What else is there?

[Nobody666]

Im working on unmasking, but I feel like im forgetting stuff.

Unmask admin name in game - Done

Unmask admin name in game chat - Done

Unmask In game Tab list - Done

Unmask admin name in replays - Done

Unmask admin name in lobby - Done

unmask admin name in lobby chat - Done

unmask admin name in waiting room - Done

unmask admin name in waiting room chat - Done

Unmask /admin_wall to show name - Done thx to wizkid

Unmask Admin duel bug - Not done(?)

Unmask Team chat - Done

Unmask Death/kill info - Done

Unmask Clan screen - Done

Unmask Clan chat - Done

Unmask Level up - Done

Unmask Whisper - Done

Don't say unmask levels, as I was told not to do that. Im going to do it when I feel like it, but I know thats not done.

 

[Wucas]

Im working on unmasking, but I feel like im forgetting stuff.


Unmask /admin_wall to show name - Not done <--- most likely won't accomplish

Unmask Admin duel bug - Not done(?)


These two have been released buy that Gunz(Numbers here) guy... ask him how to do it.



i dont think your forgetting any others xD

 

[Nobody666]

Im working on unmasking, but I feel like im forgetting stuff.


Unmask /admin_wall to show name - Not done <--- most likely won't accomplish

Unmask Admin duel bug - Not done(?)


These two have been released buy that Gunz(Numbers here) guy... ask him how to do it.



i dont think your forgetting any others xD

I know. I think duel bug is done, I just haven't tested it. Im hoping I can tomorrow (or today since its past 12).

As for unmasking the /admin_wall, I have a small idea of what to do, just haven't found the lines. Im thinking i'll just have someone at the server im making it for code it into a .dll if they really want it.

Search for ;

PUSH 044B or somthing

Look into messages.xml

Look where the Administrator string is from,

Translate it to HEX,

Then Search for command;

PUSH #

# = the calculated HEX,

Copy the function,
Make a Jump to the codecave,

Paste it, and add the paramater and push the Character Name String,

Jump back and voila.

Load the character name from an offset. In the June files, it's stored into 0066C73C. You can also do it the nice way, calling ZGAME + 0x348, or, ZGAME + 0x3D0.

Not quite sure about it, I have never used it that way, Wizkid told me.

 

[EpikBaby]

Dam ASM hard for me Anyone teach me the basic's?

What programs are used?

 

[Nobody666]

Dam ASM hard for me Anyone teach me the basic's?

What programs are used?

OllyDBG

JMP to 005E50E2 at 0042CC87. It will return to 0042CC8C.

CPU Disasm
Address   Hex dump          Command                                  Comments
005E50E2  /> \50            PUSH EAX
005E50E3  |.  53            PUSH EBX
005E50E4  |.  51            PUSH ECX
005E50E5  |.  52            PUSH EDX
005E50E6  |.  57            PUSH EDI
005E50E7  |.  BF 3CC76600   MOV EDI,OFFSET Gunz.0066C73C
005E50EC  |.  BA 00006F00   MOV EDX,OFFSET Gunz.006F0000
005E50F1  |.  29C9          SUB ECX,ECX
005E50F3  |>  8A040F        /MOV AL,BYTE PTR DS:[ECX+EDI]
005E50F6  |.  3C 00         |CMP AL,0
005E50F8  |.  74 06         |JE SHORT 005E5100
005E50FA  |.  88040A        |MOV BYTE PTR DS:[ECX+EDX],AL
005E50FD  |.  41            |INC ECX
005E50FE  |.^ EB F3         \JMP SHORT 005E50F3
005E5100  |>  B0 20         MOV AL,20
005E5102  |.  88040A        MOV BYTE PTR DS:[ECX+EDX],AL
005E5105  |.  41            INC ECX
005E5106  |.  B0 3A         MOV AL,3A
005E5108  |.  88040A        MOV BYTE PTR DS:[ECX+EDX],AL
005E510B  |.  41            INC ECX
005E510C  |.  B0 20         MOV AL,20
005E510E  |.  88040A        MOV BYTE PTR DS:[ECX+EDX],AL
005E5111  |.  41            INC ECX
005E5112  |.  01CA          ADD EDX,ECX
005E5114  |.  29C9          SUB ECX,ECX
005E5116  |.  89E7          MOV EDI,ESP
005E5118  |.  83C7 20       ADD EDI,20
005E511B  |>  8A040F        /MOV AL,BYTE PTR DS:[ECX+EDI]
005E511E  |.  3C 00         |CMP AL,0
005E5120  |.  74 06         |JE SHORT 005E5128
005E5122  |.  88040A        |MOV BYTE PTR DS:[ECX+EDX],AL
005E5125  |.  41            |INC ECX
005E5126  |.^ EB F3         \JMP SHORT 005E511B
005E5128  |>  88040A        MOV BYTE PTR DS:[ECX+EDX],AL
005E512B  |.  66:C705 FEFF6 MOV WORD PTR DS:[6EFFFE],325E
005E5134  |.  5F            POP EDI
005E5135  |.  5A            POP EDX
005E5136  |.  59            POP ECX
005E5137  |.  5B            POP EBX
005E5138  |.  58            POP EAX
005E5139  |.  68 FEFF6E00   PUSH OFFSET Gunz.006EFFFE
005E513E  \.^ E9 497BE4FF   JMP 0042CC8C

Ty, ill take a look at it.

edit - made it crash when I did /admin_wall

edit 2- think I know why, im tired so I made a wrong jmp at what you used line 005E50F8. I used a different section and didn't switch it.

 

[Solaire]

JMP to 005E50E2 at 0042CC87. It will return to 0042CC8C.

CPU Disasm
Address   Hex dump          Command                                  Comments
005E50E2  /> \50            PUSH EAX
005E50E3  |.  53            PUSH EBX
005E50E4  |.  51            PUSH ECX
005E50E5  |.  52            PUSH EDX
005E50E6  |.  57            PUSH EDI
005E50E7  |.  BF 3CC76600   MOV EDI,OFFSET Gunz.0066C73C
005E50EC  |.  BA 00006F00   MOV EDX,OFFSET Gunz.006F0000
005E50F1  |.  29C9          SUB ECX,ECX
005E50F3  |>  8A040F        /MOV AL,BYTE PTR DS:[ECX+EDI]
005E50F6  |.  3C 00         |CMP AL,0
005E50F8  |.  74 06         |JE SHORT 005E5100
005E50FA  |.  88040A        |MOV BYTE PTR DS:[ECX+EDX],AL
005E50FD  |.  41            |INC ECX
005E50FE  |.^ EB F3         \JMP SHORT 005E50F3
005E5100  |>  B0 20         MOV AL,20
005E5102  |.  88040A        MOV BYTE PTR DS:[ECX+EDX],AL
005E5105  |.  41            INC ECX
005E5106  |.  B0 3A         MOV AL,3A
005E5108  |.  88040A        MOV BYTE PTR DS:[ECX+EDX],AL
005E510B  |.  41            INC ECX
005E510C  |.  B0 20         MOV AL,20
005E510E  |.  88040A        MOV BYTE PTR DS:[ECX+EDX],AL
005E5111  |.  41            INC ECX
005E5112  |.  01CA          ADD EDX,ECX
005E5114  |.  29C9          SUB ECX,ECX
005E5116  |.  89E7          MOV EDI,ESP
005E5118  |.  83C7 20       ADD EDI,20
005E511B  |>  8A040F        /MOV AL,BYTE PTR DS:[ECX+EDI]
005E511E  |.  3C 00         |CMP AL,0
005E5120  |.  74 06         |JE SHORT 005E5128
005E5122  |.  88040A        |MOV BYTE PTR DS:[ECX+EDX],AL
005E5125  |.  41            |INC ECX
005E5126  |.^ EB F3         \JMP SHORT 005E511B
005E5128  |>  88040A        MOV BYTE PTR DS:[ECX+EDX],AL
005E512B  |.  66:C705 FEFF6 MOV WORD PTR DS:[6EFFFE],325E
005E5134  |.  5F            POP EDI
005E5135  |.  5A            POP EDX
005E5136  |.  59            POP ECX
005E5137  |.  5B            POP EBX
005E5138  |.  58            POP EAX
005E5139  |.  68 FEFF6E00   PUSH OFFSET Gunz.006EFFFE
005E513E  \.^ E9 497BE4FF   JMP 0042CC8C

 

[Ricky Blaze]

Im working on unmasking, but I feel like im forgetting stuff.

Unmask admin name in game - Done

Unmask admin name in game chat - Done

Unmask In game Tab list - Done

Unmask admin name in replays - Done

Unmask admin name in lobby - Done

unmask admin name in lobby chat - Done

unmask admin name in waiting room - Done

unmask admin name in waiting room chat - Done

Unmask /admin_wall to show name - Done thx to wizkid

Unmask Admin duel bug - Not done(?)

Unmask Team chat - Done

Unmask Death/kill info - Done

Unmask Clan screen - Done

Unmask Clan chat - Done

Unmask Level up - Done

Unmask Whisper - Done

Don't say unmask levels, as I was told not to do that. Im going to do it when I feel like it, but I know thats not done.

Nice lol, mm wht else really you got most of the good ones