Chat
Discord
If you'd keep reading the thread, you'd see that there is a bug, and it only works on human characters.
I don't remember it very well, when I said "it can easily be manipulated", I meant I understood the code and do stuff with it... Now I'm pretty much back to step 2( understanding the code, step 1 is finding the code).
Basic commands:
CMP = compare, does works together with jumps
JE = jump if equal
JNZ = jump if not equal
JMP = unconditional jump
As you can see, it doesn't check individual ID's to do that you'd rewrite a large bit of the code(i'll probably do it for the dll).
If you wanted to make ID's 60-69 unselectable, you just jump from CMP EAX,5 to somewhere at the bottom of the exe.
And write which code which looks something like:
CMP EAX,5 (this is what we over wrote when we jumped from CMP EAX,5)
JE 0042A71F
CMP EAX,6
JE 0042A6D0
JMP 0042A71A (jumps back to CMP EAX,3 to the rest of the code)
Now you just have to do the same thing for the next time it appears(Just to clarrify , it appears 3 times, twice in the first chunk of code I copied, and once for the computer screen. It might appear more times, but I haven't found it
). Anyway like mentioned in the other thread, it only works for human characters.
The same code appears :
I'm guessing that is where it handles the cpu characters, didn't really have time to check. Feel free to post your results
PS: My addresses might be a bit off... I don't know why.
I don't remember it very well, when I said "it can easily be manipulated", I meant I understood the code and do stuff with it... Now I'm pretty much back to step 2( understanding the code, step 1 is finding the code).
Code:
0042A715 . 83F8 05 CMP EAX,5 //id 50-59
0042A718 . 74 05 JE SHORT lf2_load.0042A71F
0042A71A . 83F8 03 CMP EAX,3 // ID 30-39
0042A71D . 75 09 JNZ SHORT lf2_load.0042A728
0042A71F > 833D 28844500 >CMP DWORD PTR DS:[458428],1 //check if lf2.net is enabled
0042A726 .^75 A8 JNZ SHORT lf2_load.0042A6D0 // if its not enabled then jump to 0042A6D0 , that is where u should jump to ignore ID's
0042A728 > 8B83 D4070000 MOV EAX,DWORD PTR DS:[EBX+7D4]
0042A72E . 8B94AB 9401000>MOV EDX,DWORD PTR DS:[EBX+EBP*4+194]
0042A735 . 8B0488 MOV EAX,DWORD PTR DS:[EAX+ECX*4]
0042A738 . 8982 68030000 MOV DWORD PTR DS:[EDX+368],EAX
0042A73E > C704AD 6812450>MOV DWORD PTR DS:[EBP*4+451268],1
0042A749 . E9 AB010000 JMP lf2_load.0042A8F9
0042A74E > C704AD 4812450>MOV DWORD PTR DS:[EBP*4+451248],-1
0042A759 . C704AD 6812450>MOV DWORD PTR DS:[EBP*4+451268],1
0042A764 . E9 90010000 JMP lf2_load.0042A8F9
0042A769 > 80B8 CF000000 >CMP BYTE PTR DS:[EAX+CF],0
0042A770 . 0F84 D0000000 JE lf2_load.0042A846
0042A776 . 833CAD 6812450>CMP DWORD PTR DS:[EBP*4+451268],0
0042A77E . 0F85 B2000000 JNZ lf2_load.0042A836
0042A784 . 83C8 FF OR EAX,FFFFFFFF
0042A787 . 0104AD 4812450>ADD DWORD PTR DS:[EBP*4+451248],EAX
0042A78E . 3904AD 4812450>CMP DWORD PTR DS:[EBP*4+451248],EAX
0042A795 . 0F84 9B000000 JE lf2_load.0042A836
0042A79B > 7D 16 JGE SHORT lf2_load.0042A7B3
0042A79D . 8B8B D4070000 MOV ECX,DWORD PTR DS:[EBX+7D4]
0042A7A3 . 8B91 8023D804 MOV EDX,DWORD PTR DS:[ECX+4D82380]
0042A7A9 . 83EA 01 SUB EDX,1
0042A7AC . 8914AD 4812450>MOV DWORD PTR DS:[EBP*4+451248],EDX
0042A7B3 > 8B04AD 4812450>MOV EAX,DWORD PTR DS:[EBP*4+451248]
0042A7BA . 8B8B D4070000 MOV ECX,DWORD PTR DS:[EBX+7D4]
0042A7C0 . 8B0481 MOV EAX,DWORD PTR DS:[ECX+EAX*4]
0042A7C3 . 83B8 F8060000 >CMP DWORD PTR DS:[EAX+6F8],0
0042A7CA . 75 2A JNZ SHORT lf2_load.0042A7F6
0042A7CC . 8B88 F4060000 MOV ECX,DWORD PTR DS:[EAX+6F4]
0042A7D2 . B8 67666666 MOV EAX,66666667
0042A7D7 . F7E9 IMUL ECX
0042A7D9 . C1FA 02 SAR EDX,2
0042A7DC . 8BC2 MOV EAX,EDX
0042A7DE . C1E8 1F SHR EAX,1F
0042A7E1 . 03C2 ADD EAX,EDX
0042A7E3 . 83F8 05 CMP EAX,5 // ID 50-59
0042A7E6 . 74 05 JE SHORT lf2_load.0042A7ED
0042A7E8 83F8 03 CMP EAX,3 // ID 30-39
0042A7EB . 75 2C JNZ SHORT lf2_load.0042A819
0042A7ED > 833D 28844500 >CMP DWORD PTR DS:[458428],1 //check if lf2.net is enabled
0042A7F4 . 74 23 JE SHORT lf2_load.0042A819 // If it IS!!! enabled jump to 0042A819
0042A7F6 > 83C8 FF OR EAX,FFFFFFFF //that means you should jump here when ignoring ID'sBasic commands:
CMP = compare, does works together with jumps
JE = jump if equal
JNZ = jump if not equal
JMP = unconditional jump
As you can see, it doesn't check individual ID's to do that you'd rewrite a large bit of the code(i'll probably do it for the dll).
If you wanted to make ID's 60-69 unselectable, you just jump from CMP EAX,5 to somewhere at the bottom of the exe.
And write which code which looks something like:
CMP EAX,5 (this is what we over wrote when we jumped from CMP EAX,5)
JE 0042A71F
CMP EAX,6
JE 0042A6D0
JMP 0042A71A (jumps back to CMP EAX,3 to the rest of the code)
Now you just have to do the same thing for the next time it appears(Just to clarrify , it appears 3 times, twice in the first chunk of code I copied, and once for the computer screen. It might appear more times, but I haven't found it
). Anyway like mentioned in the other thread, it only works for human characters.The same code appears :
Code:
00432E0D . 8B88 F4060000 MOV ECX,DWORD PTR DS:[EAX+6F4]
00432E13 . B8 67666666 MOV EAX,66666667
00432E18 . F7E9 IMUL ECX
00432E1A . C1FA 02 SAR EDX,2
00432E1D . 8BC2 MOV EAX,EDX
00432E1F . C1E8 1F SHR EAX,1F
00432E22 . 03C2 ADD EAX,EDX
00432E24 . 83F8 05 CMP EAX,5
00432E27 . 74 05 JE SHORT lf2_load.00432E2E
00432E29 . 83F8 03 CMP EAX,3
00432E2C . 75 2A JNZ SHORT lf2_load.00432E58
00432E2E > 833D 28844500 >CMP DWORD PTR DS:[458428],1 ; here
00432E35 . 74 21 JE SHORT lf2_load.00432E58I'm guessing that is where it handles the cpu characters, didn't really have time to check. Feel free to post your results
PS: My addresses might be a bit off... I don't know why.
![[Image: doty7Xn.gif]](http://i.imgur.com/doty7Xn.gif)
10 ʏᴇᴀʀs sɪɴᴄᴇ ɪʀᴄ ɢᴏᴏᴅ.ɪ ᴡᴀʟᴋ ᴛʜʀᴏᴜɢʜ ᴛʜᴇ ᴇᴍᴘᴛʏ sᴛʀᴇᴇᴛs ᴛʀʏɪɴɢ ᴛᴏ ᴛʜɪɴᴋ ᴏғ sᴏᴍᴇᴛʜɪɴɢ ᴇʟsᴇ ʙᴜᴛ ᴍʏ ᴘᴀᴛʜ ᴀʟᴡᴀʏs ʟᴇᴀᴅs ᴛᴏ ᴛʜᴇ ɪʀᴄ. ɪ sᴛᴀʀᴇ ᴀᴛ ᴛʜᴇ sᴄʀᴇᴇɴ ғᴏʀ ʜᴏᴜʀs ᴀɴᴅ ᴛʀʏ ᴛᴏ sᴜᴍᴍᴏɴ ᴛʜᴇ ɢᴏᴏᴅ ɪʀᴄ. ɪ ᴡᴀᴛᴄʜ ᴏᴛʜᴇʀ ɪʀᴄ ᴄʜᴀɴɴᴇʟs ʙᴜᴛ ɪᴛ ɪs ɴᴏ ɢᴏᴏᴅ. ɪ ᴘᴇsᴛᴇʀ ᴢᴏʀᴛ ᴀɴᴅ ᴛʀʏ ᴛᴏ ʀᴇsɪsᴛ ʜɪs sᴇxɪɴᴇss ʙᴜᴛ ɪᴛ ɪs ᴀʟʟ ᴍᴇᴀɴɪɴɢʟᴇss. ᴛʜᴇ ᴇɴᴅ ɪs ɴᴇᴀʀ.ɪ ᴛʜᴇɴ ᴜsᴜᴀʟʟʏ ʀᴇᴀᴅ sᴏᴍᴇ ᴏʟᴅ ɪʀᴄ ʟᴏɢs ᴀɴᴅ ᴄʀʏ ᴍʏsᴇʟғ ᴛᴏ sʟᴇᴇᴘ.