New updated spreadsheet. Many changes made by o_g349/xsoameix (same person, different nick names).
https://docs.google.com/spreadsheet/ccc?...BYVE#gid=0
Old post:
https://docs.google.com/spreadsheet/ccc?...BYVE#gid=0
Old post:
Spoiler (Click to View)
This isn't a tutorial, just me posting some findings and what not so all of this stuff is archived for the future =]
At 4061E0 (addressing might vary):
As you can see, this is the procedure which creates an object in lf2. It sets up all the addresses, this makes it easy to find all the variables associated with characters. This should be a place to document them :D.
How to test stuff:
Get cheat engine, get it "hooked" to lf2(little computer icon at the top left corner flashing, lf2 should already be running).
Then press the add address button, check the pointer box.
For the pointer(put the appropriate address depending on the player you are using):
Player 1:458C94
Player 2:458C98
Player 3:458C9C
Player 4:458CA0
For the offset, put the thingy after the esi+. So if you are testing :
esi+2FCh . You put 2FC (no H). That is health.
List:
Hopefully some people will contribute, the more we know about the lf2 engine the easier it will be to code features!
At 4061E0 (addressing might vary):
ASM-Code:
sub_4061E0 proc near ; CODE XREF: sub_4064E0+3C9p ; sub_406A30+75p ... fld ds:dbl_447918 push ebx push esi mov esi, ecx fst qword ptr [esi+50h] or eax, 0FFFFFFFFh xor ebx, ebx fst qword ptr [esi+48h] fst qword ptr [esi+40h] mov [esi+3F8h], eax fst qword ptr [esi+38h] mov [esi+4], ebx fst qword ptr [esi+30h] mov [esi], ebx fstp qword ptr [esi+28h] mov [esi+0BCh], bl fldz mov [esi+0B0h], ebx fst qword ptr [esi+68h] mov [esi+98h], ebx fst qword ptr [esi+60h] mov [esi+94h], ebx fstp qword ptr [esi+58h] mov [esi+90h], ebx mov [esi+8Ch], ebx mov [esi+88h], ebx mov [esi+84h], ebx mov [esi+80h], bl mov [esi+78h], ebx mov [esi+74h], ebx mov [esi+7Ch], ebx mov [esi+70h], ebx mov [esi+18h], ebx mov [esi+14h], ebx mov [esi+10h], ebx mov [esi+0Ch], ebx mov [esi+0EBh], bl mov [esi+0A0h], ebx mov [esi+9Ch], ebx mov [esi+364h], ebx mov [esi+0ACh], ebx mov [esi+0A8h], ebx mov [esi+0A4h], ebx mov [esi+8], ebx mov [esi+1Ch], ebx mov [esi+0D3h], bl mov [esi+0D2h], bl mov [esi+0D1h], bl mov [esi+0D0h], bl mov [esi+0CFh], bl mov [esi+0CEh], bl mov [esi+0CDh], bl mov [esi+0CCh], bl mov [esi+0CBh], bl mov [esi+0CAh], bl mov [esi+0C9h], bl mov [esi+0C8h], bl mov [esi+0C7h], bl mov [esi+0C6h], bl mov [esi+0C1h], bl mov [esi+0C0h], bl mov [esi+0BFh], bl mov [esi+0BEh], bl mov [esi+0C5h], bl mov [esi+0C3h], bl mov [esi+0C4h], bl mov [esi+0C2h], bl mov [esi+0DCh], bl mov [esi+0DBh], bl mov [esi+0DAh], bl mov [esi+0D9h], bl mov [esi+0D8h], bl mov [esi+0D7h], bl mov [esi+0D6h], bl mov [esi+0D5h], bl mov [esi+0D4h], bl mov [esi+0E0h], ebx mov [esi+0E4h], ebx mov [esi+0B8h], ebx mov [esi+0B4h], ebx mov [esi+0EAh], bl mov [esi+2F4h], eax mov [esi+2F8h], eax mov [esi+0E9h], bl mov [esi+0E8h], bl mov [esi+2E8h], ebx mov [esi+0ECh], ebx mov [esi+320h], ebx mov [esi+20h], ebx mov [esi+318h], ebx mov [esi+314h], ebx mov [esi+310h], ebx mov [esi+30Ch], ebx mov [esi+348h], ebx mov [esi+34Ch], ebx mov [esi+350h], ebx mov [esi+358h], ebx mov [esi+35Ch], ebx mov dword ptr [esi+354h], 63h mov ecx, 1F4h mov [esi+2FCh], ecx mov [esi+304h], ecx mov [esi+300h], ecx mov [esi+308h], ecx mov [esi+360h], eax mov [esi+3F4h], ebx mov [esi+3F0h], ebx mov [esi+3ECh], ebx mov [esi+3E8h], ebx mov [esi+324h], eax mov [esi+328h], eax mov [esi+32Ch], eax mov [esi+338h], ebx mov [esi+330h], ebx mov [esi+334h], ebx mov [esi+33Ch], eax push 190h lea eax, [esi+0F0h] push ebx push eax mov [esi+36Ch], ebx call j_memset add esp, 0Ch xor eax, eax lea ecx, [esi+280h] loc_406462: ; CODE XREF: sub_4061E0+294j mov [esi+eax+2D0h], bl mov [ecx], ebx add eax, 1 add ecx, 4 cmp eax, 14h jl short loc_406462 mov eax, 3E8h mov [esi+2E8h], eax mov [esi+2ECh], eax mov [esi+2F0h], eax mov [esi+2E4h], ebx mov [esi+0EBh], bl mov eax, 0FFFFFC18h mov [esi+400h], eax mov [esi+3FCh], eax mov [esi+404h], ebx mov [esi+418h], ebx mov [esi+414h], ebx mov [esi+410h], ebx mov [esi+40Ch], ebx mov [esi+408h], ebx mov [esi+340h], ebx mov [esi+344h], ebx pop esi pop ebx retn sub_4061E0 endp |
As you can see, this is the procedure which creates an object in lf2. It sets up all the addresses, this makes it easy to find all the variables associated with characters. This should be a place to document them :D.
How to test stuff:
Get cheat engine, get it "hooked" to lf2(little computer icon at the top left corner flashing, lf2 should already be running).
Then press the add address button, check the pointer box.
For the pointer(put the appropriate address depending on the player you are using):
Player 1:458C94
Player 2:458C98
Player 3:458C9C
Player 4:458CA0
For the offset, put the thingy after the esi+. So if you are testing :
esi+2FCh . You put 2FC (no H). That is health.
List:
- 2FC = Red Health
- 300 = Dark Read
- 308 = MP
Hopefully some people will contribute, the more we know about the lf2 engine the easier it will be to code features!
10 ʏᴇᴀʀs sɪɴᴄᴇ ɪʀᴄ ɢᴏᴏᴅ.ɪ ᴡᴀʟᴋ ᴛʜʀᴏᴜɢʜ ᴛʜᴇ ᴇᴍᴘᴛʏ sᴛʀᴇᴇᴛs ᴛʀʏɪɴɢ ᴛᴏ ᴛʜɪɴᴋ ᴏғ sᴏᴍᴇᴛʜɪɴɢ ᴇʟsᴇ ʙᴜᴛ ᴍʏ ᴘᴀᴛʜ ᴀʟᴡᴀʏs ʟᴇᴀᴅs ᴛᴏ ᴛʜᴇ ɪʀᴄ. ɪ sᴛᴀʀᴇ ᴀᴛ ᴛʜᴇ sᴄʀᴇᴇɴ ғᴏʀ ʜᴏᴜʀs ᴀɴᴅ ᴛʀʏ ᴛᴏ sᴜᴍᴍᴏɴ ᴛʜᴇ ɢᴏᴏᴅ ɪʀᴄ. ɪ ᴡᴀᴛᴄʜ ᴏᴛʜᴇʀ ɪʀᴄ ᴄʜᴀɴɴᴇʟs ʙᴜᴛ ɪᴛ ɪs ɴᴏ ɢᴏᴏᴅ. ɪ ᴘᴇsᴛᴇʀ ᴢᴏʀᴛ ᴀɴᴅ ᴛʀʏ ᴛᴏ ʀᴇsɪsᴛ ʜɪs sᴇxɪɴᴇss ʙᴜᴛ ɪᴛ ɪs ᴀʟʟ ᴍᴇᴀɴɪɴɢʟᴇss. ᴛʜᴇ ᴇɴᴅ ɪs ɴᴇᴀʀ.ɪ ᴛʜᴇɴ ᴜsᴜᴀʟʟʏ ʀᴇᴀᴅ sᴏᴍᴇ ᴏʟᴅ ɪʀᴄ ʟᴏɢs ᴀɴᴅ ᴄʀʏ ᴍʏsᴇʟғ ᴛᴏ sʟᴇᴇᴘ.