Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
About the LF2 Engine
#1
LF2 consists of "objects". There is a maximum of 400 objects, numbered 0-399. LF2 loops through all the objects and does all the needed operations on them(physics calculations etc).Getting to access an object you first have to get it's base address. That looks something like this:
Code:
mov eax,dword ptr ds:[esi+edi*4+194h]
Now I'll explain what everything is.

eax: that is where the address will be stored. Basic mov operation (mov destination,source).

esi: Lets call it the "base pointer"(incorrect term but w/e), it is always 458B00h.

edi: That is the number of the object. Like I mentioned previously, lf2 loops through the objects, so making this a register means the same line can be used to access any object.

So that line can be expressed as:
Code:
mov eax, dword ptr ds:[458B00h+Object_Number*4+194h]
*The registers used are just examples, they can be, and will be different in different situations.

Advanced (useless to most of you):
It is possible to check if an object exists or not.

Code:
cmp byte ptr ds:[esi+edi+4],0
If it is zero, then the object doesn't exist, if it is 1, it does exist.

After you have access to the "Object", you can access the objects properties. That works something like:
mov dword ptr ds:[eax+70h],0
That sets the objects frame number to 0. A large list of offsets exists here: http://lf-empire.de/forum/thread-2756-po...#pid152651

As of now, you have access to everything on the first page. To get access to the second page/"ID Properties" you have to get the next pointer. Assuming eax holds your object pointer:
Code:
mov eax, dword ptr ds:[eax+368h] ;move the id properties pointer into eax
cmp dword ptr ds:[eax+6f4h],10 ;check if the ID is 10
Basically, the first line loads the pointer for the id properties. Then after you have the pointer stored in eax, you can access all the information on the 2nd page (only useful stuff is ID and Type).

Now all that left is the frame stuff:
Code:
mov eax,dword ptr ds:[esi+edi*4+194h] ;Get object pointer
mov ecx,dword ptr ds:[eax+70h] ; get frame number and store in ecx
mov edx,dword ptr ds:[eax+368h] ; get "id" pointer and store in edx
imul ecx,ecx,178h ; multiply frame(ecx) by 178h
cmp dword ptr ds:[ecx+edx+7ACh],0 ; check if state is 0
Hopefully that all makes sense, it is basically : frame number * 178h + object pointer + Offset.

End.

~Written by (Lord):p Silva
[Image: doty7Xn.gif]

10 ʏᴇᴀʀs sɪɴᴄᴇ ɪʀᴄ ɢᴏᴏᴅ.ɪ ᴡᴀʟᴋ ᴛʜʀᴏᴜɢʜ ᴛʜᴇ ᴇᴍᴘᴛʏ sᴛʀᴇᴇᴛs ᴛʀʏɪɴɢ ᴛᴏ ᴛʜɪɴᴋ ᴏғ sᴏᴍᴇᴛʜɪɴɢ ᴇʟsᴇ ʙᴜᴛ ᴍʏ ᴘᴀᴛʜ ᴀʟᴡᴀʏs ʟᴇᴀᴅs ᴛᴏ ᴛʜᴇ ɪʀᴄ. ɪ sᴛᴀʀᴇ ᴀᴛ ᴛʜᴇ sᴄʀᴇᴇɴ ғᴏʀ ʜᴏᴜʀs ᴀɴᴅ ᴛʀʏ ᴛᴏ sᴜᴍᴍᴏɴ ᴛʜᴇ ɢᴏᴏᴅ ɪʀᴄ. ɪ ᴡᴀᴛᴄʜ ᴏᴛʜᴇʀ ɪʀᴄ ᴄʜᴀɴɴᴇʟs ʙᴜᴛ ɪᴛ ɪs ɴᴏ ɢᴏᴏᴅ. ɪ ᴘᴇsᴛᴇʀ ᴢᴏʀᴛ ᴀɴᴅ ᴛʀʏ ᴛᴏ ʀᴇsɪsᴛ ʜɪs sᴇxɪɴᴇss ʙᴜᴛ ɪᴛ ɪs ᴀʟʟ ᴍᴇᴀɴɪɴɢʟᴇss. ᴛʜᴇ ᴇɴᴅ ɪs ɴᴇᴀʀ.ɪ ᴛʜᴇɴ ᴜsᴜᴀʟʟʏ ʀᴇᴀᴅ sᴏᴍᴇ ᴏʟᴅ ɪʀᴄ ʟᴏɢs ᴀɴᴅ ᴄʀʏ ᴍʏsᴇʟғ ᴛᴏ sʟᴇᴇᴘ.


Reply
Thanks given by: mfc , YinYin , A-Man , hk_invent , TamBoy
#2
so are you going to increase this to other things , like an explanation about how it works in the dll (it seems to work differently then in the exe it self
Reply
Thanks given by:
#3
no, it's the same
Reply
Thanks given by:
#4
it seemed different for me ok anyway
but where does the itr go to to reduce hp (and can it be made to reduce mp)
Reply
Thanks given by:




Users browsing this thread: 1 Guest(s)