Hello, i am wondering if anybody can tell me how i can give a special jjang to 255 and a jjang to 252 while keeping their "powers". and i don't want the picture to be shared with a real jjang, i wanna add my own picture.
Hello, i am wondering if anybody can tell me how i can give a special jjang to 255 and a jjang to 252 while keeping their "powers". and i don't want the picture to be shared with a real jjang, i wanna add my own picture.
This will be ASM. You could try finding the part where Jjang get's the image. Copy it. Paste in codecave. And make a jump at the Admin/Gm ranks to the codecave ?
Not sure, just something i thought of in like 2 seconds xD
can you repeat that in "english" im not exactly good at such stuff, maybe you could add me on msn and go through step by step with me?
chaddie80@yahoo.com.sg
He doesn't know the steps, he was just saying an idea of how to do it.Originally Posted by lxchadxl
Point is, its ASM, and no one really knows or has said how to do it.
What he was saying is, open the runnable up, see how GunZ loads the jjang file, and jump to an empty part of the code, and replicate it to load for admin/dev
so are u able to tell me exactly how?
Some people know, it is something we work hard for.
Just get a concept on how ASM works.
I haven't looked on how to, and im not planning to.
As I said >-> either no one knows, or they don't say anything. I was more in favor of the latter
so can anybody help me?
somebody help please. -.-
Look up a post by Demantor.
The thread is called "Activating /gt commands" something like that.
Read all the posts.
Look up a post by Demantor.
The thread is called "Activating /gt commands" something like that.
Read all the posts.
I found the post, though how does the post answer my question? http://forum.ragezone.com/f311/activ...ommand-472790/
Just find where the image is loaded? I believe it's called something like event_ongame_jjang.tga.dds. Just search for jjang and you will find it. I'm 100 percent sure that there is a compare (CMP) over there, containing a 2. (The UGradeID of the jjang) You could expand that function using more compares and other operations, there's plenty of space in the bottom of GunZ.
Donald, can you give me more specific help please, I'm stll a noob, just tell me step by step how i can have a image over my head for admins.
I'm sorry, but I don't really 'do' GunZ. I just have a very small knowledge of it.
This might help:
[QUOTE]********(
damn, i understood it but i don't know what to do :x
I've PM-ed you his MSN address. He'll help you out.
thanks man, hes trying to help me get it now
eh I just tried replicating it about 10 mins ago, crashed for me when i entered a room.
Im guessing, just jump to a code cave replicate it for admin/dev/hidden GM and have it call a function like the jjang usage, but with a different .dds file.
I have no server to test it but here is the idea :Code:00475250 /$ 83B9 5A040000 >CMP DWORD PTR DS:[ECX+45A],2 00475257 |. 75 0D JNZ SHORT Apex0.00475266 00475259 |. 51 PUSH ECX 0047525A |. E8 516B0300 CALL Apex0.004ABDB0 0047525F |. 8BC8 MOV ECX,EAX 00475261 |. E8 FA7DFFFF CALL Apex0.0046D060 00475266 \> C3 RETN
I have not tested it, but wouldn't it do the job?Code:00475250 JMP codecave ;We do the jump to our code cave. codecave: CMP DWORD PTR DS:[ECX+45A],2 ;We first compare with event winner uid. JNZ SHORT admin ;If not event winner uid we jump to admin PUSH ECX CALL Apex0.004ABDB0 MOV ECX,EAX CALL Apex0.0046D060 RETN admin: CMP DWORD PTR DS:[ECX+45A],FF ;We then compare with admin uid FFh = 255d JNZ dev ;Once again if not admin uid we jump to dev PUSH ECX CALL Apex0.004ABDB0 MOV ECX,EAX CALL Apex0.0046D060 RETN dev: CMP DWORD PTR DS:[ECX+45A],FE ;Comparing with Dev uid, FEh = 254d JNZ 0xRETNaddress ;If it's not dev then we jump to the RETN PUSH ECX CALL Apex0.004ABDB0 MOV ECX,EAX CALL Apex0.0046D060 RETN
We both tried with the same thing. There must be a check either client sided or server sided
This was my try that failed D:
FunctionCode CaveCode:00475250 E8 8E021700 CALL 005E54E3 00475255 75 0F JNE SHORT 00475266 00475257 51 PUSH ECX 00475258 E8 536B0300 CALL 004ABDB0 0047525D 89C1 MOV ECX,EAX 0047525F E8 FC7DFFFF CALL 0046D060 00475264 C3 RETN
Code:005E54DC CC INT3 005E54DD 30C0 XOR AL,AL 005E54DF C3 RETN 005E54E0 B0 01 MOV AL,1 005E54E2 C3 RETN 005E54E3 8B81 5A040000 MOV EAX,DWORD PTR DSECX+45A] 005E54E9 3D FF000000 CMP EAX,0FF 005E54EE 74 F0 JE SHORT 005E54E0 005E54F0 83F8 02 CMP EAX,2 005E54F3 74 EB JE SHORT 005E54E0 005E54F5 3D FE000000 CMP EAX,0FE 005E54FA 74 E4 JE SHORT 005E54E0 005E54FC EB DF JMP SHORT 005E54DD
It's exactly as Wiz did. There's another check, which is somewhere in a ZCharacter function.
Donald, is he offline on msn or wut?
Yes. I don't know where he is. He'll come back on-line sometime.
Reply With Quote