255 and 252 and jjang

[lxchadxl]

Hello, i am wondering if anybody can tell me how i can give a special jjang to 255 and a jjang to 252 while keeping their "powers". and i don't want the picture to be shared with a real jjang, i wanna add my own picture.

 

[Mambo]

This will be ASM. You could try finding the part where Jjang get's the image. Copy it. Paste in codecave. And make a jump at the Admin/Gm ranks to the codecave ?

Not sure, just something i thought of in like 2 seconds xD

 

[lxchadxl]

can you repeat that in "english" im not exactly good at such stuff, maybe you could add me on msn and go through step by step with me?
[email protected]

 

[Nobody666]

can you repeat that in "english" im not exactly good at such stuff, maybe you could add me on msn and go through step by step with me?
[email protected]

He doesn't know the steps, he was just saying an idea of how to do it.

Point is, its ASM, and no one really knows or has said how to do it.

What he was saying is, open the runnable up, see how GunZ loads the jjang file, and jump to an empty part of the code, and replicate it to load for admin/dev

 

[lxchadxl]

so are u able to tell me exactly how?

 

[Tman151]

Some people know, it is something we work hard for.
Just get a concept on how ASM works.

 

[Nobody666]

so are u able to tell me exactly how?

I haven't looked on how to, and im not planning to.

Some people know, it is something we work hard for.
Just get a concept on how ASM works.

As I said >-> either no one knows, or they don't say anything. I was more in favor of the latter

 

[lxchadxl]

so can anybody help me?

 

[lxchadxl]

somebody help please. -.-

 

[Tman151]

Look up a post by Demantor.
The thread is called "Activating /gt commands" something like that.
Read all the posts.

 

[Tman151]

Look up a post by Demantor.
The thread is called "Activating /gt commands" something like that.
Read all the posts.

 

[lxchadxl]

I found the post, though how does the post answer my question? http://forum.ragezone.com/f311/activing-gt-commnads-jjang-to-ban-command-472790/

 

[Donald Duck]

Just find where the image is loaded? I believe it's called something like event_ongame_jjang.tga.dds. Just search for jjang and you will find it. I'm 100 percent sure that there is a compare (CMP) over there, containing a 2. (The UGradeID of the jjang) You could expand that function using more compares and other operations, there's plenty of space in the bottom of GunZ.

 

[lxchadxl]

Donald, can you give me more specific help please, I'm stll a noob, just tell me step by step how i can have a image over my head for admins.

 

[Donald Duck]

Donald, can you give me more specific help please, I'm stll a noob, just tell me step by step how i can have a image over my head for admins.

I'm sorry, but I don't really 'do' GunZ. I just have a very small knowledge of it.

This might help:

********(

 

[lxchadxl]

damn, i understood it but i don't know what to do :x

 

[Donald Duck]

damn, i understood it but i don't know what to do :x

I've PM-ed you his MSN address. He'll help you out.

 

[lxchadxl]

thanks man, hes trying to help me get it now

 

[Nobody666]

Hey for once im not flaming you xD

I already found all these things that hes listed by your chat with your friend, and i tried to allow ugrade 255,254, and 2 to load the same effect, and it didnt work

If it would have, i could of had it Jmp to another function and load a whole different file for admin and dev or watever you would like it to be o.o

ID is Able to Hold Jjang

00475250  /$ 83B9 5A040000 >CMP DWORD PTR DS:[ECX+45A],2
00475257  |. 75 0D          JNZ SHORT Apex0.00475266
00475259  |. 51             PUSH ECX
0047525A  |. E8 516B0300    CALL Apex0.004ABDB0
0047525F  |. 8BC8           MOV ECX,EAX
00475261  |. E8 FA7DFFFF    CALL Apex0.0046D060
00475266  \> C3             RETN

Jjang Usage Function

0046D060  /$ 6A FF          PUSH -1
0046D062  |. 68 9B885D00    PUSH Apex0.005D889B                      ;  SE handler installation
0046D067  |. 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
0046D06D  |. 50             PUSH EAX
0046D06E  |. 64:8925 000000>MOV DWORD PTR FS:[0],ESP
0046D075  |. 51             PUSH ECX
0046D076  |. 56             PUSH ESI
0046D077  |. 57             PUSH EDI
0046D078  |. 68 C4120000    PUSH 12C4
0046D07D  |. 8BF9           MOV EDI,ECX
0046D07F  |. E8 2B1F1600    CALL Apex0.005CEFAF
0046D084  |. 8BF0           MOV ESI,EAX
0046D086  |. 83C4 04        ADD ESP,4
0046D089  |. 897424 08      MOV DWORD PTR SS:[ESP+8],ESI
0046D08D  |. 85F6           TEST ESI,ESI
0046D08F  |. C74424 14 0000>MOV DWORD PTR SS:[ESP+14],0
0046D097  |. 74 25          JE SHORT Apex0.0046D0BE
0046D099  |. 8B8F 14020000  MOV ECX,DWORD PTR DS:[EDI+214]
0046D09F  |. 68 00F95E00    PUSH Apex0.005EF900                      ;  ASCII "event_ongame_jjang"
0046D0A4  |. E8 B7930600    CALL Apex0.004D6460
0046D0A9  |. 8B4C24 1C      MOV ECX,DWORD PTR SS:[ESP+1C]
0046D0AD  |. 51             PUSH ECX                                 ; /Arg2
0046D0AE  |. 50             PUSH EAX                                 ; |Arg1
0046D0AF  |. 8BCE           MOV ECX,ESI                              ; |
0046D0B1  |. E8 1A49FFFF    CALL Apex0.004619D0                      ; \Apex0.004619D0
0046D0B6  |. C706 94F85E00  MOV DWORD PTR DS:[ESI],Apex0.005EF894
0046D0BC  |. EB 02          JMP SHORT Apex0.0046D0C0
0046D0BE  |> 33F6           XOR ESI,ESI
0046D0C0  |> 6A 01          PUSH 1
0046D0C2  |. 8BCE           MOV ECX,ESI
0046D0C4  |. C74424 18 FFFF>MOV DWORD PTR SS:[ESP+18],-1
0046D0CC  |. E8 1F3AFFFF    CALL Apex0.00460AF0
0046D0D1  |. 56             PUSH ESI                                 ; /Arg1
0046D0D2  |. 8BCF           MOV ECX,EDI                              ; |
0046D0D4  |. C786 C0120000 >MOV DWORD PTR DS:[ESI+12C0],8            ; |
0046D0DE  |. E8 7DCEFFFF    CALL Apex0.00469F60                      ; \Apex0.00469F60
0046D0E3  |. 8B4C24 0C      MOV ECX,DWORD PTR SS:[ESP+C]
0046D0E7  |. 5F             POP EDI
0046D0E8  |. 5E             POP ESI
0046D0E9  |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
0046D0F0  |. 83C4 10        ADD ESP,10
0046D0F3  \. C2 0400        RETN 4

eh I just tried replicating it about 10 mins ago, crashed for me when i entered a room.

Im guessing, just jump to a code cave replicate it for admin/dev/hidden GM and have it call a function like the jjang usage, but with a different .dds file.

 

[PaulBub]

00475250  /$ 83B9 5A040000 >CMP DWORD PTR DS:[ECX+45A],2
00475257  |. 75 0D          JNZ SHORT Apex0.00475266
00475259  |. 51             PUSH ECX
0047525A  |. E8 516B0300    CALL Apex0.004ABDB0
0047525F  |. 8BC8           MOV ECX,EAX
00475261  |. E8 FA7DFFFF    CALL Apex0.0046D060
00475266  \> C3             RETN

I have no server to test it but here is the idea :

00475250 JMP codecave     ;We do the jump to our code cave.
codecave:
    CMP DWORD PTR DS:[ECX+45A],2     ;We first compare with event winner uid.
    JNZ SHORT admin     ;If not event winner uid we jump to admin
    PUSH ECX
    CALL Apex0.004ABDB0
    MOV ECX,EAX
    CALL Apex0.0046D060
    RETN
admin:
    CMP DWORD PTR DS:[ECX+45A],FF    ;We then compare with admin uid FFh = 255d
    JNZ dev    ;Once again if not admin uid we jump to dev
    PUSH ECX
    CALL Apex0.004ABDB0
    MOV ECX,EAX
    CALL Apex0.0046D060
    RETN
dev:
    CMP DWORD PTR DS:[ECX+45A],FE    ;Comparing with Dev uid, FEh = 254d
    JNZ 0xRETNaddress    ;If it's not dev then we jump to the RETN
    PUSH ECX
    CALL Apex0.004ABDB0
    MOV ECX,EAX
    CALL Apex0.0046D060
    RETN

I have not tested it, but wouldn't it do the job?