The tittle says all,,,
please, i want to know how can i Active the /gt*commands instead /gtgod and how to change the Command /jjang to a ban command ( /ban ) ??
Printable View
The tittle says all,,,
please, i want to know how can i Active the /gt*commands instead /gtgod and how to change the Command /jjang to a ban command ( /ban ) ??
Here is a quick line of thought you(or someone else) can use to enable the "/gt*" commands.
Here's how they work::
First let's give an example of a command that works, "/jjang"
You'll notice that "Arg3" points to an address in gunz which is this:Code:0042D84C |. 68 6C685E00 PUSH Gunz.005E686C ; /Arg9 = 005E686C
0042D851 |. 68 E4A35E00 PUSH Gunz.005EA3E4 ; |Arg8 = 005EA3E4 ASCII "/jjang"
0042D856 |. 6A 01 PUSH 1 ; |Arg7 = 00000001
0042D858 |. 6A FF PUSH -1 ; |Arg6 = FFFFFFFF
0042D85A |. 6A FF PUSH -1 ; |Arg5 = FFFFFFFF
0042D85C |. 68 86000000 PUSH 86 ; |Arg4 = 00000086
0042D861 |. 68 E0BA4200 PUSH Gunz.0042BAE0 ; |Arg3 = 0042BAE0
0042D866 |. 68 DCA35E00 PUSH Gunz.005EA3DC ; |Arg2 = 005EA3DC ASCII "jjang"
0042D86B |. 6A 00 PUSH 0 ; |Arg1 = 00000000
0042D86D |. 8BCE MOV ECX,ESI ; |
0042D86F |. E8 FC220000 CALL Gunz.0042FB70 ; \Gunz.0042FB70
Now let's look at the "/gt*" commands, "/gtgod" for an example:Code:0042BAE0 . 837C24 08 02 CMP DWORD PTR SS:[ESP+8],2
0042BAE5 . 7D 46 JGE SHORT Gunz.0042BB2D
0042BAE7 . 8B4424 0C MOV EAX,DWORD PTR SS:[ESP+C]
0042BAEB . 56 PUSH ESI
0042BAEC . 8B30 MOV ESI,DWORD PTR DS:[EAX]
0042BAEE . B0 FF MOV AL,0FF
0042BAF0 . 68 ED030000 PUSH 3ED
0042BAF5 . 884424 13 MOV BYTE PTR SS:[ESP+13],AL
0042BAF9 . C64424 10 00 MOV BYTE PTR SS:[ESP+10],0
0042BAFE . 884424 11 MOV BYTE PTR SS:[ESP+11],AL
0042BB02 . C64424 12 00 MOV BYTE PTR SS:[ESP+12],0
0042BB07 . E8 E4C90D00 CALL Gunz.005084F0
0042BB0C . 8BC8 MOV ECX,EAX
0042BB0E . E8 5D3B0A00 CALL Gunz.004CF670
0042BB13 . 8B4C24 0C MOV ECX,DWORD PTR SS:[ESP+C]
0042BB17 . 51 PUSH ECX
0042BB18 . 6A 00 PUSH 0
0042BB1A . 6A 00 PUSH 0
0042BB1C . 50 PUSH EAX
0042BB1D . E8 0EE7FFFF CALL Gunz.0042A230
0042BB22 . 56 PUSH ESI
0042BB23 . E8 A8F4FFFF CALL Gunz.0042AFD0
0042BB28 . 83C4 14 ADD ESP,14
0042BB2B . 5E POP ESI
0042BB2C . C3 RETN
0042BB2D > 8B5424 0C MOV EDX,DWORD PTR SS:[ESP+C]
0042BB31 . 8B42 04 MOV EAX,DWORD PTR DS:[EDX+4]
0042BB34 . 50 PUSH EAX
0042BB35 . E8 D6F2FFFF CALL Gunz.0042AE10
0042BB3A . 59 POP ECX
0042BB3B . C3 RETN
Now the "Arg3" of "/gtgod" as well as all the other "/gt*" commands point to 0x00401070. When we follow this in Gunz.exe we get this:Code:0042D933 |. 68 6C685E00 PUSH Gunz.005E686C ; /Arg9 = 005E686C
0042D938 |. 68 18A35E00 PUSH Gunz.005EA318 ; |Arg8 = 005EA318 ASCII "/gtgod"
0042D93D |. 6A 01 PUSH 1 ; |Arg7 = 00000001
0042D93F |. 6A 01 PUSH 1 ; |Arg6 = 00000001
0042D941 |. 6A FF PUSH -1 ; |Arg5 = FFFFFFFF
0042D943 |. 6A 40 PUSH 40 ; |Arg4 = 00000040
0042D945 |. 68 70104000 PUSH Gunz.00401070 ; |Arg3 = 00401070
0042D94A |. 68 10A35E00 PUSH Gunz.005EA310 ; |Arg2 = 005EA310 ASCII "gtgod"
0042D94F |. 6A 00 PUSH 0 ; |Arg1 = 00000000
0042D951 |. 8BCE MOV ECX,ESI ; |
0042D953 |. E8 18220000 CALL Gunz.0042FB70 ; \Gunz.0042FB70
This means that the entire code doesn't even exist at all. Now this would mean it's impossible to put back together unless you knew what MAIET actually did there.Code:00401070 $ C3 RETN
There is a way, though, to get the code back with some work. Now, the code should exists a while back before MAIET removed them. In GunzOld.exe they do exist(Find this on your own).
Now I went and looked in GunzOld.exe and went to the "Arg3" of "/gtgod"(Note: The addresses of "Arg3" will be different this time). Here is what I found:
To make newer Gunz.exe's able to use these commands you will have to copy the code from GunzOld.exe to Gunz.exe; but that's only the easy part. You will have to update all the addresses in the old code to point to the correct code in the newer Gunz.exe's. Not only that but if the old code points to something that doesn't exist, you will have to create it!Code:00429EE0 . 51 PUSH ECX
00429EE1 . E8 2A190700 CALL GunzOld.0049B810
00429EE6 . 84C0 TEST AL,AL
00429EE8 . 75 1D JNZ SHORT GunzOld.00429F07
00429EEA . E8 A1440200 CALL GunzOld.0044E390
00429EEF . 8B40 58 MOV EAX,DWORD PTR DS:[EAX+58]
00429EF2 . 3D FC000000 CMP EAX,0FC
00429EF7 . 74 0E JE SHORT GunzOld.00429F07
00429EF9 . 3D FE000000 CMP EAX,0FE
00429EFE . 74 07 JE SHORT GunzOld.00429F07
00429F00 . 3D FF000000 CMP EAX,0FF
00429F05 . 75 76 JNZ SHORT GunzOld.00429F7D
00429F07 > A1 BC0A6300 MOV EAX,DWORD PTR DS:[630ABC]
00429F0C . 85C0 TEST EAX,EAX
00429F0E . 74 6D JE SHORT GunzOld.00429F7D
00429F10 . 53 PUSH EBX
00429F11 . 56 PUSH ESI
00429F12 . E8 B9190700 CALL GunzOld.0049B8D0
00429F17 . 8BF0 MOV ESI,EAX
00429F19 . E8 F2180700 CALL GunzOld.0049B810
00429F1E . 84C0 TEST AL,AL
00429F20 . 74 06 JE SHORT GunzOld.00429F28
00429F22 . 8A86 48010000 MOV AL,BYTE PTR DS:[ESI+148]
00429F28 > 84C0 TEST AL,AL
00429F2A . 0F94C3 SETE BL
00429F2D . E8 9E190700 CALL GunzOld.0049B8D0
00429F32 . 5E POP ESI
00429F33 . 8898 48010000 MOV BYTE PTR DS:[EAX+148],BL
00429F39 . 84DB TEST BL,BL
00429F3B . 5B POP EBX
00429F3C . C64424 02 00 MOV BYTE PTR SS:[ESP+2],0
00429F41 . C64424 01 FF MOV BYTE PTR SS:[ESP+1],0FF
00429F46 . C60424 00 MOV BYTE PTR SS:[ESP],0
00429F4A . C64424 03 FF MOV BYTE PTR SS:[ESP+3],0FF
00429F4F . 74 17 JE SHORT GunzOld.00429F68
00429F51 . 8B0424 MOV EAX,DWORD PTR SS:[ESP]
00429F54 . 50 PUSH EAX
00429F55 . 6A 00 PUSH 0
00429F57 . 6A 00 PUSH 0
00429F59 . 68 0C8A5B00 PUSH GunzOld.005B8A0C ; ASCII "God mode enabled"
00429F5E . E8 DDDAFFFF CALL GunzOld.00427A40
00429F63 . 83C4 10 ADD ESP,10
00429F66 . 59 POP ECX
00429F67 . C3 RETN
00429F68 > 8B0C24 MOV ECX,DWORD PTR SS:[ESP]
00429F6B . 51 PUSH ECX
00429F6C . 6A 00 PUSH 0
00429F6E . 6A 00 PUSH 0
00429F70 . 68 F8895B00 PUSH GunzOld.005B89F8 ; ASCII "God mode disabled"
00429F75 . E8 C6DAFFFF CALL GunzOld.00427A40
00429F7A . 83C4 10 ADD ESP,10
00429F7D > 59 POP ECX
00429F7E . C3 RETN
Anyway, I don't plan to do this any time soon because it would take a lot of time and be annoying. This post might be the starting point for someone that does though =).
-Cheers ThievingSix
Nice tut t6.
yup, thanks alot, looks like you khoweverything about GunZ lol
....Really, thanks a lot ThievingSix....,nice
why he have a shotcut t6 i want one too :2
s4v :D call me that
Im gonna Call ThievingSix now Master T. XD Nice :D
T6 is the master of coding :D
Yeah.. very nice TuT My friend O_o
T6 could you upload ur Gunzold.exe i want to have a look at it
Edit: nvm i found it
omg I just !!!!!. . . .
Don't get this.. lol
why if i try to open my matchserver.exe i cant find the string /jjang?
i use system32 server files
This is on your client, not server -.-
What a baller
im still quite nooby at asm. is the 0042BAE0 . ' 837C24 08 02 CMP DWORD PTR SS:[ESP+8],2'Quote:
Originally Posted by ThievingSix
calling a UGradeID change?