// rm3944.cpp : Defines the entry point for the DLL application.
//
#include "stdafx.h"
DWORD SkillsMemAddr = 0;
DWORD DecreaseMP = 0x004396E0;
DWORD DoSkillEffect = 0x0042B2D0;
DWORD FindUser = 0x00488170;
DWORD GetMinSETimer = 0x0042D8E0;
DWORD OnSkillEffectExpired = 0x0042CB70;
DWORD InitAttackMinPercent = 0x00434A70;
DWORD DecreaseHPUser = 0x00439220;
DWORD SendHPInfo = 0x00439C00;
DWORD InitEquipment = 0x004352D0;
DWORD SendSPInfo = 0x00439F10;
DWORD SendDPInfo = 0x00439D10;
DWORD IncreaseHP = 0x00439140;
DWORD IncreaseMP = 0x004396A0;
DWORD IncreaseSP = 0x00439760;
DWORD GetItemInfo = 0x00484E80;
DWORD ServerSendMessage = 0x0043FC10;
DWORD FormatString = 0x0040858A;//mapcenter func
DWORD FormatStringMapServer = 0x00489B2C;
DWORD FindArmy = 0x0048F4B8;
DWORD SendArmyChat = 0x00473AE0;
DWORD StringFunc = 0x00489B32;
DWORD IsWar = 0x004644B0;
DWORD GetGroupExperienceState = 0x00461B50;
DWORD GetMemberInfo = 0x004079F0;
DWORD IsInManagementRect = 0x00471950;
DWORD AccNum = 150;
DWORD AccBuf = 0;
DWORD SLBuf = 0;
char ChatString[7] = "%s%c%s";
char ChatString2[3] = "%d";
char SLString[13] = "%d:%d:%d:%d.";
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
// 这个主函数里面居然是空的
return TRUE;
}
__declspec(dllexport naked) void NewGlobalAllocMemForSkills() // allocating 48000 bytes to store new skills' IDs and timers. 96 bytes for each character on map, 500 characters max on same map at same time. If you need more be sure to change 48000 to something higher IN ALL FUNCTIONS.
{
__asm
{
MOV DWORD PTR [EBP-0x6C],EAX //st
LEA EAX,DWORD PTR [EBP-0x6C] //st
pushad
}
SkillsMemAddr = (DWORD)VirtualAlloc(NULL,48000,MEM_COMMIT,PAGE_READWRITE);
if (SkillsMemAddr == 0)
{
ExitProcess(GetLastError());
}
__asm
{
popad
retn
}
}
__declspec (dllexport naked) void NewUserAllocMemForSkills()// allocating 96 bytes for a specific character that just logged on map to store new skills for him.
{
__asm
{
ADD ECX,-0x2E //st
ADD EDX,0x2E //st
push eax
push ecx
push ebx
push edi
xor eax, eax
mov ebx, dword ptr [SkillsMemAddr]
checkfree:
cmp dword ptr [ebx],0
je bindmemory
add ebx,96
add eax,96
cmp eax,48000
ja exit1
jmp checkfree
bindmemory:
mov dword ptr [ebx], ebp
mov eax,0
mov ecx,92
lea edi, dword ptr [ebx + 4]
REP STOS BYTE PTR ES:[EDI]
exit1:
pop edi
pop ebx
pop ecx
pop eax
retn
}
}
__declspec(dllexport naked) void NewUserReleaseMemForSkills()// clearing a spot in memory for next character after some character logs out/changes map.
{
__asm
{
LEA ECX,DWORD PTR [ESI+0x44F8] //st
push eax
push ebx
xor eax,eax
mov ebx, dword ptr [SkillsMemAddr]
findcharid:
cmp dword ptr [ebx],esi
je freememory
add eax,96
add ebx,96
cmp eax,48000
ja exit1
jmp findcharid
freememory:
mov dword ptr [ebx], 0
exit1:
pop ebx
pop eax
retn
}
}
__declspec(dllexport naked) void NewGetSkillSpirit()// 3.9/4.4 skills spirit requirement.
{
__asm
{
MOV ECX,DWORD PTR [ESP+8] //stm
XOR EAX,EAX //st
cmp ecx, 59
je chainreactionfix
cmp ecx, 306
je phil39
cmp ecx,307
je phil39
cmp ecx,308
je phil44
cmp ecx,309
je phil44
cmp ecx, 316
je az39
cmp ecx, 317
je az39
cmp ecx, 318
je az44
cmp ecx, 319
je az44
cmp ecx, 322
je sad39
cmp ecx, 323
je sad39
cmp ecx, 324
je sad44
cmp ecx, 325
je sad44
cmp ecx, 333
je des39
cmp ecx, 334
je des39
cmp ecx, 335
je des44
cmp ecx, 336
je des44
cmp ecx, 49
je jar39
cmp ecx, 50
je jar39
cmp ecx, 341
je jar44
cmp ecx, 342
je jar44
cmp ecx, 60
je can39
cmp ecx, 351
je can39
cmp ecx, 352
je can44
cmp ecx, 353
je can44
cmp ecx, 374
je kit39
cmp ecx, 375
je kit39
cmp ecx, 376
je kit44
cmp ecx, 377
je kit44
cmp ecx, 362
je lun39
cmp ecx, 363
je lun39
cmp ecx, 364
je lun44
cmp ecx, 365
je lun44
cmp ecx, 382
je lav39
cmp ecx, 383
je lav39
cmp ecx, 384
je lav44
cmp ecx, 385
je lav44
retn
chainreactionfix:
mov eax, 560
jmp exit1
phil39:
mov eax, 3500
jmp exit1
phil44:
mov eax, 4100
jmp exit1
az39:
mov eax, 4000
jmp exit1
az44:
mov eax, 5350
jmp exit1
sad39:
mov eax, 1150
jmp exit1
sad44:
mov eax, 1470
jmp exit1
des39:
mov eax, 820
jmp exit1
des44:
mov eax, 1040
jmp exit1
jar39:
mov eax, 620
jmp exit1
jar44:
mov eax, 800
jmp exit1
can39:
mov eax, 720
jmp exit1
can44:
mov eax, 930
jmp exit1
kit39:
mov eax, 1880
jmp exit1
kit44:
mov eax, 2620
jmp exit1
lun39:
mov eax, 1020
jmp exit1
lun44:
mov eax, 1280
jmp exit1
lav39:
mov eax, 1050
jmp exit1
lav44:
mov eax, 1300
exit1:
add esp,4
retn 4
}
}
__declspec(dllexport naked) void NewUseSkillAlone()// one of processing procedures when character casts buff on himself.
{
__asm
{
add esp,4
MOVSX EAX,BYTE PTR [ESI+0x30] //st
DEC EAX //st
cmp eax,74
je Master
cmp eax,79
je Egg
cmp eax,78
je Walker
cmp eax,80
je Camuf
cmp eax,81
je Fshield
cmp eax,82
je Focus
cmp eax,84
je Despair
cmp eax,85
je Dskin
cmp eax,87
je Bullseye
cmp eax,88
je Quick
cmp eax,89
je Gshield
cmp eax,91
je Destruct
sub esp,4
cmp eax,0x41 //st
retn
Master:
MOV EDX,DWORD PTR [ESP+0x24]
MOV EDI,DWORD PTR [ESP+0x20]
PUSH EDX
MOV ECX,EDI
CALL DecreaseMP
MOV EAX, DWORD PTR [esi+0x34]
PUSH 0
PUSH 0
PUSH EAX
MOV EAX,DWORD PTR [ESP+0x24]
MOV EBX,DWORD PTR [ESI+0x38]
MOV ECX,DWORD PTR [EAX+0x94]
MOV EDX,DWORD PTR [EAX+0x44]
ADD ECX,EDX
MOV EAX,0xCCCCCCCD
MUL ECX
SHR EDX,4
ADD EDX,EBX
MOV ECX,EDI
PUSH EDX
PUSH 0x3C
CALL DoSkillEffect
MOV EAX,DWORD PTR [ESP+0x1C]
POP EDI
POP ESI
POP EBX
//OR BYTE PTR [EAX+0x21],0x10
MOV EAX,1
RETN 0x1C
Egg:
MOV EDX,DWORD PTR [ESP+0x24]
MOV EDI,DWORD PTR [ESP+0x20]
PUSH EDX
MOV ECX,EDI
CALL DecreaseMP
MOV EAX, DWORD PTR [esi+0x34]
PUSH 0
PUSH 0
PUSH EAX
MOV EAX,DWORD PTR [ESP+0x24]
MOV EBX,DWORD PTR [ESI+0x38]
MOV ECX,DWORD PTR [EAX+0x94]
MOV EDX,DWORD PTR [EAX+0x44]
ADD ECX,EDX
MOV EAX,0xCCCCCCCD
MUL ECX
SHR EDX,4
ADD EDX,EBX
MOV ECX,EDI
PUSH EDX
PUSH 0x40
CALL DoSkillEffect
MOV EAX,DWORD PTR [ESP+0x1C]
POP EDI
POP ESI
POP EBX
//OR BYTE PTR [EAX+0x22],0x1
MOV EAX,1
RETN 0x1C
Walker:
MOV EDX,DWORD PTR [ESP+0x24]
MOV EDI,DWORD PTR [ESP+0x20]
PUSH EDX
MOV ECX,EDI
CALL DecreaseMP
MOV EAX,DWORD PTR [ESP+0x18]
MOV EBX,DWORD PTR [ESI+0x38]
PUSH 0
PUSH 0
MOV ECX,DWORD PTR [EAX+0x94]
MOV EDX,DWORD PTR [EAX+0x44]
ADD ECX,EDX
MOV EAX,0xCCCCCCCD
MUL ECX
SHR EDX,4
ADD EDX,EBX
PUSH 0
PUSH EDX
PUSH 0x3F
mov ecx,edi
CALL DoSkillEffect
MOV EAX,DWORD PTR [ESP+0x1C]
POP EDI
POP ESI
POP EBX
//OR BYTE PTR [EAX+0x21],0x80
MOV EAX,1
RETN 0x1C
Camuf:
MOV EDX,DWORD PTR [ESP+0x24]
MOV EDI,DWORD PTR [ESP+0x20]
PUSH EDX
MOV ECX,EDI
CALL DecreaseMP
MOV EAX,DWORD PTR [ESP+0x18]
MOV EBX,DWORD PTR [ESI+0x38]
PUSH 0
PUSH 0
MOV ECX,DWORD PTR [EAX+0x94]
MOV EDX,DWORD PTR [EAX+0x44]
ADD ECX,EDX
MOV EAX,0xCCCCCCCD
MUL ECX
SHR EDX,4
ADD EDX,EBX
PUSH 0
PUSH EDX
PUSH 0x43
mov ecx,edi
CALL DoSkillEffect
MOV EAX,DWORD PTR [ESP+0x1C]
POP EDI
POP ESI
POP EBX
//OR BYTE PTR [EAX+0x21],0x??
MOV EAX,1
RETN 0x1C
Fshield:
MOV EDX,DWORD PTR [ESP+0x24]
MOV EDI,DWORD PTR [ESP+0x20]
PUSH EDX
MOV ECX,EDI
CALL DecreaseMP
MOV EAX,DWORD PTR [ESP+0x18]
MOV EBX,DWORD PTR [ESI+0x38]
PUSH 0
PUSH 0
MOV ECX,DWORD PTR [EAX+0x94]
MOV EDX,DWORD PTR [EAX+0x44]
ADD ECX,EDX
MOV EAX,0xCCCCCCCD
MUL ECX
SHR EDX,4
ADD EDX,EBX
PUSH 0
PUSH EDX
PUSH 0x44
mov ecx,edi
CALL DoSkillEffect
MOV EAX,DWORD PTR [ESP+0x1C]
POP EDI
POP ESI
POP EBX
//OR BYTE PTR [EAX+0x21],0x??
MOV EAX,1
RETN 0x1C
Focus:
MOV EDX,DWORD PTR [ESP+0x24]
MOV EDI,DWORD PTR [ESP+0x20]
PUSH EDX
MOV ECX,EDI
CALL DecreaseMP
MOV EAX,DWORD PTR [ESP+0x18]
MOV EBX,DWORD PTR [ESI+0x38]
PUSH 0
PUSH 0
MOV ECX,DWORD PTR [EAX+0x94]
MOV EDX,DWORD PTR [EAX+0x44]
ADD ECX,EDX
MOV EAX,0xCCCCCCCD
MUL ECX
SHR EDX,4
ADD EDX,EBX
PUSH 0
PUSH EDX
PUSH 0x45
mov ecx,edi
CALL DoSkillEffect
MOV EAX,DWORD PTR [ESP+0x1C]
POP EDI
POP ESI
POP EBX
//OR BYTE PTR [EAX+0x21],0x??
MOV EAX,1
RETN 0x1C
Despair:
MOV EDX,DWORD PTR [ESP+0x24]
MOV EDI,DWORD PTR [ESP+0x20]
PUSH EDX
MOV ECX,EDI
CALL DecreaseMP
MOV EAX,DWORD PTR [ESP+0x18]
MOV EBX,DWORD PTR [ESI+0x38]
PUSH 0
PUSH 0
MOV ECX,DWORD PTR [EAX+0x94]
MOV EDX,DWORD PTR [EAX+0x44]
ADD ECX,EDX
MOV EAX,0xCCCCCCCD
MUL ECX
SHR EDX,4
ADD EDX,EBX
PUSH 0
PUSH EDX
PUSH 0x47
mov ecx,edi
CALL DoSkillEffect
MOV EAX,DWORD PTR [ESP+0x1C]
POP EDI
POP ESI
POP EBX
//OR BYTE PTR [EAX+0x21],0x??
MOV EAX,1
RETN 0x1C
Dskin:
MOV EDX,DWORD PTR [ESP+0x24]
MOV EDI,DWORD PTR [ESP+0x20]
PUSH EDX
MOV ECX,EDI
CALL DecreaseMP
MOV EAX,DWORD PTR [ESP+0x18]
MOV EBX,DWORD PTR [ESI+0x38]
PUSH 0
PUSH 0
MOV ECX,DWORD PTR [EAX+0x94]
MOV EDX,DWORD PTR [EAX+0x44]
ADD ECX,EDX
MOV EAX,0xCCCCCCCD
MUL ECX
SHR EDX,4
ADD EDX,EBX
PUSH 0
PUSH EDX
PUSH 0x48
mov ecx,edi
CALL DoSkillEffect
MOV EAX,DWORD PTR [ESP+0x1C]
POP EDI
POP ESI
POP EBX
//OR BYTE PTR [EAX+0x21],0x??
MOV EAX,1
RETN 0x1C
Bullseye:
MOV EDX,DWORD PTR [ESP+0x24]
MOV EDI,DWORD PTR [ESP+0x20]
PUSH EDX
MOV ECX,EDI
CALL DecreaseMP
MOV EAX,DWORD PTR [ESP+0x18]
MOV EBX,DWORD PTR [ESI+0x38]
PUSH 0
PUSH 0
MOV ECX,DWORD PTR [EAX+0x94]
MOV EDX,DWORD PTR [EAX+0x44]
ADD ECX,EDX
MOV EAX,0xCCCCCCCD
MUL ECX
SHR EDX,4
ADD EDX,EBX
PUSH 0
PUSH EDX
PUSH 0x49
mov ecx,edi
CALL DoSkillEffect
MOV EAX,DWORD PTR [ESP+0x1C]
POP EDI
POP ESI
POP EBX
//OR BYTE PTR [EAX+0x21],0x??
MOV EAX,1
RETN 0x1C
Quick:
MOV EDX,DWORD PTR [ESP+0x24]
MOV EDI,DWORD PTR [ESP+0x20]
PUSH EDX
MOV ECX,EDI
CALL DecreaseMP
MOV EAX,DWORD PTR [ESP+0x18]
MOV EBX,DWORD PTR [ESI+0x38]
PUSH 0
PUSH 0
MOV ECX,DWORD PTR [EAX+0x94]
MOV EDX,DWORD PTR [EAX+0x44]
ADD ECX,EDX
MOV EAX,0xCCCCCCCD
MUL ECX
SHR EDX,4
ADD EDX,EBX
PUSH 0
PUSH EDX
PUSH 0x4A
mov ecx,edi
CALL DoSkillEffect
MOV EAX,DWORD PTR [ESP+0x1C]
POP EDI
POP ESI
POP EBX
//OR BYTE PTR [EAX+0x21],0x??
MOV EAX,1
RETN 0x1C
GShield:
MOV EDX,DWORD PTR [ESP+0x24]
MOV EDI,DWORD PTR [ESP+0x20]
PUSH EDX
MOV ECX,EDI
CALL DecreaseMP
MOV EAX,DWORD PTR [ESP+0x18]
MOV EBX,DWORD PTR [ESI+0x38]
PUSH 0
PUSH 0
MOV ECX,DWORD PTR [EAX+0x94]
MOV EDX,DWORD PTR [EAX+0x44]
ADD ECX,EDX
MOV EAX,0xCCCCCCCD
MUL ECX
SHR EDX,4
ADD EDX,EBX
PUSH 0
PUSH EDX
PUSH 0x4B
mov ecx,edi
CALL DoSkillEffect
MOV EAX,DWORD PTR [ESP+0x1C]
POP EDI
POP ESI
POP EBX
//OR BYTE PTR [EAX+0x21],0x??
MOV EAX,1
RETN 0x1C
Destruct:
MOV EDX,DWORD PTR [ESP+0x24]
MOV EDI,DWORD PTR [ESP+0x20]
PUSH EDX
MOV ECX,EDI
CALL DecreaseMP
MOV EAX, DWORD PTR [esi+0x34]
PUSH 0
PUSH 0
PUSH EAX
MOV EAX,DWORD PTR [ESP+0x24]
MOV EBX,DWORD PTR [ESI+0x38]
MOV ECX,DWORD PTR [EAX+0x94]
MOV EDX,DWORD PTR [EAX+0x44]
ADD ECX,EDX
MOV EAX,0xCCCCCCCD
MUL ECX
SHR EDX,4
ADD EDX,EBX
MOV ECX,EDI
PUSH EDX
PUSH 0x4D
CALL DoSkillEffect
MOV EAX,DWORD PTR [ESP+0x1C]
POP EDI
POP ESI
POP EBX
//OR BYTE PTR [EAX+0x21],0x10
MOV EAX,1
RETN 0x1C
}
}
__declspec(dllexport naked) void NewCheckForGrpSkill()// procedure that checks if some of new skills can be casted on grp.
{
__asm
{
add esp, 4
cmp al,76
JE exit1
cmp al,77
JE exit1
cmp al,84
je exit1
cmp al,91
JE exit1
MOV ECX,DWORD PTR [ESP+0x24] //st
MOV AL,BYTE PTR [ECX+0x84E] //st
sub esp,4
retn
exit1:
push 0x0045EBDE
retn
}
}
__declspec(dllexport naked) void NewUseSkillRangeEffect() // casting new grp skills
{
__asm
{
add esp,4
MOV EDX,DWORD PTR [ESP+0x68] //st
MOVSX EAX,BYTE PTR [EDX+0x30] //st
CMP EAX,76
je newgrpskill
CMP EAX,77
je newgrpskill
cmp eax,84
je newgrpskill
CMP EAX,91
je newgrpskill
sub esp,4
retn
newgrpskill:
MOV ECX,DWORD PTR [ESP+0x7C]
MOV EAX,DWORD PTR [ECX+0x21B0]
MOV ECX,DWORD PTR [ESP+0x10]
TEST EAX,EAX
JLE ungrped
CMP EAX,DWORD PTR [ECX+0x21B0]
JNZ exit1
jmp castskill
ungrped:
MOV EDX,DWORD PTR [ESP+0x68] //st
MOVSX EAX,BYTE PTR [EDX+0x30] //st
//cmp eax, 91
//je castskill
cmp ecx,DWORD PTR [ESP+0x7C]
jne exit1
castskill:
MOV EDX,DWORD PTR [ESP+0x68] //st
MOVSX EAX,BYTE PTR [EDX+0x30] //st
CMP EAX,76
je MindsEye
CMP EAX,77
je Stamina
CMP EAX,84
je Warcry
CMP EAX,91
je Mbless
Warcry:
CMP DWORD PTR [ECX+0x43A4],2
je exit2
MOV EDX,DWORD PTR [EBX+0x94]
MOV ESI,DWORD PTR [EBX+0x44]
ADD EDX,ESI
MOV EAX,0xCCCCCCCD
MUL EDX
MOV EAX,DWORD PTR [ESP+0x68]
PUSH 0
SHR EDX,4
MOV EDI,DWORD PTR [EAX+0x38]
PUSH 0
ADD EDX,EDI
PUSH 0
PUSH EDX
PUSH 0x46
CALL DoSkillEffect
//OR BYTE PTR [EBP+0x21],0x20
jmp exit2
MindsEye:
CMP DWORD PTR [ECX+0x43A4],2
je exit2
MOV EDX,DWORD PTR [EBX+0x94]
MOV ESI,DWORD PTR [EBX+0x44]
ADD EDX,ESI
MOV EAX,0xCCCCCCCD
MUL EDX
MOV EAX,DWORD PTR [ESP+0x68]
PUSH 0
SHR EDX,4
MOV EDI,DWORD PTR [EAX+0x38]
PUSH 0
ADD EDX,EDI
PUSH 0
PUSH EDX
PUSH 0x3D
CALL DoSkillEffect
//OR BYTE PTR [EBP+0x21],0x20
jmp exit2
Stamina:
CMP DWORD PTR [ECX+0x43A4],2
je exit2
MOV EDX,DWORD PTR [EBX+0x94]
MOV ESI,DWORD PTR [EBX+0x44]
ADD EDX,ESI
MOV EAX,0xCCCCCCCD
MUL EDX
MOV EAX,DWORD PTR [ESP+0x68]
PUSH 0
SHR EDX,4
MOV EDI,DWORD PTR [EAX+0x38]
PUSH 0
ADD EDX,EDI
PUSH 0
PUSH EDX
PUSH 0x3E
CALL DoSkillEffect
//OR BYTE PTR [EBP+0x21],0x40
jmp exit2
Mbless:
CMP DWORD PTR [ECX+0x43A4],2
je exit2
MOV EDX,DWORD PTR [EBX+0x94]
MOV ESI,DWORD PTR [EBX+0x44]
ADD EDX,ESI
MOV EAX,0xCCCCCCCD
MUL EDX
MOV EAX,DWORD PTR [ESP+0x68]
PUSH 0
SHR EDX,4
MOV EDI,DWORD PTR [EAX+0x38]
PUSH 0
ADD EDX,EDI
PUSH 0
PUSH EDX
PUSH 0x4C
CALL DoSkillEffect
//OR BYTE PTR [EBP+0x21],0x40
jmp exit2
exit1:
push 0x0045430F
retn
exit2:
push 0x00454254
retn
}
}
__declspec(dllexport naked) void NewDoSkillEffect()// further processing of new skills casting
{
__asm
{
ja finduser //st
retn
finduser:
add esp, 4
push eax
push ecx
push edx
xor ebx,ebx
mov eax, dword ptr [ecx+0x4504]
add eax, 0x31DC
lea edx, dword ptr [ecx+0x37D8]
mov ecx, eax
push edx
call FindUser
test eax,eax
je exit1
mov edx, dword ptr [SkillsMemAddr]
mov ecx, dword ptr [esp+4]
finduserid:
cmp dword ptr [edx], ecx
je checknewskill
add ebx,96
add edx,96
cmp ebx,48000
ja exit1
jmp finduserid
checknewskill:
CMP ESI,0x3C
je Master
CMP ESI,0x3D
je MindsEye
CMP ESI,0x3E
je Stamina
CMP ESI,0x40
je Egg
CMP ESI,0x3F
je Walker
CMP ESI,0x43
je Camuf
CMP ESI,0x44
je Fshield
CMP ESI,0x45
je Focus
CMP ESI,0x46
je Warcry
CMP ESI,0x47
je Despair
CMP ESI,0x48
je Dskin
CMP ESI,0x49
je Bullseye
CMP ESI,0x4A
je Quick
CMP ESI,0x4B
je Gshield
CMP ESI,0x4C
je Mbless
CMP ESI,0x4D
je Destruct
jmp exit1
Master:
OR EDI,0xFFFFFFFF
mov byte ptr [edx+4], 1
or byte ptr [eax+0x10], 1
MOV EAX,DWORD PTR [ESP+0x2C+0xC]
LEA EAX,DWORD PTR [EAX+EAX*4]
xor ebx,ebx
LEA EAX,DWORD PTR [EAX+EAX*4]
LEA ECX,DWORD PTR [EAX+EAX*4]
SHL ECX,3
MOV DWORD PTR [edx+0x20],ECX
pop edx
pop ecx
pop eax
MOV ECX,EBP
CALL GetMinSETimer
MOV DWORD PTR [EBP+0x4320],EAX
jmp exit2
MindsEye:
OR EDI,0xFFFFFFFF
mov byte ptr [edx+5], 1
or byte ptr [eax+0x10], 2
MOV EAX,DWORD PTR [ESP+0x2C+0xC]
LEA EAX,DWORD PTR [EAX+EAX*4]
xor ebx,ebx
LEA EAX,DWORD PTR [EAX+EAX*4]
LEA ECX,DWORD PTR [EAX+EAX*4]
SHL ECX,3
MOV DWORD PTR [edx+0x24],ECX
pop edx
pop ecx
pop eax
MOV ECX,EBP
CALL GetMinSETimer
MOV DWORD PTR [EBP+0x4320],EAX
jmp exit2
Stamina:
OR EDI,0xFFFFFFFF
mov byte ptr [edx+6], 1
or byte ptr [eax+0x10], 4
MOV EAX,DWORD PTR [ESP+0x2C+0xC]
LEA EAX,DWORD PTR [EAX+EAX*4]
xor ebx,ebx
LEA EAX,DWORD PTR [EAX+EAX*4]
LEA ECX,DWORD PTR [EAX+EAX*4]
SHL ECX,3
MOV DWORD PTR [edx+0x28],ECX
pop edx
pop ecx
pop eax
MOV ECX,EBP
CALL GetMinSETimer
MOV DWORD PTR [EBP+0x4320],EAX
jmp exit2
Egg:
OR EDI,0xFFFFFFFF
mov byte ptr [edx+7], 1
or byte ptr [eax+0x10], 8
MOV EAX,DWORD PTR [ESP+0x2C+0xC]
LEA EAX,DWORD PTR [EAX+EAX*4]
xor ebx,ebx
LEA EAX,DWORD PTR [EAX+EAX*4]
LEA ECX,DWORD PTR [EAX+EAX*4]
SHL ECX,3
MOV DWORD PTR [edx+0x2C],ECX
pop edx
pop ecx
pop eax
MOV ECX,EBP
CALL GetMinSETimer
MOV DWORD PTR [EBP+0x4320],EAX
jmp exit2
Walker:
OR EDI,0xFFFFFFFF
mov byte ptr [edx+8], 1
or byte ptr [eax+0x10], 0x10
MOV EAX,DWORD PTR [ESP+0x2C+0xC]
LEA EAX,DWORD PTR [EAX+EAX*4]
xor ebx,ebx
LEA EAX,DWORD PTR [EAX+EAX*4]
LEA ECX,DWORD PTR [EAX+EAX*4]
SHL ECX,3
MOV DWORD PTR [edx+0x30],ECX
pop edx
pop ecx
pop eax
MOV ECX,EBP
CALL GetMinSETimer
MOV DWORD PTR [EBP+0x4320],EAX
jmp exit2
Camuf:
OR EDI,0xFFFFFFFF
mov byte ptr [edx+9], 1
or byte ptr [eax+0x10], 0x20
MOV EAX,DWORD PTR [ESP+0x2C+0xC]
LEA EAX,DWORD PTR [EAX+EAX*4]
xor ebx,ebx
LEA EAX,DWORD PTR [EAX+EAX*4]
LEA ECX,DWORD PTR [EAX+EAX*4]
SHL ECX,3
MOV DWORD PTR [edx+0x34],ECX
pop edx
pop ecx
pop eax
MOV ECX,EBP
CALL GetMinSETimer
MOV DWORD PTR [EBP+0x4320],EAX
jmp exit2
Fshield:
OR EDI,0xFFFFFFFF
mov byte ptr [edx+0xA], 1
or byte ptr [eax+0x10], 0x40
MOV EAX,DWORD PTR [ESP+0x2C+0xC]
LEA EAX,DWORD PTR [EAX+EAX*4]
xor ebx,ebx
LEA EAX,DWORD PTR [EAX+EAX*4]
LEA ECX,DWORD PTR [EAX+EAX*4]
SHL ECX,3
MOV DWORD PTR [edx+0x38],ECX
pop edx
pop ecx
pop eax
MOV ECX,EBP
CALL GetMinSETimer
MOV DWORD PTR [EBP+0x4320],EAX
jmp exit2
Focus:
OR EDI,0xFFFFFFFF
mov byte ptr [edx+0xB], 1
or byte ptr [eax+0x10], 0x80
push eax
push ecx
push edx
call InitEquipment
pop edx
pop ecx
pop eax
MOV EAX,DWORD PTR [ESP+0x2C+0xC]
LEA EAX,DWORD PTR [EAX+EAX*4]
xor ebx,ebx
LEA EAX,DWORD PTR [EAX+EAX*4]
LEA ECX,DWORD PTR [EAX+EAX*4]
SHL ECX,3
MOV DWORD PTR [edx+0x3C],ECX
pop edx
pop ecx
pop eax
MOV ECX,EBP
CALL GetMinSETimer
MOV DWORD PTR [EBP+0x4320],EAX
jmp exit2
Warcry:
OR EDI,0xFFFFFFFF
mov byte ptr [edx+0xC], 1
or byte ptr [eax+0x11], 0x1
MOV EAX,DWORD PTR [ESP+0x2C+0xC]
LEA EAX,DWORD PTR [EAX+EAX*4]
xor ebx,ebx
LEA EAX,DWORD PTR [EAX+EAX*4]
LEA ECX,DWORD PTR [EAX+EAX*4]
SHL ECX,3
MOV DWORD PTR [edx+0x40],ECX
pop edx
pop ecx
pop eax
MOV ECX,EBP
CALL GetMinSETimer
MOV DWORD PTR [EBP+0x4320],EAX
jmp exit2
Despair:
OR EDI,0xFFFFFFFF
mov byte ptr [edx+0xD], 1
or byte ptr [eax+0x11], 0x2
MOV EAX,DWORD PTR [ESP+0x2C+0xC]
LEA EAX,DWORD PTR [EAX+EAX*4]
xor ebx,ebx
LEA EAX,DWORD PTR [EAX+EAX*4]
LEA ECX,DWORD PTR [EAX+EAX*4]
SHL ECX,3
MOV DWORD PTR [edx+0x44],ECX
pop edx
pop ecx
pop eax
MOV ECX,EBP
CALL GetMinSETimer
MOV DWORD PTR [EBP+0x4320],EAX
jmp exit2
Dskin:
OR EDI,0xFFFFFFFF
mov byte ptr [edx+0xE], 1
or byte ptr [eax+0x11], 0x4
push eax
push ecx
push edx
call SendSPInfo
pop edx
pop ecx
pop eax
MOV EAX,DWORD PTR [ESP+0x2C+0xC]
LEA EAX,DWORD PTR [EAX+EAX*4]
xor ebx,ebx
LEA EAX,DWORD PTR [EAX+EAX*4]
LEA ECX,DWORD PTR [EAX+EAX*4]
SHL ECX,3
MOV DWORD PTR [edx+0x48],ECX
pop edx
pop ecx
pop eax
MOV ECX,EBP
CALL GetMinSETimer
MOV DWORD PTR [EBP+0x4320],EAX
jmp exit2
Bullseye:
OR EDI,0xFFFFFFFF
mov byte ptr [edx+0xF], 1
or byte ptr [eax+0x11], 0x8
push eax
push ecx
push edx
call InitAttackMinPercent //set bullseye
pop edx
pop ecx
pop eax
MOV EAX,DWORD PTR [ESP+0x2C+0xC]
LEA EAX,DWORD PTR [EAX+EAX*4]
xor ebx,ebx
LEA EAX,DWORD PTR [EAX+EAX*4]
LEA ECX,DWORD PTR [EAX+EAX*4]
SHL ECX,3
MOV DWORD PTR [edx+0x4C],ECX
pop edx
pop ecx
pop eax
MOV ECX,EBP
CALL GetMinSETimer
MOV DWORD PTR [EBP+0x4320],EAX
jmp exit2
Quick:
OR EDI,0xFFFFFFFF
mov byte ptr [edx+0x10], 1
or byte ptr [eax+0x11], 0x10
MOV EAX,DWORD PTR [ESP+0x2C+0xC]
LEA EAX,DWORD PTR [EAX+EAX*4]
xor ebx,ebx
LEA EAX,DWORD PTR [EAX+EAX*4]
LEA ECX,DWORD PTR [EAX+EAX*4]
SHL ECX,3
MOV DWORD PTR [edx+0x50],ECX
pop edx
pop ecx
pop eax
MOV ECX,EBP
CALL GetMinSETimer
MOV DWORD PTR [EBP+0x4320],EAX
jmp exit2
Gshield:
OR EDI,0xFFFFFFFF
mov byte ptr [edx+0x11], 1
or byte ptr [eax+0x11], 0x20
push eax
push ecx
push edx
call InitEquipment
pop edx
pop ecx
pop eax
MOV EAX,DWORD PTR [ESP+0x2C+0xC]
LEA EAX,DWORD PTR [EAX+EAX*4]
xor ebx,ebx
LEA EAX,DWORD PTR [EAX+EAX*4]
LEA ECX,DWORD PTR [EAX+EAX*4]
SHL ECX,3
MOV DWORD PTR [edx+0x54],ECX
pop edx
pop ecx
pop eax
MOV ECX,EBP
CALL GetMinSETimer
MOV DWORD PTR [EBP+0x4320],EAX
jmp exit2
Mbless:
OR EDI,0xFFFFFFFF
mov byte ptr [edx+0x12], 1
or byte ptr [eax+0x11], 0x40
push eax
push ecx
push edx
push 2000
call IncreaseSP
mov ecx, dword ptr [esp+4]
mov eax, dword ptr [ecx+0x42E4]
mov dword ptr [ecx+0x3F80], eax
call SendDPInfo
pop edx
pop ecx
pop eax
MOV EAX,DWORD PTR [ESP+0x2C+0xC]
LEA EAX,DWORD PTR [EAX+EAX*4]
xor ebx,ebx
LEA EAX,DWORD PTR [EAX+EAX*4]
LEA ECX,DWORD PTR [EAX+EAX*4]
SHL ECX,3
MOV DWORD PTR [edx+0x58],ECX
pop edx
pop ecx
pop eax
MOV ECX,EBP
CALL GetMinSETimer
MOV DWORD PTR [EBP+0x4320],EAX
jmp exit2
Destruct:
OR EDI,0xFFFFFFFF
mov byte ptr [edx+0x13], 1
or byte ptr [eax+0x11], 0x80
MOV EAX,DWORD PTR [ESP+0x2C+0xC]
LEA EAX,DWORD PTR [EAX+EAX*4]
xor ebx,ebx
LEA EAX,DWORD PTR [EAX+EAX*4]
LEA ECX,DWORD PTR [EAX+EAX*4]
SHL ECX,3
MOV DWORD PTR [edx+0x5C],ECX
pop edx
pop ecx
pop eax
MOV ECX,EBP
CALL GetMinSETimer
MOV DWORD PTR [EBP+0x4320],EAX
jmp exit2
exit1:
pop edx
pop ecx
pop eax
push 0x0042B5D3
retn
exit2:
push 0x0042CA24
retn
}
}
__declspec(dllexport naked) void NewGetMinSETimer() // getting new skills timers, used in many places, normally to disable new skill when its time ran out.
{
__asm
{
add esp,4
inc esi //st
CMP ESI,0x3C //st
JL exit1 //st
mov esi,0
push ebx
push edi
xor edi,edi
mov ebx, dword ptr [SkillsMemAddr]
finduserid:
cmp dword ptr [ebx], ecx
je timercheck
add ebx,96
add edi,96
cmp edi,48000
ja exit2
jmp finduserid
timercheck:
mov edx, dword ptr [ebx + esi*4 + 0x20]
test edx,edx
je nexttimer
test eax,eax
je setnewtimer
cmp eax,edx
jbe nexttimer
setnewtimer:
mov eax,edx
nexttimer:
inc esi
cmp esi, 16
jb timercheck
exit2:
pop edi
pop ebx
push 0x0042D91C
retn
exit1:
push 0x0042D8E5
retn
}
}
__declspec (dllexport naked) void NewOnSkillExpired()//disable new skills when their timers ran out
{
__asm
{
add esp,4
push ebx
xor eax,eax
mov ebx, dword ptr [SkillsMemAddr]
finduserid:
cmp dword ptr [ebx], esi
je mastercheck
add ebx,96
add eax,96
cmp eax,48000
ja exit
jmp finduserid
mastercheck:
cmp byte ptr [ebx+4], 1
jne mindseyecheck
mov eax, dword ptr [ebx+0x20]
cmp eax,edi
jbe disablemaster
sub eax,edi
mov dword ptr [ebx+0x20],eax
jmp mindseyecheck
disablemaster:
push 1
push 1
push 0x3C
mov ecx,esi
call OnSkillEffectExpired
mindseyecheck:
cmp byte ptr [ebx+5], 1
jne staminacheck
mov eax, dword ptr [ebx+0x24]
cmp eax,edi
jbe disablemindseye
sub eax,edi
mov dword ptr [ebx+0x24],eax
jmp staminacheck
disablemindseye:
push 1
push 1
push 0x3D
mov ecx,esi
call OnSkillEffectExpired
staminacheck:
cmp byte ptr [ebx+6], 1
jne eggcheck
mov eax, dword ptr [ebx+0x28]
cmp eax,edi
jbe disablestamina
sub eax,edi
mov dword ptr [ebx+0x28],eax
jmp eggcheck
disablestamina:
push 1
push 1
push 0x3E
mov ecx,esi
call OnSkillEffectExpired
eggcheck:
cmp byte ptr [ebx+7], 1
jne walkercheck
mov eax, dword ptr [ebx+0x2C]
cmp eax,edi
jbe disableegg
sub eax,edi
mov dword ptr [ebx+0x2C],eax
jmp walkercheck
disableegg:
push 1
push 1
push 0x40
mov ecx,esi
call OnSkillEffectExpired
walkercheck:
cmp byte ptr [ebx+8], 1
jne camufcheck
mov eax, dword ptr [ebx+0x30]
cmp eax,edi
jbe disablewalker
sub eax,edi
mov dword ptr [ebx+0x30],eax
jmp camufcheck
disablewalker:
push 1
push 1
push 0x3F
mov ecx,esi
call OnSkillEffectExpired
camufcheck:
cmp byte ptr [ebx+9], 1
jne fshieldcheck
mov eax, dword ptr [ebx+0x34]
cmp eax,edi
jbe disablecamuf
sub eax,edi
mov dword ptr [ebx+0x34],eax
jmp fshieldcheck
disablecamuf:
push 1
push 1
push 0x43
mov ecx,esi
call OnSkillEffectExpired
fshieldcheck:
cmp byte ptr [ebx+0xA], 1
jne focuscheck
mov eax, dword ptr [ebx+0x38]
cmp eax,edi
jbe disablefshield
sub eax,edi
mov dword ptr [ebx+0x38],eax
jmp focuscheck
disablefshield:
push 1
push 1
push 0x44
mov ecx,esi
call OnSkillEffectExpired
focuscheck:
cmp byte ptr [ebx+0xB], 1
jne warcrycheck
mov eax, dword ptr [ebx+0x3C]
cmp eax,edi
jbe disablefocus
sub eax,edi
mov dword ptr [ebx+0x3C],eax
jmp warcrycheck
disablefocus:
push 1
push 1
push 0x45
mov ecx,esi
call OnSkillEffectExpired
warcrycheck:
cmp byte ptr [ebx+0xC], 1
jne despaircheck
mov eax, dword ptr [ebx+0x40]
cmp eax,edi
jbe disablewarcry
sub eax,edi
mov dword ptr [ebx+0x40],eax
jmp despaircheck
disablewarcry:
push 1
push 1
push 0x46
mov ecx,esi
call OnSkillEffectExpired
despaircheck:
cmp byte ptr [ebx+0xD], 1
jne dskincheck
mov eax, dword ptr [ebx+0x44]
cmp eax,edi
jbe disabledespair
sub eax,edi
mov dword ptr [ebx+0x44],eax
jmp dskincheck
disabledespair:
push 1
push 1
push 0x47
mov ecx,esi
call OnSkillEffectExpired
dskincheck:
cmp byte ptr [ebx+0xE], 1
jne bullseyecheck
mov eax, dword ptr [ebx+0x48]
cmp eax,edi
jbe disabledskin
sub eax,edi
mov dword ptr [ebx+0x48],eax
jmp bullseyecheck
disabledskin:
push 1
push 1
push 0x48
mov ecx,esi
call OnSkillEffectExpired
bullseyecheck:
cmp byte ptr [ebx+0xF], 1
jne quickcheck
mov eax, dword ptr [ebx+0x4C]
cmp eax,edi
jbe disablebullseye
sub eax,edi
mov dword ptr [ebx+0x4C],eax
jmp quickcheck
disablebullseye:
push 1
push 1
push 0x49
mov ecx,esi
call OnSkillEffectExpired
quickcheck:
cmp byte ptr [ebx+0x10], 1
jne gshieldcheck
mov eax, dword ptr [ebx+0x50]
cmp eax,edi
jbe disablequick
sub eax,edi
mov dword ptr [ebx+0x50],eax
jmp gshieldcheck
disablequick:
push 1
push 1
push 0x4A
mov ecx,esi
call OnSkillEffectExpired
gshieldcheck:
cmp byte ptr [ebx+0x11], 1
jne mblesscheck
mov eax, dword ptr [ebx+0x54]
cmp eax,edi
jbe disablegshield
sub eax,edi
mov dword ptr [ebx+0x54],eax
jmp mblesscheck
disablegshield:
push 1
push 1
push 0x4B
mov ecx,esi
call OnSkillEffectExpired
mblesscheck:
cmp byte ptr [ebx+0x12], 1
jne destructcheck
mov eax, dword ptr [ebx+0x58]
cmp eax,edi
jbe disablembless
sub eax,edi
mov dword ptr [ebx+0x58],eax
jmp destructcheck
disablembless:
push 1
push 1
push 0x4C
mov ecx,esi
call OnSkillEffectExpired
destructcheck:
cmp byte ptr [ebx+0x13], 1
jne exit
mov eax, dword ptr [ebx+0x5C]
cmp eax,edi
jbe disabledestruct
sub eax,edi
mov dword ptr [ebx+0x5C],eax
jmp exit
disabledestruct:
push 1
push 1
push 0x4D
mov ecx,esi
call OnSkillEffectExpired
exit:
pop ebx
MOV ECX,ESI //st
MOV DWORD PTR [ESI+0x4324],0 //st
push 0x0042E43C
retn
}
}
__declspec (dllexport naked) void NewOnGoodSkillExpired()//disables new skills when character dies or get dispelled
{
__asm
{
add esp, 4
push 0
push 0
push 0x3C
mov ecx,ebx
call OnSkillEffectExpired
push 0
push 0
push 0x3D
mov ecx,ebx
call OnSkillEffectExpired
push 0
push 0
push 0x3E
mov ecx,ebx
call OnSkillEffectExpired
push 0
push 0
push 0x40
mov ecx,ebx
call OnSkillEffectExpired
push 0
push 0
push 0x3F
mov ecx,ebx
call OnSkillEffectExpired
push 0
push 0
push 0x43
mov ecx,ebx
call OnSkillEffectExpired
push 0
push 0
push 0x44
mov ecx,ebx
call OnSkillEffectExpired
push 0
push 0
push 0x45
mov ecx,ebx
call OnSkillEffectExpired
push 0
push 0
push 0x46
mov ecx,ebx
call OnSkillEffectExpired
push 0
push 0
push 0x47
mov ecx,ebx
call OnSkillEffectExpired
push 0
push 0
push 0x48
mov ecx,ebx
call OnSkillEffectExpired
push 0
push 0
push 0x49
mov ecx,ebx
call OnSkillEffectExpired
push 0
push 0
push 0x4A
mov ecx,ebx
call OnSkillEffectExpired
push 0
push 0
push 0x4B
mov ecx,ebx
call OnSkillEffectExpired
push 0
push 0
push 0x4C
mov ecx,ebx
call OnSkillEffectExpired
push 0
push 0
push 0x4D
mov ecx,ebx
call OnSkillEffectExpired
MOV EAX,DWORD PTR [ESP+0x14] //st
TEST EAX,EAX //st
push 0x0042EA30
retn
}
}
__declspec (dllexport naked) void NewOnSkillEffectExpired()//further processing of new skills disabling
{
__asm
{
ja disablenewskill //st
retn
disablenewskill:
add esp, 4
push eax
push ecx
push edx
mov ecx, dword ptr [esi+0x4504]
add ecx, 0x31DC
lea eax, dword ptr [esi+0x37D8]
push eax
call FindUser
test eax,eax
je exit1
xor ecx,ecx
mov edx, dword ptr [SkillsMemAddr]
finduserid:
cmp dword ptr [edx], esi
je checknewskill
add edx,96
add ecx,96
cmp ecx,48000
ja exit1
jmp finduserid
checknewskill:
cmp edi, 0x3C
je master
cmp edi, 0x3D
je mindseye
cmp edi, 0x3E
je stamina
cmp edi, 0x40
je egg
cmp edi, 0x3F
je walker
cmp edi, 0x43
je camuf
cmp edi, 0x44
je fshield
cmp edi, 0x45
je focus
cmp edi, 0x46
je warcry
cmp edi, 0x47
je despair
cmp edi, 0x48
je dskin
cmp edi, 0x49
je bullseye
cmp edi, 0x4A
je quick
cmp edi, 0x4B
je gshield
cmp edi, 0x4C
je mbless
cmp edi, 0x4D
je destruct
jmp exit1
master:
mov byte ptr [edx+4],0
//and byte PTR [Esi+0x402B],0xEF
mov dword ptr [edx+0x20],0
and byte ptr [eax + 0x10],0xFE
jmp exit2
mindseye:
mov byte ptr [edx+5],0
//and byte PTR [Esi+0x402B],0xDF
mov dword ptr [edx+0x24],0
and byte ptr [eax + 0x10],0xFD
jmp exit2
stamina:
mov byte ptr [edx+6],0
//and byte PTR [Esi+0x402B],0xBF
mov dword ptr [edx+0x28],0
and byte ptr [eax + 0x10],0xFB
jmp exit2
egg:
mov byte ptr [edx+7],0
//and byte PTR [Esi+0x402C],0xFE
mov dword ptr [edx+0x2C],0
and byte ptr [eax + 0x10],0xF7
jmp exit2
walker:
mov byte ptr [edx+8],0
//and byte PTR [Esi+0x402B],0x7F
mov dword ptr [edx+0x30],0
and byte ptr [eax + 0x10],0xEF
jmp exit2
camuf:
mov byte ptr [edx+9],0
//and byte PTR [Esi+0x402B],0x7F
mov dword ptr [edx+0x34],0
and byte ptr [eax + 0x10],0xDF
jmp exit2
fshield:
mov byte ptr [edx+0xA],0
//and byte PTR [Esi+0x402B],0x7F
mov dword ptr [edx+0x38],0
and byte ptr [eax + 0x10],0xBF
jmp exit2
focus:
mov byte ptr [edx+0xB],0
//and byte PTR [Esi+0x402B],0x7F
mov dword ptr [edx+0x3C],0
and byte ptr [eax + 0x10],0x7F
push eax
push ecx
push edx
mov ecx, esi
call InitEquipment
pop edx
pop ecx
pop eax
jmp exit2
warcry:
mov byte ptr [edx+0xC],0
//and byte PTR [Esi+0x402B],0x7F
mov dword ptr [edx+0x40],0
and byte ptr [eax + 0x11],0xFE
jmp exit2
despair:
mov byte ptr [edx+0xD],0
//and byte PTR [Esi+0x402B],0x7F
mov dword ptr [edx+0x44],0
and byte ptr [eax + 0x11],0xFD
jmp exit2
dskin:
mov byte ptr [edx+0xE],0
//and byte PTR [Esi+0x402B],0x7F
mov dword ptr [edx+0x48],0
and byte ptr [eax + 0x11],0xFB
push eax
push ecx
push edx
mov ecx,esi
call SendSPInfo
pop edx
pop ecx
pop eax
jmp exit2
bullseye:
mov byte ptr [edx+0xF],0
//and byte PTR [Esi+0x402B],0x7F
mov dword ptr [edx+0x4C],0
and byte ptr [eax + 0x11],0xF7
push eax
push ecx
push edx
mov ecx, esi
call InitAttackMinPercent //set bullseye
pop edx
pop ecx
pop eax
jmp exit2
quick:
mov byte ptr [edx+0x10],0
//and byte PTR [Esi+0x402B],0x7F
mov dword ptr [edx+0x50],0
and byte ptr [eax + 0x11],0xEF
jmp exit2
gshield:
mov byte ptr [edx+0x11],0
//and byte PTR [Esi+0x402B],0x7F
mov dword ptr [edx+0x54],0
and byte ptr [eax + 0x11],0xDF
push eax
push ecx
push edx
mov ecx, esi
call InitEquipment
pop edx
pop ecx
pop eax
jmp exit2
mbless:
mov byte ptr [edx+0x12],0
//and byte PTR [Esi+0x402B],0x7F
mov dword ptr [edx+0x58],0
and byte ptr [eax + 0x11],0xBF
jmp exit2
destruct:
mov byte ptr [edx+0x13],0
//and byte PTR [Esi+0x402B],0x7F
mov dword ptr [edx+0x5C],0
and byte ptr [eax + 0x11],0x7F
jmp exit2
exit1:
pop edx
pop ecx
pop eax
push 0x0042D4AA
retn
exit2:
pop edx
pop ecx
pop eax
push 0x0042D466
retn
}
}
__declspec (dllexport naked) void NewSendUseSkill()// sends status update to client when new skill is casted or expired
{
__asm
{
pushad
xor edi,edi
checkuser:
mov ecx, dword ptr [esp+0x34]
lea eax, dword ptr [ebx+1]
push eax
call FindUser
test eax,eax
je checknextchar
mov eax, dword ptr [eax + 0x30]
mov edx, dword ptr [SkillsMemAddr]
xor ecx,ecx
finduserid:
cmp dword ptr [edx], eax
je checknewskill
add edx,96
add ecx,96
cmp ecx,48000
ja checknextchar
jmp finduserid
checknewskill:
cmp byte ptr [edx+4],1
jne disablemaster
or byte ptr [ebx+0x10], 1
jmp checkmindseye
disablemaster:
and byte ptr [ebx + 0x10],0xFE
checkmindseye:
cmp byte ptr [edx+5],1
jne disablemindseye
or byte ptr [ebx+0x10], 2
jmp checkstamina
disablemindseye:
and byte ptr [ebx + 0x10],0xFD
checkstamina:
cmp byte ptr [edx+6],1
jne disablestamina
or byte ptr [ebx+0x10], 4
jmp checkegg
disablestamina:
and byte ptr [ebx + 0x10],0xFB
checkegg:
cmp byte ptr [edx+7],1
jne disableegg
or byte ptr [ebx+0x10], 8
jmp checkwalker
disableegg:
and byte ptr [ebx + 0x10],0xF7
checkwalker:
cmp byte ptr [edx+8],1
jne disablewalker
or byte ptr [ebx+0x10], 0x10
jmp checkcamuf
disablewalker:
and byte ptr [ebx + 0x10],0xEF
checkcamuf:
cmp byte ptr [edx+9],1
jne disablecamuf
or byte ptr [ebx+0x10], 0x20
jmp checkfshield
disablecamuf:
and byte ptr [ebx + 0x10],0xDF
checkfshield:
cmp byte ptr [edx+0xA],1
jne disablefshield
or byte ptr [ebx+0x10], 0x40
jmp checkfocus
disablefshield:
and byte ptr [ebx + 0x10],0xBF
checkfocus:
cmp byte ptr [edx+0xB],1
jne disablefocus
or byte ptr [ebx+0x10], 0x80
jmp checkwarcry
disablefocus:
and byte ptr [ebx + 0x10],0x7F
checkwarcry:
cmp byte ptr [edx+0xC],1
jne disablewarcry
or byte ptr [ebx+0x11], 0x1
jmp checkdespair
disablewarcry:
and byte ptr [ebx + 0x11],0xFE
checkdespair:
cmp byte ptr [edx+0xD],1
jne disabledespair
or byte ptr [ebx+0x11], 0x2
jmp checkdskin
disabledespair:
and byte ptr [ebx + 0x11],0xFD
checkdskin:
cmp byte ptr [edx+0xE],1
jne disabledskin
or byte ptr [ebx+0x11], 0x4
jmp checkbullseye
disabledskin:
and byte ptr [ebx + 0x11],0xFB
checkbullseye:
cmp byte ptr [edx+0xF],1
jne disablebullseye
or byte ptr [ebx+0x11], 0x8
jmp checkquick
disablebullseye:
and byte ptr [ebx + 0x11],0xF7
checkquick:
cmp byte ptr [edx+0x10],1
jne disablequick
or byte ptr [ebx+0x11], 0x10
jmp checkgshield
disablequick:
and byte ptr [ebx + 0x11],0xEF
checkgshield:
cmp byte ptr [edx+0x11],1
jne disablegshield
or byte ptr [ebx+0x11], 0x20
jmp checkmbless
disablegshield:
and byte ptr [ebx + 0x11],0xDF
checkmbless:
cmp byte ptr [edx+0x12],1
jne disablembless
or byte ptr [ebx+0x11], 0x40
jmp checkdestruct
disablembless:
and byte ptr [ebx + 0x11],0xBF
checkdestruct:
cmp byte ptr [edx+0x13],1
jne disabledestruct
or byte ptr [ebx+0x11], 0x80
jmp checknextchar
disabledestruct:
and byte ptr [ebx + 0x11],0x7F
checknextchar:
test edi,edi
jne skipcheck
xor esi,esi
mov esi, dword ptr [ebx+0x30]
and esi,0xFF
skipcheck:
test esi,esi
je exit1
test edi,edi
je firstextrauser
dec esi
add ebx,0x2F
inc edi
jmp checkuser
firstextrauser:
dec esi
add ebx,0x31
inc edi
jmp checkuser
exit1:
popad
pop eax
PUSH 0x0FD //st
push eax
cmp eax, 0x0043D7C4
jne secondreturn
MOV EAX,DWORD PTR [ECX] //st
retn
secondreturn:
MOV EDX,DWORD PTR [ECX] //st
retn
}
}
__declspec (dllexport naked) void NewMasterEffect()// accuracy increasing/decreasing effects of master, lavita's invisibility, camouflage, moon blessing and holy shield
{
__asm
{
push eax
mov eax, dword ptr [esp+0x38]
test byte ptr [eax+0x10], 1
je checkmbless
add edi, 50
cmp edi, 100
jbe checkmbless
mov edi,100
checkmbless:
test byte ptr [eax+0x11], 0x40
je checkinvis
add edi, 30
cmp edi, 100
jbe checkinvis
mov edi,100
checkinvis:
test byte ptr [eax+0x1D], 4
je checkhshield
cmp edi, 90
jbe checkhshield
mov edi,90
checkhshield:
mov eax, dword ptr [esp+0x3C]
test byte ptr [eax+0x1F], 0x10
je checkcamuf
shr edi, 2
lea edi, dword ptr [edi+edi*2]
checkcamuf:
test byte ptr [eax+0x10], 0x20
je exit1
shr edi, 2
lea edi, dword ptr [edi*2]
exit1:
pop eax
MOV ECX,0x64 //st
IDIV ECX //st
retn
}
}
__declspec (dllexport naked) void NewEggEffect()//super egg effect
{
__asm
{
push ebx
mov ebx, dword ptr [SkillsMemAddr]
finduserid:
cmp dword ptr [ebx], ecx
je useridfound
add ebx,96
push ebx
sub ebx, dword ptr [SkillsMemAddr]
cmp ebx, 48000
pop ebx
ja exit1
jmp finduserid
useridfound:
cmp byte ptr [ebx+7], 1
je eggfound
exit1:
pop ebx
MOV DX,WORD PTR [ECX+0x4024] //st
retn
eggfound:
pop ebx
add esp,4
cmp dword ptr [esp-4], 0x004102A9
je PVMegg
CMP EDI,0x989680
ja secondformula
MOV EDX,25
push 0x00410183
retn
secondformula:
MOV EAX,0x51EB851F
MUL EDI
MOV EDI,25
push 0x004101A1
retn
PVMegg:
CMP ESI,0x989680
ja secondformula2
MOV EDX,25
push 0x004102D4
retn
secondformula2:
MOV EAX,0x51EB851F
MUL ESI
MOV ESI,25
push 0x004102F2
retn
}
}
__declspec (dllexport naked) void NewStaminaEffect()// unlimited stamina effect
{
__asm
{
push ebx
mov ebx, dword ptr [SkillsMemAddr]
finduserid:
cmp dword ptr [ebx], esi
je useridfound
add ebx,96
push ebx
sub ebx, dword ptr [SkillsMemAddr]
cmp ebx, 48000
pop ebx
ja exit1
jmp finduserid
useridfound:
cmp byte ptr [ebx+6],1
jne exit1
pop ebx
add esp,4
push 0x0043DC35
retn
exit1:
pop ebx
TEST BYTE PTR [ESI+0x402E],0x0C0 //st
retn
}
}
__declspec (dllexport naked) void NewBullseyeEffect()// bulls eye effect 1: makes canon always do 100% damage
{
__asm
{
MOV EDX,DWORD PTR [ECX+0x42EC] //st
mov ebx, dword ptr [SkillsMemAddr]
finduserid:
cmp dword ptr [ebx], ecx
je useridfound
add ebx,96
push ebx
sub ebx, dword ptr [SkillsMemAddr]
cmp ebx, 48000
pop ebx
ja exit1
jmp finduserid
useridfound:
cmp byte ptr [ebx+0xF], 1
jne exit1
cmp edx, 100
jae exit1
mov edx, 100
MOV DWORD PTR [ECX+0x42EC],EDX
exit1:
retn
}
}
__declspec (dllexport naked) void NewSaveToDB()//saving new skills to DB after character logs out from map
{
__asm
{
jl exit1 //st
push esi
mov eax, dword ptr [SkillsMemAddr]
test eax,eax
je exit2
mov esi, dword ptr [esp+0x0C]
finduserid:
cmp dword ptr [eax], esi
je useridfound
add eax,96
push eax
sub eax, dword ptr [SkillsMemAddr]
cmp eax, 48000
pop eax
ja exit2
jmp finduserid
useridfound:
cmp ebx, 0x3C
je master
cmp ebx, 0x3D
je mindseye
cmp ebx, 0x3E
je stamina
cmp ebx, 0x40
je egg
cmp ebx, 0x3F
je walker
cmp ebx, 0x41
je camuf
cmp ebx, 0x44
je fshield
cmp ebx, 0x45
je focus
cmp ebx, 0x46
je warcry
cmp ebx, 0x47
je despair
cmp ebx, 0x48
je dskin
cmp ebx, 0x49
je bullseye
cmp ebx, 0x4A
je quick
cmp ebx, 0x4B
je gshield
cmp ebx, 0x4C
je mbless
cmp ebx, 0x4D
je destruct
jmp exit2
master:
cmp byte ptr [eax+4], 1
jne exit3
MOV edx, DWORD PTR [eax+0x20]
mov ebx, 0x3C
jmp exit4
mindseye:
cmp byte ptr [eax+5], 1
jne exit3
MOV edx, DWORD PTR [eax+0x24]
mov ebx, 0x3D
jmp exit4
stamina:
cmp byte ptr [eax+6], 1
jne exit3
MOV edx, DWORD PTR [eax+0x28]
mov ebx, 0x3E
jmp exit4
egg:
cmp byte ptr [eax+7], 1
jne exit3
MOV edx, DWORD PTR [eax+0x2C]
mov ebx, 0x40
jmp exit4
walker:
cmp byte ptr [eax+8], 1
jne exit3
MOV edx, DWORD PTR [eax+0x30]
mov ebx, 0x3F
jmp exit4
camuf:
cmp byte ptr [eax+9], 1
mov ebx, 0x43
jne exit3
MOV edx, DWORD PTR [eax+0x34]
jmp exit4
fshield:
cmp byte ptr [eax+0xA], 1
jne exit3
MOV edx, DWORD PTR [eax+0x38]
jmp exit4
focus:
cmp byte ptr [eax+0xB], 1
jne exit3
MOV edx, DWORD PTR [eax+0x3C]
jmp exit4
warcry:
cmp byte ptr [eax+0xC], 1
jne exit3
MOV edx, DWORD PTR [eax+0x40]
jmp exit4
despair:
cmp byte ptr [eax+0xD], 1
jne exit3
MOV edx, DWORD PTR [eax+0x44]
jmp exit4
dskin:
cmp byte ptr [eax+0xE], 1
jne exit3
MOV edx, DWORD PTR [eax+0x48]
jmp exit4
bullseye:
cmp byte ptr [eax+0xF], 1
jne exit3
MOV edx, DWORD PTR [eax+0x4C]
jmp exit4
quick:
cmp byte ptr [eax+0x10], 1
jne exit3
MOV edx, DWORD PTR [eax+0x50]
jmp exit4
gshield:
cmp byte ptr [eax+0x11], 1
jne exit3
MOV edx, DWORD PTR [eax+0x54]
jmp exit4
mbless:
cmp byte ptr [eax+0x12], 1
jne exit3
MOV edx, DWORD PTR [eax+0x58]
jmp exit4
destruct:
cmp byte ptr [eax+0x13], 1
jne exit3
MOV edx, DWORD PTR [eax+0x5C]
jmp exit4
exit1:
sub dword ptr [esp], 0x1D9
retn
exit2:
pop esi
retn
exit3:
pop esi
sub dword ptr [esp], 0xA
retn
exit4:
pop esi
sub dword ptr [esp], 0xB7
retn
}
}
__declspec (dllexport naked) void NewLoadFromDB()// loading new skills from DB when character is logging in
{
__asm
{
pop eax
MOV ESI,DWORD PTR [ESP+0x24] //st
ADD ESP,0x10 //st
push eax
cmp esi, 0x3C
jae newskills
jmp exit2
newskills:
mov eax, dword ptr [SkillsMemAddr]
test eax,eax
je exit2
mov edi, dword ptr [esp+0x0C]
finduserid:
cmp dword ptr [eax], edi
je useridfound
add eax,96
push eax
sub eax, dword ptr [SkillsMemAddr]
cmp eax, 48000
pop eax
ja exit2
jmp finduserid
useridfound:
cmp esi, 0x3C
je master
cmp esi, 0x3D
je mindseye
cmp esi, 0x3E
je stamina
cmp esi, 0x40
je egg
cmp esi, 0x3F
je walker
cmp esi, 0x43
je camuf
cmp esi, 0x44
je fshield
cmp esi, 0x45
je focus
cmp esi, 0x46
je warcry
cmp esi, 0x47
je despair
cmp esi, 0x48
je dskin
cmp esi, 0x49
je bullseye
cmp esi, 0x4A
je quick
cmp esi, 0x4B
je gshield
cmp esi, 0x4C
je mbless
cmp esi, 0x4D
je destruct
jmp exit1
master:
mov byte ptr [eax+4], 1
mov edi, dword ptr [esp+0x1C]
MOV DWORD PTR [eax+0x20], edi
jmp exit1
mindseye:
mov byte ptr [eax+5], 1
mov edi, dword ptr [esp+0x1C]
MOV DWORD PTR [eax+0x24], edi
jmp exit1
stamina:
mov byte ptr [eax+6], 1
mov edi, dword ptr [esp+0x1C]
MOV DWORD PTR [eax+0x28], edi
jmp exit1
egg:
mov byte ptr [eax+7], 1
mov edi, dword ptr [esp+0x1C]
MOV DWORD PTR [eax+0x2C], edi
jmp exit1
walker:
mov byte ptr [eax+8], 1
mov edi, dword ptr [esp+0x1C]
MOV DWORD PTR [eax+0x30], edi
jmp exit1
camuf:
mov byte ptr [eax+9], 1
mov edi, dword ptr [esp+0x1C]
MOV DWORD PTR [eax+0x34], edi
jmp exit1
fshield:
mov byte ptr [eax+0xA], 1
mov edi, dword ptr [esp+0x1C]
MOV DWORD PTR [eax+0x38], edi
jmp exit1
focus:
mov byte ptr [eax+0xB], 1
mov edi, dword ptr [esp+0x1C]
MOV DWORD PTR [eax+0x3C], edi
jmp exit1
warcry:
mov byte ptr [eax+0xC], 1
mov edi, dword ptr [esp+0x1C]
MOV DWORD PTR [eax+0x40], edi
jmp exit1
despair:
mov byte ptr [eax+0xD], 1
mov edi, dword ptr [esp+0x1C]
MOV DWORD PTR [eax+0x44], edi
jmp exit1
dskin:
mov byte ptr [eax+0xE], 1
mov edi, dword ptr [esp+0x1C]
MOV DWORD PTR [eax+0x48], edi
jmp exit1
bullseye:
mov byte ptr [eax+0xF], 1
mov edi, dword ptr [esp+0x1C]
MOV DWORD PTR [eax+0x4C], edi
jmp exit1
quick:
mov byte ptr [eax+0x10], 1
mov edi, dword ptr [esp+0x1C]
MOV DWORD PTR [eax+0x50], edi
jmp exit1
gshield:
mov byte ptr [eax+0x11], 1
mov edi, dword ptr [esp+0x1C]
MOV DWORD PTR [eax+0x54], edi
jmp exit1
mbless:
mov byte ptr [eax+0x12], 1
mov edi, dword ptr [esp+0x1C]
MOV DWORD PTR [eax+0x58], edi
jmp exit1
destruct:
mov byte ptr [eax+0x13], 1
mov edi, dword ptr [esp+0x1C]
MOV DWORD PTR [eax+0x5C], edi
jmp exit1
exit1:
add dword ptr [esp], 0x331
retn
exit2:
retn
}
}
__declspec (dllexport naked) void NewLoadSkillsToCIS()// loading new skills after character logged to map
{
__asm
{
LEA EAX,DWORD PTR [ESP+0x8C] //stm
push edx
mov edx, dword ptr [SkillsMemAddr]
finduserid:
cmp dword ptr [edx], ebp
je checknewskill
add edx,96
push edx
sub edx, dword ptr [SkillsMemAddr]
cmp edx, 48000
pop edx
ja exit1
jmp finduserid
checknewskill:
cmp byte ptr [edx+4],1
jne checkmindseye
or byte ptr [eax+0x10], 1
checkmindseye:
cmp byte ptr [edx+5],1
jne checkstamina
or byte ptr [eax+0x10], 2
checkstamina:
cmp byte ptr [edx+6],1
jne checkegg
or byte ptr [eax+0x10], 4
checkegg:
cmp byte ptr [edx+7],1
jne checkwalker
or byte ptr [eax+0x10], 8
checkwalker:
cmp byte ptr [edx+8],1
jne checkcamuf
or byte ptr [eax+0x10], 0x10
checkcamuf:
cmp byte ptr [edx+9],1
jne checkfshield
or byte ptr [eax+0x10], 0x20
checkfshield:
cmp byte ptr [edx+0xA],1
jne checkfocus
or byte ptr [eax+0x10], 0x40
checkfocus:
cmp byte ptr [edx+0xB],1
jne checkwarcry
or byte ptr [eax+0x10], 0x80
checkwarcry:
cmp byte ptr [edx+0xC],1
jne checkdespair
or byte ptr [eax+0x11], 0x1
checkdespair:
cmp byte ptr [edx+0xD],1
jne checkdskin
or byte ptr [eax+0x11], 0x2
checkdskin:
cmp byte ptr [edx+0xE],1
jne checkbullseye
or byte ptr [eax+0x11], 0x4
checkbullseye:
cmp byte ptr [edx+0xF],1
jne checkquick
or byte ptr [eax+0x11], 0x8
checkquick:
cmp byte ptr [edx+0x10],1
jne checkgshield
or byte ptr [eax+0x11], 0x10
checkgshield:
cmp byte ptr [edx+0x11],1
jne checkmbless
or byte ptr [eax+0x11], 0x20
checkmbless:
cmp byte ptr [edx+0x12],1
jne checkdestruct
or byte ptr [eax+0x11], 0x40
checkdestruct:
cmp byte ptr [edx+0x13],1
jne exit1
or byte ptr [eax+0x11], 0x80
exit1:
pop edx
retn
}
}
__declspec (dllexport naked) void NewFshieldEffect()// fire shield, destruction and stage3/4 nauthiz pieces attack increasing effect
{
__asm
{
cmp dword ptr [esp], 0x0047ADC4
je PVM
push eax
push ecx
push edx
push ebx
push esi
mov ebx, dword ptr [SkillsMemAddr]
sub esi, 0x37d8
finduserid:
cmp dword ptr [ebx], esi
je checkfshield
add ebx,96
push ebx
sub ebx, dword ptr [SkillsMemAddr]
cmp ebx, 48000
pop ebx
ja exit1
jmp finduserid
checkfshield:
cmp byte ptr [ebx+0xA], 1
jne checkdestruct
mov eax, edi
mov ecx, 5
xor edx, edx
div ecx
add edi, eax
checkdestruct:
cmp byte ptr [ebx+0x13], 1
jne checkstagebonus
mov eax, edi
mov ecx, 5
xor edx, edx
div ecx
add edi, eax
checkstagebonus:
cmp byte ptr [esi+0x3E48], 6
jne checkplate
cmp word ptr [esi+0x3E4A], 180
je s4helm
cmp word ptr [esi+0x3E4A], 160
je s3helm
jmp checkplate
s4helm:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
add edi, eax
jmp checkplate
s3helm:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
add edi, eax
checkplate:
cmp byte ptr [esi+0x3E68], 6
jne checkpants
cmp word ptr [esi+0x3E6A], 181
je s4plate
cmp word ptr [esi+0x3E6A], 161
je s3plate
jmp checkpants
s4plate:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
add edi, eax
jmp checkpants
s3plate:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
add edi, eax
checkpants:
cmp byte ptr [esi+0x3E78], 6
jne checkboots
cmp word ptr [esi+0x3E7A], 182
je s4pants
cmp word ptr [esi+0x3E7A], 162
je s3pants
jmp checkboots
s4pants:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
add edi, eax
jmp checkboots
s3pants:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
add edi, eax
checkboots:
cmp byte ptr [esi+0x3E88], 6
jne checkshield
cmp word ptr [esi+0x3E8A], 183
je s4boots
cmp word ptr [esi+0x3E8A], 163
je s3boots
jmp checkshield
s4boots:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
add edi, eax
jmp checkshield
s3boots:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
add edi, eax
checkshield:
cmp byte ptr [esi+0x3E98], 6
jne checkgloves
cmp word ptr [esi+0x3E9A], 184
je s4shield
cmp word ptr [esi+0x3E9A], 164
je s3shield
jmp checkgloves
s4shield:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
add edi, eax
jmp checkgloves
s3shield:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
add edi, eax
checkgloves:
cmp byte ptr [esi+0x3EA8], 6
jne checkbelt
cmp word ptr [esi+0x3EAA], 185
je s4gloves
cmp word ptr [esi+0x3EAA], 165
je s3gloves
jmp checkbelt
s4gloves:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
add edi, eax
jmp checkbelt
s3gloves:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
add edi, eax
checkbelt:
cmp byte ptr [esi+0x3EC8], 6
jne checkstatlimit
cmp word ptr [esi+0x3ECA], 186
je s4belt
cmp word ptr [esi+0x3ECA], 166
je s3belt
jmp checkstatlimit
s4belt:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
add edi, eax
jmp checkstatlimit
s3belt:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
add edi, eax
checkstatlimit:
cmp byte ptr [esi+0x37FC], 8
je dex
cmp byte ptr [esi+0x37FC], 0
je spr
cmp byte ptr [esi+0x37FC], 1
je spr
cmp byte ptr [esi+0x37FC], 6
je spr
mov eax, dword ptr [esi+0x3F5C]
jmp devision
dex:
mov eax, dword ptr [esi+0x3F64]
jmp devision
spr:
mov eax, dword ptr [esi+0x3F60]
devision:
mov ecx, dword ptr [esi+0x3F68]
xor edx, edx
div ecx
cmp eax, 4
jbe exit1
shr edi, 1
exit1:
pop esi
pop ebx
pop edx
pop ecx
pop eax
MOV DX,WORD PTR [ECX+0x4026] //st
retn
PVM:
push eax
push ecx
push edx
push ebx
push edi
mov ebx, dword ptr [SkillsMemAddr]
sub edi, 0x37d8
finduserid2:
cmp dword ptr [ebx], edi
je checkfshield2
add ebx,96
push ebx
sub ebx, dword ptr [SkillsMemAddr]
cmp ebx, 48000
pop ebx
ja exit2
jmp finduserid2
checkfshield2:
cmp byte ptr [ebx+0xA], 1
jne checkdestruct2
mov eax, esi
mov ecx, 5
xor edx, edx
div ecx
add esi, eax
checkdestruct2:
cmp byte ptr [ebx+0x13], 1
jne checkstagebonusPVM
mov eax, esi
mov ecx, 5
xor edx, edx
div ecx
add esi, eax
checkstagebonusPVM:
cmp byte ptr [edi+0x3E48], 6
jne checkplatePVM
cmp word ptr [edi+0x3E4A], 180
je s4helmPVM
cmp word ptr [edi+0x3E4A], 160
je s3helmPVM
jmp checkplatePVM
s4helmPVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
add esi, eax
jmp checkplatePVM
s3helmPVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
add esi, eax
checkplatePVM:
cmp byte ptr [edi+0x3E68], 6
jne checkpantsPVM
cmp word ptr [edi+0x3E6A], 181
je s4platePVM
cmp word ptr [edi+0x3E6A], 161
je s3platePVM
jmp checkpantsPVM
s4platePVM:
mov eax, esi
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
add esi, eax
jmp checkpantsPVM
s3platePVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
add esi, eax
checkpantsPVM:
cmp byte ptr [edi+0x3E78], 6
jne checkbootsPVM
cmp word ptr [edi+0x3E7A], 182
je s4pantsPVM
cmp word ptr [edi+0x3E7A], 162
je s3pantsPVM
jmp checkbootsPVM
s4pantsPVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
add esi, eax
jmp checkbootsPVM
s3pantsPVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
add esi, eax
checkbootsPVM:
cmp byte ptr [edi+0x3E88], 6
jne checkshieldPVM
cmp word ptr [edi+0x3E8A], 183
je s4bootsPVM
cmp word ptr [edi+0x3E8A], 163
je s3bootsPVM
jmp checkshieldPVM
s4bootsPVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
add esi, eax
jmp checkshieldPVM
s3bootsPVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
add esi, eax
checkshieldPVM:
cmp byte ptr [edi+0x3E98], 6
jne checkglovesPVM
cmp word ptr [edi+0x3E9A], 184
je s4shieldPVM
cmp word ptr [edi+0x3E9A], 164
je s3shieldPVM
jmp checkglovesPVM
s4shieldPVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
add esi, eax
jmp checkglovesPVM
s3shieldPVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
add esi, eax
checkglovesPVM:
cmp byte ptr [edi+0x3EA8], 6
jne checkbeltPVM
cmp word ptr [edi+0x3EAA], 185
je s4glovesPVM
cmp word ptr [edi+0x3EAA], 165
je s3glovesPVM
jmp checkbeltPVM
s4glovesPVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
add esi, eax
jmp checkbeltPVM
s3glovesPVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
add esi, eax
checkbeltPVM:
cmp byte ptr [edi+0x3EC8], 6
jne exit2
cmp word ptr [edi+0x3ECA], 186
je s4beltPVM
cmp word ptr [edi+0x3ECA], 166
je s3beltPVM
jmp exit2
s4beltPVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
add esi, eax
jmp exit2
s3beltPVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
add esi, eax
exit2:
pop edi
pop ebx
pop edx
pop ecx
pop eax
TEST BYTE PTR [EDI+0x850],1 //st
retn
}
}
__declspec (dllexport naked) void NewFocusEffect()// Focused spirit effect
{
__asm
{
push eax
push ecx
push edx
mov edx, dword ptr [SkillsMemAddr]
finduserid:
cmp dword ptr [edx], esi
je checkfocus
add edx,96
push edx
sub edx, dword ptr [SkillsMemAddr]
cmp edx, 48000
pop edx
ja exit1
jmp finduserid
checkfocus:
cmp byte ptr [edx+0xB], 1
jne exit1
mov eax, dword ptr [esi+0x3F60]
sub eax, 10
mov ecx, 18
xor edx,edx
div ecx
xor edx, edx
mov ecx, 25
mul ecx
add eax, 10
sub eax, dword ptr [esi+0x3F60]
add dword ptr [esp], eax
jmp exit1
exit1:
pop edx
pop ecx
pop eax
MOV DWORD PTR [ESP+0x38],EDX
MOV DWORD PTR [ESI+0x4364],EDX //st
retn
}
}
__declspec (dllexport naked) void NewWarcryEffect()// fire shield, warcry, despair, diamond skin and s3/4 nauthiz pieces defense increasing effects
{
__asm
{
cmp dword ptr [esp], 0x004101B2
jne PVM
push eax
push ecx
push edx
push ebx
push esi
mov ebx, dword ptr [SkillsMemAddr]
mov esi, ecx
finduserid:
cmp dword ptr [ebx], esi
je checkfshield
add ebx,96
push ebx
sub ebx, dword ptr [SkillsMemAddr]
cmp ebx, 48000
pop ebx
ja exit1
jmp finduserid
checkfshield:
cmp byte ptr [ebx+0xA], 1
jne checkwarcry
mov eax, edi
mov ecx, 5
xor edx, edx
div ecx
sub edi, eax
checkwarcry:
cmp byte ptr [ebx+0xC], 1
jne checkdespair
cmp byte ptr [esi+0x37FC], 2
jne checkdespair
cmp dword ptr [esi+0x3F6C], 0
jle checkdespair
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 30
xor edx,edx
mul ecx
sub edi, eax
checkdespair:
cmp byte ptr [ebx+0xD], 1
jne checkdskin
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 40
xor edx,edx
mul ecx
sub edi, eax
checkdskin:
cmp byte ptr [ebx+0xE], 1
jne checkstagebonus
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 30
xor edx,edx
mul ecx
sub edi, eax
checkstagebonus:
cmp byte ptr [esi+0x3E48], 6
jne checkplate
cmp word ptr [esi+0x3E4A], 180
je s4helm
cmp word ptr [esi+0x3E4A], 160
je s3helm
jmp checkplate
s4helm:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
sub edi, eax
jmp checkplate
s3helm:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
sub edi, eax
checkplate:
cmp byte ptr [esi+0x3E68], 6
jne checkpants
cmp word ptr [esi+0x3E6A], 181
je s4plate
cmp word ptr [esi+0x3E6A], 161
je s3plate
jmp checkpants
s4plate:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
sub edi, eax
jmp checkpants
s3plate:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
sub edi, eax
checkpants:
cmp byte ptr [esi+0x3E78], 6
jne checkboots
cmp word ptr [esi+0x3E7A], 182
je s4pants
cmp word ptr [esi+0x3E7A], 162
je s3pants
jmp checkboots
s4pants:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
sub edi, eax
jmp checkboots
s3pants:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
sub edi, eax
checkboots:
cmp byte ptr [esi+0x3E88], 6
jne checkshield
cmp word ptr [esi+0x3E8A], 183
je s4boots
cmp word ptr [esi+0x3E8A], 163
je s3boots
jmp checkshield
s4boots:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
sub edi, eax
jmp checkshield
s3boots:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
sub edi, eax
checkshield:
cmp byte ptr [esi+0x3E98], 6
jne checkgloves
cmp word ptr [esi+0x3E9A], 184
je s4shield
cmp word ptr [esi+0x3E9A], 164
je s3shield
jmp checkgloves
s4shield:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
sub edi, eax
jmp checkgloves
s3shield:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
sub edi, eax
checkgloves:
cmp byte ptr [esi+0x3EA8], 6
jne checkbelt
cmp word ptr [esi+0x3EAA], 185
je s4gloves
cmp word ptr [esi+0x3EAA], 165
je s3gloves
jmp checkbelt
s4gloves:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
sub edi, eax
jmp checkbelt
s3gloves:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
sub edi, eax
checkbelt:
cmp byte ptr [esi+0x3EC8], 6
jne exit1
cmp word ptr [esi+0x3ECA], 186
je s4belt
cmp word ptr [esi+0x3ECA], 166
je s3belt
jmp exit1
s4belt:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
sub edi, eax
jmp exit1
s3belt:
mov eax, edi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
sub edi, eax
exit1:
pop esi
pop ebx
pop edx
pop ecx
pop eax
TEST BYTE PTR [ECX+0x4028],2 //st
retn
PVM:
push eax
push ecx
push edx
push ebx
push edi
mov ebx, dword ptr [SkillsMemAddr]
mov edi, ecx
finduserid2:
cmp dword ptr [ebx], edi
je checkfshield2
add ebx,96
push ebx
sub ebx, dword ptr [SkillsMemAddr]
cmp ebx, 48000
pop ebx
ja exit2
jmp finduserid2
checkfshield2:
cmp byte ptr [ebx+0xA], 1
jne checkwarcry2
mov eax, esi
mov ecx, 5
xor edx, edx
div ecx
sub esi, eax
checkwarcry2:
cmp byte ptr [ebx+0xC], 1
jne checkdespair2
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 30
xor edx,edx
mul ecx
sub esi, eax
checkdespair2:
cmp byte ptr [ebx+0xD], 1
jne checkdskin2
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 40
xor edx,edx
mul ecx
sub esi, eax
checkdskin2:
cmp byte ptr [ebx+0xE], 1
jne checkstagebonusPVM
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 30
xor edx,edx
mul ecx
sub esi, eax
checkstagebonusPVM:
cmp byte ptr [edi+0x3E48], 6
jne checkplatePVM
cmp word ptr [edi+0x3E4A], 180
je s4helmPVM
cmp word ptr [edi+0x3E4A], 160
je s3helmPVM
jmp checkplatePVM
s4helmPVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
sub esi, eax
jmp checkplatePVM
s3helmPVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
sub esi, eax
checkplatePVM:
cmp byte ptr [edi+0x3E68], 6
jne checkpantsPVM
cmp word ptr [edi+0x3E6A], 181
je s4platePVM
cmp word ptr [edi+0x3E6A], 161
je s3platePVM
jmp checkpantsPVM
s4platePVM:
mov eax, esi
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
sub esi, eax
jmp checkpantsPVM
s3platePVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
sub esi, eax
checkpantsPVM:
cmp byte ptr [edi+0x3E78], 6
jne checkbootsPVM
cmp word ptr [edi+0x3E7A], 182
je s4pantsPVM
cmp word ptr [edi+0x3E7A], 162
je s3pantsPVM
jmp checkbootsPVM
s4pantsPVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
sub esi, eax
jmp checkbootsPVM
s3pantsPVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
sub esi, eax
checkbootsPVM:
cmp byte ptr [edi+0x3E88], 6
jne checkshieldPVM
cmp word ptr [edi+0x3E8A], 183
je s4bootsPVM
cmp word ptr [edi+0x3E8A], 163
je s3bootsPVM
jmp checkshieldPVM
s4bootsPVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
sub esi, eax
jmp checkshieldPVM
s3bootsPVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
sub esi, eax
checkshieldPVM:
cmp byte ptr [edi+0x3E98], 6
jne checkglovesPVM
cmp word ptr [edi+0x3E9A], 184
je s4shieldPVM
cmp word ptr [edi+0x3E9A], 164
je s3shieldPVM
jmp checkglovesPVM
s4shieldPVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
sub esi, eax
jmp checkglovesPVM
s3shieldPVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
sub esi, eax
checkglovesPVM:
cmp byte ptr [edi+0x3EA8], 6
jne checkbeltPVM
cmp word ptr [edi+0x3EAA], 185
je s4glovesPVM
cmp word ptr [edi+0x3EAA], 165
je s3glovesPVM
jmp checkbeltPVM
s4glovesPVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
sub esi, eax
jmp checkbeltPVM
s3glovesPVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
sub esi, eax
checkbeltPVM:
cmp byte ptr [edi+0x3EC8], 6
jne exit2
cmp word ptr [edi+0x3ECA], 186
je s4beltPVM
cmp word ptr [edi+0x3ECA], 166
je s3beltPVM
jmp exit2
s4beltPVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 8
xor edx, edx
mul ecx
sub esi, eax
jmp exit2
s3beltPVM:
mov eax, esi
mov ecx, 100
xor edx, edx
div ecx
mov ecx, 4
xor edx, edx
mul ecx
sub esi, eax
exit2:
pop edi
pop ebx
pop edx
pop ecx
pop eax
TEST BYTE PTR [ECX+0x4028],2 //st
retn
}
}
__declspec (dllexport naked) void NewDskinEffect()// removing stamina from jarexx with diamond skin
{
__asm
{
MOV EAX,DWORD PTR [ECX+0x3F7C] //st
push ebx
mov ebx, dword ptr [SkillsMemAddr]
finduserid:
cmp dword ptr [ebx], ecx
je checkdskin
add ebx,96
push ebx
sub ebx, dword ptr [SkillsMemAddr]
cmp ebx, 48000
pop ebx
ja exit1
jmp finduserid
checkdskin:
cmp byte ptr [ebx+0xE], 1
jne exit1
xor eax,eax
MOV DWORD PTR [ECX+0x3F7C],0
exit1:
pop ebx
retn
}
}
__declspec (dllexport naked) void NewGshieldEffect()// godly shield effect
{
__asm
{
push ebx
mov ebx, dword ptr [SkillsMemAddr]
finduserid:
cmp dword ptr [ebx], esi
je checkgshield
add ebx,96
push ebx
sub ebx, dword ptr [SkillsMemAddr]
cmp ebx, 48000
pop ebx
ja exit1
jmp finduserid
checkgshield:
cmp byte ptr [ebx+0x11], 1
jne exit1
add edx, 5000
exit1:
pop ebx
mov dword ptr [esp+0x24], edx
mov dword ptr [esi+0x436C],edx //st
retn
}
}
__declspec (dllexport naked) void NewEidolonFix()// eidolon restores stamina
{
__asm
{
MOV DWORD PTR [EBP+0x4230],EAX //st
push eax
push ecx
push edx
mov ecx, ebp
call InitEquipment
cmp edi, 42
je next
mov ecx, ebp
push 2000
call IncreaseSP
next:
pop edx
pop ecx
pop eax
retn
}
}
__declspec (dllexport naked) void NewCheckForAreaAttack()//one of procedures that checks for new area attacks
{
__asm
{
cmp dword ptr [esp], 0x0045D05D
je PVM
cmp ecx, 0x145
JE exit1
cmp ecx, 0x150
JE exit1
cmp ecx, 0x180
JE exit1
MOV DX,WORD PTR [EDX+0x850]
retn
exit1:
mov dword ptr [esp], 0x00454E6A
retn
PVM:
cmp eax, 0x145
JE exit2
cmp eax, 0x150
JE exit2
cmp eax, 0x180
JE exit2
MOV EDX,DWORD PTR [ESP+0x2C]
MOV ECX,DWORD PTR [ESP+0x28]
retn
exit2:
mov dword ptr [esp], 0x0045B9CF
retn
}
}
__declspec (dllexport naked) void NewAreaAttacks()// processing some area attacks and providing them with basic damage formula
{
__asm
{
cmp dword ptr [esp], 0x0045BB5F
je PVM
cmp dword ptr [esp+0x14], 0x145
je sadad
cmp dword ptr [esp+0x14], 0x150
je destino
cmp dword ptr [esp+0x14], 0x180
je lavita
ADD EDX,EBX //st
ADD EDX,ESI //st
ADD EDX,ECX //st
retn
sadad:
add ecx, esi
mov edx, ecx
shr edx, 1
lea edx, dword ptr [edx+ecx*2]
add edx,ebx
retn
destino:
add ecx, esi
mov edx, ecx
shr edx, 1
neg edx
lea edx, dword ptr [edx + ecx*4]
add edx, ecx
add edx,ebx
retn
lavita:
push eax
xor ecx,ecx
xor edx,edx
mov esi, dword ptr [ebp-0xA0]
MOV EBX,DWORD PTR [EBP+0x48]
MOV EAX,0x10624DD3
ADD EBX,EDX
ADD EBX,ECX
MOV ECX,DWORD PTR [EBP+0x98]
ADD EBX,ESI
ADD EBX,ECX
MUL EBX
SHR EDX,6
INC EDX
IMUL EDX,DWORD PTR [EBP+0x2C]
LEA EAX,DWORD PTR [EDX+EDX*2]
SHR EAX,1
LEA ECX,DWORD PTR [EAX*8]
SUB ECX,EAX
MOV EAX,0xCCCCCCCD
MUL ECX
MOV EAX,DWORD PTR [EBP+0x30]
SHR EDX,4
LEA EDX,DWORD PTR [EDX+EAX+0x1388]
pop eax
retn
PVM:
cmp dword ptr [esp+0x8], 0x145
je sadad2
cmp dword ptr [esp+0x8], 0x150
je destino2
cmp dword ptr [esp+0x8], 0x180
je lavita2
ADD EDX,EAX //st
ADD EDX,ESI //st
ADD EDX,ECX //st
retn
sadad2:
add ecx, esi
mov edx, ecx
shr edx, 1
lea edx, dword ptr [edx+ecx*2]
add edx,eax
retn
destino2:
add ecx, esi
mov edx, ecx
shr edx, 1
neg edx
lea edx, dword ptr [edx + ecx*4]
add edx, ecx
add edx,eax
retn
lavita2:
push ebx
xor ecx,ecx
xor edx,edx
mov esi, dword ptr [ebp-0xA0]
MOV EBX,DWORD PTR [EBP+0x48]
MOV EAX,0x10624DD3
ADD EBX,EDX
ADD EBX,ECX
MOV ECX,DWORD PTR [EBP+0x98]
ADD EBX,ESI
ADD EBX,ECX
MUL EBX
SHR EDX,6
INC EDX
IMUL EDX,DWORD PTR [EBP+0x2C]
LEA EAX,DWORD PTR [EDX+EDX*2]
SHR EAX,1
LEA ECX,DWORD PTR [EAX*8]
SUB ECX,EAX
MOV EAX,0xCCCCCCCD
MUL ECX
MOV EAX,DWORD PTR [EBP+0x30]
SHR EDX,4
LEA EDX,DWORD PTR [EDX+EAX+0x1388]
pop ebx
retn
}
}
__declspec (dllexport naked) void NewCheckForMultiAttack()// checking for new slash-like attacks
{
__asm
{
cmp edi, 0x133
je multi
cmp edi, 0x13F
je multi
mov dword ptr [esp], 0x0045F536
retn
multi:
mov dword ptr [esp], 0x0045EB89
retn
}
}
__declspec (dllexport naked) void NewMultiAttack()// setting blizzard to hit 3 times in a row
{
__asm
{
cmp dword ptr [esp+0x10], 0x13F
je blizz
MOV WORD PTR [EBX+0x14],0x133
retn
blizz:
MOV WORD PTR [EBX+0x14],0x13F
retn
}
}
__declspec (dllexport naked) void NewCheckForMovingAttack()// setting server side weapon required for new attacks
{
__asm
{
cmp edi, 0x156
je ghostspear
cmp edi, 0x180
je bow
cmp edi, 0x181
je bow
cmp edi, 0x145
je sword
cmp edi, 0x16D
je sword
cmp edi,0x35//st
jg exit1//st
retn
exit1:
mov dword ptr [esp],0x0045E65C
retn
ghostspear:
mov dword ptr [esp],0x0045E5BA
retn
bow:
mov dword ptr [esp],0x0045E8C4
retn
sword:
mov dword ptr [esp],0x0045E7F5
retn
}
}
__declspec (dllexport naked) void NewCheckForMovingAttack2()// processing ghost spear
{
__asm
{
cmp dword ptr [esp],0x00452F9D
je PVM
cmp ebx, 0x156
je ghostspear
cmp ebx, 0x143
retn
ghostspear:
mov dword ptr [esp], 0x004521A0
retn
PVM:
cmp esi, 0x156
je ghostspear2
cmp esi, 0x143
retn
ghostspear2:
mov dword ptr [esp], 0x00453051
retn
}
}
__declspec (dllexport naked) void NewMovingAttacks()// providing ghost spear with basic attack formula
{
__asm
{
cmp dword ptr [esp],0x0045306C
je PVM
cmp ebx, 0x156
je ghostspear
LEA EAX,DWORD PTR [EAX+EAX*2]
LEA ECX,DWORD PTR [EAX+ECX*2]
retn
ghostspear:
LEA EAX,DWORD PTR [EAX+EAX]
LEA ECX,DWORD PTR [EAX+ECX*2]
retn
PVM:
cmp esi, 0x156
je ghostspear2
LEA EDX,DWORD PTR [EAX+EAX*2]
LEA EAX,DWORD PTR [EDX+ECX*2]
retn
ghostspear2:
LEA EDX,DWORD PTR [EaX+EaX]
LEA EAX,DWORD PTR [EDX+ECX*2]
retn
}
}
__declspec (dllexport naked) void NewCheckForSingleAttack()// processing new single attacks
{
__asm
{
cmp dword ptr [esp], 0x0044D8C6
je PVM
MOVSX EAX,WORD PTR [ESP+0x4C]
cmp eax, 0x16D
je newskill
cmp eax, 0x181
je newskill
cmp eax, 0x32
retn
newskill:
mov dword ptr [esp],0x00448CC5
retn
PVM:
MOVSX EBP,WORD PTR [ESP+0x40]
cmp ebp, 0x16D
je newskill2
cmp ebp, 0x181
je newskill2
cmp ebp, 0x32
retn
newskill2:
mov dword ptr [esp],0x0044D918
retn
}
}
__declspec (dllexport naked) void NewCheckForSingleAttack2()// processing new single attacks
{
__asm
{
cmp dword ptr [esp], 0x0044DDE7
je PVM
cmp eax, 0x16D
je newskill
cmp eax, 0x181
je newskill
cmp eax, 0x58//st
jg exit1 //st
retn
exit1:
mov dword ptr [esp],0x0044A3E5
retn
newskill:
mov dword ptr [esp],0x00449BF2
retn
PVM:
cmp ebp, 0x16D
je newskill2
cmp ebp, 0x181
je newskill2
cmp ebp, 0x58//st
jg exit2 //st
retn
exit2:
mov dword ptr [esp],0x0044E76B
retn
newskill2:
mov dword ptr [esp],0x0044DF2E
retn
}
}
__declspec (dllexport naked) void NewCheckForSingleAttack3()// cant be sure but i think making dark arrow accuracy to depend on dex
{
__asm
{
cmp dword ptr [esp], 0x0044DA62
je PVM
MOV EBX,DWORD PTR [EBP+0x48] //st
cmp dword ptr [esp+8], 0x181
je darkarrow
LEA EBX,DWORD PTR [EBX+EAX*4]
retn
darkarrow:
LEA EBX,DWORD PTR [EBX+EAX]
retn
PVM:
cmp dword ptr [esp+0x10], 0x181
je darkarrow2
LEA EAX,DWORD PTR [EDX+ECX*4] //st
MOV EDX,DWORD PTR [ESP+0x50] //st
retn
darkarrow2:
LEA EAX,DWORD PTR [EDX+ECX]
MOV EDX,DWORD PTR [ESP+0x50] //st
retn
}
}
__declspec (dllexport naked) void NewSingleAttack()// providing new single attacks with attack formulas
{
__asm
{
cmp dword ptr [esp], 0x0044DF44
je PVM
cmp dword ptr [esp+0x14],0x16D
je sunblade
cmp dword ptr [esp+0x14],0x181
je darkarrow
MOV EDX,EAX //st
SHR EDX,1//st
LEA EAX,DWORD PTR [EAX+EAX*2]//st
retn
sunblade:
mov edx, eax
shr edx, 1
//LEA EDX,DWORD PTR [edx+EDX*2]
LEA EAX,DWORD PTR [EAX+eax*2]
lea eax, dword ptr [edx+eax]
xor edx, edx
retn
darkarrow:
push ecx
push ebx
push esi
xor ecx,ecx
xor edx,edx
mov esi, dword ptr [ebp-0xA0]
MOV EBX,DWORD PTR [EBP+0x48]
MOV EAX,0x10624DD3
ADD EBX,EDX
ADD EBX,ECX
MOV ECX,DWORD PTR [EBP+0x98]
ADD EBX,ESI
ADD EBX,ECX
MUL EBX
SHR EDX,6
add edx, 10
IMUL EDX,DWORD PTR [EBP+0x2C]
LEA EAX,DWORD PTR [EDX+EDX*2]
SHR EAX,1
LEA ECX,DWORD PTR [EAX*8]
SUB ECX,EAX
MOV EAX,0xCCCCCCCD
MUL ECX
MOV EAX,DWORD PTR [EBP+0x30]
SHR EDX,4
LEA EDX,DWORD PTR [EDX+EAX+0x1388]
pop esi
pop ebx
pop ecx
mov dword ptr [esp],0x00449C1C
pop eax
push ecx
push eax
retn
PVM:
cmp dword ptr [esp+0x0C],0x16D
je sunblade2
cmp dword ptr [esp+0x0C],0x181
je darkarrow2
MOV EDX,EAX //st
SHR EDX,1//st
LEA EAX,DWORD PTR [EAX+EAX*2]//st
retn
sunblade2:
mov edx, eax
shr edx, 1
//LEA EDX,DWORD PTR [edx+EDX*2]
LEA EAX,DWORD PTR [EAX+eax*2]
lea eax, dword ptr [edx+eax]
xor edx, edx
retn
darkarrow2:
push ebx
push esi
xor ecx,ecx
xor edx,edx
mov esi, dword ptr [edi-0xA0]
MOV EBX,DWORD PTR [edi+0x48]
MOV EAX,0x10624DD3
ADD EBX,EDX
ADD EBX,ECX
MOV ECX,DWORD PTR [edi+0x98]
ADD EBX,ESI
ADD EBX,ECX
MUL EBX
SHR EDX,6
add edx, 10
IMUL EDX,DWORD PTR [edi+0x2C]
LEA EAX,DWORD PTR [EDX+EDX*2]
SHR EAX,1
LEA ECX,DWORD PTR [EAX*8]
SUB ECX,EAX
MOV EAX,0xCCCCCCCD
MUL ECX
MOV EAX,DWORD PTR [edi+0x30]
SHR EDX,4
LEA EDX,DWORD PTR [EDX+EAX+0x1388]
pop esi
pop ebx
mov dword ptr [esp],0x0044DF49
retn
}
}
__declspec (dllexport naked) void NewMapFix()// all NewMapFix## procedures are procedures that makes character able to enter new maps, makes character unable to kill during war on new maps, sets new maps to be "tau" zone, makes character unable to cast some skills like recall on new maps etc. I cant describe them all because i dont remember details now and dont have time to work on this anymore.
{
__asm
{
CMP ESI,300
je FV
CMP ESI,301
je FVh
CMP ESI,302
je FVs
CMP ESI,303
je FVw
CMP ESI,305
je SV
CMP ESI,306
je UD
CMP ESI,307
je AD
CMP ESI,308
je BD
CMP ESI,309
je CD
CMP ESI,310
je DD
CMP ESI,311
je SD4
CMP ESI,312
je SkD1
CMP ESI,313
je SkD1
CMP ESI,314
je SkD1
CMP ESI,315
je SkD1
CMP ESI,316
je SkD1
CMP ESI,0x0BC
retn
FV:
add esp, 4
mov eax, 1
xor edx,edx
MOV ECX,DWORD PTR [ESP+0xC]
pop esi
pop ebx
MOV WORD PTR [ECX],125
MOV WORD PTR [ECX+2],175
MOV BYTE PTR [ECX+4],AL
retn 8
FVh:
add esp, 4
mov eax, 1
xor edx,edx
MOV ECX,DWORD PTR [ESP+0xC]
pop esi
pop ebx
MOV WORD PTR [ECX],9
MOV WORD PTR [ECX+2],20
MOV BYTE PTR [ECX+4],AL
retn 8
FVs:
add esp, 4
mov eax, 1
xor edx,edx
MOV ECX,DWORD PTR [ESP+0xC]
pop esi
pop ebx
MOV WORD PTR [ECX],9
MOV WORD PTR [ECX+2],19
MOV BYTE PTR [ECX+4],AL
retn 8
FVw:
add esp, 4
mov eax, 1
xor edx,edx
MOV ECX,DWORD PTR [ESP+0xC]
pop esi
pop ebx
MOV WORD PTR [ECX],9
MOV WORD PTR [ECX+2],20
MOV BYTE PTR [ECX+4],AL
retn 8
SV:
add esp, 4
mov eax, 1
xor edx,edx
MOV ECX,DWORD PTR [ESP+0xC]
pop esi
pop ebx
MOV WORD PTR [ECX],8
MOV WORD PTR [ECX+2],488
MOV BYTE PTR [ECX+4],AL
retn 8
UD:
add esp, 4
mov eax, 1
xor edx,edx
MOV ECX,DWORD PTR [ESP+0xC]
pop esi
pop ebx
MOV WORD PTR [ECX],50
MOV WORD PTR [ECX+2],90
MOV BYTE PTR [ECX+4],AL
retn 8
AD:
add esp, 4
mov eax, 1
xor edx,edx
MOV ECX,DWORD PTR [ESP+0xC]
pop esi
pop ebx
MOV WORD PTR [ECX],50
MOV WORD PTR [ECX+2],90
MOV BYTE PTR [ECX+4],AL
retn 8
BD:
add esp, 4
mov eax, 1
xor edx,edx
MOV ECX,DWORD PTR [ESP+0xC]
pop esi
pop ebx
MOV WORD PTR [ECX],50
MOV WORD PTR [ECX+2],90
MOV BYTE PTR [ECX+4],AL
retn 8
CD:
add esp, 4
mov eax, 1
xor edx,edx
MOV ECX,DWORD PTR [ESP+0xC]
pop esi
pop ebx
MOV WORD PTR [ECX],50
MOV WORD PTR [ECX+2],90
MOV BYTE PTR [ECX+4],AL
retn 8
DD:
add esp, 4
mov eax, 1
xor edx,edx
MOV ECX,DWORD PTR [ESP+0xC]
pop esi
pop ebx
MOV WORD PTR [ECX],50
MOV WORD PTR [ECX+2],90
MOV BYTE PTR [ECX+4],AL
retn 8
SD4:
add esp, 4
mov eax, 1
xor edx,edx
MOV ECX,DWORD PTR [ESP+0xC]
pop esi
pop ebx
MOV WORD PTR [ECX],10
MOV WORD PTR [ECX+2],13
MOV BYTE PTR [ECX+4],AL
retn 8
SkD1:
add esp, 4
mov eax, 1
xor edx,edx
MOV ECX,DWORD PTR [ESP+0xC]
pop esi
pop ebx
MOV WORD PTR [ECX],12
MOV WORD PTR [ECX+2],23
MOV BYTE PTR [ECX+4],AL
retn 8
}
}
__declspec (dllexport naked) void NewMapFix2()
{
__asm
{
MOV DX,WORD PTR [ESI+0x37FE]
cmp di, 300
je newmap
cmp di, 301
je newmap
cmp di, 302
je newmap
cmp di, 303
je newmap
cmp di, 305
je newmap
cmp di, 306
je newmap
cmp di, 307
je newmap
cmp di, 308
je newmap
cmp di, 309
je newmap
cmp di, 310
je newmap
cmp di, 311
je sd4
cmp di, 312
je newmap
cmp di, 313
je newmap
cmp di, 314
je newmap
cmp di, 315
je newmap
cmp di, 316
je newmap
retn
newmap:
add esp,4
push 0x0043F04A
retn
sd4:
test dword ptr [esi+0x4170], 65536
jne newmap
retn
}
}
__declspec (dllexport naked) void NewMapFix3()
{
__asm
{
CMP EAX,301
je newmap
CMP EAX,302
je newmap
CMP EAX,303
je newmap
CMP EAX,312
je newmap
CMP EAX,313
je newmap
CMP EAX,314
je newmap
CMP EAX,315
je newmap
CMP EAX,316
je newmap
CMP EAX,0x0B0
jg exit1
newmap:
retn
exit1:
mov dword ptr [esp], 0x00421F4B
retn
}
}
__declspec (dllexport naked) void NewMapFix4()
{
__asm
{
MOV ECX,DWORD PTR [EAX+0x32C4] //st
CMP ECX,300
je FV
CMP ECX,301
je FV
CMP ECX,302
je FV
CMP ECX,303
je FV
CMP ECX,305
je SV
CMP ECX,306
je UD
CMP ECX,307
je AD
CMP ECX,308
je BD
CMP ECX,309
je CD
CMP ECX,310
je DD
CMP ECX,311
je SD4
CMP ECX,312
je UD
CMP ECX,313
je AD
CMP ECX,314
je BD
CMP ECX,315
je CD
CMP ECX,316
je DD
retn
FV:
mov esi, 301
jmp exit1
SV:
mov esi, 100
jmp exit1
UD:
mov esi, 148
jmp exit1
AD:
mov esi, 155
jmp exit1
BD:
mov esi, 162
jmp exit1
CD:
mov esi, 169
jmp exit1
DD:
mov esi, 176
jmp exit1
SD4:
mov esi, 12
jmp exit1
exit1:
mov dword ptr [esp], 0x0043C22E
retn
}
}
__declspec (dllexport naked) void NewSendTotalStats()// sending total stats to F2 window
{
__asm
{
cmp dword ptr [esp], 0x00439E19
je Strength
cmp dword ptr [esp], 0x00439E49
je Spirit
cmp dword ptr [esp], 0x00439E79
je Dexterity
cmp dword ptr [esp], 0x00439EA9
je Power
Strength:
MOV EAX,DWORD PTR [ECX+0x4360] //st
add eax, dword ptr [ecx+0x4310]
retn
Spirit:
MOV EAX,DWORD PTR [ECX+0x4364] //st
add eax, dword ptr [ecx+0x4314]
retn
Dexterity:
MOV EAX,DWORD PTR [ECX+0x4368] //st
push edx
mov edx, dword ptr [ecx+0x4230]
cmp eax, edx
jb basedex
add eax, edx
jmp next
basedex:
add eax, eax
next:
pop edx
add eax, dword ptr [ecx+0x4318]
retn
Power:
MOV EAX,DWORD PTR [ECX+0x436C] //st
add eax, dword ptr [ecx+0x431C]
retn
}
}
__declspec (dllexport naked) void NewMassAnih()// providing Hierarch with mass annihilation move.
{
__asm
{
MOV BL,BYTE PTR [ECX+0x482134]//st
cmp ecx, 0x44
je massani
retn
massani:
add esp, 4
MOV ECX,DWORD PTR [ESP+0x10]
push 1
push 0
push 0
push 0xF
push 0x3A
call DoSkillEffect
push 0x481BDD
retn
}
}
__declspec (dllexport naked) void NewCanRecognize()// hierarch can see invisible characters.
{
__asm
{
cmp al, 0x9B
je exit1
MOV AX,WORD PTR [ECX+0x1C]//st
MOV EDX,EAX//st
retn
exit1:
mov dword ptr [esp], 0x0047D749
retn
}
}
__declspec (dllexport naked) void NewBAUnis()// unis dont fade in ba and war
{
__asm
{
MOV EBX,DWORD PTR [ESP+0x20]//stm
cmp dword ptr [ecx+0x32C4], 35
je nofade
cmp dword ptr [ecx+0x32C4], 69
je nofade
cmp dword ptr [ecx+0x32C4], 70
je nofade
push eax
push ecx
push edx
push 1
mov ecx, DWORD PTR [Esi+0x4504]
mov edx, dword ptr [esi+0x42C8]
push edx
call IsWar
pop edx
pop ecx
cmp eax, 1
pop eax
jne fade
cmp DWORD PTR [Esi+0x455C], 1
je nofade
fade:
MOV EDI,EAX //st
retn
nofade:
mov eax, 1
MOV EDI,EAX //st
retn
}
}
__declspec (dllexport naked) void NewBAProt()//prots dont fade in ba and war
{
__asm
{
je prot
MOV DWORD PTR [ESI+EDX*4+0x4120],0//st
CMP EDX,0x0C
retn
prot:
push eax
MOV EAX,DWORD PTR [Esi+0x4504]
MOV EAX,DWORD PTR [EAX+0x32C4]
cmp eax, 35
je nofade
cmp eax, 69
je nofade
cmp eax, 70
je nofade
//checkwar:
push ecx
push edx
push 1
mov ecx, DWORD PTR [Esi+0x4504]
mov eax, dword ptr [esi+0x42C8]
push eax
call IsWar
pop edx
pop ecx
cmp eax, 1
jne fade
cmp DWORD PTR [Esi+0x455C], 1
je nofade
fade:
pop eax
MOV DWORD PTR [ESI+EDX*4+0x4120],0//st
CMP EDX,0x0C
retn
nofade:
pop eax
mov dword ptr [esp], 0x0042EB89
retn
}
}
__declspec (dllexport naked) void NewAccuracyFix()// new accuracy equation for all characters
{
__asm
{
fild dword ptr [esp+0x2C]
fidiv dword ptr [esp+0x30]
fimul dword ptr [AccNum]
fistp dword ptr [AccBuf]
mov edi, dword ptr [AccBuf]
cmp edi, 100
jbe next
mov edi, 100
next:
MOV EBP,DWORD PTR [ESP+0x34]//stm
XOR EAX,EAX//st
retn
}
}
__declspec (dllexport naked) void NewMapFix5()
{
__asm
{
cmp dword ptr [esp], 0x004297E2
je buyitem
cmp dword ptr [esp], 0x0042A8C2
je buyitem
cmp dword ptr [esp], 0x0041EC3C
je showbankitem
cmp dword ptr [esp], 0x0041EBC7
je showbankmoney
cmp dword ptr [esp], 0x0041DF14
je additem
cmp dword ptr [esp], 0x0041E660
je takeitem
cmp dword ptr [esp], 0x0041DCA9
je addmoney
cmp dword ptr [esp], 0x0041E466
je takemoney
buyitem:
MOV EAX,DWORD PTR [EDX+0x32C4]//st
cmp eax, 302
je buyitemexit1
cmp eax, 300
je buyitemexit1
cmp eax, 312
je buyitemexit1
cmp eax, 313
je buyitemexit1
cmp eax, 314
je buyitemexit1
cmp eax, 315
je buyitemexit1
cmp eax, 316
je buyitemexit1
retn
buyitemexit1:
add dword ptr [esp], 0x18
retn
showbankitem:
MOV EDX,DWORD PTR [ECX+0x32C4]//st
cmp edx, 303
je showbankitemexit1
retn
showbankitemexit1:
add dword ptr[esp],0x1A
retn
showbankmoney:
MOV EAX,DWORD PTR [EAX+0x32C4]//st
cmp eax, 303
je showbankmoneyexit1
retn
showbankmoneyexit1:
add dword ptr[esp],0x18
retn
additem:
MOV EAX,DWORD PTR [ECX+0x32C4]//st
cmp eax, 303
je additemexit1
retn
additemexit1:
add dword ptr[esp],0x18
retn
takeitem:
MOV EAX,DWORD PTR [EDX+0x32C4]//st
cmp eax, 303
je takeitemexit1
retn
takeitemexit1:
add dword ptr[esp],0x18
retn
addmoney:
MOV EAX,DWORD PTR [EDX+0x32C4]//st
cmp eax, 303
je addmoneyexit1
retn
addmoneyexit1:
add dword ptr[esp],0x22
retn
takemoney:
MOV EDX,DWORD PTR [ECX+0x32C4]//st
cmp edx, 303
je takemoneyexit1
retn
takemoneyexit1:
add dword ptr[esp],0x24
retn
}
}
__declspec (dllexport naked) void NewMapFix6()
{
__asm
{
cmp dword ptr [esp], 0x0043C99B
je check2
cmp dword ptr [esp], 0x0043CA2B
je check3
cmp dword ptr [esp], 0x004477F6
je check4
cmp dword ptr [esp], 0x0043CD0C
je check5
CMP SI,1//st
je exit1//st
cmp si, 300
je exit1
cmp si, 305
je exit1
retn
exit1:
mov dword ptr [esp], 0x0043C995
retn
check2:
MOV EAX,DWORD PTR [EDX+0x32C4]//st
cmp eax, 300
je check2exit1
cmp eax, 305
je check2exit1
retn
check2exit1:
mov dword ptr [esp], 0x0043C9B3
retn
check3:
cmp si, 300
je check3exit1
cmp si, 305
je check3exit1
CMP SI,0x5D//st
jb check3exit2//st
retn
check3exit1:
mov dword ptr [esp], 0x0043CA3F
retn
check3exit2:
mov dword ptr [esp], 0x0043CA31
retn
check4:
cmp eax, 300
je check4exit1
cmp eax, 305
je check4exit1
TEST EAX,EAX//st
je check4exit1//st
CMP EAX,1//st
retn
check4exit1:
mov dword ptr [esp], 0x004477C9
retn
check5:
test esi,esi//st
je check5exit1//st
cmp esi, 300
je check5exit1
cmp esi, 305
je check5exit1
retn
check5exit1:
mov dword ptr [esp], 0x0043CDDF
retn
}
}
__declspec (dllexport naked) void NewSkillWeapReqFix()// disabling bullseye and quick reload for canon after he unequips needed weapon
{
__asm
{
push edx
mov edx, dword ptr [SkillsMemAddr]
finduserid:
cmp dword ptr [edx], esi
je checkbullseye
add edx,96
push edx
sub edx, dword ptr [SkillsMemAddr]
cmp edx, 48000
pop edx
ja exit1
jmp finduserid
checkbullseye:
cmp byte ptr [edx+0xF], 1
jne checkquick
mov ecx, dword ptr [esp+0x80]
push edx
xor eax, eax
MOV AX,WORD PTR [ESI+0x3EBA]
push eax
xor eax,eax
MOV AL,BYTE PTR [ESI+0x3EB8]
push eax
call GetItemInfo
pop edx
test eax,eax
je disablebullseye
mov al, byte ptr [eax+0x57]
cmp al, 1
je checkquick
disablebullseye:
push 1
push 1
push 0x49
mov ecx,esi
call OnSkillEffectExpired
mov dword ptr [esp], 1
checkquick:
cmp byte ptr [edx+0x10], 1
jne exit1
mov ecx, dword ptr [esp+0x80]
xor eax, eax
MOV AX,WORD PTR [ESI+0x3EBA]
push eax
xor eax,eax
MOV AL,BYTE PTR [ESI+0x3EB8]
push eax
call GetItemInfo
test eax,eax
je disablequick
mov al, byte ptr [eax+0x57]
cmp al, 0x45
je exit1
disablequick:
push 1
push 1
push 0x4A
mov ecx,esi
call OnSkillEffectExpired
mov dword ptr [esp], 1
exit1:
pop edx
TEST BYTE PTR [ESI+0x4024],4//st
retn
}
}
__declspec (dllexport naked) void NewMapFix7()
{
__asm
{
cmp dword ptr [esp], 0x004643AE
je func1
cmp dword ptr [esp], 0x00464473
je func2
jmp func3
func1:
cmp eax, 311
je func1earth
cmp eax, 300
jae func1sig
CMP EAX,0x5D//st
jl func1exit1//st
CMP EAX,0x6C//st
retn
func1earth:
mov dword ptr [esp], 0x004643C0
retn
func1sig:
mov dword ptr [esp], 0x00464389
retn
func1exit1:
mov dword ptr [esp], 0x004643B2
retn
func2:
cmp eax, 311
je func2earth
cmp eax, 300
jae func2sig
CMP EAX,0x5D//st
jl func2exit1//st
CMP EAX,0x6C//st
retn
func2earth:
mov dword ptr [esp], 0x00464485
retn
func2sig:
mov dword ptr [esp], 0x00464454
retn
func2exit1:
mov dword ptr [esp], 0x00464477
retn
func3:
cmp eax, 311
je func3earth
cmp eax, 300
jae func3sig
CMP EAX,0x5D//st
jl func3exit1//st
CMP EAX,0x6C//st
retn
func3earth:
mov dword ptr [esp], 0x0046450C
retn
func3sig:
mov dword ptr [esp], 0x00464504
retn
func3exit1:
mov dword ptr [esp], 0x004644F6
retn
}
}
__declspec (dllexport naked) void NewMapFix8() //recall
{
__asm
{
cmp dword ptr [esp], 0x0043A4FE
je place1
cmp dword ptr [esp], 0x0043A57B
je place2
cmp dword ptr [esp], 0x0043A5A2
je place3
place1:
cmp di, 300
jae goodexit
LEA EDX,DWORD PTR [ESI+0x37D8]//st
retn
goodexit:
mov dword ptr [esp], 0x0043A56F
retn
place2:
MOV EAX,DWORD PTR [EBX+0x32C4]//st
cmp eax, 311
je earth
cmp eax, 300
jae sig
retn
earth:
mov dword ptr [esp], 0x0043A59A
retn
sig:
mov dword ptr [esp], 0x0043A593
retn
place3:
cmp di, 311
je place3earth
cmp di, 300
jae place3sig
CMP DI,0x5D//st
jb place3exit1//st
retn
place3earth:
mov dword ptr [esp], 0x0043A5BD
retn
place3sig:
mov dword ptr [esp], 0x0043A5B6
retn
place3exit1:
mov dword ptr [esp], 0x0043A5A8
retn
}
}
__declspec (dllexport naked) void NewMapFix9() //teleport
{
__asm
{
cmp dword ptr [esp], 0x00470E9B
je place1
//place2:
cmp ax, 311
je place2earth
cmp ax, 300
jae place2sig
CMP AX,0x5D//st
jl place2exit1//st
retn
place2earth:
mov dword ptr [esp], 0x00471308
retn
place2sig:
mov dword ptr [esp], 0x00470ED6
retn
place2exit1:
mov dword ptr [esp], 0x00470ECA
retn
place1:
MOV ECX,DWORD PTR [EBX+0x32C4]//st
cmp ecx, 311
je earth
cmp ecx, 300
jae sig
retn
earth:
mov dword ptr [esp], 0x00471308
retn
sig:
mov dword ptr [esp], 0x00470EB5
retn
}
}
__declspec (dllexport naked) void NewMapFix10() //army warp
{
__asm
{
cmp dword ptr [esp], 0x0047120B
je place1
//place2:
cmp ax, 311
je place2earth
cmp ax, 300
jae place2sig
CMP AX,0x5D//st
jl place2exit1//st
retn
place2earth:
mov dword ptr [esp], 0x00471308
retn
place2sig:
mov dword ptr [esp], 0x00471245
retn
place2exit1:
mov dword ptr [esp], 0x00471239
retn
place1:
MOV WORD PTR [ESP+0x1C],DX//st
cmp ecx, 311
je earth
cmp ecx, 300
jae sig
CMP ECX,0x5D//st
retn
earth:
mov dword ptr [esp], 0x00471308
retn
sig:
mov dword ptr [esp], 0x00471224
retn
}
}
__declspec (dllexport naked) void NewMapFix11()
{
__asm
{
cmp dword ptr [esp], 0x00419660
je place1
//place2:
cmp si, 311
je place2earth
cmp si, 300
jae place2sig
CMP si,0x5D//st
jl place2exit1//st
retn
place2earth:
mov dword ptr [esp], 0x004196a2
retn
place2sig:
mov dword ptr [esp], 0x0041969b
retn
place2exit1:
mov dword ptr [esp], 0x0041968d
retn
place1:
MOV EAX,DWORD PTR [ECX+0x32C4]//st
cmp eax, 311
je earth
cmp eax, 300
jae sig
retn
earth:
mov dword ptr [esp], 0x0041967F
retn
sig:
mov dword ptr [esp], 0x00419678
retn
}
}
__declspec (dllexport naked) void NewAttackBuffsFix()// sl, will power and rabbits foot to stack with each other
{
__asm
{
cmp dword ptr [esp], 0x0040FFDD
jne PVM
MOV BX,WORD PTR [ESI+0x84C]//st
TEST BL,1
je SLcheck
MOV EDI,DWORD PTR [ESP+0x14]
MOV EAX,0xCCCCCCCD
MUL EDI
SHR EDX,2
ADD EDI,EDX
MOV DWORD PTR [ESP+0x14], edi
SLcheck:
MOV AX,WORD PTR [ESI+0x850]
MOV EDX,EAX
AND EDX,0x400
TEST DX,DX
je RFcheck
MOV EDI,DWORD PTR [ESP+0x14]
MOV EAX,0xCCCCCCCD
MUL EDI
SHR EDX,2
ADD EDI,EDX
MOV DWORD PTR [ESP+0x14], edi
RFcheck:
MOV AX,WORD PTR [ESI+0x850]
AND EAX,0x4000
TEST AX,AX
je PVPexit
MOV EDI,DWORD PTR [ESP+0x14]
MOV EAX,0xCCCCCCCD
MUL EDI
SHR EDX,2
ADD EDI,EDX
MOV DWORD PTR [ESP+0x14], edi
PVPexit:
MOV EDI,DWORD PTR [ESP+0x14]
mov dword ptr [esp],0x00410017
retn
PVM:
MOV CX,WORD PTR [EDI+0x84C]//st
TEST CL,1
je SLcheck2
MOV ESI,DWORD PTR [ESP+0x10]
MOV EAX,0xCCCCCCCD
MUL ESI
SHR EDX,2
ADD ESI,EDX
MOV DWORD PTR [ESP+0x10], esi
SLcheck2:
MOV AX,WORD PTR [EDI+0x850]
MOV EDX,EAX
AND EDX,0x400
TEST DX,DX
je RFcheck2
MOV ESI,DWORD PTR [ESP+0x10]
MOV EAX,0xCCCCCCCD
MUL ESI
SHR EDX,2
ADD ESI,EDX
MOV DWORD PTR [ESP+0x10], esi
RFcheck2:
MOV AX,WORD PTR [EDI+0x850]
AND EAX,0x4000
TEST AX,AX
je PVMexit
MOV ESI,DWORD PTR [ESP+0x10]
MOV EAX,0xCCCCCCCD
MUL ESI
SHR EDX,2
ADD ESI,EDX
MOV DWORD PTR [ESP+0x10], esi
PVMexit:
MOV ESI,DWORD PTR [ESP+0x10]
mov dword ptr [esp],0x0047ACF6
retn
}
}
__declspec (dllexport naked) void NewSkillsSpiritFix()// skills depend on total spirit with items
{
__asm
{
cmp dword ptr [esp], 0x0043C446
je func2
push ecx
mov ecx, dword ptr [ESI+0x4364]
add ecx, dword ptr [ESI+0x4314]
cmp ecx, eax
pop ecx
retn
func2:
push ecx
mov ecx, dword ptr [EBP+0x4364]
add ecx, dword ptr [EBP+0x4314]
cmp ecx, eax
pop ecx
retn
}
}
__declspec (dllexport naked) void NewMapServerChat()// global/alliance chat functions
{
__asm
{
cmp dword ptr [esp], 0x004410BD
je func1
cmp dword ptr [esp], 0x0044186B
je func2
cmp dword ptr [esp], 0x00473B9F
je func3
cmp dword ptr [esp], 0x00441889
je func4
func1:
MOV EAX,DWORD PTR [ESP+0x10]//stm
MOVSX ECX,BYTE PTR [EAX]//st
cmp ecx, 8
je gchat
cmp ecx, 9
je achat
retn
gchat:
mov dword ptr [esp], 0x0044111B
retn
achat:
mov dword ptr [esp], 0x0044111B
retn
func2:
cmp byte ptr[ebx], 8
je func2gchat
MOV EAX,DWORD PTR [ESI+0x42C8]
retn
func2gchat:
cmp DWORD PTR [ESI+0x37F8], 10
jae func2next
push eax
push ecx
push edx
LEA EAX,DWORD PTR [ESP+0x30]
push 4
push eax
push 23
mov ecx, esi
MOV DWORD PTR [ESP+0x3C],10
CALL ServerSendMessage
pop edx
pop ecx
pop eax
jmp func2exit1
func2next:
mov dword ptr [esp], 0x0044186F
retn
func2exit1:
mov dword ptr [esp], 0x00441897
retn
func3:
MOV EAX,DWORD PTR [ESP+0x18]//stm
NOT ECX//st
mov edx,dword ptr[esp+0x14]
cmp byte ptr[edx], 8
je func3gchat
cmp byte ptr[edx], 9
je func3achat
retn
func3gchat:
mov byte ptr [ebx], 8
retn
func3achat:
mov byte ptr [ebx], 9
retn
func4:
cmp byte ptr [ebx], 9
jne func4exit2
add esp,8
push edi
xor edi,edi
nextarmy:
sub esp, 4
lea ecx, dword ptr [esp]
Call StringFunc
mov eax, dword ptr [esi+0x42c8]
push eax
lea eax, dword ptr ChatString2
push eax
lea eax, dword ptr [esp+0x8]
push eax
call FormatStringMapServer
mov ecx, dword ptr [esi+0x4504]
add ecx, 0x3310
mov eax, dword ptr [esp]
mov eax, dword ptr [eax]
mov dword ptr [esp],eax
mov eax, dword ptr [FindArmy]
mov eax, dword ptr [eax]
call eax
add esp, 0xC
add eax, 0x14
inc edi
lea eax, dword ptr [eax+4*edi]
cmp edi, 5
ja func4exit1
mov eax, dword ptr [eax]
cmp eax, 0
je nextarmy
mov ecx, dword ptr [esi+0x4504]
mov edx, dword ptr [esp+0x28]
push edx
push eax
call SendArmyChat
jmp nextarmy
func4exit1:
pop edi
push 0x00441897
retn
func4exit2:
add esp, 4
push eax
call SendArmyChat
push 0x00441897
retn
}
}
__declspec (dllexport naked) void NewMapCenterChat()
{
__asm
{
cmp dword ptr [esp], 0x00404D77
je func1
cmp dword ptr [esp], 0x00404F8E
je func2
cmp dword ptr [esp], 0x00407043
je func3
cmp dword ptr [esp], 0x00405243
je func4
func1:
cmp esi, 8
je gchat
cmp esi, 9
je achat
ADD ESI,-3//st
CMP ESI,3//st
retn
gchat:
mov dword ptr [esp], 0x00404D8D
retn
achat:
mov dword ptr [esp], 0x00404DA7
retn
func2:
mov eax, dword ptr [esp+0x8]
cmp eax, 8
je func2gchat
MOV EAX,DWORD PTR [ESI+0x21C4]//st
retn
func2gchat:
mov dword ptr [esp], 0x00404FA4
retn
func3:
mov eax, dword ptr [esp+0x44]
cmp eax, 8
je func3gchat
pop eax
push 0x0040DA28//st
push ecx//st
push eax
retn
func3gchat:
mov eax, dword ptr [esp+8]
findnameend:
cmp byte ptr [eax], 0x0A
je next
inc eax
jmp findnameend
next:
mov byte ptr [eax],0
add eax, 1
mov dword ptr [esp+8], eax
sub eax, 2
findnamestart:
cmp byte ptr [eax], 0x0
je next2
dec eax
jmp findnamestart
next2:
add eax, 1
add esp,8
push 12
push eax
lea eax, dword ptr ChatString
push eax
push ecx
call FormatString
add esp,4
push 0x00407048
retn
func4:
cmp dword ptr [esp+8], 9
jne func4exit2
mov ecx, eax
push esi
mov esi, dword ptr [eax-8]
func4findsymbol:
cmp byte ptr [ecx], 0x0A
je func4achat
inc ecx
dec esi
je func4exit1
jmp func4findsymbol
func4achat:
mov byte ptr [ecx], 0x0D
func4exit1:
pop esi
MOV ECX,DWORD PTR [EDI+0x21C0]//st
retn
func4exit2:
MOV ECX,DWORD PTR [EDI+0x21C0]//st
retn
}
}
__declspec (dllexport naked) void NewMapFix12()
{
__asm
{
MOV EAX,DWORD PTR [EAX+0x32C4]
cmp eax, 311
ja exit1
cmp eax, 306
jb exit1
mov dword ptr [esp], 0x00430E3F
retn
exit1:
retn
}
}
__declspec (dllexport naked) void NewGOMUpdateFix()// updating character status after he gets or loses GOM
{
__asm
{
MOV DWORD PTR [ESI+0x4230],EBX//st
push eax
push ecx
push edx
mov ecx, esi
call InitEquipment
pop edx
pop ecx
pop eax
retn
}
}
__declspec (dllexport naked) void NewDBSLfix()// fixing SL to keep dexterity bonus after logging out
{
__asm
{
cmp ebx, 42
jne exit1
mov eax, dword ptr [ebp+0xA58]
push eax
MOV EAX,DWORD PTR [EBP+0xA54]
push eax
push edx
push ebx
lea eax, dword ptr [SLString]
push eax
lea eax,DWORD PTR [ESP+0x338]
push eax
mov ecx, dword ptr [esp+0x18]
mov ecx, dword ptr [ecx+0xC]
mov ecx, dword ptr [ecx]
call ecx
add esp, 0x18
add dword ptr [esp], 19
retn
exit1:
LEA ECX,DWORD PTR [ESP+0x324]//stm
retn
}
}
__declspec (dllexport naked) void NewDBSLfix2()
{
__asm
{
cmp esi, 42
jne exit1
lea eax, dword ptr [SLBuf]
push eax
LEA EDX,DWORD PTR [ESP+0x24]
LEA EAX,DWORD PTR [ESP+0x20]
push edx
LEA ECX,DWORD PTR [ESP+0x20]
push eax
push ecx
xor esi, esi
lea eax, dword ptr [SLString]
push eax
push edi
MOV DWORD PTR [ESP+0x38],ESI
MOV DWORD PTR [ESP+0x34],ESI
MOV DWORD PTR [ESP+0x30],ESI
mov dword ptr [SLBuf], esi
mov eax, dword ptr [esp+0x18]
add eax, 0x1F
mov eax, dword ptr [eax]
mov eax, dword ptr [eax]
call eax
MOV EAX,DWORD PTR [ESP+0x30]
add esp, 0x18
MOV ECX,DWORD PTR [ESP+0x1C]
cmp ecx, esi
jle exit2
MOV EDX,DWORD PTR [ESP+0x20]
test edx,edx
jle exit2
mov edx, dword ptr [SLBuf]
mov dword ptr [ebp+0xA58], edx
add dword ptr [esp], 0x50
retn
exit1:
LEA EDX,DWORD PTR [ESP+0x20]//stm
LEA EAX,DWORD PTR [ESP+0x1C]//stm
retn
exit2:
add dword ptr [esp],0x2EA
retn
}
}
__declspec (dllexport naked) void NewTraderFix()// fixing old street1 trader
{
__asm
{
cmp dword ptr [ebx+4], 1
je oldtrader
add esp, 4
MOV EAX,DWORD PTR [ESP+0x68]//st
push 0
push 0x00420E22
retn
oldtrader:
xor eax,eax
MOV AX,WORD PTR [EBX+4]
mov ecx, ebp
MOV EDX,DWORD PTR [ECX]
push eax
LEA EAX,DWORD PTR [ESP]
push 1
push eax
push 2
push 0x3B7
CALL DWORD PTR [EDX+0x0C]
add esp, 4
mov dword ptr [esp], 0x00420E3F
retn
}
}
__declspec (dllexport naked) void NewBullseyeEffect2()// bullseye effect: makes canon's critical hit chance 100%
{
__asm
{
cmp dword ptr [esp+0x34], 0x0046AF81
je PVP
cmp dword ptr [esp+0x34], 0x0046BFE3
jne PVM
PVP:
mov eax, dword ptr [esp+0x40]
push ebx
mov ebx, dword ptr [SkillsMemAddr]
finduserid:
cmp dword ptr [ebx], eax
je checkbullseye
add ebx,96
push ebx
sub ebx, dword ptr [SkillsMemAddr]
cmp ebx, 48000
pop ebx
ja exit1
jmp finduserid
checkbullseye:
cmp byte ptr [ebx+0xF], 1
jne exit1
add esi, 50
exit1:
pop ebx
cmp esi, 100 //st
jle good//st
mov esi,100//st
good:
retn
PVM:
mov eax, dword ptr [esp+0x2C]
push ebx
mov ebx, dword ptr [SkillsMemAddr]
finduserid2:
cmp dword ptr [ebx], eax
je checkbullseye2
add ebx,96
push ebx
sub ebx, dword ptr [SkillsMemAddr]
cmp ebx, 48000
pop ebx
ja exit2
jmp finduserid2
checkbullseye2:
cmp byte ptr [ebx+0xF], 1
jne exit2
add esi, 50
exit2:
pop ebx
cmp esi, 100 //st
jle good2//st
mov esi,100//st
good2:
retn
}
}
__declspec (dllexport naked) void NewAttackBoostFix()// fixing issue with selion set/aryne/erynies set/minervas set giving extremly high attack bonus at some occasions
{
__asm
{
sub esi, ebx
xor ebx,ebx
cmp esi,1
jae good
mov esi,1
good:
MOV EAX,DWORD PTR [ESP+0x20]//stm
TEST EAX,EAX
retn
}
}
__declspec (dllexport naked) void NewMapFix13() //recall/teleport m311
{
__asm
{
cmp dword ptr [esp], 0x0043A415
je RecallFrom
cmp dword ptr [esp], 0x004474BE
je Teleport
RecallHere:
MOV ESI,DWORD PTR [EDX+0x3548] //st
cmp eax, 311
je RecallHereExit1
retn
RecallHereExit1:
mov dword ptr [esp], 0x00447724
retn
RecallFrom:
MOV EAX,DWORD PTR [EBX+0x32C4]//st
cmp eax, 311
je RecallFromExit1
retn
RecallFromExit1:
mov dword ptr [esp], 0x0043A54C
retn
Teleport:
MOV ECX,DWORD PTR [EDX+0x3548]//st
cmp eax, 311
je TeleportExit1
retn
TeleportExit1:
mov dword ptr [esp], 0x00447561
retn
}
}
__declspec (dllexport naked) void NewHeroFix()// making 1k hero bonus to work PVM
{
__asm
{
MOV EAX,DWORD PTR [EDI+0x4374]//st
cmp dword ptr [edi+0x37F8], 1000
jb exit1
add eax, 30
cmp eax, 80
jbe exit1
mov eax, 80
exit1:
retn
}
}
__declspec (dllexport naked) void NewKitExpBonus()// kitara's 15% bonus exp
{
__asm
{
cmp dword ptr [esp+0x78], 0
jne exit1
cmp byte ptr [ecx+0x37FC], 6
jne exit1
push eax
push ecx
push edx
push 1
mov edx, dword ptr [esp+0x84]
push edx
LEA ECX,DWORD PTR [EBX+0x3184]
call GetMemberInfo
test eax,eax
je exit2
mov eax, ebp
mov ecx, 100
xor edx,edx
div ecx
xor edx,edx
mov ecx, 15
mul ecx
add ebp, eax
exit2:
pop edx
pop ecx
pop eax
exit1:
CMP DWORD PTR [ECX+0x43A4],2//st
retn
}
}
10-07
1930
1930
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
