Working Timestop!

[Boop]

All known bugs fixed. Time stop is part of the dll framework thing here:
http://www.lf-empire.de/forum/showthread.php?tid=2246

Go get it from there.

Thread locked due to spam.

Code:

.data

timeStop db FALSE

;loop2
loop2_r        dd 00406806h


;frame update
frame_r1 dd 0041FB44h
frame_r2 dd 0041FB4Bh

;movement
mov_r1 dd 0041E692h
mov_r2 dd 0041E697h

;frame sh*t
frameshit_r1 dd 0041e39Bh
frameshit_r2 dd 0041e3A4h

;shaking
shaking_r dd 0042F336h

;create object
co_r dd 004064b6h

.code

create_object proc
    
    MOV DWORD PTR DS:[ESI+418h],EBX
    cmp timeStop,FALSE
    je return
    cmp edi,400
    jg return
    pushad
    mov esi, dword ptr ss:[esp+20h]
    lea eax, dword ptr ds:[memAlloc+edi*4+edi] ;creator
    mov cl, byte ptr ds:[eax]
    lea ebx, dword ptr ds:[memAlloc+esi*4+esi] ;opointed thingy
    mov byte ptr ds:[ebx],cl
    mov ecx, dword ptr ds:[eax+1]
    mov dword ptr ds:[ebx+1],ecx
    popad
    
return:
    jmp [co_r]
create_object endp

shaking proc
    
    cmp timeStop,TRUE
    je return
    mov dword ptr ds:[edx+0b4h],-3

    return:
    jmp [shaking_r]

shaking endp

time_loop proc
    
    MOV EDX,DWORD PTR DS:[450B90h]
    pushad
    mov eax,0
    mov timeStop, FALSE
    looop:
    cmp byte ptr ds:[458B00h+eax+4],0
    je skip
    lea ebx, dword ptr ds:[memAlloc+esi*4+esi]
    cmp byte ptr ds:[ebx],1
    jnz skip
    mov timeStop,TRUE
    jmp return
    
skip:
    inc eax
    cmp eax,190h
    jl looop    
return:
    popad
    ret

time_loop endp

frame_shit proc
    
    MOV ECX,DWORD PTR DS:[450B90h]
    cmp timeStop, FALSE
    je disabled
    push eax
    lea eax, dword ptr ds:[memAlloc+esi*4+esi]
    cmp byte ptr ds:[eax],1
    pop eax
    jnz skip
disabled:
    jmp [frameshit_r1]
    
skip:
    jmp [frameshit_r2]

frame_shit endp

movement proc
    MOV ECX,DWORD PTR DS:[EBX+EDI*4+194h]
    cmp timeStop, FALSE
    je disabled
    push eax
    lea eax, dword ptr ds:[memAlloc+edi*4+edi]
    cmp byte ptr ds:[eax],1
    pop eax
    jnz skip
disabled:
    jmp [mov_r1]
    
skip:
    jmp [mov_r2]    

movement endp

frame_update proc
    
    MOV ECX,DWORD PTR DS:[EBX+EDI*4+194h]
    cmp timeStop, FALSE
    je disabled
    push eax
    lea eax, dword ptr ds:[memAlloc+edi*4+edi]
    cmp byte ptr ds:[eax],1
    pop eax
    jnz skip
disabled:    
    jmp [frame_r1]
    
skip:
    jmp [frame_r2]
frame_update endp


State8xxx proc
        CMP EAX,1F40h
        jl state4xxx
        CMP EAX,2328h
        jge state4xxx
        jmp Transform1
        
state4xxx:
;I didn't bother really understanding the code, just copied it
;there is only 1 line you should edit, I commented it :p

        CMP EAX,0FA0h
        jl next
        CMP EAX,1388h
        jge next
        MOV ECX,DWORD PTR DS:[EBX+7D4h]
        LEA EDX,DWORD PTR DS:[EAX-0FA0h]
        XOR EAX,EAX
        CMP DWORD PTR DS:[ECX+4D82380h],EAX
        JLE a
d:        MOV ESI,DWORD PTR DS:[ECX]
        CMP DWORD PTR DS:[ESI+6F4h],EDX
        JE b
        MOV ESI,DWORD PTR DS:[EBX+7D4h]
        ADD EAX,1
        ADD ECX,4
        CMP EAX,DWORD PTR DS:[ESI+4D82380h]
        JL d
        JMP a
b:        MOV ECX,DWORD PTR DS:[EBX+7D4h]
        MOV ECX,DWORD PTR DS:[ECX+EAX*4h]
        MOV EAX,DWORD PTR DS:[EBX+EDI*4+194h]
        MOV DWORD PTR DS:[EAX+368h],ECX

a:        MOV EDX,DWORD PTR DS:[EBX+EDI*4+194h]
        MOV DWORD PTR DS:[EDX+70h],0 ; this line sets your frame number to 0, remove it if you want
        MOV EAX,DWORD PTR DS:[EBX+EDI*4+194h]

next:    CMP EAX,10000
        jl return
        CMP EAX,20000
        jge return
        sub eax,10000
        push ecx
        lea ecx, dword ptr ds:[memAlloc+edi*4+edi]
        mov dword ptr ds:[ecx+1],eax
        mov byte ptr ds:[ecx],1
        pop ecx
        
return: jmp Transform2
                
        
State8xxx endp

loop2 proc
    
    push eax
    mov eax,dword ptr ss:[esp+18h]
    lea eax, dword ptr ds:[memAlloc+eax*4+eax]
    cmp dword ptr ds:[eax+1],0
    jle remove_timestop
    add dword ptr ds:[eax+1],-1
    jmp return

remove_timestop:
    mov byte ptr ds:[eax],0
    
return:    
    pop eax
    
    MOV ECX,DWORD PTR DS:[EAX+368h]
    jmp [loop2_r]
    
loop2 endp

Code:

    invoke JmpPatch, 0041F63Ch, addr State8xxx
    invoke JmpPatch, 00406800h, addr loop2
    invoke JmpPatch,0041FB3Dh, addr frame_update
    invoke JmpPatch,0041E68Bh, addr movement
    invoke JmpPatch,0041E395h,addr frame_shit
    invoke CallPatch,0041D4AAh, addr time_loop
    invoke WriteMem,0041D4AFh, addr oneNOP,1
    invoke JmpPatch,0042F32Ch,addr shaking
    invoke JmpPatch,004064B0h,addr create_object

You also need this(goes in rarara.asm , replaces the original DllEntryPoint):

Code:

.data?
memAlloc dd ?

.code

DllEntryPoint proc hInstDLL:DWORD, reason:DWORD, unused:DWORD


    mov eax,reason
    .if eax == DLL_PROCESS_ATTACH                                            ; Called when our dll loaded
        
        invoke VirtualAlloc, NULL, 4000, MEM_COMMIT,PAGE_READWRITE
        mov memAlloc,eax
        
        call DLLStartup                                                        ; Memory patches and jmp patches
        
        .elseif reason == DLL_PROCESS_DETACH
        push NULL
        call PostQuitMessage

    .endif
    ret

DllEntryPoint endp

Hopefully you are capable of figuring out where it should go, if you can't , then just give up.

Old Post (Click to View)

Seeing what xxtomnyxx did here(the gif at the bottom of the first post):
http://lf2.net/forum/viewtopic.php?t=7493

I decided to try and create my own time stop. It works, the only problem being that people start shaking after you hit them. Seeing as I can't be bothered finding the shake code( I can't think of a fast way of doing it, only scrolling through code) I decided I'll release it like this .

Code:

.data
timeStop db FALSE

;frame update
frame_r1 dd 0041FB44h
frame_r2 dd 0041FB4Bh

;movement
mov_r1 dd 0041E692h
mov_r2 dd 0041E697h

;frame sh*t
frameshit_r1 dd 0041e39Bh
frameshit_r2 dd 0041e3A4h

;loop1
loop1_r        dd 00406509h

;loop2
loop2_r        dd 00406806h

.code

time_loop proc
    
    MOV EDX,DWORD PTR DS:[450B90h]
    pushad
    mov eax,0
    mov timeStop, FALSE
    looop:
    cmp byte ptr ds:[458B00h+eax+4],0
    je skip
    mov ecx,dword ptr ds:[458B00h+eax*4+194h]
    cmp dword ptr ds:[ecx+14ch],1
    jnz skip
    mov timeStop,TRUE
    jmp return
    
skip:
    inc eax
    cmp eax,190h
    jl looop    
return:
    popad
    ret

time_loop endp

frame_shit proc
    
    MOV ECX,DWORD PTR DS:[450B90h]
    cmp timeStop, FALSE
    je disabled
    push eax
    mov eax, dword ptr ds:[458B00h+esi*4+194h]
    cmp dword ptr ds:[eax+14ch],1
    pop eax
    jnz skip
disabled:
    jmp [frameshit_r1]
    
skip:
    jmp [frameshit_r2]

frame_shit endp

movement proc
    MOV ECX,DWORD PTR DS:[EBX+EDI*4+194h]
    cmp timeStop, FALSE
    je disabled
    push eax
    mov eax, dword ptr ds:[458B00h+edi*4+194h]
    cmp dword ptr ds:[eax+14ch],1
    pop eax
    jnz skip
disabled:
    jmp [mov_r1]
    
skip:
    jmp [mov_r2]    

movement endp

frame_update proc
    
    MOV ECX,DWORD PTR DS:[EBX+EDI*4+194h]
    cmp timeStop, FALSE
    je disabled
    push eax
    mov eax, dword ptr ds:[458B00h+edi*4+194h]
    cmp dword ptr ds:[eax+14ch],1
    pop eax
    jnz skip
disabled:    
    jmp [frame_r1]
    
skip:
    jmp [frame_r2]
frame_update endp


State8xxx proc
        CMP EAX,1F40h
        jl state4xxx
        CMP EAX,2328h
        jge state4xxx
        jmp Transform1
        
state4xxx:
;I didn't bother really understanding the code, just copied it
;there is only 1 line you should edit, I commented it :p

        CMP EAX,0FA0h
        jl next
        CMP EAX,1388h
        jge next
        MOV ECX,DWORD PTR DS:[EBX+7D4h]
        LEA EDX,DWORD PTR DS:[EAX-0FA0h]
        XOR EAX,EAX
        CMP DWORD PTR DS:[ECX+4D82380h],EAX
        JLE a
d:        MOV ESI,DWORD PTR DS:[ECX]
        CMP DWORD PTR DS:[ESI+6F4h],EDX
        JE b
        MOV ESI,DWORD PTR DS:[EBX+7D4h]
        ADD EAX,1
        ADD ECX,4
        CMP EAX,DWORD PTR DS:[ESI+4D82380h]
        JL d
        JMP a
b:        MOV ECX,DWORD PTR DS:[EBX+7D4h]
        MOV ECX,DWORD PTR DS:[ECX+EAX*4h]
        MOV EAX,DWORD PTR DS:[EBX+EDI*4+194h]
        MOV DWORD PTR DS:[EAX+368h],ECX

a:        MOV EDX,DWORD PTR DS:[EBX+EDI*4+194h]
        MOV DWORD PTR DS:[EDX+70h],0 ; this line sets your frame number to 0, remove it if you want
        MOV EAX,DWORD PTR DS:[EBX+EDI*4+194h]

next:    CMP EAX,10000
        jl return
        CMP EAX,20000
        jge return
        sub eax,10000
        push ecx
        MOV ecx,DWORD PTR DS:[EBX+EDI*4+194h]
        mov dword ptr ds:[ecx+15ch],eax
        mov dword ptr ds:[ecx+14ch],1
        pop ecx
        
return: jmp Transform2        
State8xxx endp

loop1 proc
    
    CMP DWORD PTR DS:[EAX+338h],0            
    JLE a
    ADD DWORD PTR DS:[EAX+338h],-1
a:    cmp dword ptr ds:[eax+15ch],0
    jl return
    add dword ptr ds:[eax+15ch],-1
    
return:
    jmp [loop1_r]

loop1 endp

loop2 proc
    
    pushad
    mov edx, dword ptr ds:[eax+15ch] ;counter
    cmp edx, 0
    jnl return
    mov dword ptr ds:[eax+14ch],0
    
return:    
    popad
    
    MOV ECX,DWORD PTR DS:[EAX+368h]
    jmp [loop2_r]
    
loop2 endp

I put the state code into the 8xxx_state proc, located in states.inc . Replace it there.

Code:

    invoke JmpPatch, 004064F9h, addr loop1           ;  here
    invoke JmpPatch, 00406800h, addr loop2
    
    invoke JmpPatch,0041FB3Dh, addr frame_update
    invoke JmpPatch,0041E68Bh, addr movement
    
    invoke JmpPatch,0041E395h,addr frame_shit
    invoke CallPatch,0041D4AAh, addr time_loop
    invoke WriteMem,0041D4AFh, addr oneNOP,1

Usage:
state 1xxxx , where xxxx = time.
So basically if you put 10500, it'll stop everyone but the person who used the state. I coded in such a way to allow people to expand on the code and use it in anyway they like.

r+14c : is either 1 or 0. If it is 1, then that person can move while in time-stop.
r+15c: That is a timer, when it reaches 0, 14c will be set to 0.

If there are no players with r+14c set as one, then time stop is disabled and everyone can move. I think this setup will make it quite easy for people to edit.

Edit: Fixed shaking:

Code:

.data
;shaking
shaking_r dd 0042F336h

.code

shaking proc
    
    cmp timeStop,TRUE
    je return
    mov dword ptr ds:[edx+0b4h],-3

    return:
    jmp [shaking_r]

shaking endp

Code:

invoke JmpPatch,0042F32Ch,addr shaking

Edit 2: Fixed opoint bug/feature. Now when you timestop, you can opoint stuff and it will move.

Code:

.data
;create object
co_r dd 004064b6h

.code

create_object proc
    
    MOV DWORD PTR DS:[ESI+418h],EBX
    cmp timeStop,FALSE
    je return
    cmp edi,400
    jg return
    push eax
    push ecx
    mov eax, dword ptr ds:[458B00h+edi*4+194h]
    mov ecx, dword ptr ds:[eax+14ch]
    mov dword ptr ds:[esi+14ch],ecx
    mov ecx, dword ptr ds:[eax+15ch]
    mov dword ptr ds:[esi+15ch],ecx
    pop ecx
    pop eax
    
return:
    jmp [co_r]
create_object endp

Code:

    invoke JmpPatch,004064B0h,addr create_object

PS: There is also a small bug with the timestop. If you press f8 3 times, it will get disabled. I'll fix it later (involves rewriting everything, to lazy to do).

[mda]

nicework silva i was looking for one like this

[Ascor]

u are like a walking breathing active god :P
Serously nice work
keep up your activity and help us understanding and expanding lf2
Great thanks

(you would get a 1+ rep if it would be possible)

[vandesdelca]

XLF maybe?
Btw, great! that's why i want stop shaking exe for perfectnees of time slow and time stop! Btw you really are one of a great HEX-er that come down from the heaven!

[naruto hyuuga]

now all we need is the shaking code and were done the bugless timestop

[Boop]

Updated first post with fully working version .

[naruto hyuuga]

not working for me

i tried state 10500 on a ball and then on a char and both aren't excecuting(ie.timestop is not taking place)

[Boop]

Re-read the post carefully. For some reason, it works for me, nave + other random people, but it never works for you. I attached a compiled dll anyway.

[Boop]

quick fix for the opoint stuff:

invoke JmpPatch,0041FCB9h,addr timestop_opoint

.data
;timestop opoint
ts_opoint1 dd 0041FCC9h
ts_opoint2 dd 004203F4h

.code

timestop_opoint proc

cmp timeStop, FALSE
je normal
push eax
lea eax, dword ptr ds:[memAlloc+edi*4+edi]
cmp byte ptr ds:[eax],1
pop eax
jnz skip

normal:
CMP DWORD PTR DS:[ECX+7FCh],EDX
MOV DWORD PTR SS:[ESP+38h],ECX
JLE skip
jmp [ts_opoint1]

skip:
jmp [ts_opoint2]

timestop_opoint endp


Timestop is now also included in the main dll framework thing.