[Help] PKBulletin adding row when ASSA kills ASSA

[TomaszRag]

Hey,
When assa gets owned by another player (non-sin) the server adds to PKBulletin table a row.
I want server to add a row when assa gets owned by anyone.

That's what I've already found out:
message-e.dat

Code:

(sys 533 "You killed the Assassin, %1 and you gained fame. Your contribution will be on the Assassin Board.")

dbserver.exe

Code:

.rdata:0042F170 aInsertIntoPkbu db 'INSERT INTO PKBulletin VALUES ( ',27h,'%s',27h,', ',27h,'%s',27h,', ',27h,'%s',27h,')'

dbserver.exe

Code:

sub_41A280 proc near

var_20= dword ptr -20h
var_1C= dword ptr -1Ch
var_C= dword ptr -0Ch
var_4= dword ptr -4
arg_0= byte ptr  8
arg_4= dword ptr  0Ch
arg_8= dword ptr  10h

push    ebp
mov     ebp, esp
push    0FFFFFFFFh
push    offset unknown_libname_110 ; Microsoft VisualC 2-8/net runtime
mov     eax, large fs:0
push    eax
mov     large fs:0, esp
sub     esp, 14h
mov     [ebp+var_20], ecx
lea     ecx, [ebp+var_1C]
call    sub_4026C0
mov     [ebp+var_4], 0
mov     eax, [ebp+arg_8]
push    eax
mov     ecx, [ebp+arg_4]
push    ecx
mov     edx, dword ptr [ebp+arg_0]
push    edx             ; char
push    offset aInsertIntoPkbu ; "INSERT INTO PKBulletin VALUES ( '%s', '"...
lea     eax, [ebp+var_1C]
push    eax             ; int
call    sub_402730
add     esp, 14h
mov     [ebp+var_4], 0FFFFFFFFh
lea     ecx, [ebp+var_1C]
call    sub_4026F0
mov     ecx, [ebp+var_C]
mov     large fs:0, ecx
mov     esp, ebp
pop     ebp
retn    0Ch
sub_41A280 endp

I think that it is somewhere in mainserver where there is application logic. Here there are only functions that adds it.

[MentaL]

[General]

MainServer...

http://bakabug.ultimate-sponsorring....9KalOnline.htm

CPlayer::PKBulletinInfoSend (0046B420): sending the info to the table

Check the function that calls 0046B420 (assembly search) and see where it checks for assassin or not. (probably the call to CChar::IsGState) (call 0040B310) and nop it.

Didn't try this, but its a matter of trial and error since we don't know what all those functions are for exactly.


We made dead people in CW drop items like sins this way :)

[TomaszRag]

I think I got it by another way, but ...
Neved did this before. How to change with IDA jnz instruction to jmp?
What tools do you use for disassembling, editing, recompiling (if needed).

[General]

Cheat Engine for disassembly, Hex editor for editing

I'm still a noob at it though, only thing I know smth about is the calls... and I know push are the arguments :p

I'm more into SQL and DbSvr edits

[TomaszRag]

Thanks for names, how Bakabug found out them? ;P

Dunno why it still dont work.

What have I did?
004555A0 jnz replaced with jmp
00455590 jz replaced with jmp

That jnz and jz are not sub, just locations, but only they are direct access to PKBulletin SUB.

[TomaszRag]

Hmm, maybe another try.

Do you know how to locate or do you know the location of code that load:

Code:

(sys 533 "You killed the Assassin, %1 and you gained fame. Your contribution will be on the Assassin Board.")

I can find a code that display and propably send info to DBServer.