Questions Dealing With ASM

Results 1 to 4 of 4
  1. 03-07-09 #1
    Wucas
    2D > 3D Wucas is offline
    MemberRank
    Dec 2008 Join Date
    In your bed :3Location
    2,523Posts

    Questions Dealing With ASM

    I want to say im still learning how ASM works and i would rather have reasons then just plain information. I learn better from doing it myself but i need some help.

    First from my "Test Item" thread im looking for the function that deals with detonation, so i can disable it, leaving a solid item that doesnt disappear. Do i have the correct area coded here?

    Is the highlighted call what i need?

    Frag
    Code:
    004B4550   . 83EC 18        SUB ESP,18
004B4553   . D905 24B46800  FLD DWORD PTR DS:[68B424]
004B4559   . 56             PUSH ESI
004B455A   . 8BF1           MOV ESI,ECX
004B455C   . D9E0           FCHS
004B455E   . 8D46 28        LEA EAX,DWORD PTR DS:[ESI+28]
004B4561   . D95C24 10      FSTP DWORD PTR SS:[ESP+10]
004B4565   . 8B08           MOV ECX,DWORD PTR DS:[EAX]
004B4567   . D905 28B46800  FLD DWORD PTR DS:[68B428]
004B456D   . 8B50 04        MOV EDX,DWORD PTR DS:[EAX+4]
004B4570   . D9E0           FCHS
004B4572   . 8B40 08        MOV EAX,DWORD PTR DS:[EAX+8]
004B4575   . D95C24 14      FSTP DWORD PTR SS:[ESP+14]
004B4579   . 894C24 04      MOV DWORD PTR SS:[ESP+4],ECX
004B457D   . 8D4C24 10      LEA ECX,DWORD PTR SS:[ESP+10]
004B4581   . 895424 08      MOV DWORD PTR SS:[ESP+8],EDX
004B4585   . 51             PUSH ECX
004B4586   . 8D5424 08      LEA EDX,DWORD PTR SS:[ESP+8]
004B458A   . 52             PUSH EDX
004B458B   . 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
004B458F   . C74424 20 0000>MOV DWORD PTR SS:[ESP+20],0
004B4597   . E8 1478FFFF    CALL Apex0.004ABDB0
004B459C   . 8BC8           MOV ECX,EAX                              ; |
004B459E   . E8 BD90FBFF    CALL Apex0.0046D660                      ; \Apex0.0046D660
004B45A3   . 8B46 18        MOV EAX,DWORD PTR DS:[ESI+18]
004B45A6   . 8B4E 1C        MOV ECX,DWORD PTR DS:[ESI+1C]
004B45A9   . 50             PUSH EAX
004B45AA   . 8B4424 08      MOV EAX,DWORD PTR SS:[ESP+8]
004B45AE   . 68 0000803F    PUSH 3F800000
004B45B3   . 68 CDCC4C3E    PUSH 3E4CCCCD
004B45B8   . 68 0000C843    PUSH 43C80000
004B45BD   . 51             PUSH ECX
004B45BE   . 8B4C24 1C      MOV ECX,DWORD PTR SS:[ESP+1C]
004B45C2   . 83EC 0C        SUB ESP,0C
004B45C5   . 8BD4           MOV EDX,ESP                              ; |
004B45C7   . 8902           MOV DWORD PTR DS:[EDX],EAX               ; |
004B45C9   . 8B4424 2C      MOV EAX,DWORD PTR SS:[ESP+2C]            ; |
004B45CD   . 894A 04        MOV DWORD PTR DS:[EDX+4],ECX             ; |
004B45D0   . 8B4E 14        MOV ECX,DWORD PTR DS:[ESI+14]            ; |
004B45D3   . 8942 08        MOV DWORD PTR DS:[EDX+8],EAX             ; |
004B45D6   . 8B56 10        MOV EDX,DWORD PTR DS:[ESI+10]            ; |
004B45D9   . 51             PUSH ECX                                 ; |Arg2
004B45DA   . 8B0D 682F6700  MOV ECX,DWORD PTR DS:[672F68]            ; |
004B45E0   . 52             PUSH EDX                                 ; |Arg1
004B45E1   . E8 CADAFEFF    CALL Apex0.004A20B0                      ; \Apex0.004A20B0
004B45E6   . 6A 00          PUSH 0
004B45E8   . 6A 00          PUSH 0
004B45EA   . 6A 00          PUSH 0
004B45EC   . 8D4424 10      LEA EAX,DWORD PTR SS:[ESP+10]
004B45F0   . 50             PUSH EAX
004B45F1   . 68 F0415F00    PUSH Apex0.005F41F0                      ;  ASCII "we_grenade_explosion"
004B45F6   . E8 D576FFFF    CALL Apex0.004ABCD0
004B45FB   . 8BC8           MOV ECX,EAX                              ; |
004B45FD   . E8 8EDEFDFF    CALL Apex0.00492490                      ; \Apex0.00492490
004B4602   . E8 A92AFEFF    CALL Apex0.004970B0
004B4607   . 8B88 4C110000  MOV ECX,DWORD PTR DS:[EAX+114C]
004B460D   . 05 38110000    ADD EAX,1138
004B4612   . 51             PUSH ECX
004B4613   . 8BC8           MOV ECX,EAX
004B4615   . E8 96DAFFFF    CALL Apex0.004B20B0
004B461A   . 68 00803B45    PUSH 453B8000
004B461F   . 8D5424 08      LEA EDX,DWORD PTR SS:[ESP+8]
004B4623   . 52             PUSH EDX
004B4624   . 8D48 1C        LEA ECX,DWORD PTR DS:[EAX+1C]
004B4627   . E8 B4570000    CALL Apex0.004B9DE0
004B462C   . 5E             POP ESI
004B462D   . 83C4 18        ADD ESP,18
004B4630   . C3             RETN
    Flash
    Code:
    004B4350   . 83EC 18        SUB ESP,18
004B4353   . D905 24B46800  FLD DWORD PTR DS:[68B424]
004B4359   . 56             PUSH ESI
004B435A   . D9E0           FCHS
004B435C   . 8BF1           MOV ESI,ECX
004B435E   . D95C24 10      FSTP DWORD PTR SS:[ESP+10]
004B4362   . 8D46 28        LEA EAX,DWORD PTR DS:[ESI+28]
004B4365   . 8B08           MOV ECX,DWORD PTR DS:[EAX]
004B4367   . D905 28B46800  FLD DWORD PTR DS:[68B428]
004B436D   . 8B50 04        MOV EDX,DWORD PTR DS:[EAX+4]
004B4370   . D9E0           FCHS
004B4372   . 8B40 08        MOV EAX,DWORD PTR DS:[EAX+8]
004B4375   . D95C24 14      FSTP DWORD PTR SS:[ESP+14]
004B4379   . D905 2CB46800  FLD DWORD PTR DS:[68B42C]
004B437F   . 894C24 04      MOV DWORD PTR SS:[ESP+4],ECX
004B4383   . 8D4C24 10      LEA ECX,DWORD PTR SS:[ESP+10]
004B4387   . D9E0           FCHS
004B4389   . 895424 08      MOV DWORD PTR SS:[ESP+8],EDX
004B438D   . D95C24 18      FSTP DWORD PTR SS:[ESP+18]
004B4391   . 51             PUSH ECX
004B4392   . 8D5424 08      LEA EDX,DWORD PTR SS:[ESP+8]
004B4396   . 52             PUSH EDX
004B4397   . 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
004B439B   . E8 107AFFFF    CALL Apex0.004ABDB0
004B43A0   . 8BC8           MOV ECX,EAX                              ; |
004B43A2   . E8 C990FBFF    CALL Apex0.0046D470                      ; \Apex0.0046D470
004B43AA   . 8B4E 1C        MOV ECX,DWORD PTR DS:[ESI+1C]
004B43A7   . 8B46 18        MOV EAX,DWORD PTR DS:[ESI+18]
004B43AD   . 50             PUSH EAX
004B43AE   . 8B4424 08      MOV EAX,DWORD PTR SS:[ESP+8]
004B43B2   . 68 0000003F    PUSH 3F000000
004B43B7   . 68 9A99993E    PUSH 3E99999A
004B43BC   . 68 0000AF43    PUSH 43AF0000
004B43C1   . 51             PUSH ECX
004B43C2   . 8B4C24 1C      MOV ECX,DWORD PTR SS:[ESP+1C]
004B43C6   . 83EC 0C        SUB ESP,0C
004B43C9   . 8BD4           MOV EDX,ESP                              ; |
004B43CB   . 8902           MOV DWORD PTR DS:[EDX],EAX               ; |
004B43CD   . 8B4424 2C      MOV EAX,DWORD PTR SS:[ESP+2C]            ; |
004B43D1   . 894A 04        MOV DWORD PTR DS:[EDX+4],ECX             ; |
004B43D4   . 8B4E 14        MOV ECX,DWORD PTR DS:[ESI+14]            ; |
004B43D7   . 8942 08        MOV DWORD PTR DS:[EDX+8],EAX             ; |
004B43DA   . 8B56 10        MOV EDX,DWORD PTR DS:[ESI+10]            ; |
004B43DD   . 51             PUSH ECX                                 ; |Arg2
004B43DE   . 8B0D 682F6700  MOV ECX,DWORD PTR DS:[672F68]            ; |
004B43E4   . 52             PUSH EDX                                 ; |Arg1
004B43E5   . E8 C6DCFEFF    CALL Apex0.004A20B0                      ; \Apex0.004A20B0
004B43EA   . 6A 00          PUSH 0
004B43EC   . 6A 00          PUSH 0
004B43EE   . 6A 00          PUSH 0
004B43F0   . 8D4424 10      LEA EAX,DWORD PTR SS:[ESP+10]
004B43F4   . 50             PUSH EAX
004B43F5   . 68 E0415F00    PUSH Apex0.005F41E0                      ;  ASCII "fx_explosion01"
004B43FA   . E8 D178FFFF    CALL Apex0.004ABCD0
004B43FF   . 8BC8           MOV ECX,EAX                              ; |
004B4401   . E8 8AE0FDFF    CALL Apex0.00492490                      ; \Apex0.00492490
004B4406   . E8 A52CFEFF    CALL Apex0.004970B0
004B440B   . 8B88 4C110000  MOV ECX,DWORD PTR DS:[EAX+114C]
004B4411   . 05 38110000    ADD EAX,1138
004B4416   . 51             PUSH ECX
004B4417   . 8BC8           MOV ECX,EAX
004B4419   . E8 92DCFFFF    CALL Apex0.004B20B0
004B441E   . 68 00803B45    PUSH 453B8000
004B4423   . 8D5424 08      LEA EDX,DWORD PTR SS:[ESP+8]
004B4427   . 52             PUSH EDX
004B4428   . 8D48 1C        LEA ECX,DWORD PTR DS:[EAX+1C]
004B442B   . E8 B0590000    CALL Apex0.004B9DE0
004B4430   . 5E             POP ESI
004B4431   . 83C4 18        ADD ESP,18
004B4434   . C3             RETN
    The Highlighted Call

    Code:
    00492490  /$ 83EC 1C        SUB ESP,1C
00492493  |. 56             PUSH ESI
00492494  |. 8BF1           MOV ESI,ECX
00492496  |. 8A86 52020000  MOV AL,BYTE PTR DS:[ESI+252]
0049249C  |. 84C0           TEST AL,AL
0049249E  |. 74 0A          JE SHORT Apex0.004924AA
004924A0  |. 8A86 54020000  MOV AL,BYTE PTR DS:[ESI+254]
004924A6  |. 84C0           TEST AL,AL
004924A8  |. 75 09          JNZ SHORT Apex0.004924B3
004924AA  |> 33C0           XOR EAX,EAX
004924AC  |. 5E             POP ESI
004924AD  |. 83C4 1C        ADD ESP,1C
004924B0  |. C2 1400        RETN 14
004924B3  |> 8B4424 24      MOV EAX,DWORD PTR SS:[ESP+24]
004924B7  |. 53             PUSH EBX
004924B8  |. 8B5C24 30      MOV EBX,DWORD PTR SS:[ESP+30]
004924BC  |. 57             PUSH EDI
004924BD  |. 53             PUSH EBX                                 ; /Arg2
004924BE  |. 50             PUSH EAX                                 ; |Arg1
004924BF  |. 8BCE           MOV ECX,ESI                              ; |
004924C1  |. E8 DAEDFFFF    CALL Apex0.004912A0                      ; \Apex0.004912A0
004924C6  |. 8BF8           MOV EDI,EAX
004924C8  |. 85FF           TEST EDI,EDI
004924CA  |. 75 09          JNZ SHORT Apex0.004924D5
004924CC  |. 5F             POP EDI
004924CD  |. 5B             POP EBX
004924CE  |. 5E             POP ESI
004924CF  |. 83C4 1C        ADD ESP,1C
004924D2  |. C2 1400        RETN 14
004924D5  |> 8B5424 2C      MOV EDX,DWORD PTR SS:[ESP+2C]
004924D9  |. 55             PUSH EBP
004924DA  |. 8B6C24 34      MOV EBP,DWORD PTR SS:[ESP+34]
004924DE  |. 8D4C24 38      LEA ECX,DWORD PTR SS:[ESP+38]
004924E2  |. 51             PUSH ECX
004924E3  |. 53             PUSH EBX
004924E4  |. 55             PUSH EBP
004924E5  |. 57             PUSH EDI
004924E6  |. 52             PUSH EDX
004924E7  |. 8BCE           MOV ECX,ESI
004924E9  |. C74424 4C 0000>MOV DWORD PTR SS:[ESP+4C],0
004924F1  |. E8 6AE2FFFF    CALL Apex0.00490760
004924F6  |. 84C0           TEST AL,AL
004924F8  |. 74 4D          JE SHORT Apex0.00492547
004924FA  |. 8B4424 40      MOV EAX,DWORD PTR SS:[ESP+40]
004924FE  |. 85C0           TEST EAX,EAX
00492500  |. 76 51          JBE SHORT Apex0.00492553
00492502  |. FF15 5C655E00  CALL DWORD PTR DS:[<&WINMM.timeGetTime>] ;  WINMM.timeGetTime
00492508  |. 8B4C24 40      MOV ECX,DWORD PTR SS:[ESP+40]
0049250C  |. 8B55 08        MOV EDX,DWORD PTR SS:[EBP+8]
0049250F  |. 03C1           ADD EAX,ECX
00492511  |. 8B4D 04        MOV ECX,DWORD PTR SS:[EBP+4]
00492514  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
00492518  |. 8B45 00        MOV EAX,DWORD PTR SS:[EBP]
0049251B  |. 894C24 1C      MOV DWORD PTR SS:[ESP+1C],ECX
0049251F  |. 8D4C24 10      LEA ECX,DWORD PTR SS:[ESP+10]
00492523  |. 894424 18      MOV DWORD PTR SS:[ESP+18],EAX
00492527  |. 8B4424 38      MOV EAX,DWORD PTR SS:[ESP+38]
0049252B  |. 51             PUSH ECX
0049252C  |. 8D8E 30020000  LEA ECX,DWORD PTR DS:[ESI+230]
00492532  |. 897C24 14      MOV DWORD PTR SS:[ESP+14],EDI
00492536  |. 895424 24      MOV DWORD PTR SS:[ESP+24],EDX
0049253A  |. 894424 28      MOV DWORD PTR SS:[ESP+28],EAX
0049253E  |. 885C24 2C      MOV BYTE PTR SS:[ESP+2C],BL
00492542  |. E8 D9F9FFFF    CALL Apex0.00491F20
00492547  |> 5D             POP EBP
00492548  |. 5F             POP EDI
00492549  |. 5B             POP EBX
0049254A  |. 33C0           XOR EAX,EAX
0049254C  |. 5E             POP ESI
0049254D  |. 83C4 1C        ADD ESP,1C
00492550  |. C2 1400        RETN 14
00492553  |> 8B3F           MOV EDI,DWORD PTR DS:[EDI]
00492555  |. 85FF           TEST EDI,EDI
00492557  |.^74 EE          JE SHORT Apex0.00492547
00492559  |. 8B5424 3C      MOV EDX,DWORD PTR SS:[ESP+3C]
0049255D  |. 8B4424 38      MOV EAX,DWORD PTR SS:[ESP+38]
00492561  |. 52             PUSH EDX
00492562  |. 53             PUSH EBX
00492563  |. 50             PUSH EAX
00492564  |. 55             PUSH EBP
00492565  |. 57             PUSH EDI
00492566  |. 8BCE           MOV ECX,ESI
00492568  |. E8 03DCFFFF    CALL Apex0.00490170
0049256D  |. 5D             POP EBP
0049256E  |. 5F             POP EDI
0049256F  |. 5B             POP EBX
00492570  |. 5E             POP ESI
00492571  |. 83C4 1C        ADD ESP,1C
00492574  \. C2 1400        RETN 14
    --------------------------------------------------------------------------------------------------------------------

    Second ive had a question about giving the Jjang to an admin ugrade. After some looking i found some useful info

    ID is Able to Hold Jjang

    Code:
    00475250  /$ 83B9 5A040000 >CMP DWORD PTR DS:[ECX+45A],2
00475257  |. 75 0D          JNZ SHORT Apex0.00475266
00475259  |. 51             PUSH ECX
0047525A  |. E8 516B0300    CALL Apex0.004ABDB0
0047525F  |. 8BC8           MOV ECX,EAX
00475261  |. E8 FA7DFFFF    CALL Apex0.0046D060
00475266  \> C3             RETN
    Jjang Usage Function

    Code:
    0046D060  /$ 6A FF          PUSH -1
0046D062  |. 68 9B885D00    PUSH Apex0.005D889B                      ;  SE handler installation
0046D067  |. 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
0046D06D  |. 50             PUSH EAX
0046D06E  |. 64:8925 000000>MOV DWORD PTR FS:[0],ESP
0046D075  |. 51             PUSH ECX
0046D076  |. 56             PUSH ESI
0046D077  |. 57             PUSH EDI
0046D078  |. 68 C4120000    PUSH 12C4
0046D07D  |. 8BF9           MOV EDI,ECX
0046D07F  |. E8 2B1F1600    CALL Apex0.005CEFAF
0046D084  |. 8BF0           MOV ESI,EAX
0046D086  |. 83C4 04        ADD ESP,4
0046D089  |. 897424 08      MOV DWORD PTR SS:[ESP+8],ESI
0046D08D  |. 85F6           TEST ESI,ESI
0046D08F  |. C74424 14 0000>MOV DWORD PTR SS:[ESP+14],0
0046D097  |. 74 25          JE SHORT Apex0.0046D0BE
0046D099  |. 8B8F 14020000  MOV ECX,DWORD PTR DS:[EDI+214]
0046D09F  |. 68 00F95E00    PUSH Apex0.005EF900                      ;  ASCII "event_ongame_jjang"
0046D0A4  |. E8 B7930600    CALL Apex0.004D6460
0046D0A9  |. 8B4C24 1C      MOV ECX,DWORD PTR SS:[ESP+1C]
0046D0AD  |. 51             PUSH ECX                                 ; /Arg2
0046D0AE  |. 50             PUSH EAX                                 ; |Arg1
0046D0AF  |. 8BCE           MOV ECX,ESI                              ; |
0046D0B1  |. E8 1A49FFFF    CALL Apex0.004619D0                      ; \Apex0.004619D0
0046D0B6  |. C706 94F85E00  MOV DWORD PTR DS:[ESI],Apex0.005EF894
0046D0BC  |. EB 02          JMP SHORT Apex0.0046D0C0
0046D0BE  |> 33F6           XOR ESI,ESI
0046D0C0  |> 6A 01          PUSH 1
0046D0C2  |. 8BCE           MOV ECX,ESI
0046D0C4  |. C74424 18 FFFF>MOV DWORD PTR SS:[ESP+18],-1
0046D0CC  |. E8 1F3AFFFF    CALL Apex0.00460AF0
0046D0D1  |. 56             PUSH ESI                                 ; /Arg1
0046D0D2  |. 8BCF           MOV ECX,EDI                              ; |
0046D0D4  |. C786 C0120000 >MOV DWORD PTR DS:[ESI+12C0],8            ; |
0046D0DE  |. E8 7DCEFFFF    CALL Apex0.00469F60                      ; \Apex0.00469F60
0046D0E3  |. 8B4C24 0C      MOV ECX,DWORD PTR SS:[ESP+C]
0046D0E7  |. 5F             POP EDI
0046D0E8  |. 5E             POP ESI
0046D0E9  |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
0046D0F0  |. 83C4 10        ADD ESP,10
0046D0F3  \. C2 0400        RETN 4
    Reply With Quote Reply With Quote
  2. Check out our sponsor
    Questions Dealing With ASM
  3. 03-07-09 #2
    PaulBub
    Account Upgraded | Title Enabled! PaulBub is offline
    MemberRank
    Apr 2009 Join Date
    316Posts

    Re: Questions Dealing With ASM

    My guess would be that the game load the effect, have you tryed to nop the call? What happened? Maybe there is some kind of check, like:

    >Has grenade exploded ?

    >Yes then draw it / >No then wait for it to explode

    That's just hypothesis :)
    Reply With Quote Reply With Quote
  4. 04-07-09 #3
    Wucas
    2D > 3D Wucas is offline
    MemberRank
    Dec 2008 Join Date
    In your bed :3Location
    2,523Posts

    Re: Questions Dealing With ASM

    When you NOP that call all it does is makes the grenade unable to be weilded, it just uses the last working weapon.

    Do you have an answer for the second one?
    Reply With Quote Reply With Quote
  5. 04-07-09 #4
    PaulBub
    Account Upgraded | Title Enabled! PaulBub is offline
    MemberRank
    Apr 2009 Join Date
    316Posts

    Re: Questions Dealing With ASM

    In your called function, there is another call :
    Code:
    0046D0AD  |. 51             PUSH ECX                                 ; /Arg2
0046D0AE  |. 50             PUSH EAX                                 ; |Arg1
0046D0AF  |. 8BCE           MOV ECX,ESI                              ; |
0046D0B1  |. E8 1A49FFFF    CALL Apex0.004619D0                      ; \Apex0.004619D0  
004924C6  |. 8BF8           MOV EDI,EAX
004924C8  |. 85FF           TEST EDI,EDI
004924CA  |. 75 09          JNZ SHORT Apex0.004924D5
    What are the parameters ? what does it return ? Because right after that, it test the return 'thing' if it's null then it returns from the function.

    This looks interesting:

    Code:
    004924E7  |. 8BCE           MOV ECX,ESI
004924E9  |. C74424 4C 0000>MOV DWORD PTR SS:[ESP+4C],0
004924F1  |. E8 6AE2FFFF    CALL Apex0.00490760
004924F6  |. 84C0           TEST AL,AL
004924F8  |. 74 4D          JE SHORT Apex0.00492547
004924FA  |. 8B4424 40      MOV EAX,DWORD PTR SS:[ESP+40]
004924FE  |. 85C0           TEST EAX,EAX
00492500  |. 76 51          JBE SHORT Apex0.00492553
    After the first call, AL is tested if AL = 0 it jumps to 0x0492547 wich is the end of the function, if AL != 0 then there is another test, if EAX = 0 (would be great if you found out what AL and EAX it might be some kind of bool that tells if timer ended) it jump to 0x0492553, at this point program do move into EDI the value pointed by EDI, and then test it, once again if it's equal, it jumps to the end of the function and sets EAX to 0 so function returns 0.

    So at this point you want to know : what's in ESP+4C and ESP+40, how does it affect the game if you nop those conditional jumps or change them to unconditional jumps

    Do that, then if it's needed I will give a look to the rest of the function.

    Once again I'm all blind doing this, it's up to you to experiment !
    Reply With Quote Reply With Quote


« Previous Thread | Next Thread »

Advertisement