Trying to figure out how this works

J

Jormungandr

Member
Joined
Oct 23, 2023
Messages
20
Hello there. I have been trying for a while now to make it so that this script:


```[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(ItemSummonRaid)
label(checkcountry)
label(failed)
label(exit)
label(checkleader)
newmem:
call ps_game.exe+4ECF0

originalcode:
pushad
movzx eax,word ptr [esi+0x160]
movzx ebx,word ptr [edi+0x160]
cmp eax,(int)45
je checkcountry
cmp ebx,(int)45
je checkcountry
jmp ItemSummonRaid

checkcountry:
cmp eax,ebx
je ItemSummonRaid
movzx eax,byte ptr [esi+0x12d]
movzx ebx,byte ptr [edi+0x12d]
cmp eax,ebx
jne failed

ItemSummonRaid:
mov eax,dword ptr ds:[edi+0x58FC]
mov ecx,dword ptr ds:[edi+0x5900]
lea eax,dword ptr ds:[eax+eax*2] // eax=bag,ecx=slot
lea edx,dword ptr ds:[ecx+eax*8]
imul edx,edx,4
mov eax,dword ptr ds:[edi+edx+0x1C0]
mov eax,dword ptr ds:[eax+30]
cmp [eax],(int)100045 //orginal item id
popad
jne checkleader //success addr

exit:
jmp returnhere

checkleader:
push eax //party table
push ecx //leader id
mov eax,[edi+17f4]
mov ecx,[eax+0c] //leader id
imul ecx,ecx,8
add ecx,18
mov ecx,[eax+ecx] //leader address
cmp edi,ecx //compare address check is leader
pop ecx
pop eax
je 0049e4ea //if yes
jmp 0049E517

failed:
popad
jmp 0049E517


"ps_game.exe"+9E4E1:
jmp newmem

returnhere:

[DISABLE]
dealloc(newmem)
"ps_game.exe"+9E4E1:
call ps_game.exe+4ECF0```


works for sub-leaders, but all of the addresses that I have tried failed. Could someone explain to me how to get the said idea to work?

Thank you!
 
Sort by date Sort by votes
Here’s one I modified some time last year - I don’t know if it works properly. Test it on a local server.

Code: 
[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(success)
label(failed)
label(exit)

newmem:
call ps_game.exe+4ECF0
//esi=target player,edi=source player
originalcode:
pushad

// Check if players are the some faction
movzx eax,byte ptr [esi+0x12d]
movzx ebx,byte ptr [edi+0x12d]
cmp eax,ebx
jne failed

// If the item item is a regular summon rune, exit and use the normal summon proc
mov eax,dword ptr ds:[edi+0x58FC]   // bag
mov ecx,dword ptr ds:[edi+0x5900]   // slot
lea eax,dword ptr ds:[eax+eax*2]    // eax=bag, ecx=slot
lea edx,dword ptr ds:[ecx+eax*8]
imul edx,edx,4
mov eax,dword ptr ds:[edi+edx+0x1C0]
mov eax,dword ptr ds:[eax+30]        // eax=stItemInfo
cmp [eax],(int)100045                // original item id
je exit

// Check if the source player is the leader
push eax
push ecx
push ebx
mov eax,[edi+17F4]      // party table of the leader
mov ecx,[eax+0C]        // leader index
mov ebx,[eax+110]       // sub-leader index

imul ecx,ecx,8
add ecx,18
mov ecx,[eax+ecx] // leader player address

imul ebx,ebx,8
add ebx,18
mov ebx,[eax+ebx] // sub-leader player address

// If the source player is the leader or sub-leader, jump to success
cmp edi,ecx
je success
cmp edi,ebx
je success
pop ecx
pop eax
pop ebx
jmp failed

success:
pop ecx
pop eax
pop ebx
popad
jmp 0049e4ea

exit:
popad
jmp returnhere

failed:
popad
jmp 0049E517



"ps_game.exe"+9E4E1:

jmp newmem

returnhere:

[DISABLE]

//code from here till the end of the code will be used to disable the cheat

dealloc(newmem)

"ps_game.exe"+9E4E1:

call ps_game.exe+4ECF0

//Alt: db E8 0A 08 FB FF
 
Upvote 0 Downvote
suggestion: i think you should add a couple test instructions.

Code: 
mov eax,dword ptr ds:[edi+edx+0x1C0]
// nullptr?
test eax,eax
je failed

...

mov eax,[edi+17F4]      // party table of the leader
// nullptr?
test eax,eax
je failed

there's no guarantee that either of those pointers is not null.
 
Upvote 0 Downvote
Cups said:
Here’s one I modified some time last year - I don’t know if it works properly. Test it on a local server.

Code: 
[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(success)
label(failed)
label(exit)

newmem:
call ps_game.exe+4ECF0
//esi=target player,edi=source player
originalcode:
pushad

// Check if players are the some faction
movzx eax,byte ptr [esi+0x12d]
movzx ebx,byte ptr [edi+0x12d]
cmp eax,ebx
jne failed

// If the item item is a regular summon rune, exit and use the normal summon proc
mov eax,dword ptr ds:[edi+0x58FC]   // bag
mov ecx,dword ptr ds:[edi+0x5900]   // slot
lea eax,dword ptr ds:[eax+eax*2]    // eax=bag, ecx=slot
lea edx,dword ptr ds:[ecx+eax*8]
imul edx,edx,4
mov eax,dword ptr ds:[edi+edx+0x1C0]
mov eax,dword ptr ds:[eax+30]        // eax=stItemInfo
cmp [eax],(int)100045                // original item id
je exit

// Check if the source player is the leader
push eax
push ecx
push ebx
mov eax,[edi+17F4]      // party table of the leader
mov ecx,[eax+0C]        // leader index
mov ebx,[eax+110]       // sub-leader index

imul ecx,ecx,8
add ecx,18
mov ecx,[eax+ecx] // leader player address

imul ebx,ebx,8
add ebx,18
mov ebx,[eax+ebx] // sub-leader player address

// If the source player is the leader or sub-leader, jump to success
cmp edi,ecx
je success
cmp edi,ebx
je success
pop ecx
pop eax
pop ebx
jmp failed

success:
pop ecx
pop eax
pop ebx
popad
jmp 0049e4ea

exit:
popad
jmp returnhere

failed:
popad
jmp 0049E517



"ps_game.exe"+9E4E1:

jmp newmem

returnhere:

[DISABLE]

//code from here till the end of the code will be used to disable the cheat

dealloc(newmem)

"ps_game.exe"+9E4E1:

call ps_game.exe+4ECF0

//Alt: db E8 0A 08 FB FF
Click to expand...
Thank you Cups. I will try this out!
 
Upvote 0 Downvote
Bowie said:
suggestion: i think you should add a couple test instructions.

Code: 
mov eax,dword ptr ds:[edi+edx+0x1C0]
// nullptr?
test eax,eax
je failed

...

mov eax,[edi+17F4]      // party table of the leader
// nullptr?
test eax,eax
je failed

there's no guarantee that either of those pointers is not null.
Click to expand...

If the item and party table were null it never would have reached the point where it loops over party members to see who could be summoned.
 
Upvote 0 Downvote
Cups said:
If the item and party table were null it never would have reached the point where it loops over party members to see who could be summoned.
Click to expand...
Hello Cups. Your script seems to work for most, but I have realized that some sub-leaders cannot use the summon stone. Do you know why?
 
Upvote 0 Downvote
You must log in or register to reply here.
Back
Top