Printable View
Im just going to take 2 posts here and just point the obvious
Quote:
Originally Posted by GUNZ2830
Matchserver.exeQuote:
Originally Posted by Donald Duck
search ascii string "FirstMaster : (%s)"
go to the top of the function and replace it with a RETN
I may be wrong but thats what it seems like to me.
I have no way to test this so...
I searched for the text string firstmaster but it didn't found anything so I got no function to start with...Quote:
Originally Posted by Nayr438
Text strings referenced in MatchSer:.text, item 2627
Address=0045B8BB
Disassembly=PUSH MatchSer.0051D31C
Text string=ASCII "FirstMaster : (%s)"
Right click -> Search -> Search for referenced strings
Ctrl + L, type in First. xD
zomg. 10 seconds and I found this.
Code:
0045B7C0 /$ 55 PUSH EBP
0045B7C1 |. 8BEC MOV EBP,ESP
0045B7C3 |. 83E4 F8 AND ESP,FFFFFFF8
0045B7C6 |. 6A FF PUSH -1
0045B7C8 |. 68 8BAA4F00 PUSH MatchSer.004FAA8B ; SE handler installation
0045B7CD |. 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
0045B7D3 |. 50 PUSH EAX
0045B7D4 |. 64:8925 000000>MOV DWORD PTR FS:[0],ESP
0045B7DB |. 81EC 30010000 SUB ESP,130
0045B7E1 |. A1 C8E45400 MOV EAX,DWORD PTR DS:[54E4C8]
0045B7E6 |. 53 PUSH EBX
0045B7E7 |. 56 PUSH ESI
0045B7E8 |. 57 PUSH EDI
0045B7E9 |. 8BF9 MOV EDI,ECX
0045B7EB |. 8BDA MOV EBX,EDX
0045B7ED |. 57 PUSH EDI
0045B7EE |. 8BCB MOV ECX,EBX
0045B7F0 |. 898424 3801000>MOV DWORD PTR SS:[ESP+138],EAX
0045B7F7 |. E8 9458FBFF CALL MatchSer.00411090
0045B7FC |. 85C0 TEST EAX,EAX
0045B7FE |. 894424 10 MOV DWORD PTR SS:[ESP+10],EAX
0045B802 |. 74 3E JE SHORT MatchSer.0045B842
0045B804 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0045B807 |. 50 PUSH EAX
0045B808 |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
0045B80C |. 51 PUSH ECX
0045B80D |. 8D8B 1C030000 LEA ECX,DWORD PTR DS:[EBX+31C]
0045B813 |. E8 68120200 CALL MatchSer.0047CA80
0045B818 |. 8B83 20030000 MOV EAX,DWORD PTR DS:[EBX+320]
0045B81E |. 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14]
0045B822 |. 3BC8 CMP ECX,EAX
0045B824 |. 74 1C JE SHORT MatchSer.0045B842
0045B826 |. 8B71 14 MOV ESI,DWORD PTR DS:[ECX+14]
0045B829 |. 85F6 TEST ESI,ESI
0045B82B |. 74 15 JE SHORT MatchSer.0045B842
0045B82D |. 8B86 90010000 MOV EAX,DWORD PTR DS:[ESI+190]
0045B833 |. 3947 04 CMP DWORD PTR DS:[EDI+4],EAX
0045B836 |. 8B8E 8C010000 MOV ECX,DWORD PTR DS:[ESI+18C]
0045B83C |. 75 04 JNZ SHORT MatchSer.0045B842
0045B83E |. 390F CMP DWORD PTR DS:[EDI],ECX
0045B840 |. 74 07 JE SHORT MatchSer.0045B849
0045B842 |> 32C0 XOR AL,AL
0045B844 |. E9 B8000000 JMP MatchSer.0045B901
0045B849 |> 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
0045B84D |. C64424 0F 00 MOV BYTE PTR SS:[ESP+F],0
0045B852 |. E8 29B30300 CALL MatchSer.00496B80
0045B857 |. 8B55 0C MOV EDX,DWORD PTR SS:[EBP+C]
0045B85A |. 52 PUSH EDX ; /Arg1
0045B85B |. 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C] ; |
0045B85F |. C78424 4801000>MOV DWORD PTR SS:[ESP+148],0 ; |
0045B86A |. E8 41B00300 CALL MatchSer.004968B0 ; \MatchSer.004968B0
0045B86F |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
0045B873 |. E8 88C50300 CALL MatchSer.00497E00
0045B878 |. 83F8 01 CMP EAX,1
0045B87B |. 7C 61 JL SHORT MatchSer.0045B8DE
0045B87D |. 6A 00 PUSH 0
0045B87F |. 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C]
0045B883 |. E8 28B20300 CALL MatchSer.00496AB0
0045B888 |. 85C0 TEST EAX,EAX
0045B88A |. 74 52 JE SHORT MatchSer.0045B8DE
0045B88C |. 68 30D35100 PUSH MatchSer.0051D330 ; ASCII "/showinfo"
0045B891 |. 50 PUSH EAX
0045B892 |. E8 49720600 CALL MatchSer.004C2AE0
0045B897 |. 83C4 08 ADD ESP,8
0045B89A |. 85C0 TEST EAX,EAX
0045B89C |. 75 40 JNZ SHORT MatchSer.0045B8DE
0045B89E |. 884424 30 MOV BYTE PTR SS:[ESP+30],AL
0045B8A2 |. B9 3F000000 MOV ECX,3F
0045B8A7 |. 8D7C24 31 LEA EDI,DWORD PTR SS:[ESP+31]
0045B8AB |. F3:AB REP STOS DWORD PTR ES:[EDI]
0045B8AD |. 66:AB STOS WORD PTR ES:[EDI]
0045B8AF |. 81C6 E4010000 ADD ESI,1E4
0045B8B5 |. 56 PUSH ESI
0045B8B6 |. AA STOS BYTE PTR ES:[EDI]
0045B8B7 |. 8D4424 34 LEA EAX,DWORD PTR SS:[ESP+34]
0045B8BB |. 68 1CD35100 PUSH MatchSer.0051D31C ; ASCII "FirstMaster : (%s)"
0045B8C0 |. 50 PUSH EAX
0045B8C1 |. E8 A8530500 CALL MatchSer.004B0C6E
0045B8C6 |. 8B5424 1C MOV EDX,DWORD PTR SS:[ESP+1C]
0045B8CA |. 83C4 0C ADD ESP,0C
0045B8CD |. 8D4C24 30 LEA ECX,DWORD PTR SS:[ESP+30]
0045B8D1 |. 51 PUSH ECX ; /Arg2
0045B8D2 |. 52 PUSH EDX ; |Arg1
0045B8D3 |. 8BCB MOV ECX,EBX ; |
0045B8D5 |. E8 B658FBFF CALL MatchSer.00411190 ; \MatchSer.00411190
0045B8DA |. B3 01 MOV BL,1
0045B8DC |. EB 04 JMP SHORT MatchSer.0045B8E2
0045B8DE |> 8A5C24 0F MOV BL,BYTE PTR SS:[ESP+F]
0045B8E2 |> 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
0045B8E6 |. E8 35B10300 CALL MatchSer.00496A20
0045B8EB |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
0045B8EF |. C78424 4401000>MOV DWORD PTR SS:[ESP+144],-1
0045B8FA |. E8 A1B20300 CALL MatchSer.00496BA0
0045B8FF |. 8AC3 MOV AL,BL
0045B901 |> 8B8C24 3C01000>MOV ECX,DWORD PTR SS:[ESP+13C]
0045B908 |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
0045B90F |. 8B8C24 3401000>MOV ECX,DWORD PTR SS:[ESP+134]
0045B916 |. E8 DC530500 CALL MatchSer.004B0CF7
0045B91B |. 5F POP EDI
0045B91C |. 5E POP ESI
0045B91D |. 5B POP EBX
0045B91E |. 8BE5 MOV ESP,EBP
0045B920 |. 5D POP EBP
0045B921 \. C3 RETN
Oh yeah lal, I was searching in the runnable thx ;)
So I put a retn here: right?
Code:0045B7C0 /$ 55 RETN
0045B7C1 |. 8BEC MOV EBP,ESP
0045B7C3 |. 83E4 F8 AND ESP,FFFFFFF8
0045B7C6 |. 6A FF PUSH -1
0045B7C8 |. 68 8BAA4F00 PUSH MatchSer.004FAA8B ; SE handler installation
0045B7CD |. 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
0045B7D3 |. 50 PUSH EAX
0045B7D4 |. 64:8925 000000>MOV DWORD PTR FS:[0],ESP
0045B7DB |. 81EC 30010000 SUB ESP,130
0045B7E1 |. A1 C8E45400 MOV EAX,DWORD PTR DS:[54E4C8]
0045B7E6 |. 53 PUSH EBX
0045B7E7 |. 56 PUSH ESI
0045B7E8 |. 57 PUSH EDI
0045B7E9 |. 8BF9 MOV EDI,ECX
0045B7EB |. 8BDA MOV EBX,EDX
0045B7ED |. 57 PUSH EDI
0045B7EE |. 8BCB MOV ECX,EBX
0045B7F0 |. 898424 3801000>MOV DWORD PTR SS:[ESP+138],EAX
0045B7F7 |. E8 9458FBFF CALL MatchSer.00411090
0045B7FC |. 85C0 TEST EAX,EAX
0045B7FE |. 894424 10 MOV DWORD PTR SS:[ESP+10],EAX
0045B802 |. 74 3E JE SHORT MatchSer.0045B842
0045B804 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0045B807 |. 50 PUSH EAX
0045B808 |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
0045B80C |. 51 PUSH ECX
0045B80D |. 8D8B 1C030000 LEA ECX,DWORD PTR DS:[EBX+31C]
0045B813 |. E8 68120200 CALL MatchSer.0047CA80
0045B818 |. 8B83 20030000 MOV EAX,DWORD PTR DS:[EBX+320]
0045B81E |. 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14]
0045B822 |. 3BC8 CMP ECX,EAX
0045B824 |. 74 1C JE SHORT MatchSer.0045B842
0045B826 |. 8B71 14 MOV ESI,DWORD PTR DS:[ECX+14]
0045B829 |. 85F6 TEST ESI,ESI
0045B82B |. 74 15 JE SHORT MatchSer.0045B842
0045B82D |. 8B86 90010000 MOV EAX,DWORD PTR DS:[ESI+190]
0045B833 |. 3947 04 CMP DWORD PTR DS:[EDI+4],EAX
0045B836 |. 8B8E 8C010000 MOV ECX,DWORD PTR DS:[ESI+18C]
0045B83C |. 75 04 JNZ SHORT MatchSer.0045B842
0045B83E |. 390F CMP DWORD PTR DS:[EDI],ECX
0045B840 |. 74 07 JE SHORT MatchSer.0045B849
0045B842 |> 32C0 XOR AL,AL
0045B844 |. E9 B8000000 JMP MatchSer.0045B901
0045B849 |> 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
0045B84D |. C64424 0F 00 MOV BYTE PTR SS:[ESP+F],0
0045B852 |. E8 29B30300 CALL MatchSer.00496B80
0045B857 |. 8B55 0C MOV EDX,DWORD PTR SS:[EBP+C]
0045B85A |. 52 PUSH EDX ; /Arg1
0045B85B |. 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C] ; |
0045B85F |. C78424 4801000>MOV DWORD PTR SS:[ESP+148],0 ; |
0045B86A |. E8 41B00300 CALL MatchSer.004968B0 ; \MatchSer.004968B0
0045B86F |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
0045B873 |. E8 88C50300 CALL MatchSer.00497E00
0045B878 |. 83F8 01 CMP EAX,1
0045B87B |. 7C 61 JL SHORT MatchSer.0045B8DE
0045B87D |. 6A 00 PUSH 0
0045B87F |. 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C]
0045B883 |. E8 28B20300 CALL MatchSer.00496AB0
0045B888 |. 85C0 TEST EAX,EAX
0045B88A |. 74 52 JE SHORT MatchSer.0045B8DE
0045B88C |. 68 30D35100 PUSH MatchSer.0051D330 ; ASCII "/showinfo"
0045B891 |. 50 PUSH EAX
0045B892 |. E8 49720600 CALL MatchSer.004C2AE0
0045B897 |. 83C4 08 ADD ESP,8
0045B89A |. 85C0 TEST EAX,EAX
0045B89C |. 75 40 JNZ SHORT MatchSer.0045B8DE
0045B89E |. 884424 30 MOV BYTE PTR SS:[ESP+30],AL
0045B8A2 |. B9 3F000000 MOV ECX,3F
0045B8A7 |. 8D7C24 31 LEA EDI,DWORD PTR SS:[ESP+31]
0045B8AB |. F3:AB REP STOS DWORD PTR ES:[EDI]
0045B8AD |. 66:AB STOS WORD PTR ES:[EDI]
0045B8AF |. 81C6 E4010000 ADD ESI,1E4
0045B8B5 |. 56 PUSH ESI
0045B8B6 |. AA STOS BYTE PTR ES:[EDI]
0045B8B7 |. 8D4424 34 LEA EAX,DWORD PTR SS:[ESP+34]
0045B8BB |. 68 1CD35100 PUSH MatchSer.0051D31C ; ASCII "FirstMaster : (%s)"
0045B8C0 |. 50 PUSH EAX
0045B8C1 |. E8 A8530500 CALL MatchSer.004B0C6E
0045B8C6 |. 8B5424 1C MOV EDX,DWORD PTR SS:[ESP+1C]
0045B8CA |. 83C4 0C ADD ESP,0C
0045B8CD |. 8D4C24 30 LEA ECX,DWORD PTR SS:[ESP+30]
0045B8D1 |. 51 PUSH ECX ; /Arg2
0045B8D2 |. 52 PUSH EDX ; |Arg1
0045B8D3 |. 8BCB MOV ECX,EBX ; |
0045B8D5 |. E8 B658FBFF CALL MatchSer.00411190 ; \MatchSer.00411190
0045B8DA |. B3 01 MOV BL,1
0045B8DC |. EB 04 JMP SHORT MatchSer.0045B8E2
0045B8DE |> 8A5C24 0F MOV BL,BYTE PTR SS:[ESP+F]
0045B8E2 |> 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
0045B8E6 |. E8 35B10300 CALL MatchSer.00496A20
0045B8EB |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
0045B8EF |. C78424 4401000>MOV DWORD PTR SS:[ESP+144],-1
0045B8FA |. E8 A1B20300 CALL MatchSer.00496BA0
0045B8FF |. 8AC3 MOV AL,BL
0045B901 |> 8B8C24 3C01000>MOV ECX,DWORD PTR SS:[ESP+13C]
0045B908 |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
0045B90F |. 8B8C24 3401000>MOV ECX,DWORD PTR SS:[ESP+134]
0045B916 |. E8 DC530500 CALL MatchSer.004B0CF7
0045B91B |. 5F POP EDI
0045B91C |. 5E POP ESI
0045B91D |. 5B POP EBX
0045B91E |. 8BE5 MOV ESP,EBP
0045B920 |. 5D POP EBP
0045B921 \. C3 RETN
Looks good.
The bullet removal was the same, so why not their? xD
No, it will not work.
I did that RETN thing. It merely removes the text. The function of changing the master is still there.
try
OLD
437CAD E8 EE610200 CALL 45DEA0
NEW
437CAD 90 NOP
That also didn't work nayr =[
Look where the function is called from. And, if necessary, find out what function makes a MUID owner of a stage.Quote:
Originally Posted by Linear88
I'm not advanced in ASM ._.Quote:
Originally Posted by Donald Duck
GUNZ2830 Say : 0045B8BB |. 68 1CD35100 PUSH 0051D31C ; ASCII "FirstMaster : (%s)"
Donald Duck Say : Put a RETN at the start of that function.
Il try maybe to find it when im done whit mah custom looby.
Wee got the information wee need i think
has anyone checked to see if this whole thing is a call from a large function, then RETN that bish?
going to work now, gimme 4 hours and when i get home ill get it working ttyl Guys
I guess your 4 hours are past now, do you got it working oO ?Quote:
Originally Posted by BetrayedAcheron
Shouldn't take more than a few minutes to reverse it...
forgot all about this looool, limme give it a go (YAY For 4 am ^-^)Quote:
Originally Posted by Trilest
K good luck ;)Quote:
Originally Posted by BetrayedAcheron
O darn i found it
0045C1EB |. E8 D0F5FFFF CALL MatchSer.0045B7C0
0045DECD |. E8 EED8FFFF CALL MatchSer.0045B7C0
Give me a few minutes to figure it out
Edit:
actually looking at this function i think you guys fail hard... i think you got it all wrong
By the looks of it all this function does is when you type in /showinfo in a stage you get the name of the first master xD
Edit 2:
Just tested and yup thats all it is, i bet this calls the original first master function, which is probably a call of the auto first master you want
Code:0045B85A |. 52 PUSH EDX ; /Arg1
0045B85B |. 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C] ; |
0045B85F |. C78424 4801000>MOV DWORD PTR SS:[ESP+148],0 ; |
0045B86A |. E8 41B00300 CALL Fixed_Ma.004968B0 ; \Fixed_Ma.004968B0
0045B86F |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
0045B873 |. E8 88C50300 CALL Fixed_Ma.00497E00
0045B878 |. 83F8 01 CMP EAX,1
0045B87B |. 7C 61 JL SHORT Fixed_Ma.0045B8DE
0045B87D |. 6A 00 PUSH 0
0045B87F |. 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C]
0045B883 |. E8 28B20300 CALL Fixed_Ma.00496AB0
0045B888 |. 85C0 TEST EAX,EAX
0045B88A |. 74 52 JE SHORT Fixed_Ma.0045B8DE
0045B88C |. 68 30D35100 PUSH Fixed_Ma.0051D330 ; ASCII "/showinfo"
0045B891 |. 50 PUSH EAX
0045B892 |. E8 49720600 CALL Fixed_Ma.004C2AE0
0045B897 |. 83C4 08 ADD ESP,8
0045B89A |. 85C0 TEST EAX,EAX
0045B89C |. 75 40 JNZ SHORT Fixed_Ma.0045B8DE
0045B89E |. 884424 30 MOV BYTE PTR SS:[ESP+30],AL
0045B8A2 |. B9 3F000000 MOV ECX,3F
0045B8A7 |. 8D7C24 31 LEA EDI,DWORD PTR SS:[ESP+31]
0045B8AB |. F3:AB REP STOS DWORD PTR ES:[EDI]
0045B8AD |. 66:AB STOS WORD PTR ES:[EDI]
0045B8AF |. 81C6 E4010000 ADD ESI,1E4
0045B8B5 |. 56 PUSH ESI
0045B8B6 |. AA STOS BYTE PTR ES:[EDI]
0045B8B7 |. 8D4424 34 LEA EAX,DWORD PTR SS:[ESP+34]
0045B8BB |. 68 1CD35100 PUSH Fixed_Ma.0051D31C ; ASCII "FirstMaster : (%s)"
0045B8C0 |. 50 PUSH EAX
0045B8C1 |. E8 A8530500 CALL Fixed_Ma.004B0C6E
0045B8C6 |. 8B5424 1C MOV EDX,DWORD PTR SS:[ESP+1C]
0045B8CA |. 83C4 0C ADD ESP,0C
0045B8CD |. 8D4C24 30 LEA ECX,DWORD PTR SS:[ESP+30]
0045B8D1 |. 51 PUSH ECX ; /Arg2
0045B8D2 |. 52 PUSH EDX ; |Arg1
0045B8D3 |. 8BCB MOV ECX,EBX ; |
0045B8D5 |. E8 B658FBFF CALL Fixed_Ma.00411190 ; \Fixed_Ma.00411190
So u fixed it ?
This is relevant to my interests.
Nup i was saying what you guys were looking for was the wrong thing. What the above people were finding was the command that allowed players to view the name of the first master. Try it yourself, type in /showinfo in any stage before clicking start game. It will give you the name of the first master
i might pick this project up after i finish the pirate pengu o.o
Yeah I noticed that already.Quote:
Originally Posted by BetrayedAcheron
aww I spend like days to find it, I tried like 100 different possibilities...
Go breakpoint it.Quote:
Originally Posted by BetrayedAcheron
Disable text take normaly like 1min.
But to disable the whole command thats will be a job lol x.x
what command ?Quote:
Originally Posted by lapochier
I'm asking for a fix to stop the ugradeid 252 from getting roommaster once he gets in a room.