Editing theduel.exe (OllyDBG)

[killeroi]

well ,
im trying to make the admin commands
for a normal player
so i can use /admin_wall [MSG]
and those commands
i unpack an encrypted mrs after i found the encrypt code
well i edit almost anything there
but 1 problem
on CHATCMDS.xml even if i am editing the command /h to /admin_wall
in game when i write /admin_wall its still the help command
so after alot of thinkin
i got it
the whole commands built in the gunz.exe/theduel.exe
i tryied to use ollydbg
but its look like other lang O_O
i didnt make it
so i came here to ask help
anyone can help me edit the admin commands for a normal player
any asm coders.. ?
here is the exe if a private server

http://www.mediafire.com/?zmbmw0tdund

thx for anyhelp.

edit:
well i saw alot of tuts on ollydbg
ive found the commands on the file

Code:

CPU Disasm
Address   Hex dump          Command                                  Comments
0042D6E9    68 F4A45E00     PUSH 5EA4F4                              ; ASCII "/admin_ban <charname>"
0042D6EE    6A 01           PUSH 1
0042D6F0    6A 01           PUSH 1
0042D6F2    6A FF           PUSH -1
0042D6F4    68 80000000     PUSH 80
0042D6F9    68 50CB4200     PUSH 42CB50
0042D6FE    68 E8A45E00     PUSH 5EA4E8                              ; ASCII "admin_ban"
0042D703    6A 00           PUSH 0
0042D705    8BCE            MOV ECX,ESI
0042D707    E8 64240000     CALL 0042FB70
0042D70C    68 6C685E00     PUSH 5E686C
0042D711    68 D4A45E00     PUSH 5EA4D4                              ; ASCII "/admin_pingtoall"
0042D716    6A 01           PUSH 1
0042D718    6A FF           PUSH -1
0042D71A    6A FF           PUSH -1
0042D71C    68 80000000     PUSH 80
0042D721    68 E0B94200     PUSH 42B9E0
0042D726    68 C4A45E00     PUSH 5EA4C4                              ; ASCII "admin_pingtoall"
0042D72B    6A 00           PUSH 0
0042D72D    8BCE            MOV ECX,ESI
0042D72F    E8 3C240000     CALL 0042FB70
0042D734    68 6C685E00     PUSH 5E686C
0042D739    68 ACA45E00     PUSH 5EA4AC
0042D73E    6A 01           PUSH 1
0042D740    6A 01           PUSH 1
0042D742    6A FF           PUSH -1
0042D744    68 80000000     PUSH 80
0042D749    68 E0CB4200     PUSH 42CBE0
0042D74E    68 A0A45E00     PUSH 5EA4A0                              ; ASCII "admin_wall"
0042D753    6A 00           PUSH 0
0042D755    8BCE            MOV ECX,ESI
0042D757    E8 14240000     CALL 0042FB70
0042D75C    68 6C685E00     PUSH 5E686C
0042D761    68 94A45E00     PUSH 5EA494                              ; ASCII "/admin_halt"
0042D766    6A 01           PUSH 1
0042D768    6A FF           PUSH -1
0042D76A    6A FF           PUSH -1
0042D76C    68 80000000     PUSH 80
0042D771    68 B0CC4200     PUSH 42CCB0
0042D776    68 88A45E00     PUSH 5EA488                              ; ASCII "admin_halt"
0042D77B    6A 00           PUSH 0
0042D77D    8BCE            MOV ECX,ESI
0042D77F    E8 EC230000     CALL 0042FB70
0042D784    68 6C685E00     PUSH 5E686C
0042D789    68 6CA45E00     PUSH 5EA46C                              ; ASCII "/admin_switch_laddergame 1"
0042D78E    6A 01           PUSH 1
0042D790    6A FF           PUSH -1
0042D792    6A FF           PUSH -1
0042D794    68 80000000     PUSH 80
0042D799    68 E0CC4200     PUSH 42CCE0
0042D79E    68 54A45E00     PUSH 5EA454                              ; ASCII "admin_switch_laddergame"
0042D7A3    6A 00           PUSH 0
0042D7A5    8BCE            MOV ECX,ESI
0042D7A7    E8 C4230000     CALL 0042FB70
0042D7AC    68 6C685E00     PUSH 5E686C
0042D7B1    68 44A45E00     PUSH 5EA444                              ; ASCII "/changemaster"
0042D7B6    6A 01           PUSH 1
0042D7B8    6A FF           PUSH -1
0042D7BA    6A FF           PUSH -1
0042D7BC    68 86000000     PUSH 86
0042D7C1    68 40BA4200     PUSH 42BA40
0042D7C6    68 34A45E00     PUSH 5EA434                              ; ASCII "changemaster"
0042D7CB    6A 00           PUSH 0
0042D7CD    8BCE            MOV ECX,ESI
0042D7CF    E8 9C230000     CALL 0042FB70
0042D7D4    68 6C685E00     PUSH 5E686C
0042D7D9    68 24A45E00     PUSH 5EA424                              ; ASCII "/changepassword"
0042D7DE    6A 01           PUSH 1
0042D7E0    6A FF           PUSH -1
0042D7E2    6A FF           PUSH -1
0042D7E4    68 86000000     PUSH 86
0042D7E9    68 60BA4200     PUSH 42BA60
0042D7EE    68 14A45E00     PUSH 5EA414                              ; ASCII "changepassword"
0042D7F3    6A 00           PUSH 0
0042D7F5    8BCE            MOV ECX,ESI
0042D7F7    E8 74230000     CALL 0042FB70
0042D7FC    68 6C685E00     PUSH 5E686C
0042D801    68 08A45E00     PUSH 5EA408                              ; ASCII "/admin_hide"
0042D806    6A 01           PUSH 1
0042D808    6A FF           PUSH -1
0042D80A    6A FF           PUSH -1
0042D80C    68 81000000     PUSH 81
0042D811    68 C0BA4200     PUSH 42BAC0
0042D816    68 FCA35E00     PUSH 5EA3FC                              ; ASCII "admin_hide"
0042D81B    6A 00           PUSH 0
0042D81D    8BCE            MOV ECX,ESI
0042D81F    E8 4C230000     CALL 0042FB70
0042D824    68 6C685E00     PUSH 5E686C
0042D829    68 F4A35E00     PUSH 5EA3F4                              ; ASCII "/hide"
0042D82E    6A 01           PUSH 1
0042D830    6A FF           PUSH -1
0042D832    6A FF           PUSH -1
0042D834    68 81000000     PUSH 81
0042D839    68 C0BA4200     PUSH 42BAC0
0042D83E    68 ECA35E00     PUSH 5EA3EC                              ; ASCII "hide"
0042D843    6A 00           PUSH 0
0042D845    8BCE            MOV ECX,ESI
0042D847    E8 24230000     CALL 0042FB70
0042D84C    68 6C685E00     PUSH 5E686C
0042D851    68 E4A35E00     PUSH 5EA3E4                              ; ASCII "/jjang"
0042D856    6A 01           PUSH 1
0042D858    6A FF           PUSH -1
0042D85A    6A FF           PUSH -1
0042D85C    68 86000000     PUSH 86
0042D861    68 E0BA4200     PUSH 42BAE0
0042D866    68 DCA35E00     PUSH 5EA3DC                              ; ASCII "jjang"
0042D86B    6A 00           PUSH 0
0042D86D    8BCE            MOV ECX,ESI
0042D86F    E8 FC220000     CALL 0042FB70
0042D874    68 6C685E00     PUSH 5E686C
0042D879    68 CCA35E00     PUSH 5EA3CC                              ; ASCII "/removejjang"
0042D87E    6A 01           PUSH 1
0042D880    6A FF           PUSH -1
0042D882    6A FF           PUSH -1
0042D884    68 86000000     PUSH 86
0042D889    68 40BB4200     PUSH 42BB40
0042D88E    68 C0A35E00     PUSH 5EA3C0                              ; ASCII "removejjang"
0042D893    6A 00           PUSH 0
0042D895    8BCE            MOV ECX,ESI
0042D897    E8 D4220000     CALL 0042FB70
0042D89C    68 6C685E00     PUSH 5E686C
0042D8A1    68 ACA35E00     PUSH 5EA3AC                              ; ASCII "/admin_reload_hash"
0042D8A6    6A 01           PUSH 1
0042D8A8    6A FF           PUSH -1
0042D8AA    6A FF           PUSH -1
0042D8AC    68 80000000     PUSH 80
0042D8B1    68 00BA4200     PUSH 42BA00
0042D8B6    68 98A35E00     PUSH 5EA398                              ; ASCII "admin_reload_hash"
0042D8BB    6A 00           PUSH 0
0042D8BD    8BCE            MOV ECX,ESI
0042D8BF    E8 AC220000     CALL 0042FB70
0042D8C4    68 6C685E00     PUSH 5E686C
0042D8C9    68 78A35E00     PUSH 5EA378                              ; ASCII "/admin_reset_all_hacking_block"
0042D8CE    6A 01           PUSH 1
0042D8D0    6A FF           PUSH -1
0042D8D2    6A FF           PUSH -1
0042D8D4    68 80000000     PUSH 80
0042D8D9    68 20BA4200     PUSH 42BA20
0042D8DE    68 58A35E00     PUSH 5EA358                              ; ASCII "admin_reset_all_hacking_block"
0042D8E3    6A 00           PUSH 0
0042D8E5    8BCE            MOV ECX,ESI
0042D8E7    E8 84220000     CALL 0042FB70
0042D8EC    68 A0A45E00     PUSH 5EA4A0                              ; ASCII "admin_wall"
0042D8F1    68 50A35E00     PUSH 5EA350
0042D8F6    8BCE            MOV ECX,ESI
0042D8F8    E8 13240000     CALL 0042FD10
0042D8FD    68 88A45E00     PUSH 5EA488                              ; ASCII "admin_halt"
0042D902    68 48A35E00     PUSH 5EA348
0042D907    8BCE            MOV ECX,ESI
0042D909    E8 02240000     CALL 0042FD10
0042D90E    68 2CA35E00     PUSH 5EA32C
0042D913    68 20A35E00     PUSH 5EA320
0042D918    6A 01           PUSH 1
0042D91A    6A 01           PUSH 1
0042D91C    6A FF           PUSH -1
0042D91E    6A 01           PUSH 1
0042D920    68 10D14200     PUSH 42D110
0042D925    68 44A25E00     PUSH 5EA244                              ; ASCII "go"
0042D92A    6A 00           PUSH 0
0042D92C    8BCE            MOV ECX,ESI
0042D92E    E8 3D220000     CALL 0042FB70
0042D933    68 6C685E00     PUSH 5E686C

how do i change anything to be used for normal player?

[MentaL]

[belette321]

how do i change everything to be used for normal player?

You can set every player to rank 252 ...
or juste change admin UGrade Push to 0.

Theese push look like "0x0FF" for 255 rank
and "0x0FE" for 254 rank.

if you change ranks remember to do it server-side
too.


...

[PenguinGuy]

You can set every player to rank 252 ...
or juste change admin UGrade Push to 0.

Theese push look like "0x0FF" for 255 rank
and "0x0FE" for 254 rank.

if you change ranks remember to do it server-side
too.


...

I don't have any gunz files on this computer, but.
Some function, or the function itself, that uses /admin_wall calls ZMyInfo::IsAdminGrade
or ZCharacter::IsAdminName (Something like that)
You will see a block of Assembly code that looks like this:

Code:

CMP EAX, 255
JMP SHORT .....
CMP EAX, 254
JMP SHORT .....
CMP EAX, 252
JMP SHORT .....

(Something like that) - above them is the pointer to your current UGradeID. If your UGradeID is 255, it will take the jump underneath the "CMP EAX, 255" and continue.

Anyway, what you want to do is look for a call to one of them 2 functions and uhh, crap. I can't really say what to do because I can't look at that function, but try NOP'ing that CALL and/or the register(s)/command(s) above that CALL. I'm sorry, I'm terribly tired. But yes, you will also have to edit MatchServer for it to work (like belette said).

Also, the language you are talking about is Assembly.

Edit; that tutorial was intended to add new commands. That tutorial has nothing to do with what your doing. What that function does is check for input of say, "/admin_wall" and will execute the function that is PUSH'ed.

[Linear88]

Just do a JMP without comparing the UGradeIDs in the command's function.

Don't forget to do the same for the server though.

[Solaire]

Simply enable the admin console announce packet in the MatchServer and change the packet id in the client.

[killeroi]

hmm thx anyone can edit the theduel.exe i gave?
i dont understand alot of this
and i dont know how to save ._.
btw
i must change the server side too
or just my client?
cuz if i use dll i mean its look like hmm
usage:/admin_wall

call ZChannelChatPost
some thing like this
but its crash so i want to make the client to make it
alone