Remove key "M" Function

[felipeelfo]

Hello, I'm having problems on some maps by pressing the key "M", I have a game.exe error and the game closes. How do I remove this feature on these maps?

 

[SunnyZ]

Hello, I'm having problems on some maps by pressing the key "M", I have a game.exe error and the game closes. How do I remove this feature on these maps?

Grab a screw driver and pop out the 'M' button on your keyboard.
DONE!

But in all seriousness it is better to find out why this bug is occurring than completely disabling the feature..

Which maps does it happen with? I am guessing underground maps?

Which client are you using (as this is definatly a client side issue).

 

[felipeelfo]

I added the secret lab map, and the bug only happens on this map

 

[Gregoo]

I had this stored somewhere. I have no clue how to exploit it anymore. Apparently that disabled the map for added levels.
The offsets are probably based on quantumfusion's client.

You should probably compare this with the original values in the client to spot what I did different.

Disabling M after map 2A

=== CODE ===
CPU Disasm
Address   Hex dump          Command                                  Comments
00408DC0  /$  8B4424 04     MOV EAX,DWORD PTR SS:[ARG.1]             ; PT.00408DC0(guessed Arg1)
00408DC4  |.  56            PUSH ESI
00408DC5  |.  33F6          XOR ESI,ESI
00408DC7  |.  3BC6          CMP EAX,ESI
00408DC9  |.  74 7B         JE SHORT 00408E46
00408DCB  |.  A1 28AE8E00   MOV EAX,DWORD PTR DS:[8EAE28]
00408DD0  |.  8B80 6C010000 MOV EAX,DWORD PTR DS:[EAX+16C]
00408DD6  |.  3BC6          CMP EAX,ESI
00408DD8  |.  7C 28         JL SHORT 00408E02
00408DDA  |.  8B0C85 58AD8E MOV ECX,DWORD PTR DS:[EAX*4+8EAD58]
00408DE1  |.  8B91 1C140000 MOV EDX,DWORD PTR DS:[ECX+141C]
00408DE7  |.  83FA 2A       CMP EDX,2A
00408DEA  |.  7F 5A         JG SHORT 00408E46
00408DEC  |.  8B0495 C0D65E MOV EAX,DWORD PTR DS:[EDX*4+5ED6C0]
00408DF3  |.  A3 20DA5E00   MOV DWORD PTR DS:[5EDA20],EAX
00408DF8  |.  C1E0 05       SHL EAX,5
00408DFB  |.  05 E0D25E00   ADD EAX,OFFSET 005ED2E0
00408E00  |.  EB 0B         JMP SHORT 00408E0D
00408E02  |>  8935 20DA5E00 MOV DWORD PTR DS:[5EDA20],ESI
00408E08  |.  B8 E0D25E00   MOV EAX,OFFSET 005ED2E0
00408E0D  |>  E8 AEFBFFFF   CALL 004089C0
00408E12  |.  3935 A4CB7902 CMP DWORD PTR DS:[279CBA4],ESI
00408E18  |.  7F 6C         JG SHORT 00408E86
00408E1A  |.  E8 C1F9FFFF   CALL 004087E0                            ; [PT.004087E0
00408E1F  |.  A1 20DA5E00   MOV EAX,DWORD PTR DS:[5EDA20]
00408E24  |.  6A 03         PUSH 3                                   ; /Arg3 = 3
00408E26  |.  68 B8D95E00   PUSH OFFSET 005ED9B8                     ; |Arg2 = PT.5ED9B8
00408E2B  |.  6A 02         PUSH 2                                   ; |Arg1 = 2
00408E2D  |.  C705 A4CB7902 MOV DWORD PTR DS:[279CBA4],1             ; |
00408E37  |.  E8 34F5FFFF   CALL 00408370                            ; \PT.00408370
00408E3C  |.  83C4 0C       ADD ESP,0C
00408E3F  |.  B8 01000000   MOV EAX,1
00408E44  |.  5E            POP ESI
00408E45  |.  C3            RETN
00408E46  |>  57            PUSH EDI
00408E47  |.  E8 F4FAFFFF   CALL 00408940
00408E4C  |.  31C0          XOR EAX,EAX
00408E4E  |.  B9 04010000   MOV ECX,104
00408E53  |.  BF 78D76F00   MOV EDI,OFFSET 006FD778
00408E58  |.  F3:AB         REP STOS DWORD PTR ES:[EDI]
00408E5A  |.  83C8 FF       OR EAX,FFFFFFFF
00408E5D  |.  8935 A4CB7902 MOV DWORD PTR DS:[279CBA4],ESI
00408E63  |.  8935 D0B86F00 MOV DWORD PTR DS:[6FB8D0],ESI
00408E69  |.  A3 24DA5E00   MOV DWORD PTR DS:[5EDA24],EAX
00408E6E  |.  A3 20DA5E00   MOV DWORD PTR DS:[5EDA20],EAX
00408E73  |.  8935 E8D46F00 MOV DWORD PTR DS:[6FD4E8],ESI
00408E79  |.  8935 ECD46F00 MOV DWORD PTR DS:[6FD4EC],ESI
00408E7F  |.  8935 F0D46F00 MOV DWORD PTR DS:[6FD4F0],ESI
00408E85  |.  5F            POP EDI
00408E86  |>  B8 01000000   MOV EAX,1
00408E8B  |.  5E            POP ESI
00408E8C  \.  C3            RETN

Hope this helps,
Greg.

 

[felipeelfo]

Thanks for the information, I will compare the values ​​and see if I can get to a solution