Chat
Discord
01-19-2014, 03:28 PM
Hi, finally someone posting under my post (except Silva, but I was feeling lonely here :/)
I think it is possible, to put the code directly in .exe, but it's much easier for me to do it through .ddl (I must say I can't even write the code in .exe, I just use ollydbg to check the addresses, cause since yesterday I'm able to find the part of code and implement it to the .dll ;d).
These large spacing are for my understandability of the code, of course you can remove all of it.
About p2 and r3, I accidentally didn't post where it comes from, so here's it is:
r3: jmp dword ptr [ef_r3]
p2: JMP ik8_pos2
About mov eax,dword ptr ds:[esi+edi*4+194h]...
I'm not 100% sure how this works, cause I'm not some kind of expert or anything, but this means (for me), that eax is storing target.
mov eax,dword ptr ds:[esi+ebx*4+194h] - this one means, that eax is storing attacker.
Also I've found out, that when I change ebx or edx to something else (some other value of another object written in like mp bar [308h]), then I can get access to this object:
mov eax,dword ptr ds:[esi+edi*4+194h] ;store target in eax
mov edx,dword ptr ds:[eax+308h] ;get from target's mp bar object number and store in edx
mov edi,edx ;store object number in edi
mov eax,dword ptr ds:[esi+edi*4+194h] ;this is the 1st line, but this time it stores object number from mana
With all this wisdom I was able to do what I was able to do. ;d
Also, I don't write the code to deal with weapons, so they may act weird. ;d
Now I'm trying to write object number in another address, but I don't know which one is not used by anything, so I don't ruin something.
I think it is possible, to put the code directly in .exe, but it's much easier for me to do it through .ddl (I must say I can't even write the code in .exe, I just use ollydbg to check the addresses, cause since yesterday I'm able to find the part of code and implement it to the .dll ;d).
These large spacing are for my understandability of the code, of course you can remove all of it.
About p2 and r3, I accidentally didn't post where it comes from, so here's it is:
r3: jmp dword ptr [ef_r3]
p2: JMP ik8_pos2
About mov eax,dword ptr ds:[esi+edi*4+194h]...
I'm not 100% sure how this works, cause I'm not some kind of expert or anything, but this means (for me), that eax is storing target.
mov eax,dword ptr ds:[esi+ebx*4+194h] - this one means, that eax is storing attacker.
Also I've found out, that when I change ebx or edx to something else (some other value of another object written in like mp bar [308h]), then I can get access to this object:
mov eax,dword ptr ds:[esi+edi*4+194h] ;store target in eax
mov edx,dword ptr ds:[eax+308h] ;get from target's mp bar object number and store in edx
mov edi,edx ;store object number in edi
mov eax,dword ptr ds:[esi+edi*4+194h] ;this is the 1st line, but this time it stores object number from mana
With all this wisdom I was able to do what I was able to do. ;d
Also, I don't write the code to deal with weapons, so they may act weird. ;d
Now I'm trying to write object number in another address, but I don't know which one is not used by anything, so I don't ruin something.