Free hacks!

GIRakaCHEEZER · Sep 5, 2009

Ralren said:
I'm very sorry for the asinine question, but what program is used for these expressions? There isn't any 0x????? (0x06E60) located in the Assembler (OllyDbg). I even tried to find it on the Hex Editor, but it just pointed to the first Hex Strip.

Is there any difference between a Dis Assembler or Assembler?
I'm quite confused. Sorry for your time, I'm just curious.

Well, I do use ollydebug, and I know why you're having the problem you are having.

When you're looking for offsets in olly, remember to add "00400000" to them. So offset 00006e60 is actually 00406e60. It does that for some important reason that I don't know.

Lace · Sep 5, 2009

that's actually for all assembly offsets (no matter which program u use), I'm pretty sure that what it means is that it is a ram offset, instead of a rom one (other stuff, maybe, too windows explorer starts with 01000000, and some other thingys with other stuff. ramm allocation? I'm just tossing round big words here.)

Noxid · Sep 5, 2009

Blarg, that Machine Gun code is messed. I spent hours combing through it, and all I could figure out was how to get rid of the double images, change the range, and the effect that it calls when it's range expires. I have no idea how it gives you kickback, and frankly I don't care anymore.

I (kinda) got it to work by using the polar star instead. Another question: would it be easy to make the polar star's ammo regenerate? because if not, I don't want to bother...

and, um, I guess one more. The code that creates the star effect when you fire a weapon, if I altered/removed that, it would affect every weapon would it not? (That is my hunch, because it is not called in the weapon's offset, so I assumed it is called before the game checks what weapon you have to determine what bullet to create)

VoidMage_Lowell · Sep 5, 2009

Hmm!

Noxid said:
I (kinda) got it to work by using the polar star instead. Another question: would it be easy to make the polar star's ammo regenerate? because if not, I don't want to bother...

Heh, I wanted to try and do this with another weapon, and GIR said something like it'd probably be best to create a function that mimicked the Machine Gun's code, in that respect, and call it from the modified weapon's code. {Wherever the bullet code is}
Of course, I don't know much Assembly yet, so I not really sure how to do this

;

GIRakaCHEEZER · Sep 6, 2009

VoidMage_Lowell said:
Heh, I wanted to try and do this with another weapon, and GIR said something like it'd probably be best to create a function that mimicked the Machine Gun's code, in that respect, and call it from the modified weapon's code. {Wherever the bullet code is}
Of course, I don't know much Assembly yet, so I not really sure how to do this ;

Keep in mind that I said the code that regenerates ammo is MOST LIKELY not located in the offsets you guys have. The offsets for the Machine Gun's assembly simply points you to the bullet code, which is only executed while a bullet is on screen, or when a bullet is spawned. Since the machine gun always regenerates ammo, the code for it would be elsewhere.

Later I will look for the code that makes it so that the machine gun ACTS like a machine gun (so you only have to hold the shoot key to release a wave of bullets). If I find it, I'll post it here.

Lace · Sep 9, 2009

any progress or have you gaven up finding it?
also, void, be a man. admit you know no assembly.

dooey100 · Sep 9, 2009

Look around the max bullets on screen offsets. Its been on my "to be investigated" list for awhile, but I haven't had time to check it out. Its my first guess, at any rate.

Lace · Oct 12, 2009

OH GREAT DOOEY!
do you have any clue on what the subroutine at 0x40F350 does?
thanks very mucho.

dooey100 · Oct 12, 2009

Its a random number generator.

GIRakaCHEEZER · Oct 12, 2009

Lace said:
OH GREAT DOOEY!
do you have any clue on what the subroutine at 0x40F350 does?
thanks very mucho.

Don't you have rune's list of functions and such? That should really be in there.

We should also make a thread for discovered functions and the such, since i've found some new ones (screen flash, screen shake, <DNA (useful when implemented in npc's actual runtime code) ).

Wedge of Cheese · Oct 12, 2009

Isn't that what the offsets thread is for? I guess we need to badger whoever created that thread to update the first post. (Was it Rune? If so, can SP/andwhy edit posts that aren't their own?)

Lace · Oct 12, 2009

dooey100 said:
Its a random number generator.

oh, oops.
I knew that, too.

GIRakaCHEEZER said:
We should also make a thread for discovered functions and the such, since i've found some new ones

yup.

GIRakaCHEEZER said:
screen flash

have that one.

GIRakaCHEEZER said:
screen shake, <DNA (useful when implemented in npc's actual runtime code).

neither of those.

also, cheesy, the offsets thread is less for functions, and more for, ya know, offsets.
also, does anyone have the offset for <CAT? I've been looking for the better part of an hour, and can't for the life of me find it.

it should look something like this:

Code:

004242DA mov     eax, ds:4A5AD8h ; (presumably) the location of the read-in data
004242DF add     eax, ds:4A5AE0h ; (presumably) add the current script offset
004242E5 movsx   ecx, byte ptr [eax+1]
004242E9 cmp     ecx, 43h ; 'C'
004242EC jnz     short tsc_fmu ; jump to the next test
004242EE mov     edx, ds:4A5AD8h
004242F4 add     edx, ds:4A5AE0h
004242FA movsx   eax, byte ptr [edx+2]
004242FE cmp     eax, 4Dh ; 'M'
00424301 jnz     short tsc_fmu
00424303 mov     ecx, ds:4A5AD8h
00424309 add     ecx, ds:4A5AE0h
0042430F movsx   edx, byte ptr [ecx+3]
00424313 cmp     edx, 55h ; 'U'
00424316 jnz     short tsc_fmu
00424318 mov     eax, ds:4A5AE0h

except instead of c, m, and u, it would have c(43), a(41), and t(54).
thanks.

oh, the tsc parser starts at 0x421f10, but then again, if you know the offset for cat, you probably already know this.

thanky

Wedge of Cheese · Nov 27, 2009

In need of another hack...

In caret.pbm are two images of Quote drowned: one with him facing left and one with him facing right. When you drown in game, the engine checks to see which direction Quote is facing and displays the appropriate image. I'd like it to ignore the direction that Quote is facing, and instead choose the image based on whether or not the Mimiga Mask is being worn. Can this be done without too much difficulty?

Noxid · Nov 27, 2009

00416A15 CMP DWORD PTR DS:[49E640],0
00416A1C JNZ SHORT Doukutsu.00416A39

Those are the lines where it tests the direction you face when you drown.

Change that to this:

00416A15 AND DWORD PTR DS:[49E650],64
00416A1C JNZ SHORT Doukutsu.00416A39

For desired result. I think. I'm no expert on AND...
But I'm rather proud of myself for having found the right swath of code

In hekszidaciml, I think you do this: But I dunno, I never used a Hex editor

00416A15 83 3D 40 E6 49 00 00 75

to this:

00416A15 83 25 50 E6 49 00 64 75

Wedge of Cheese · Nov 28, 2009

It didn't work; there was only one place in the exe where 83 3D 40 E6 49 00 00 75 appeared and it wasn't at the address you put (it was at 4CA2). I changed it and nothing happened. The assembly code you posted seems to make sense so I'm not sure why it's not working...

EDIT: I think I might know what you did wrong; you forgot to translate the decimal value 64 into hex, so it should be 83 25 50 E6 49 00 40 75, and I just downloaded OllyDebug so don't worry about the offset in the exe. I'm trying it now...

EDIT: Yay, it works! I'll be sure to credit you when I release the mod, Nox. Can someone else confirm that what I said about using 40 instead of 64 is correct?

Noxid · Dec 28, 2009

Need to turn the smoke off on the nemesis, anyone have the thing for that handy? I could probably spend three hours searching without knowing where to look.

GIRakaCHEEZER · Dec 28, 2009

Code:

0040837F  |> 68 00010000    PUSH 100
00408384  |. 6A 00          PUSH 0
00408386  |. 6A 02          PUSH 2
00408388  |. 68 00020000    PUSH 200                                 ; /Arg2 = 00000200
0040838D  |. 68 00FEFFFF    PUSH -200                                ; |Arg1 = FFFFFE00
00408392  |. E8 B96F0000    CALL Doukutsu.0040F350                   ; \Doukutsu.0040F350
00408397  |. 83C4 08        ADD ESP,8
0040839A  |. 50             PUSH EAX                                 ; |Arg5
0040839B  |. 68 00FEFFFF    PUSH -200                                ; |Arg4 = FFFFFE00
004083A0  |. 8B55 08        MOV EDX,DWORD PTR SS:[EBP+8]             ; |
004083A3  |. 8B42 14        MOV EAX,DWORD PTR DS:[EDX+14]            ; |
004083A6  |. 50             PUSH EAX                                 ; |Arg3
004083A7  |. 8B4D 08        MOV ECX,DWORD PTR SS:[EBP+8]             ; |
004083AA  |. 8B51 10        MOV EDX,DWORD PTR DS:[ECX+10]            ; |
004083AD  |. 52             PUSH EDX                                 ; |Arg2
004083AE  |. 6A 04          PUSH 4                                   ; |Arg1 = 00000004
004083B0  |. E8 1B6C0600    CALL Doukutsu.0046EFD0                   ; \Doukutsu.0046EFD0
004083B5  |. 83C4 20        ADD ESP,20
004083B8  |. E9 AF000000    JMP Doukutsu.0040846C
004083BD  |> 68 00010000    PUSH 100
004083C2  |. 6A 00          PUSH 0
004083C4  |. 6A 02          PUSH 2
004083C6  |. 68 00FEFFFF    PUSH -200
004083CB  |. 68 00020000    PUSH 200                                 ; /Arg2 = 00000200
004083D0  |. 68 00FEFFFF    PUSH -200                                ; |Arg1 = FFFFFE00
004083D5  |. E8 766F0000    CALL Doukutsu.0040F350                   ; \Doukutsu.0040F350
004083DA  |. 83C4 08        ADD ESP,8
004083DD  |. 50             PUSH EAX                                 ; |Arg4
004083DE  |. 8B45 08        MOV EAX,DWORD PTR SS:[EBP+8]             ; |
004083E1  |. 8B48 14        MOV ECX,DWORD PTR DS:[EAX+14]            ; |
004083E4  |. 51             PUSH ECX                                 ; |Arg3
004083E5  |. 8B55 08        MOV EDX,DWORD PTR SS:[EBP+8]             ; |
004083E8  |. 8B42 10        MOV EAX,DWORD PTR DS:[EDX+10]            ; |
004083EB  |. 50             PUSH EAX                                 ; |Arg2
004083EC  |. 6A 04          PUSH 4                                   ; |Arg1 = 00000004
004083EE  |. E8 DD6B0600    CALL Doukutsu.0046EFD0                   ; \Doukutsu.0046EFD0
004083F3  |. 83C4 20        ADD ESP,20
004083F6  |. EB 74          JMP SHORT Doukutsu.0040846C
004083F8  |> 68 00010000    PUSH 100
004083FD  |. 6A 00          PUSH 0
004083FF  |. 6A 02          PUSH 2
00408401  |. 68 00020000    PUSH 200                                 ; /Arg2 = 00000200
00408406  |. 68 00FEFFFF    PUSH -200                                ; |Arg1 = FFFFFE00
0040840B  |. E8 406F0000    CALL Doukutsu.0040F350                   ; \Doukutsu.0040F350
00408410  |. 83C4 08        ADD ESP,8
00408413  |. 50             PUSH EAX                                 ; |Arg5
00408414  |. 68 00020000    PUSH 200                                 ; |Arg4 = 00000200
00408419  |. 8B4D 08        MOV ECX,DWORD PTR SS:[EBP+8]             ; |
0040841C  |. 8B51 14        MOV EDX,DWORD PTR DS:[ECX+14]            ; |
0040841F  |. 52             PUSH EDX                                 ; |Arg3
00408420  |. 8B45 08        MOV EAX,DWORD PTR SS:[EBP+8]             ; |
00408423  |. 8B48 10        MOV ECX,DWORD PTR DS:[EAX+10]            ; |
00408426  |. 51             PUSH ECX                                 ; |Arg2
00408427  |. 6A 04          PUSH 4                                   ; |Arg1 = 00000004
00408429  |. E8 A26B0600    CALL Doukutsu.0046EFD0                   ; \Doukutsu.0046EFD0
0040842E  |. 83C4 20        ADD ESP,20
00408431  |. EB 39          JMP SHORT Doukutsu.0040846C
00408433  |> 68 00010000    PUSH 100
00408438  |. 6A 00          PUSH 0
0040843A  |. 6A 02          PUSH 2
0040843C  |. 68 00020000    PUSH 200
00408441  |. 68 00020000    PUSH 200                                 ; /Arg2 = 00000200
00408446  |. 68 00FEFFFF    PUSH -200                                ; |Arg1 = FFFFFE00
0040844B  |. E8 006F0000    CALL Doukutsu.0040F350                   ; \Doukutsu.0040F350
00408450  |. 83C4 08        ADD ESP,8
00408453  |. 50             PUSH EAX                                 ; |Arg4
00408454  |. 8B55 08        MOV EDX,DWORD PTR SS:[EBP+8]             ; |
00408457  |. 8B42 14        MOV EAX,DWORD PTR DS:[EDX+14]            ; |
0040845A  |. 50             PUSH EAX                                 ; |Arg3
0040845B  |. 8B4D 08        MOV ECX,DWORD PTR SS:[EBP+8]             ; |
0040845E  |. 8B51 10        MOV EDX,DWORD PTR DS:[ECX+10]            ; |
00408461  |. 52             PUSH EDX                                 ; |Arg2
00408462  |. 6A 04          PUSH 4                                   ; |Arg1 = 00000004
00408464  |. E8 676B0600    CALL Doukutsu.0046EFD0                   ; \Doukutsu.0046EFD0
00408469  |. 83C4 20        ADD ESP,20

NOP this bit of code out completely. This was really simple jeez.

Noxid · Dec 28, 2009

Ah, so it WAS right in front of me. I must have been overthinking it while at the same time not thinking at all.. I was tired.

46EFD0 was even in my big list of things :s
I couldn't find it last night. Thanks GIR.

Lace · Dec 28, 2009

darn you gir.
I was just about to be helpful, too.

also, do relative jumps, it makes your code neater than just nopping everything out.

Uncy Dave · Dec 29, 2009

In my mod, The first weapon, the Laser Knife is an edited version of the nemesis. I originally didn't want it to level up, because when it levels up, the bullets travel slower. Gir mentioned changing the assembly, so that all the levels of the nemesis, have the same code, and I can simply change the damage on each level, with a hex editor. Can anyone please show me how this is done?