00BE443A :SEND_PACKET_HOOK -> MU_SEND_PACKET: 00BE4865 -> MU_SENDER_CLASS : 0160951C
00C48E76 :PARSE_PACKET_HOOK -> PARSE_PACKET_STREAM 00BE5341 -> PROTOCOL_CORE2 : 00C4401E -> PROTOCOL_CORE1 : 00C183E9
0144C6F8 : key size 26
"w(eb!zen&Mu1@#^Ge&sch%enk!"
db 77 28 65 62 21 7A 65 6E 26 4D 75 31 40 23 5E 47 65 26 73 63 68 25 65 6E 6B 21
group HOOK CONNECT SERVER >> Use Class CServerInfo
tmuConnectToCS muConnectToCS = (tmuConnectToCS)MU_CONNECT_FUNC; MU_CONNECT_FUNC->00BF63FA
0045FA6A ->jmp IGC+... g_Connection = CS_CONNECTED; (1)
00511BAA
00B2E7FF g_Connection = GS_CONNECTED;
00504E8D -> HookExitFunc jmp IGC+... : Exit Process
00ADE647 -> HookExitCharSelectFunc >Menu-Exit Game
00513202 : HookDCFunc -> Reconnect System
0088111E: call 00626374-> call IGC+... reconnect
005066E1 -> mov [ebp-34],005052BA -> mov [ebp-34],IGC+...
ChangeAddress(MU_WND_PROC_HOOK, FPTR(WndProc));
-> MU_WND_PROC_HOOK : 005066E1
00508209 call SetTimer -> nop
>>0050E275 : Gameguard je -> jmp | 0x74 -> 0xEB
00C1A31F : gg jmp
00CF24A4 : gg jmp
00CF25DD : gg jmp
>00D8535E : remove encrypt mu error log. -> nop it 0x90 0x90 0x90 0x90 0x90
>>00512CD5 : push "screen dir"
group
006140D5 : cmp eax,0xE0 +>add cmp eax,0xA0<< charset[16] add pet 0xA0 display (panda i think) (s9 has 0xA0)
0061410D : cmp -0x20 +> add cmp -0x60 << same
>>0064731D : Set Battle Zone
>>00ABD5F8 Hook Set Gen Battle Map (warp command window)
group
0064EDBC : cmp dword ptr [ebp-000000A4],06 - > cmp07 || ->jg
0064EE28 : change jmp addr -- jng 0064F0CE -> jng 0064EFCF
group
00B6084F call IGC... custom jewels mouse hover use
(maybe label color | drop sound | expensive ...) didnt check
00670943: custom jewels
0069F1B8: custom jewels
00B623E2: custom jewels
>>00868675: Change PStore Zen->Wcoin
>>008697B9: item info custom : contional jmp-> nop (probably joh option on ancient)
009A7036: change Z shop Label Name
009BB302->009BB566 maybe custom event level
0xD84568 MultybyteToWideChar 0x4E4
0xD845AB MultybyteToWideChar 0x4E4
0x1600520 -> memset 00 00 00 00(case 4e4)
00A1BF9B: MultybyteToWideChar 0x4E4 + WideCharToMultyByte 65001 : ascii ->utf-8
0xA6702B WideCharToMultyByte 0x4E4
0xA6705C WideCharToMultyByte 0x4E4
00A4D3F6 : WideCharToMultyByte 0x4E4
0xA4D426 WideCharToMultyByte 0x4E4
if(codepage != 0x4e4) //codepage in Class CServerInfo
{
MemSet(0x459260, 0xEB, 1);
MemSet(0xB2C926, 0xEB, 1);
MemSet(0xAF2E2B, 0xEB, 1);
MemSet(0xAF2E2B, 0xEB, 1);
}
00A25E7B: add custom cmp check
00A25E82 : not need.
MemSet(0xA25E82, 0x90, 2);
00A62136 : mouse hover zen info -> nop
00A62555 : mouse hover ruud info -> nop
00AF0D84 : fname "mu.exe" -> "main.exe"
00B2C25F : Create Character Frame -> set/disable character creation
00B75A87 : ->Inc Max Chat length 33 - > 60 mov [ebp-10],00000021 -> mov [ebp-10],0000003C
//MemSet(0xB75A8A, 0x3C, 1);
NOP BYTES Area 1 size 88: --I didn't ckeck any NOP areas
00C0F7B4 : 0x90 ...
NOP BYTES Area 2 size 62:
00C1FDE5 : 0x90 ...
NOP BYTES Area 3 size 62:
00C20064 : 0x90 ...
NOP BYTES Area 4 size 76:
00C20F27 : 0x90 ...
MemSet(0xC0F7B4, 0x90, 88);
MemSet(0xC20F27, 0x90, 76);
MemSet(0xC1FDE5, 0x90, 62);
MemSet(0xC20064, 0x90, 62);
//maybe IGC disabled some UI parts
00B7B5B4 : hook. update PlayerUI hp/mp/sd/ag/toxic ...
009FC982 : hook. something about hp/mp/sd/ag ui... didn't check
009B7427 : hook. something about hp/mp/sd/ag ui... didn't check
00BE4D43 : OnSocketClose?
00BE4D84
00BE4EF9
00BF64FF: On Switch to Select Server. ReInit 2bytes packets Encrypt check
00C1A436: on after select char, Fix reverse Welcome string ("NoriaWelcome to" -> Welcome to Noria)
00C1C8F0: same, but on map move
00C1D259: 65k Shield Dmg fix (no need fix normal 65k dmg, WZ did it)
00C1D259: mov eax,[eax+14] ...nop...
db 8B 40 14 90 90 90 90 90 90 90 90 90 90 90 90 90
new 0xDF struct
struct PMSG_ATTACKRESULT
{
PBMSG_HEAD h; // header
BYTE NumberH; // 3
BYTE NumberL; // 4
//3bytes gap (bt->int)
int Damage; // 8
BYTE DamageTypeH; //C
BYTE DamageTypeL; // D
BYTE btShieldDamageH; // E
BYTE btShieldDamageL; // F
BYTE newType; //10
//3bytes gap (bt->int)
int iShieldDamage //14
};
stolen bytes 1
00BE5341:
db 55 8B EC 51 51 89 4D F8 8B 45 F8 8B 88 24 40 00 00 E8 1C 03 00 00 0F B6 C0 85 C0 75 29 8B 45 F8 8B 88 24 40 00 00 E8 CF 03 00 00 89 45 FC 8B 45 F8 8B 88 24 40 00 00 E8 B9 02 00 00 8B 4D FC E8 AA 03 00 00 EB 02 33 C0 C9 C3
/*
main.exe+7E5341 - 55 - push ebp
main.exe+7E5342 - 8B EC - mov ebp,esp
main.exe+7E5344 - 51 - push ecx
main.exe+7E5345 - 51 - push ecx
main.exe+7E5346 - 89 4D F8 - mov [ebp-08],ecx
main.exe+7E5349 - 8B 45 F8 - mov eax,[ebp-08]
main.exe+7E534C - 8B 88 24400000 - mov ecx,[eax+00004024]
main.exe+7E5352 - E8 1C030000 - call main.exe+7E5673
main.exe+7E5357 - 0FB6 C0 - movzx eax,al
main.exe+7E535A - 85 C0 - test eax,eax
main.exe+7E535C - 75 29 - jne main.exe+7E5387
main.exe+7E535E - 8B 45 F8 - mov eax,[ebp-08]
main.exe+7E5361 - 8B 88 24400000 - mov ecx,[eax+00004024]
main.exe+7E5367 - E8 CF030000 - call main.exe+7E573B
main.exe+7E536C - 89 45 FC - mov [ebp-04],eax
main.exe+7E536F - 8B 45 F8 - mov eax,[ebp-08]
main.exe+7E5372 - 8B 88 24400000 - mov ecx,[eax+00004024]
main.exe+7E5378 - E8 B9020000 - call main.exe+7E5636
main.exe+7E537D - 8B 4D FC - mov ecx,[ebp-04]
main.exe+7E5380 - E8 AA030000 - call main.exe+7E572F
main.exe+7E5385 - EB 02 - jmp main.exe+7E5389
main.exe+7E5387 - 33 C0 - xor eax,eax
main.exe+7E5389
stolen bytes 2
00BF6423:
db 0F B7 45 0C 50 FF 75 08 68 04 18 43 01 68 E0 6A 63 01 E8 A5 EF 18 00 83 C4 10 6A 01 FF 35 8C 6A 63 01 B9 80 A6 1E 0A E8 77 E7 FE FF 68 00 04 00 00 FF 75 0C FF 75 08 B9 80 A6 1E 0A E8 70 E9 FE FF 85 C0 0F 85 93 00 00 00 68 F0 17 43 01 68 E0 6A 63 01 E8 64 EF 18 00 59 59 6A 01
/*
main.exe+7F6423 - 0FB7 45 0C - movzx eax,word ptr [ebp+0C]
main.exe+7F6427 - 50 - push eax
main.exe+7F6428 - FF 75 08 - push [ebp+08]
main.exe+7F642B - 68 04184301 - push main.exe+1031804 { ["[Connect to Server] ip address = %s, port = %d"] }
main.exe+7F6430 - 68 E06A6301 - push main.exe+1236AE0 { [01450A68] }
main.exe+7F6435 - E8 A5EF1800 - call main.exe+9853DF
main.exe+7F643A - 83 C4 10 - add esp,10 { 16 }
main.exe+7F643D - 6A 01 - push 01 { 1 }
main.exe+7F643F - FF 35 8C6A6301 - push [main.exe+1236A8C] { [007E0F10] }
main.exe+7F6445 - B9 80A61E0A - mov ecx,main.exe+9DEA680 { [007E0F10] }
main.exe+7F644A - E8 77E7FEFF - call main.exe+7E4BC6
main.exe+7F644F - 68 00040000 - push 00000400 { 1024 }
main.exe+7F6454 - FF 75 0C - push [ebp+0C]
main.exe+7F6457 - FF 75 08 - push [ebp+08]
main.exe+7F645A - B9 80A61E0A - mov ecx,main.exe+9DEA680 { [007E0F10] }
main.exe+7F645F - E8 70E9FEFF - call main.exe+7E4DD4
main.exe+7F6464 - 85 C0 - test eax,eax
main.exe+7F6466 - 0F85 93000000 - jne main.exe+7F64FF
main.exe+7F646C - 68 F0174301 - push main.exe+10317F0 { ["Failed to connect. "] }
main.exe+7F6471 - 68 E06A6301 - push main.exe+1236AE0 { [01450A68] }
main.exe+7F6476 - E8 64EF1800 - call main.exe+9853DF
main.exe+7F647B - 59 - pop ecx
main.exe+7F647C - 59 - pop ecx
main.exe+7F647D - 6A 01 - push 01 { 1 }
*/
(signed int16-> unsigned int16 32k->64k)
00A8C96A ; movsx -> movzx : Remove (+/-) stats info 0FBF-> 0FB7 (00A8C96A+1 : BF -> B7)
00A8C981 :same
00A8C996
00A8C98C
00A8C9A1
00A8C9AB
00A8CA4F
00A8CA66
00A8CA71
00A8CA7B
00A8CA86
00A8CA90
00A8CB34
00A8CB4B
00A8CB56
00A8CB60
00A8CB6B
00A8CB75
00A8CC19
00A8CC30
00A8CC3B
00A8CC45
00A8CC50
00A8CC5A
00A8CCFE
00A8CD15
00A8CD20
00A8CD2A
00A8CD35
00A8CD3F
00A8D0FA
00A8D104
00A8D112
00A8D11C
00A8D12A
00A8D143
00A8D188
00A8D192
00A8D1A0
00A8D1AA
00A8D1B8
00A8D1D1
00A8D21C
00A8D226
00A8D234
00A8D23E
00A8D24C
00A8D265
00A8D2B0
00A8D2BA
00A8D2C8
00A8D2D2
00A8D2E0
00A8D2F9
00A8D344
00A8D34E
00A8D35C
00A8D366
00A8D374
00A8D38D