Originally Posted by
Th3AnG3L
im not so sure cause mauro is working on s4 project and i think he is making it for 1.03O better ask him to tell you correct
I only post original src from SmallHabit.. I don't know for that version from main.exe is this code.. -.- but If you are a real programmer or at least you understand how to make inline assembler.. you can use this code like base without knows version.
For example this function:
Code:
void __declspec(naked) MapNewNames(){
_asm
{
cmp esi,34 //MapNumber
jnz JNZNext80
push 0x73B //Text Line
mov ecx,0x07BA0588
mov edx, 0x00404020
call edx
mov edx, 0x005BF599
jmp edx
JNZNext80:
cmp esi,80 //MapNumber
jnz JNZNext59
push 0x914 //Text Line
mov ecx,0x07BA0588
mov edx, 0x00404020
call edx
mov edx, 0x005BF599
jmp edx
JNZNext59:
cmp esi,59 //MapNumber
jnz JNZNext60
push 0x914 //Text Line
mov ecx,0x07BA0588
mov edx, 0x00404020
call edx
mov edx, 0x005BF599
jmp edx
mov edx, 0x005BF1BF;
jmp edx;
JNZNext60:
cmp esi,60 //MapNumber
jnz JNZNext61
push 0x914 //Text Line
mov ecx,0x07BA0588
mov edx, 0x00404020
call edx
mov edx, 0x005BF599
jmp edx
mov edx, 0x005BF1BF;
jmp edx;
JNZNext61:
cmp esi,61 //MapNumber
jnz JNZNext75
push 0x914 //Text Line
mov ecx,0x07BA0588
mov edx, 0x00404020
call edx
mov edx, 0x005BF599
jmp edx
mov edx, 0x005BF1BF;
jmp edx;
JNZNext75:
cmp esi,75 //MapNumber
jnz JNZNext76
push 0x73F //Text Line
mov ecx,0x07BA0588
mov edx, 0x00404020
call edx
mov edx, 0x005BF599
jmp edx
mov edx, 0x005BF1BF;
jmp edx;
JNZNext76:
cmp esi,76 //MapNumber
jnz JNZNext77
push 0x73F //Text Line
mov ecx,0x07BA0588
mov edx, 0x00404020
call edx
mov edx, 0x005BF599
jmp edx
mov edx, 0x005BF1BF;
jmp edx;
JNZNext77:
cmp esi,77 //MapNumber
jnz JNZNext78
push 0x73F //Text Line
mov ecx,0x07BA0588
mov edx, 0x00404020
call edx
mov edx, 0x005BF599
jmp edx
mov edx, 0x005BF1BF;
jmp edx;
JNZNext78:
cmp esi,78 //MapNumber
jnz JNZNext81
push 0x73E //Text Line
mov ecx,0x07BA0588
mov edx, 0x00404020
call edx
mov edx, 0x005BF599
jmp edx
JNZNext81:
cmp esi,81 //MapNumber
jnz JNZNext82
push 0x73E //Text Line
mov ecx,0x07BA0588
mov edx, 0x00404020
call edx
mov edx, 0x005BF599
jmp edx
mov edx, 0x005BF1BF;
jmp edx;
JNZNext82:
cmp esi,82 //MapNumber
jnz JNZNext83
push 0x73E //Text Line
mov ecx,0x07BA0588
mov edx, 0x00404020
call edx
mov edx, 0x005BF599
jmp edx
mov edx, 0x005BF1BF;
jmp edx;
JNZNext83:
cmp esi,83 //MapNumber
jnz JNZNext84
push 0xA7E //Text Line
mov ecx,0x07BA0588
mov edx, 0x00404020
call edx
mov edx, 0x005BF599
jmp edx
mov edx, 0x005BF1BF;
jmp edx;
JNZNext84:
cmp esi,84 //MapNumber
jnz JNZNext85
push 0xA7E //Text Line
mov ecx,0x07BA0588
mov edx, 0x00404020
call edx
mov edx, 0x005BF599
jmp edx
mov edx, 0x005BF1BF;
jmp edx;
JNZNext85:
cmp esi,85 //MapNumber
jnz JNZNextEnd
push 0xA7E //Text Line
mov ecx,0x07BA0588
mov edx, 0x00404020
call edx
mov edx, 0x005BF599
jmp edx
mov edx, 0x005BF1BF;
jmp edx;
JNZNextEnd:
mov edx, 0x005BF1BF;
jmp edx;
} }
This is for show: "Welcome to XXX map" msg. when character enter in this. this function is for get from: Text.bmd file lines numbers.. so.. If you look from your text.bmd from client numbers with pentium tools or another soft number lines and search on your main with olly (if you understand something of asm) you can easy re-write a complete function for your main.exe on your library. -.-
cmp esi, 0x34 = this is number map id (in this case Crywolf Fortress)
push 0x73B = this is number line: 1851 (to in this case) Crywolf map.. is original one used on code.
PS: I don't work more with 1.03O Eng proto main.exe now working with JPN 1.03M main.exe (1.03.13)
Here I leave my data debug from: 1.03.13 for this function:
Code:
CPU Disasm
Address Hex dump Command Comments
005A4750 /$ 51 PUSH ECX ; main.005A4750(guessed Arg1)
005A4751 |. 56 PUSH ESI
005A4752 |. 8B7424 0C MOV ESI,DWORD PTR SS:[ARG.1]
005A4756 |. 83FE 22 CMP ESI,22
005A4759 |. 75 14 JNE SHORT 005A476F
005A475B |. 68 3B070000 PUSH 73B ; /Arg1 = 73B
005A4760 |. B9 68E8AA07 MOV ECX,OFFSET 07AAE868 ; |
005A4765 |. E8 86E8E5FF CALL 00402FF0 ; \main.00402FF0
005A476A |. E9 DD020000 JMP 005A4A4C
005A476F |> 83FE 21 CMP ESI,21
005A4772 |. 75 14 JNE SHORT 005A4788
005A4774 |. 68 3A070000 PUSH 73A ; /Arg1 = 73A
005A4779 |. B9 68E8AA07 MOV ECX,OFFSET 07AAE868 ; |
005A477E |. E8 6DE8E5FF CALL 00402FF0 ; \main.00402FF0
005A4783 |. E9 C4020000 JMP 005A4A4C
005A4788 |> 83FE 25 CMP ESI,25
005A478B |. 75 14 JNE SHORT 005A47A1
005A478D |. 68 81080000 PUSH 881 ; /Arg1 = 881
005A4792 |. B9 68E8AA07 MOV ECX,OFFSET 07AAE868 ; |
005A4797 |. E8 54E8E5FF CALL 00402FF0 ; \main.00402FF0
005A479C |. E9 AB020000 JMP 005A4A4C
005A47A1 |> 83FE 26 CMP ESI,26
005A47A4 |. 75 14 JNE SHORT 005A47BA
005A47A6 |. 68 82080000 PUSH 882 ; /Arg1 = 882
005A47AB |. B9 68E8AA07 MOV ECX,OFFSET 07AAE868 ; |
005A47B0 |. E8 3BE8E5FF CALL 00402FF0 ; \main.00402FF0
005A47B5 |. E9 92020000 JMP 005A4A4C
005A47BA |> 83FE 27 CMP ESI,27
005A47BD |. 75 14 JNE SHORT 005A47D3
005A47BF |. 68 83080000 PUSH 883 ; /Arg1 = 883
005A47C4 |. B9 68E8AA07 MOV ECX,OFFSET 07AAE868 ; |
005A47C9 |. E8 22E8E5FF CALL 00402FF0 ; \main.00402FF0
005A47CE |. E9 79020000 JMP 005A4A4C
005A47D3 |> 83FE 28 CMP ESI,28
005A47D6 |. 75 14 JNE SHORT 005A47EC
005A47D8 |. 68 14090000 PUSH 914 ; /Arg1 = 914
005A47DD |. B9 68E8AA07 MOV ECX,OFFSET 07AAE868 ; |
005A47E2 |. E8 09E8E5FF CALL 00402FF0 ; \main.00402FF0
005A47E7 |. E9 60020000 JMP 005A4A4C
005A47EC |> 83FE 33 CMP ESI,33
005A47EF |. 75 14 JNE SHORT 005A4805
005A47F1 |. 68 3D070000 PUSH 73D ; /Arg1 = 73D
005A47F6 |. B9 68E8AA07 MOV ECX,OFFSET 07AAE868 ; |
005A47FB |. E8 F0E7E5FF CALL 00402FF0 ; \main.00402FF0
005A4800 |. E9 47020000 JMP 005A4A4C
005A4805 |> 83FE 39 CMP ESI,39
005A4808 |. 75 14 JNE SHORT 005A481E
005A480A |. 68 3F070000 PUSH 73F ; /Arg1 = 73F
005A480F |. B9 68E8AA07 MOV ECX,OFFSET 07AAE868 ; |
005A4814 |. E8 D7E7E5FF CALL 00402FF0 ; \main.00402FF0
005A4819 |. E9 2E020000 JMP 005A4A4C
005A481E |> 83FE 3A CMP ESI,3A
005A4821 |. 75 14 JNE SHORT 005A4837
005A4823 |. 68 40070000 PUSH 740 ; /Arg1 = 740
005A4828 |. B9 68E8AA07 MOV ECX,OFFSET 07AAE868 ; |
005A482D |. E8 BEE7E5FF CALL 00402FF0 ; \main.00402FF0
005A4832 |. E9 15020000 JMP 005A4A4C
005A4837 |> 83FE 1E CMP ESI,1E
005A483A |. 75 14 JNE SHORT 005A4850
005A483C |. 68 9D020000 PUSH 29D ; /Arg1 = 29D
005A4841 |. B9 68E8AA07 MOV ECX,OFFSET 07AAE868 ; |
005A4846 |. E8 A5E7E5FF CALL 00402FF0 ; \main.00402FF0
005A484B |. E9 FC010000 JMP 005A4A4C
005A4850 |> 83FE 1F CMP ESI,1F
005A4853 |. 75 11 JNE SHORT 005A4866
005A4855 |. 6A 3B PUSH 3B ; /Arg1 = 3B
005A4857 |. B9 68E8AA07 MOV ECX,OFFSET 07AAE868 ; |
005A485C |. E8 8FE7E5FF CALL 00402FF0 ; \main.00402FF0
005A4861 |. E9 E6010000 JMP 005A4A4C
005A4866 |> 56 PUSH ESI ; /Arg1 => [ARG.1]
005A4867 |. E8 34B9EEFF CALL 004901A0 ; \main.004901A0
005A486C |. 83C4 04 ADD ESP,4
005A486F |. 3C 01 CMP AL,1
005A4871 |. 75 11 JNE SHORT 005A4884
005A4873 |. 6A 39 PUSH 39 ; /Arg1 = 39
005A4875 |. B9 68E8AA07 MOV ECX,OFFSET 07AAE868 ; |
005A487A |. E8 71E7E5FF CALL 00402FF0 ; \main.00402FF0
005A487F |. E9 C8010000 JMP 005A4A4C
005A4884 |> 83FE 18 CMP ESI,18
005A4887 |. 7C 05 JL SHORT 005A488E
005A4889 |. 83FE 1D CMP ESI,1D
005A488C |. 7E 28 JLE SHORT 005A48B6
005A488E |> 83FE 24 CMP ESI,24
005A4891 |. 74 28 JE SHORT 005A48BB
005A4893 |. 56 PUSH ESI ; /Arg1 => [ARG.1]
005A4894 |. E8 24B9EEFF CALL 004901BD ; \main.004901BD
005A4899 |. 83C4 04 ADD ESP,4
005A489C |. 3C 01 CMP AL,1
005A489E |. 75 49 JNE SHORT 005A48E9
005A48A0 |. 8D4C24 0C LEA ECX,[ARG.1]
005A48A4 |. C74424 0C 380 MOV DWORD PTR SS:[ARG.1],38
005A48AC |. 51 PUSH ECX
005A48AD |. 8D5424 08 LEA EDX,[LOCAL.0]
005A48B1 |. E9 75010000 JMP 005A4A2B
005A48B6 |> 83FE 24 CMP ESI,24
005A48B9 |. 75 17 JNE SHORT 005A48D2
005A48BB |> 8D4424 0C LEA EAX,[ARG.1]
005A48BF |. 8D4C24 04 LEA ECX,[LOCAL.0]
005A48C3 |. 50 PUSH EAX
005A48C4 |. C74424 10 3C0 MOV DWORD PTR SS:[ARG.1],73C
005A48CC |. 51 PUSH ECX
005A48CD |. E9 5A010000 JMP 005A4A2C
005A48D2 |> 8D5424 0C LEA EDX,[ARG.1]
005A48D6 |. 8D4424 04 LEA EAX,[LOCAL.0]
005A48DA |. 52 PUSH EDX
005A48DB |. C74424 10 3A0 MOV DWORD PTR SS:[ARG.1],3A
005A48E3 |. 50 PUSH EAX
005A48E4 |. E9 43010000 JMP 005A4A2C
005A48E9 |> 83FE 0A CMP ESI,0A
005A48EC |. 75 17 JNE SHORT 005A4905
005A48EE |. 8D4424 0C LEA EAX,[ARG.1]
005A48F2 |. 8D4C24 04 LEA ECX,[LOCAL.0]
005A48F6 |. 50 PUSH EAX
005A48F7 |. C74424 10 370 MOV DWORD PTR SS:[ARG.1],37
005A48FF |. 51 PUSH ECX
005A4900 |. E9 27010000 JMP 005A4A2C
005A4905 |> 83FE 20 CMP ESI,20
005A4908 |. 75 17 JNE SHORT 005A4921
005A490A |. 8D5424 0C LEA EDX,[ARG.1]
005A490E |. 8D4424 04 LEA EAX,[LOCAL.0]
005A4912 |. 52 PUSH EDX
005A4913 |. C74424 10 270 MOV DWORD PTR SS:[ARG.1],27
005A491B |. 50 PUSH EAX
005A491C |. E9 0B010000 JMP 005A4A2C
005A4921 |> E8 9CA92100 CALL 007BF2C2
005A4926 |. 8BC8 MOV ECX,EAX
005A4928 |. E8 E2A92100 CALL 007BF30F ; [main.007BF30F
005A492D |. 84C0 TEST AL,AL
005A492F |. 74 16 JE SHORT 005A4947
005A4931 |. 8D4C24 0C LEA ECX,[ARG.1]
005A4935 |. C74424 0C 8E0 MOV DWORD PTR SS:[ARG.1],68E
005A493D |. 51 PUSH ECX
005A493E |. 8D5424 08 LEA EDX,[LOCAL.0]
005A4942 |. E9 E4000000 JMP 005A4A2B
005A4947 |> E8 76A92100 CALL 007BF2C2
005A494C |. 8BC8 MOV ECX,EAX
005A494E |. E8 D1A92100 CALL 007BF324 ; [main.007BF324
005A4953 |. 84C0 TEST AL,AL
005A4955 |. 74 17 JE SHORT 005A496E
005A4957 |. 8D4424 0C LEA EAX,[ARG.1]
005A495B |. 8D4C24 04 LEA ECX,[LOCAL.0]
005A495F |. 50 PUSH EAX
005A4960 |. C74424 10 8F0 MOV DWORD PTR SS:[ARG.1],68F
005A4968 |. 51 PUSH ECX
005A4969 |. E9 BE000000 JMP 005A4A2C
005A496E |> E8 8D632600 CALL 0080AD00
005A4973 |. A1 D86C8C00 MOV EAX,DWORD PTR DS:[8C6CD8]
005A4978 |. 83F8 2D CMP EAX,2D
005A497B |. 7C 1C JL SHORT 005A4999
005A497D |. 83F8 32 CMP EAX,32
005A4980 |. 7F 17 JG SHORT 005A4999
005A4982 |. 8D5424 0C LEA EDX,[ARG.1]
005A4986 |. 8D4424 04 LEA EAX,[LOCAL.0]
005A498A |. 52 PUSH EDX
005A498B |. C74424 10 410 MOV DWORD PTR SS:[ARG.1],941
005A4993 |. 50 PUSH EAX
005A4994 |. E9 93000000 JMP 005A4A2C
005A4999 |> 83FE 38 CMP ESI,38 ; Switch (cases 38..40, 5 exits)
005A499C |. 75 13 JNE SHORT 005A49B1
005A499E |. 8D4C24 0C LEA ECX,[ARG.1] ; Case 38 ('8') of switch main.5A4999
005A49A2 |. C74424 0C 3E0 MOV DWORD PTR SS:[ARG.1],73E
005A49AA |. 51 PUSH ECX
005A49AB |. 8D5424 08 LEA EDX,[LOCAL.0]
005A49AF |. EB 7A JMP SHORT 005A4A2B
005A49B1 |> 83FE 3E CMP ESI,3E
005A49B4 |. 75 2D JNE SHORT 005A49E3
005A49B6 |. 8D4424 0C LEA EAX,[ARG.1] ; Case 3E ('>') of switch main.5A4999
005A49BA |. 8D4C24 04 LEA ECX,[LOCAL.0]
005A49BE |. 50 PUSH EAX ; /Arg2 => OFFSET ARG.1
005A49BF |. 51 PUSH ECX ; |Arg1 => OFFSET LOCAL.0
005A49C0 |. B9 68E8AA07 MOV ECX,OFFSET 07AAE868 ; |
005A49C5 |. C74424 14 330 MOV DWORD PTR SS:[ARG.1],0A33 ; |
005A49CD |. E8 9EE6E5FF CALL 00403070 ; \main.00403070
005A49D2 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005A49D4 |. 8B0D 6CE8AA07 MOV ECX,DWORD PTR DS:[7AAE86C]
005A49DA |. 3BC1 CMP EAX,ECX
005A49DC |. 74 69 JE SHORT 005A4A47
005A49DE |. 83C0 10 ADD EAX,10
005A49E1 |. EB 69 JMP SHORT 005A4A4C
005A49E3 |> 83FE 40 CMP ESI,40
005A49E6 |. 75 2D JNE SHORT 005A4A15
005A49E8 |. 8D5424 0C LEA EDX,[ARG.1] ; Case 40 ('@') of switch main.5A4999
005A49EC |. 8D4424 04 LEA EAX,[LOCAL.0]
005A49F0 |. 52 PUSH EDX ; /Arg2 => OFFSET ARG.1
005A49F1 |. 50 PUSH EAX ; |Arg1 => OFFSET LOCAL.0
005A49F2 |. B9 68E8AA07 MOV ECX,OFFSET 07AAE868 ; |
005A49F7 |. C74424 14 8F0 MOV DWORD PTR SS:[ARG.1],0A8F ; |
005A49FF |. E8 6CE6E5FF CALL 00403070 ; \main.00403070
005A4A04 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005A4A06 |. 8B0D 6CE8AA07 MOV ECX,DWORD PTR DS:[7AAE86C]
005A4A0C |. 3BC1 CMP EAX,ECX
005A4A0E |. 74 37 JE SHORT 005A4A47
005A4A10 |. 83C0 10 ADD EAX,10
005A4A13 |. EB 37 JMP SHORT 005A4A4C
005A4A15 |> 83FE 3F CMP ESI,3F
005A4A18 |. 75 41 JNE SHORT 005A4A5B
005A4A1A |. 8D4C24 0C LEA ECX,[ARG.1] ; Case 3F ('?') of switch main.5A4999
005A4A1E |. C74424 0C 7E0 MOV DWORD PTR SS:[ARG.1],0A7E
005A4A26 |. 51 PUSH ECX
005A4A27 |. 8D5424 08 LEA EDX,[LOCAL.0]
005A4A2B |> 52 PUSH EDX
005A4A2C |> B9 68E8AA07 MOV ECX,OFFSET 07AAE868
005A4A31 |. E8 3AE6E5FF CALL 00403070 ; \main.00403070
005A4A36 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005A4A38 |. 8B0D 6CE8AA07 MOV ECX,DWORD PTR DS:[7AAE86C]
005A4A3E |. 3BC1 CMP EAX,ECX
005A4A40 |. 74 05 JE SHORT 005A4A47
005A4A42 |. 83C0 10 ADD EAX,10
005A4A45 |. EB 05 JMP SHORT 005A4A4C
005A4A47 |> B8 78E8AA07 MOV EAX,OFFSET 07AAE878
005A4A4C |> 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4]
005A4A4F |. 85C0 TEST EAX,EAX
005A4A51 |. 75 47 JNE SHORT 005A4A9A
005A4A53 |. B8 F0A68800 MOV EAX,OFFSET 0088A6F0
005A4A58 |. 5E POP ESI
005A4A59 |. 59 POP ECX
005A4A5A |. C3 RETN
005A4A5B |> 8D4424 0C LEA EAX,[ARG.1] ; Default case of switch main.5A4999
005A4A5F |. 8D4C24 04 LEA ECX,[LOCAL.0]
005A4A63 |. 50 PUSH EAX ; /Arg2 => OFFSET ARG.1
005A4A64 |. 83C6 1E ADD ESI,1E ; |
005A4A67 |. 51 PUSH ECX ; |Arg1 => OFFSET LOCAL.0
005A4A68 |. B9 68E8AA07 MOV ECX,OFFSET 07AAE868 ; |
005A4A6D |. 897424 14 MOV DWORD PTR SS:[ARG.1],ESI ; |
005A4A71 |. E8 BAE6E5FF CALL 00403130 ; \main.00403130
005A4A76 |. 8B4424 04 MOV EAX,DWORD PTR SS:[LOCAL.0]
005A4A7A |. 8B0D 6CE8AA07 MOV ECX,DWORD PTR DS:[7AAE86C]
005A4A80 |. 3BC1 CMP EAX,ECX
005A4A82 |. 74 05 JE SHORT 005A4A89
005A4A84 |. 83C0 10 ADD EAX,10
005A4A87 |. EB 05 JMP SHORT 005A4A8E
005A4A89 |> B8 78E8AA07 MOV EAX,OFFSET 07AAE878
005A4A8E |> 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4]
005A4A91 |. 85C0 TEST EAX,EAX
005A4A93 |. 75 05 JNE SHORT 005A4A9A
005A4A95 |. B8 F0A68800 MOV EAX,OFFSET 0088A6F0
005A4A9A |> 5E POP ESI
005A4A9B |. 59 POP ECX
005A4A9C \. C3 RETN
PS2: This is complete section.. from my main.exe
Anyways.. this code is very ugly.. today is possible makes decompilation work with IDA, and more for 1 simple function like this.. and you can understand more this code if you make this.
Reply With Quote