 40 fld qword ptr ds:[ebx+40]
004093F5 |. E8 E2110300 call lf2.0043A5DC
004093FA |. 8B4D 10 mov ecx,dword ptr ss:[ebp+10]
004093FD |. 8B6B 10 mov ebp,dword ptr ds:[ebx+10]
00409400 |. D1E0 shl eax,1
00409402 |. 2BC1 sub eax,ecx
00409404 |. 03C5 add eax,ebp
00409406 |. 50 push eax
00409407 |. E8 248FFFFF call lf2.00402330
0040940C |. 83C4 04 add esp,4
0040940F |. 83F8 64 cmp eax,64
00409412 |. 0F8E 87000000 jle lf2.0040949F
00409418 |. 8B4C24 14 mov ecx,dword ptr ss:[esp+14]
0040941C |. 8B9C8E 94010000 mov ebx,dword ptr ds:[esi+ecx*4+194]
00409423 |. DD43 40 fld qword ptr ds:[ebx+40]
00409426 |. E8 B1110300 call lf2.0043A5DC
0040942B |. 8B94BE 94010000 mov edx,dword ptr ds:[esi+edi*4+194]
00409432 |. 8B6B 10 mov ebp,dword ptr ds:[ebx+10]
00409435 |. D1E0 shl eax,1
00409437 |. 2B42 10 sub eax,dword ptr ds:[edx+10]
0040943A |. 03C5 add eax,ebp
0040943C |. 50 push eax
0040943D |. E8 EE8EFFFF call lf2.00402330
00409442 |. 83C4 04 add esp,4
00409445 |. 3D 84030000 cmp eax,384
0040944A |. 7D 53 jge short lf2.0040949F
0040944C |. 8B4424 14 mov eax,dword ptr ss:[esp+14]
00409450 |. 8B94BE 94010000 mov edx,dword ptr ds:[esi+edi*4+194]
00409457 |. 8B8C86 94010000 mov ecx,dword ptr ds:[esi+eax*4+194]
0040945E |. 8B6A 18 mov ebp,dword ptr ds:[edx+18]
00409461 |. 8B41 18 mov eax,dword ptr ds:[ecx+18]
00409464 |. 2BC5 sub eax,ebp
00409466 |. 50 push eax
00409467 |. E8 C48EFFFF call lf2.00402330
0040946C |. 83C4 04 add esp,4
0040946F |. 83F8 05 cmp eax,5
00409472 |. 7D 2B jge short lf2.0040949F
00409474 |. 8B0D BC8A4400 mov ecx,dword ptr ds:[448ABC]
0040947A |. 83C1 0A add ecx,0A
0040947D |. 51 push ecx
0040947E |. E8 BD080100 call lf2.00419D40
00409483 |. 83C4 04 add esp,4
00409486 |. 85C0 test eax,eax
00409488 |. 75 15 jnz short lf2.0040949F
0040948A |. 837C24 20 0E cmp dword ptr ss:[esp+20],0E
0040948F |. 74 0E je short lf2.0040949F
00409491 |. 8B94BE 94010000 mov edx,dword ptr ds:[esi+edi*4+194]
00409498 |. C682 D3000000 01 mov byte ptr ds:[edx+D3],1

It means, if id is anyone of 2 4 6 9 10 11 8 7 33 34 ,
and if enemy's location is at 100(64)~900(384), then do the action at part 2.


Part 2.
This part, I guess, is the code of ''use D>A''.
But I don't know why it caused ''use D>A''.

0040949F |> 8B9CBE 94010000 mov ebx,dword ptr ds:[esi+edi*4+194]
004094A6 |. 8B83 68030000 mov eax,dword ptr ds:[ebx+368]
004094AC |. 8B80 F4060000 mov eax,dword ptr ds:[eax+6F4]
004094B2 |. 83F8 02 cmp eax,2
004094B5 |. 74 31 je short lf2.004094E8
004094B7 |. 83F8 04 cmp eax,4
004094BA |. 74 2C je short lf2.004094E8
004094BC |. 83F8 06 cmp eax,6
004094BF |. 74 27 je short lf2.004094E8
004094C1 |. 83F8 09 cmp eax,9
004094C4 |. 74 22 je short lf2.004094E8
004094C6 |. 83F8 0A cmp eax,0A
004094C9 |. 74 1D je short lf2.004094E8
004094CB |. 83F8 0B cmp eax,0B
004094CE |. 74 18 je short lf2.004094E8
004094D0 |. 83F8 08 cmp eax,8
004094D3 |. 74 13 je short lf2.004094E8
004094D5 |. 83F8 07 cmp eax,7
004094D8 |. 74 0E je short lf2.004094E8
004094DA |. 83F8 21 cmp eax,21
004094DD |. 74 09 je short lf2.004094E8
004094DF |. 83F8 22 cmp eax,22
004094E2 |. 0F85 3E010000 jnz lf2.00409626
004094E8 |> 8B4C24 14 mov ecx,dword ptr ss:[esp+14]
004094EC |. 8BAC8E 94010000 mov ebp,dword ptr ds:[esi+ecx*4+194]
004094F3 |. DD45 40 fld qword ptr ss:[ebp+40]
004094F6 |. E8 E1100300 call lf2.0043A5DC
004094FB |. 8B53 10 mov edx,dword ptr ds:[ebx+10]
004094FE |. 8B4D 10 mov ecx,dword ptr ss:[ebp+10]
00409501 |. D1E0 shl eax,1
00409503 |. 2BC2 sub eax,edx
00409505 |. 03C1 add eax,ecx
00409507 |. 50 push eax
00409508 |. E8 238EFFFF call lf2.00402330
0040950D |. 83C4 04 add esp,4
00409510 |. 83F8 5A cmp eax,5A
00409513 |. 0F8E 0D010000 jle lf2.00409626
00409519 |. 8B84BE 94010000 mov eax,dword ptr ds:[esi+edi*4+194]
00409520 |. 8B5C24 14 mov ebx,dword ptr ss:[esp+14]
00409524 |. 8A90 80000000 mov dl,byte ptr ds:[eax+80]
0040952A |. 84D2 test dl,dl
0040952C |. 75 0F jnz short lf2.0040953D
0040952E |. 8B8C9E 94010000 mov ecx,dword ptr ds:[esi+ebx*4+194]
00409535 |. 8B69 10 mov ebp,dword ptr ds:[ecx+10]
00409538 |. 3B68 10 cmp ebp,dword ptr ds:[eax+10]
0040953B |. 7F 1E jg short lf2.0040955B
0040953D |> 80FA 01 cmp dl,1
00409540 |. 0F85 E0000000 jnz lf2.00409626
00409546 |. 8B8C9E 94010000 mov ecx,dword ptr ds:[esi+ebx*4+194]
0040954D |. 8B68 10 mov ebp,dword ptr ds:[eax+10]
00409550 |. 8B51 10 mov edx,dword ptr ds:[ecx+10]
00409553 |. 3BD5 cmp edx,ebp
00409555 |. 0F8D CB000000 jge lf2.00409626
0040955B |> 8B50 70 mov edx,dword ptr ds:[eax+70]
0040955E |. 83FA 6E cmp edx,6E
00409561 |. 74 0C je short lf2.0040956F
00409563 |. 81FA EB000000 cmp edx,0EB
00409569 |. 0F8C B7000000 jl lf2.00409626
0040956F |> 8B49 18 mov ecx,dword ptr ds:[ecx+18]
00409572 |. 8B50 18 mov edx,dword ptr ds:[eax+18]
00409575 |. 2BCA sub ecx,edx
00409577 |. 51 push ecx
00409578 |. E8 B38DFFFF call lf2.00402330
0040957D |. 83C4 04 add esp,4
00409580 |. 83F8 0D cmp eax,0D
00409583 |. 0F8D 9D000000 jge lf2.00409626
00409589 |. 837C24 20 0E cmp dword ptr ss:[esp+20],0E
0040958E |. 0F84 92000000 je lf2.00409626
00409594 |. 8B94BE 94010000 mov edx,dword ptr ds:[esi+edi*4+194]
0040959B |. C682 C9000000 00 mov byte ptr ds:[edx+C9],0
004095A2 |. 8B84BE 94010000 mov eax,dword ptr ds:[esi+edi*4+194]
004095A9 |. C680 C8000000 00 mov byte ptr ds:[eax+C8],0
004095B0 |. 8B8CBE 94010000 mov ecx,dword ptr ds:[esi+edi*4+194]
004095B7 |. C681 CA000000 00 mov byte ptr ds:[ecx+CA],0
004095BE |. 8B949E 94010000 mov edx,dword ptr ds:[esi+ebx*4+194]
004095C5 |. 8B84BE 94010000 mov eax,dword ptr ds:[esi+edi*4+194]
004095CC |. 8B4A 10 mov ecx,dword ptr ds:[edx+10]
004095CF |. 3B48 10 cmp ecx,dword ptr ds:[eax+10]
004095D2 |. 7E 09 jle short lf2.004095DD
004095D4 |. C680 D0000000 01 mov byte ptr ds:[eax+D0],1
004095DB |. EB 07 jmp short lf2.004095E4
004095DD |> C680 CF000000 01 mov byte ptr ds:[eax+CF],1


Part 3

004095E4 |> 8B94BE 94010000 mov edx,dword ptr ds:[esi+edi*4+194]
004095EB |. 8B82 68030000 mov eax,dword ptr ds:[edx+368]
004095F1 |. 83B8 F4060000 22 cmp dword ptr ds:[eax+6F4],22
004095F8 |. 75 1E jnz short lf2.00409618
004095FA |. 6A 02 push 2
004095FC |. E8 3F070100 call lf2.00419D40
00409601 |. 83C4 04 add esp,4
00409604 |. 85C0 test eax,eax
00409606 |. 75 10 jnz short lf2.00409618
00409608 |. 8B8CBE 94010000 mov ecx,dword ptr ds:[esi+edi*4+194]
0040960F |. C681 D2000000 01 mov byte ptr ds:[ecx+D2],1
00409616 |. EB 0E jmp short lf2.00409626
00409618 |> 8B94BE 94010000 mov edx,dword ptr ds:[esi+edi*4+194]
0040961F |. C682 D1000000 01 mov byte ptr ds:[edx+D1],1

This part I guess is for id 34(sorcerer).
Because sorcerer not only use D>A but D>J.
So this part's code may be ''use D>J''.


Part 4

00409626 |> 8B9CBE 94010000 mov ebx,dword ptr ds:[esi+edi*4+194]
0040962D |. 8B83 68030000 mov eax,dword ptr ds:[ebx+368]
00409633 |. 83B8 F4060000 01 cmp dword ptr ds:[eax+6F4],1
0040963A |. 0F85 B5000000 jnz lf2.004096F5
00409640 |. 8B4C24 14 mov ecx,dword ptr ss:[esp+14]
00409644 |. 8BAC8E 94010000 mov ebp,dword ptr ds:[esi+ecx*4+194]
0040964B |. DD45 40 fld qword ptr ss:[ebp+40]
0040964E |. E8 890F0300 call lf2.0043A5DC
00409653 |. 8B53 10 mov edx,dword ptr ds:[ebx+10]
00409656 |. 8B4D 10 mov ecx,dword ptr ss:[ebp+10]
00409659 |. D1E0 shl eax,1
0040965B |. 2BC2 sub eax,edx
0040965D |. 03C1 add eax,ecx
0040965F |. 50 push eax
00409660 |. E8 CB8CFFFF call lf2.00402330
00409665 |. 83C4 04 add esp,4
00409668 |. 83F8 64 cmp eax,64
0040966B |. 0F8E 84000000 jle lf2.004096F5
00409671 |. 8B6C24 14 mov ebp,dword ptr ss:[esp+14]
00409675 |. 8B9CAE 94010000 mov ebx,dword ptr ds:[esi+ebp*4+194]
0040967C |. DD43 40 fld qword ptr ds:[ebx+40]
0040967F |. E8 580F0300 call lf2.0043A5DC
00409684 |. 8B94BE 94010000 mov edx,dword ptr ds:[esi+edi*4+194]
0040968B |. D1E0 shl eax,1
0040968D |. 8B4A 10 mov ecx,dword ptr ds:[edx+10]
00409690 |. 2BC1 sub eax,ecx
00409692 |. 8B4B 10 mov ecx,dword ptr ds:[ebx+10]
00409695 |. 03C1 add eax,ecx
00409697 |. 50 push eax
00409698 |. E8 938CFFFF call lf2.00402330
0040969D |. 83C4 04 add esp,4
004096A0 |. 3D 2C010000 cmp eax,12C
004096A5 |. 7D 4E jge short lf2.004096F5
004096A7 |. 8B84AE 94010000 mov eax,dword ptr ds:[esi+ebp*4+194]
004096AE |. 8B8CBE 94010000 mov ecx,dword ptr ds:[esi+edi*4+194]
004096B5 |. 8B50 18 mov edx,dword ptr ds:[eax+18]
004096B8 |. 8B69 18 mov ebp,dword ptr ds:[ecx+18]
004096BB |. 2BD5 sub edx,ebp
004096BD |. 52 push edx
004096BE |. E8 6D8CFFFF call lf2.00402330
004096C3 |. 83C4 04 add esp,4
004096C6 |. 83F8 05 cmp eax,5
004096C9 |. 7D 2A jge short lf2.004096F5
004096CB |. A1 C08A4400 mov eax,dword ptr ds:[448AC0]
004096D0 |. 83C0 0A add eax,0A
004096D3 |. 50 push eax
004096D4 |. E8 67060100 call lf2.00419D40
004096D9 |. 83C4 04 add esp,4
004096DC |. 85C0 test eax,eax
004096DE |. 75 15 jnz short lf2.004096F5
004096E0 |. 837C24 20 0E cmp dword ptr ss:[esp+20],0E
004096E5 |. 74 0E je short lf2.004096F5
004096E7 |. 8B8CBE 94010000 mov ecx,dword ptr ds:[esi+edi*4+194]
004096EE |. C681 D3000000 01 mov byte ptr ds:[ecx+D3],1

This part is also the condition of use D>A.
But it is for Deep only.
Because Deep's blast has distance limit, so he needs a separately procedure.
The condition is if enemy is at 100(64)~300(12C),
Then do the action at part 5.



Part 5.

Also, this part is for Deep only.
Here might be the procedure that cause ''use D>A'', too.
I found there are some code simillar to part 2.
It might be the instruction code of ''D>A''.

004096F5 |> 8B9CBE 94010000 mov ebx,dword ptr ds:[esi+edi*4+194]
004096FC |. 8B93 68030000 mov edx,dword ptr ds:[ebx+368]
00409702 |. 83BA F4060000 01 cmp dword ptr ds:[edx+6F4],1
00409709 |. 0F85 FE000000 jnz lf2.0040980D
0040970F |. 8B4424 14 mov eax,dword ptr ss:[esp+14]
00409713 |. 8BAC86 94010000 mov ebp,dword ptr ds:[esi+eax*4+194]
0040971A |. DD45 40 fld qword ptr ss:[ebp+40]
0040971D |. E8 BA0E0300 call lf2.0043A5DC
00409722 |. 8B53 10 mov edx,dword ptr ds:[ebx+10]
00409725 |. 8B4D 10 mov ecx,dword ptr ss:[ebp+10]
00409728 |. D1E0 shl eax,1
0040972A |. 2BC2 sub eax,edx
0040972C |. 03C1 add eax,ecx
0040972E |. 50 push eax
0040972F |. E8 FC8BFFFF call lf2.00402330
00409734 |. 83C4 04 add esp,4
00409737 |. 83F8 5A cmp eax,5A
0040973A |. 0F8E CD000000 jle lf2.0040980D
00409740 |. 8B84BE 94010000 mov eax,dword ptr ds:[esi+edi*4+194]
00409747 |. 8B5C24 14 mov ebx,dword ptr ss:[esp+14]
0040974B |. 8A90 80000000 mov dl,byte ptr ds:[eax+80]
00409751 |. 84D2 test dl,dl
00409753 |. 75 0F jnz short lf2.00409764
00409755 |. 8B8C9E 94010000 mov ecx,dword ptr ds:[esi+ebx*4+194]
0040975C |. 8B69 10 mov ebp,dword ptr ds:[ecx+10]
0040975F |. 3B68 10 cmp ebp,dword ptr ds:[eax+10]
00409762 |. 7F 1E jg short lf2.00409782
00409764 |> 80FA 01 cmp dl,1
00409767 |. 0F85 A0000000 jnz lf2.0040980D
0040976D |. 8B8C9E 94010000 mov ecx,dword ptr ds:[esi+ebx*4+194]
00409774 |. 8B68 10 mov ebp,dword ptr ds:[eax+10]
00409777 |. 8B51 10 mov edx,dword ptr ds:[ecx+10]
0040977A |. 3BD5 cmp edx,ebp
0040977C |. 0F8D 8B000000 jge lf2.0040980D
00409782 |> 8B50 70 mov edx,dword ptr ds:[eax+70]
00409785 |. 83FA 6E cmp edx,6E
00409788 |. 74 08 je short lf2.00409792
0040978A |. 81FA EB000000 cmp edx,0EB
00409790 |. 7C 7B jl short lf2.0040980D
00409792 |> 8B49 18 mov ecx,dword ptr ds:[ecx+18]
00409795 |. 8B50 18 mov edx,dword ptr ds:[eax+18]
00409798 |. 2BCA sub ecx,edx
0040979A |. 51 push ecx
0040979B |. E8 908BFFFF call lf2.00402330
004097A0 |. 83C4 04 add esp,4
004097A3 |. 83F8 07 cmp eax,7
004097A6 |. 7D 65 jge short lf2.0040980D
004097A8 |. 837C24 20 0E cmp dword ptr ss:[esp+20],0E
004097AD |. 74 5E je short lf2.0040980D
004097AF |. 8B94BE 94010000 mov edx,dword ptr ds:[esi+edi*4+194]
004097B6 |. C682 C9000000 00 mov byte ptr ds:[edx+C9],0
004097BD |. 8B84BE 94010000 mov eax,dword ptr ds:[esi+edi*4+194]
004097C4 |. C680 C8000000 00 mov byte ptr ds:[eax+C8],0
004097CB |. 8B8CBE 94010000 mov ecx,dword ptr ds:[esi+edi*4+194]
004097D2 |. C681 CA000000 00 mov byte ptr ds:[ecx+CA],0
004097D9 |. 8B949E 94010000 mov edx,dword ptr ds:[esi+ebx*4+194]
004097E0 |. 8B84BE 94010000 mov eax,dword ptr ds:[esi+edi*4+194]
004097E7 |. 8B4A 10 mov ecx,dword ptr ds:[edx+10]
004097EA |. 3B48 10 cmp ecx,dword ptr ds:[eax+10]
004097ED |. 7E 09 jle short lf2.004097F8
004097EF |. C680 D0000000 01 mov byte ptr ds:[eax+D0],1
004097F6 |. EB 07 jmp short lf2.004097FF
004097F8 |> C680 CF000000 01 mov byte ptr ds:[eax+CF],1
004097FF |> 8B94BE 94010000 mov edx,dword ptr ds:[esi+edi*4+194]
00409806 |. C682 D1000000 01 mov byte ptr ds:[edx+D1],1



I also found an interesting thing.
The AI of D>A doesn't care about mp.
For example, here's the AI of id 2.

00409853 |. 83BA F4060000 02 cmp dword ptr ds:[edx+6F4],2
0040985A |. 0F85 75040000 jnz lf2.00409CD5
00409860 |. 6A 0A push 0A
00409862 |. E8 D9040100 call lf2.00419D40
00409867 |. 83C4 04 add esp,4
0040986A |. 85C0 test eax,eax
0040986C |. 75 61 jnz short lf2.004098CF
0040986E |. 8B9CBE 94010000 mov ebx,dword ptr ds:[esi+edi*4+194]
00409875 |. 81BB 08030000 5E010000 cmp dword ptr ds:[ebx+308],15E
0040987F |. 7E 4E jle short lf2.004098CF
00409881 |. 8B83 00030000 mov eax,dword ptr ds:[ebx+300]
00409887 |. 8B8B FC020000 mov ecx,dword ptr ds:[ebx+2FC]
0040988D |. 8D50 BA lea edx,dword ptr ds:[eax-46]

The red text means ''use the skill if mp higher then 350(15E)''.
But I can't find the similar code to AI of D>A.
Reply
Thanks given by:




Users browsing this thread: 1 Guest(s)