fix friendly crystal
To make crystal monsters friendly, we need to do 2 things:
- Add a flag to know its crystal monster (at ESI+47AC)
- Add comparison case to make the crystals friendly
When you click on a crystal, it's added to the monster stack. Here's the piece of code we're interested in :
OllyDbg - Server side
0055E52E |> \837C24 1C 09 CMP DWORD PTR SS:[LOCAL.204],9
0055E533 |. 75 0C JNE SHORT 0055E541
0055E535 |. 8B95 48010000 MOV EDX,DWORD PTR SS:[EBP+148]
0055E53B |. 8996 30390000 MOV DWORD PTR DS:[ESI+3930],EDX
0055E541 |> 33C0 XOR EAX,EAX
Apparently there's a special case for if a value is equal to 9. Don't really know what it is I haven't tested.
It's where we are going to add the flag (as usual, too lazy to comment the code).
There's not enough space to put the new code, so we're going to jump. In my example, the new code will be at the offset 08B60000 (it's in the GFantasy section) :
OllyDbg - Server side
0055E52E |> \837C24 1C 09 CMP DWORD PTR SS:[LOCAL.204],9
0055E533 \. E9 C81A6208 JMP 08B60000
0055E538 90 NOP
0055E539 90 NOP
0055E53A 90 NOP
0055E53B 90 NOP
0055E53C 90 NOP
0055E53D 90 NOP
0055E53E 90 NOP
0055E53F 90 NOP
0055E540 /. 90 NOP
0055E541 |> 33C0 XOR EAX,EAX
And the new code :
08B60000 75 0E JNZ SHORT server24.08B60010
08B60002 8B95 48010000 MOV EDX,DWORD PTR SS:[EBP+148]
08B60008 8996 30390000 MOV DWORD PTR DS:[ESI+3930],EDX
08B6000E EB 0A JMP SHORT server24.08B6001A
08B60010 C786 AC470000 01>MOV DWORD PTR DS:[ESI+47AC],1
08B6001A -E9 22E59FF7 JMP server24.0055E541
Now that our flag is set, we need to use it.
Here's the piece of code we're interested in (it's in a procedure computing which monster attacks which one) :
OllyDbg - Server side
005615D7 |. 33D2 XOR EDX,EDX
005615D9 |> 85C9 TEST ECX,ECX
005615DB |. 74 24 JE SHORT 00561601
005615DD |. 8B85 CC470000 MOV EAX,DWORD PTR SS:[EBP+47CC]
005615E3 |. 85C0 TEST EAX,EAX
005615E5 |. 75 18 JNE SHORT 005615FF
005615E7 |. 8B85 F8460000 MOV EAX,DWORD PTR SS:[EBP+46F8]
005615ED |. 85C0 TEST EAX,EAX
005615EF |. 74 10 JE SHORT 00561601
005615F1 |. 8B8E E4460000 MOV ECX,DWORD PTR DS:[ESI+46E4]
005615F7 |. 3B81 706C0000 CMP EAX,DWORD PTR DS:[ECX+6C70]
005615FD |. 74 02 JE SHORT 00561601
005615FF |> 33D2 XOR EDX,EDX
00561601 |> 3BB5 00470000 CMP ESI,DWORD PTR SS:[EBP+4700]
00561607 |. 0F84 9A000000 JE 005616A7
Two things here :
- Clearing EDX at offset 005615FF makes the monsters not attack each other’s
- With crystal monsters ECX is always empty and the first JE is always taken, skipping offset 005615FF.
We're going to add our test before TEST ECX,ECX.
As usual, no space. We're going to jump to offset 08B60025 :
005615D7 . 33D2 XOR EDX,EDX
005615D9 >-E9 47EA5F08 JMP server24.08B60025
005615DE 90 NOP
005615DF 90 NOP
005615E0 90 NOP
005615E1 90 NOP
005615E2 90 NOP
005615E3 90 NOP
005615E4 90 NOP
005615E5 90 NOP
005615E6 90 NOP
005615E7 90 NOP
005615E8 90 NOP
005615E9 90 NOP
005615EA 90 NOP
005615EB 90 NOP
005615EC 90 NOP
005615ED 90 NOP
005615EE 90 NOP
005615EF 90 NOP
005615F0 90 NOP
005615F1 90 NOP
005615F2 90 NOP
005615F3 90 NOP
005615F4 90 NOP
005615F5 90 NOP
005615F6 90 NOP
005615F7 90 NOP
005615F8 90 NOP
005615F9 90 NOP
005615FA 90 NOP
005615FB 90 NOP
005615FC 90 NOP
005615FD 90 NOP
005615FE 90 NOP
005615FF 90 NOP
00561600 90 NOP
00561601 90 NOP
00561602 90 NOP
00561603 90 NOP
00561604 90 NOP
00561605 90 NOP
00561606 90 NOP
00561607 . 0F84 9A000000 JE server24.005616A7
And the new code :
OllyDbg - Server side
08B60025 8B86 AC470000 MOV EAX,DWORD PTR DS:[ESI+47AC]
08B6002B 85C0 TEST EAX,EAX
08B6002D 74 32 JE SHORT server24.08B60061
08B6002F 8B85 AC470000 MOV EAX,DWORD PTR SS:[EBP+47AC]
08B60035 85C0 TEST EAX,EAX
08B60037 75 26 JNZ SHORT server24.08B6005F
08B60039 85C9 TEST ECX,ECX
08B6003B 74 24 JE SHORT server24.08B60061
08B6003D 8B85 CC470000 MOV EAX,DWORD PTR SS:[EBP+47CC]
08B60043 85C0 TEST EAX,EAX
08B60045 75 18 JNZ SHORT server24.08B6005F
08B60047 8B85 F8460000 MOV EAX,DWORD PTR SS:[EBP+46F8]
08B6004D 85C0 TEST EAX,EAX
08B6004F 74 10 JE SHORT server24.08B60061
08B60051 8B8E E4460000 MOV ECX,DWORD PTR DS:[ESI+46E4]
08B60057 3B81 706C0000 CMP EAX,DWORD PTR DS:[ECX+6C70]
08B6005D 74 02 JE SHORT server24.08B60061
08B6005F 33D2 XOR EDX,EDX
08B60061 3BB5 00470000 CMP ESI,DWORD PTR SS:[EBP+4700]
08B60067 -E9 9B15A0F7 JMP server24.00561607
Your monster crystals are now friendly
.
They don't attack each other’s, but they still attack pets and normal monsters.
Server2477.
I will launch a new version in brief,thank you all.
AGING FAILURE
Code:
+11 = 20%
+12 = 25%
+13 = 30%
+14 = 35%
+15 = 40%
+16 = 45%
+17 = 50%
+18 = 55%
+19 = 60%
+20 = 65%
to +10 not has failure!
I need help to change aging success values.
based on information gregoo
Hexadecimal - Server side
002DA980 00 00 00 00 0A 00 00 00 14 00 00 00 28 00 00 00 ............(...
002DA990 32 00 00 00 3C 00 00 00 46 00 00 00 50 00 00 00 2...<...F...P...
002DA9A0 5A 00 00 00 5A 00 00 00 5A 00 00 00 5A 00 00 00 Z...Z...Z...Z...
002DA9B0 5A 00 00 00 5A 00 00 00 5A 00 00 00 5A 00 00 00 Z...Z...Z...Z...
002DA9C0 5A 00 00 00 5A 00 00 00 Z...Z...
made the necessary changes so that no breakage occurs above +16 item, it stays even after changes have occurred to break the item above +16
AGING FAILURE
+11 = 20% = 14
+12 = 25% = 19
+13 = 30% = 1E
+14 = 35% = 23
+15 = 40% = 28
+16 = 45% = 2D
+17 = 50% = 32
+18 = 55% = 37
+19 = 60% = 3C
+20 = 65% = 41
I can not find this combination in hex
14000000190000001E00000023000000280000002D00000032000000370000003C
how to fix?
To change level limit change here:
and here:
Change 6E for what you want. Ex: 8c (140), 0A0 (160), 0F0 (240)
tt1:
I can not do is change in
005719FB 83BB C8000000 6E CMP DWORD PTR DS:[EBX+C8],6E
how to fix?
I can make the change to level 120 and level 127 and that after making the move to level 127 in game only works up to level 121
XPHex.txt have to apply within the executable from the server?
I use Xpx creator?
which offset use?
found the following related offset level
I'll try to make the change to XP hex level 150 and then try to change the parameter for the level 150
005719FB 83BB C8000000 6E CMP DWORD PTR DS:[EBX+C8],96
XPHex lvl 150
Code:
0000000000000000
00000000000003E8
00000000000009C4
0000000000001388
000000000000251C
00000000000042CC
00000000000074E5
000000000000C90F
00000000000155CC
00000000000222E1
0000000000033F41
000000000004AD02
0000000000065BEE
0000000000083408
00000000000A410A
00000000000CB70D
00000000000FA3B6
0000000000131487
000000000017200D
00000000001BD7BE
0000000000214CC7
0000000000278F70
00000000002EAE60
000000000036CDBE
00000000004002BD
00000000004A6164
000000000055FBD9
000000000062E1A0
0000000000711EC9
000000000080D80F
0000000000921BEC
0000000000A51A6F
0000000000BA1245
0000000000D124EB
0000000000EAA8E9
000000000106D1A9
000000000126182E
000000000148CC2F
00000000016F4454
000000000199DEB0
0000000001C90142
0000000001FD1A7D
000000000236A1D5
0000000002761850
0000000002BB67C9
000000000308570B
00000000035DBCC7
0000000003BC874E
000000000425BF26
00000000049A89EF
00000000051D5B4B
0000000005AEB1F8
0000000006502A97
0000000007038F93
0000000007CADE3B
0000000008A94BBE
0000000009A0863D
000000000AB3519F
000000000BE4C0BD
000000000D383E2A
000000000EB3472D
000000001058C3E2
00000000122D7578
000000001436A571
00000000167A34E7
0000000019018E0E
000000001BD1BAD5
000000001EF2ECA7
00000000226E40E0
00000000264DDB60
000000002AA1EB35
000000002F73310C
0000000034CFD302
000000003AC7907B
00000000416BF06D
0000000048D8D48C
00000000511D78F5
000000005A525A87
000000006492BDA2
000000006FFCFEEF
000000007D6D467C
000000008C7A636C
000000009D55DFFF
00000000B0373850
00000000C55C90FE
00000000DD0B83AC
00000000F792041D
00000001154760C4
00000001368D6223
0000000174A9A8F7
00000001BF31FDF5
0000000218A263F3
0000000283F6118A
0000000304C0E1D9
000000039F4DDBD2
0000000458C3D496
0000000537516580
000000064261AD01
0000000782DB9C67
00000009036DEEE2
0000000AD0EA51DC
0000000CFAB2C8A2
0000000F933CF0C3
00000012B0AF8750
000000166D9F6F2D
0000001AE9F2856A
000000204BEFD34C
00000026C18630C1
0000002E81D43A82
00000037CEFEAC9C
00000042F864CF21
000000505D45C55B
000000606FED533A
00000073B98330AC
0000008ADE9D6D9C
000000A6A4BCE9EE
000000C7F8E2B251
000000EFF7766F94
0000011FF5C152B2
000001598D4E633C
0000018D62808BB8
000001C8FE13D3E0
0000020D8A96CD41
0000025C5F609F3D
000002B70748B71F
0000031F48606C30
000003972CD54937
000004210D287A98
000004BF9BEE8CFB
0000055DA367298C
000006103615DA77
000006D9FFAD2CA0
000007BE04C12081
000008BFAE551D0C
000009E2D6EA6B10
00000B2BD941366B
00000C9FA10491F8
00000E43BDA15306
0000101E778FE57F
000011E460DFB99E
000013DC38547EAC
0000160B7BF763A5
00001878447B8FE2
00001B295641794F
00001E26343950E4
0000217734D93882
000025259961C148
0000293BA7B1A0C8
00002DC4C6F0AFE8
000032CD9F6233E5
FFFFFFFFFFFFFFFF