#pragma once #include "headers.h" #include "builtin.h" #include "defines.h" BYTE* WeaponTypeDefinitions; #pragma pack(1) struct PacketFeatureDestroy { BYTE PacketType; BYTE WeaponId; // old WORD xPos; WORD yPos; DWORD ExpandedWeaponId; }; struct PacketWeaponProjectile { BYTE PacketType; DWORD StartX; DWORD StartY; DWORD StartZ; DWORD EndX; DWORD EndY; DWORD EndZ; BYTE WeaponId; // old weapon id BYTE Interceptor; WORD Angle; WORD TrajectoryResult; WORD TargetUnitId; WORD AttackerUnitId; BYTE WeaponIndex; DWORD ExpandedWeaponId; }; struct PacketAreaOfEffectDamage { BYTE PacketType; DWORD xPos; DWORD yPos; DWORD zPos; BYTE WeaponId; // old weapon id DWORD ExpandedWeaponId; }; struct PositionDWORD { DWORD x; DWORD y; DWORD z; }; #pragma pack(4) PacketFeatureDestroy* SendFeaturePacketBuffer1; PacketWeaponProjectile* SendFireWeaponPacketBuffer1; PacketAreaOfEffectDamage* SendAreaOfEffectDamageBuffer1; // asm x86 memory DWORD Stor_1; DWORD Stor_2; DWORD Stor_3; DWORD Stor_4; DWORD Stor_5; DWORD Stor_6; DWORD Stor_7; DWORD Stor_8; WORD wStor_1; WORD wStor_2; BYTE bStor_1; BYTE bStor_2; // ____ReceiveWeaponFired_Hook_1 Variables DWORD ExpandedWeaponId; LPVOID CorrespondingWeaponIdOffset; // asm x86 returns LPVOID ____LoadAllWeapons_Hook_1_Return;// = (LPVOID)0x0042E345; LPVOID ____LoadWeaponFromTDF_Hook_1_Return;// = (LPVOID)0x0042E490; LPVOID ____LoadWeaponFromTDF_Hook_2_Return;// = (LPVOID)0x0042ECF9; LPVOID ____LoadUnitInfoFromFBI_Hook_1_Return;// = (LPVOID)0x0042CDEE; LPVOID ____WeaponUnknown_Hook_1_Return;// = (LPVOID)0x00409555; LPVOID ____WeaponUnknown_Hook_2_Return;// = (LPVOID)0x00409682; LPVOID ____WeaponUnknown_Hook_3_Return;// = (LPVOID)0x00409948; LPVOID ____StartWeaponsScripts_Hook_1_Return;// = (LPVOID)0x0049E0CE; LPVOID ____PacketDispatcher_Hook_1_Return;// = (LPVOID)0x0045548B; LPVOID ____SendFireWeapon_Hook_1_Return;// = (LPVOID)0x00499B90; //////////LPVOID ____PacketDispatcher_Hook_2_Return = (LPVOID); ////////LPVOID ____ReceiveWeaponFired_Hook_1_Return = (LPVOID)0x0049D2AF; LPVOID ____FeaturesTakeWeaponDamage_Hook_1_Return;// = (LPVOID)0x00424569; LPVOID ____FeaturesTakeWeaponDamage_Hook_2_Return;// = (LPVOID)0x00424591; LPVOID ____FeaturesTakeWeaponDamage_Hook_3_Return;// = (LPVOID)0x00424632; LPVOID ____FeaturesTakeWeaponDamage_Hook_4_Return;// = (LPVOID)0x00424664; LPVOID ____FeaturesTakeWeaponDamage_Hook_5_Return;// = (LPVOID)0x00424694; LPVOID ____AreaOfEffectDamage_Hook_1_Return;// = (LPVOID)0x0049A7EE; LPVOID ____ReceiveAreaOfEffectDamage_Hook_1_Return;// = (LPVOID)0x0049AFD4; LPVOID ____FireCallback1_Hook_1_Return;// = (LPVOID)0x0049D85E; LPVOID ____FireCallback2_Hook_1_Return;// = (LPVOID)0x0049DD2C; LPVOID ____FireCallback3_Hook_1_Return;// = (LPVOID)0x0049DEF3; LPVOID ____FireCallback4_Hook_1_Return;// = (LPVOID)0x0049DB52; LPVOID ____FireMapWeapon_Hook_1_Return;// = (LPVOID)0x0049DFFB; LPVOID ____ReceiveWeaponFired_Hook_1_Return;// = (LPVOID)0x0049D2AD; LPVOID ____ReceiveWeaponFired_Hook_1_Return_Jmp1; LPVOID ____ReceiveWeaponFired_Hook_1_Return_JNZ;// = (LPVOID)0x0049D2AF; LPVOID ____ReceiveWeaponFired_Hook_1_Return_JZ;// = (LPVOID)0x0049D329; LPVOID ____SaveGame_SaveUnit_Hook_1_Return;// = (LPVOID)0x00487A22; LPVOID ____LoadGame_LoadUnit_Hook_1_Return;// = (LPVOID)0x0048762E; LPVOID ____PacketSize_PacketFeatureExplode_Hook_1_Return;// = (LPVOID)0x0045213B; LPVOID ____TotalA_strcmpi;// = (LPVOID)0x004F8A70; LPVOID ____TotalA_HAPIBroadcastMessage;// = (LPVOID)0x00451DF0; LPVOID ____TotalA_GetLocalPlayerDPID;// = (LPVOID)0x0049DFF0; LPVOID ____TotalA_jmpToCode_42ECF9;// = (LPVOID)0x0042ECF9; LPVOID ____TotalA_jmpToCode_42F340;// = (LPVOID)0x0042F340; LPVOID ____TotalA_jmpToCode_42EDA1;// = (LPVOID)0x0042EDA1; LPVOID ____TotalA_jmpToCode_42ED7B;// = (LPVOID)0x0042ED7B; LPVOID ____TotalA_jumpToCode_WeaponId253_4554D4;// = (LPVOID)0x004554D4; LPVOID ____TotalA_jumpToCode_WeaponId254_4554BA;// = (LPVOID)0x004554BA; LPVOID ____TotalA_jumpToCode_WeaponId255_4554A0;// = (LPVOID)0x004554A0; LPVOID ____TotalA_jmpToCode_InCode_49D329;// = (LPVOID)0x0049D329; LPVOID ____TotalA_jmpToCode_InCode_42469F;// = (LPVOID)0x0042469F; LPVOID ____FeaturesDestroy253;// = (LPVOID)0x00423550; LPVOID ____FeaturesDestroy254; LPVOID ____FeaturesDestroy255; LPVOID ____FeaturesDestroyDefault; LPVOID ____GetGridPlotPos; //LPVOID ____FeaturesTakeWeaponDamage_Hook_0_1; LPVOID ____FeaturesTakeWeaponDamage_Hook_0_1_Return; // the whole glory of missing something lmfao LPVOID ____StartTreeBurn_Hook_1_Return;// = (LPVOID)0x00423531; LPVOID ____ReclaimFinished_Hook_1_Return; LPVOID ____Order_Resurrect_Hook_1_Return; // prototypes void AllocateNewArray(); void ApplyWeaponIdsPatches(); void WeaponIds(); void StaticInitializers_WeaponIds(); __declspec(naked) void ____LoadAllWeapons_Hook_1() { __asm { push esi push edi pushad pushfd call AllocateNewArray popfd popad jmp ____LoadAllWeapons_Hook_1_Return } } // asm x86 patches LPVOID WINAPI ____LoadWeaponFromTDF_Hook_1_HelperA(DWORD Id) { return (LPVOID)((DWORD)WeaponTypeDefinitions + (Id * WEAPON_ID_STRUCT_SIZE)); } __declspec(naked) void ____LoadWeaponFromTDF_Hook_1() { __asm { pushad pushfd push eax call ____LoadWeaponFromTDF_Hook_1_HelperA mov [Stor_1], eax popfd popad mov ebp, [Stor_1] xor eax, eax push 0x005119B8 push 0x40 push 0x00503884 // Not Needed as ebp is set //mov [Stor_1], ebp //add ebp, 0x20 //push ebp //mov ebp, [Stor_1] jmp ____LoadWeaponFromTDF_Hook_1_Return //0042e46e 8d 0c 40 LEA ECX, [EAX + EAX * 0x2] //0042e471 c1 e1 03 SHL ECX, 0x3 //0042e474 2b c8 SUB ECX, EAX //0042e476 03 d0 ADD EDX, EAX //0042e478 33 c0 XOR EAX, EAX //0042e47a 68 b8 19 PUSH lpData_005119b8 = 00000000 // 51 00 //0042e47f 8d 0c 49 LEA ECX, [ECX + ECX * 0x2] //0042e482 6a 40 PUSH 0x40 //0042e484 68 84 38 PUSH DAT_00503884 = 6Eh n // 50 00 //0042e489 8d ac 8a LEA EBP, [EDX + ECX * 0x4 + 0x2cf3] // f3 2c 00 00 } } __declspec(naked) void ____LoadWeaponFromTDF_Hook_2() { __asm { mov eax, [ebp+0x115] mov dword ptr [esp+0x18], 0 test eax, eax mov [esp+0x10], eax jbe jmpToCode_42ECF9 innerloop: pushad pushfd mov esi, [esp+0x24+0x18] push esi mov [Stor_2], esi call ____LoadWeaponFromTDF_Hook_1_HelperA mov [Stor_1], eax popfd popad mov eax, [Stor_1] mov esi, [Stor_2] add eax, 0x80 lea ecx, [esp+0x40] push eax push ecx call [____TotalA_strcmpi] add esp, 8 test eax, eax jz jmpToCode_42F340 mov eax, [esp+0x18] mov ecx, [esp+0x10] inc eax cmp eax, ecx mov [esp+0x18], eax jb innerloop jmp ____LoadWeaponFromTDF_Hook_2_Return jmpToCode_42ECF9: jmp ____TotalA_jmpToCode_42ECF9 jmpToCode_42F340: jmp ____TotalA_jmpToCode_42F340 //0042ecaa 76 4d JBE LAB_0042ecf9 //LAB_0042ecac XREF[1]: 0042ecf7(j) //0042ecac 8b 74 24 18 MOV ESI, dword ptr[ESP + local_328] //0042ecb0 8b 15 e8 MOV EDX, dword ptr[TAMainStruct] = ? ? // 1d 51 00 //0042ecb6 8b c6 MOV EAX, ESI //0042ecb8 25 ff 00 AND EAX, 0xff // 00 00 //0042ecbd 03 d0 ADD EDX, EAX //0042ecbf 8d 0c 40 LEA ECX, [EAX + EAX * 0x2] //0042ecc2 c1 e1 03 SHL ECX, 0x3 //0042ecc5 2b c8 SUB ECX, EAX //0042ecc7 8d 0c 49 LEA ECX, [ECX + ECX * 0x2] //0042ecca 8d 84 8a LEA EAX, [EDX + ECX * 0x4 + 0x2d73] // 73 2d 00 00 //0042ecd1 8d 4c 24 40 LEA ECX = > local_300, [ESP + 0x40] //0042ecd5 50 PUSH EAX //0042ecd6 51 PUSH ECX //0042ecd7 e8 94 9d CALL FUN_004f8a70 uint FUN_004f8a70(byte * param_1 // 0c 00 //0042ecdc 83 c4 08 ADD ESP, 0x8 //0042ecdf 85 c0 TEST EAX, EAX //0042ece1 0f 84 59 JZ LAB_0042f340 // 06 00 00 //0042ece7 8a 44 24 18 MOV AL, byte ptr[ESP + local_328] //0042eceb 8a 4c 24 10 MOV CL, byte ptr[ESP + local_330] //0042ecef fe c0 INC AL //0042ecf1 3a c1 CMP AL, CL //0042ecf3 88 44 24 18 MOV byte ptr[ESP + local_328], AL //0042ecf7 72 b3 JC LAB_0042ecac //LAB_0042ecf9 XREF[1]: 0042ecaa(j) //0042ecf9 8d 54 24 40 LEA EDX = > local_300, [ESP + 0x40] //0042ecfd 68 f0 36 PUSH PTR_BYTE_005036f0 = 004f4433 // 50 00 //0042ed02 52 PUSH EDX //0042ed03 8d 84 24 LEA EAX = > local_100, [ESP + 0x248] // 48 02 00 00 //0042ed0a 68 e4 36 PUSH s_objects3d_005036e4 = "objects3d" // 50 00 //0042ed0f 50 PUSH EAX //0042ed10 e8 db a3 CALL FUN_004290f0 uint * FUN_004290f0(uint * param // ff ff //0042ed15 8d 8c 24 LEA ECX = > local_100, [ESP + 0x240] // 40 02 00 00 //0042ed1c 51 PUSH ECX //0042ed1d e8 3e c8 CALL FUN_004cb560 int** FUN_004cb560(uint * para // 09 00 //0042ed22 8b f0 MOV ESI, EAX //0042ed24 85 f6 TEST ESI, ESI //0042ed26 75 0d JNZ LAB_0042ed35 //0042ed28 8d 94 24 LEA EDX = > local_100, [ESP + 0x240] // 40 02 00 00 //0042ed2f 52 PUSH EDX //0042ed30 e8 5b 75 CALL FUN_004b6290 undefined FUN_004b6290(LPCSTR pa // 08 00 //LAB_0042ed35 XREF[1]: 0042ed26(j) //0042ed35 56 PUSH ESI //0042ed36 e8 55 c8 CALL FUN_004cb590 undefined FUN_004cb590(int param // 09 00 //0042ed3b 8d 44 24 40 LEA EAX = > local_300, [ESP + 0x40] //0042ed3f 50 PUSH EAX //0042ed40 56 PUSH ESI //0042ed41 e8 fa b3 CALL FUN_0042a140 undefined FUN_0042a140(ushort * // ff ff //0042ed46 8b 15 e8 MOV EDX, dword ptr[TAMainStruct] = ? ? // 1d 51 00 //0042ed4c 8d 7c 24 40 LEA EDI = > local_300, [ESP + 0x40] //0042ed50 8b 44 24 10 MOV EAX, dword ptr[ESP + local_330] //0042ed54 25 ff 00 AND EAX, 0xff // 00 00 //0042ed59 8d 0c 40 LEA ECX, [EAX + EAX * 0x2] //0042ed5c c1 e1 03 SHL ECX, 0x3 //0042ed5f 2b c8 SUB ECX, EAX //0042ed61 8d 0c 49 LEA ECX, [ECX + ECX * 0x2] //0042ed64 8d 04 88 LEA EAX, [EAX + ECX * 0x4] //0042ed67 89 b4 02 MOV dword ptr[EDX + EAX * 0x1 + 0x2d67], ESI // 67 2d 00 00 //0042ed6e 8b 0d e8 MOV ECX, dword ptr[TAMainStruct] = ? ? // 1d 51 00 //0042ed74 8d 94 01 LEA EDX, [ECX + EAX * 0x1 + 0x2d73] // 73 2d 00 00 //0042ed7b 83 c9 ff OR ECX, 0xffffffff //0042ed7e 33 c0 XOR EAX, EAX //0042ed80 f2 ae SCASB.RE ES : EDI //0042ed82 f7 d1 NOT ECX //0042ed84 2b f9 SUB EDI, ECX //0042ed86 8b c1 MOV EAX, ECX //0042ed88 8b f7 MOV ESI, EDI //0042ed8a 8b fa MOV EDI, EDX //0042ed8c c1 e9 02 SHR ECX, 0x2 //0042ed8f f3 a5 MOVSD.REP ES : EDI, ESI //0042ed91 8b c8 MOV ECX, EAX //0042ed93 83 e1 03 AND ECX, 0x3 //0042ed96 f3 a4 MOVSB.REP ES : EDI, ESI //0042ed98 eb 07 JMP LAB_0042eda1 } } __declspec(naked) void ____LoadWeaponFromTDF_Hook_3() { __asm { pushad pushfd mov eax, [esp+0x24+0x10] push eax call ____LoadWeaponFromTDF_Hook_1_HelperA mov [Stor_1], eax popfd popad mov eax, [Stor_1] add eax, 0x80 mov byte ptr [eax], 0x00 //mov esi, [esp+0x18] // extra, probs just use esi, actually xD ??? pushad pushfd mov esi, [esp+0x24+0x18] push esi call ____LoadWeaponFromTDF_Hook_1_HelperA mov [Stor_2], eax popfd popad mov eax, [Stor_1] mov esi, [Stor_2] add eax, 0x74 add esi, 0x74 mov ecx, [esi] mov [eax], ecx // should work for ModelDebris? jmp ____TotalA_jmpToCode_42EDA1 // LAB_0042f340 XREF[1]: 0042ece1(j) //0042f340 8b 44 24 10 MOV EAX,dword ptr [ESP + local_330] //0042f344 81 e6 ff AND ESI,0xff // 00 00 00 //0042f34a 25 ff 00 AND EAX,0xff // 00 00 //0042f34f 8d 0c 40 LEA ECX,[EAX + EAX*0x2] //0042f352 c1 e1 03 SHL ECX,0x3 //0042f355 2b c8 SUB ECX,EAX //0042f357 8d 14 49 LEA EDX,[ECX + ECX*0x2] //0042f35a 8b ce MOV ECX,ESI //0042f35c 8d 14 90 LEA EDX,[EAX + EDX*0x4] //0042f35f a1 e8 1d MOV EAX,[TAMainStruct] = ?? // 51 00 //0042f364 c6 84 10 MOV byte ptr [EAX + EDX*0x1 + 0x2d73],0x0 // 73 2d 00 // 00 00 //0042f36c 8d 04 49 LEA EAX,[ECX + ECX*0x2] //0042f36f c1 e0 03 SHL EAX,0x3 //0042f372 2b c1 SUB EAX,ECX //0042f374 8d 34 40 LEA ESI,[EAX + EAX*0x2] //0042f377 a1 e8 1d MOV EAX,[TAMainStruct] = ?? // 51 00 //0042f37c 8b f8 MOV EDI,EAX //0042f37e 03 f9 ADD EDI,ECX //0042f380 8b 8c b7 MOV ECX,dword ptr [EDI + ESI*0x4 + 0x2d67] // 67 2d 00 00 //0042f387 89 8c 10 MOV dword ptr [EAX + EDX*0x1 + 0x2d67],ECX // 67 2d 00 00 //0042f38e e9 0e fa JMP LAB_0042eda1 // ff ff } } __declspec(naked) void ____LoadWeaponFromTDF_Hook_4() { __asm { // dont forget ModelName! pushad pushfd // 0x24 from pushad and pushfd mov eax, [esp+0x24+0x10] push eax call ____LoadWeaponFromTDF_Hook_1_HelperA mov [Stor_1], eax popfd popad mov eax, [Stor_1] add eax, 0x74 mov [eax], esi // ModelDebris // strcpy mov edx, [Stor_1] add edx, 0x80 lea edi, [esp+0x40] jmp ____TotalA_jmpToCode_42ED7B //0042ed46 8b 15 e8 MOV EDX,dword ptr [TAMainStruct] = ?? // 1d 51 00 //0042ed4c 8d 7c 24 40 LEA EDI=>local_300,[ESP + 0x40] //0042ed50 8b 44 24 10 MOV EAX,dword ptr [ESP + local_330] //0042ed54 25 ff 00 AND EAX,0xff // 00 00 //0042ed59 8d 0c 40 LEA ECX,[EAX + EAX*0x2] //0042ed5c c1 e1 03 SHL ECX,0x3 //0042ed5f 2b c8 SUB ECX,EAX //0042ed61 8d 0c 49 LEA ECX,[ECX + ECX*0x2] //0042ed64 8d 04 88 LEA EAX,[EAX + ECX*0x4] //0042ed67 89 b4 02 MOV dword ptr [EDX + EAX*0x1 + 0x2d67],ESI // 67 2d 00 00 //0042ed6e 8b 0d e8 MOV ECX,dword ptr [TAMainStruct] = ?? // 1d 51 00 //0042ed74 8d 94 01 LEA EDX,[ECX + EAX*0x1 + 0x2d73] // 73 2d 00 00 //0042ed7b 83 c9 ff OR ECX,0xffffffff //0042ed7e 33 c0 XOR EAX,EAX //0042ed80 f2 ae SCASB.RE ES:EDI //0042ed82 f7 d1 NOT ECX //0042ed84 2b f9 SUB EDI,ECX //0042ed86 8b c1 MOV EAX,ECX //0042ed88 8b f7 MOV ESI,EDI //0042ed8a 8b fa MOV EDI,EDX //0042ed8c c1 e9 02 SHR ECX,0x2 //0042ed8f f3 a5 MOVSD.REP ES:EDI,ESI //0042ed91 8b c8 MOV ECX,EAX //0042ed93 83 e1 03 AND ECX,0x3 //0042ed96 f3 a4 MOVSB.REP ES:EDI,ESI //0042ed98 eb 07 JMP LAB_0042eda1 } } __declspec(naked) void ____LoadUnitInfoFromFBI_Hook_1() { __asm { // not needed, just get the ptr to new weapontypedef array //pushad //pushfd //push 0 //push //popfd //popad push 0x80 lea ecx, [esp + 0xb0] push 0x00503810 push ecx mov ecx, [esp + 0x24] // esi mov esi, WeaponTypeDefinitions jmp ____LoadUnitInfoFromFBI_Hook_1_Return //0042cdcd a1 e8 1d MOV EAX,[TAMainStruct] = ?? // 51 00 //0042cdd2 68 80 00 PUSH 0x80 // 00 00 //0042cdd7 8d 8c 24 LEA ECX=>local_480,[ESP + 0xb0] // b0 00 00 00 //0042cdde 68 10 38 PUSH s_weapon1_00503810 = "weapon1" // 50 00 //0042cde3 51 PUSH ECX //0042cde4 8b 4c 24 24 MOV ECX,dword ptr [ESP + local_514] //0042cde8 8d b0 f3 LEA ESI,[EAX + 0x2cf3] // 2c 00 00 } } /*__declspec(naked)*/ char* WINAPI ____WeaponNameToWeaponTypeDefinition_Replace(char* WeaponName) { if (!WeaponName || !____strlen(WeaponName)) return (char*)0; for (SIZE_T off = 0; off < MAX_NUMBER_OF_WEAPONS * WEAPON_ID_STRUCT_SIZE; off += WEAPON_ID_STRUCT_SIZE) { if (!____strcmpi(((const char*)((DWORD)WeaponTypeDefinitions + off)), WeaponName)) { return ((char*)((DWORD)WeaponTypeDefinitions + off)); } } return (char*)0; //__asm //{ //push ebx //LAB_0049e5cb XREF[1]: 0049e5f1(j) //0049e5cb a1 e8 1d MOV EAX,[TAMainStruct] = ?? // 51 00 //0049e5d0 53 PUSH EBX //0049e5d1 8d bc 30 LEA EDI,[EAX + ESI*0x1 + 0x2cf3] // f3 2c 00 00 //0049e5d8 57 PUSH EDI //0049e5d9 e8 92 a4 CALL !____strcmpi uint !____strcmpi(byte * param_1 // 05 00 //0049e5de 83 c4 08 ADD ESP,0x8 //0049e5e1 85 c0 TEST EAX,EAX //0049e5e3 74 16 JZ LAB_0049e5fb //0049e5e5 81 c6 15 ADD ESI,0x115 // 01 00 00 //0049e5eb 81 fe 00 CMP ESI,0x11500 // 15 01 00 //0049e5f1 7c d8 JL LAB_0049e5cb //} } __declspec(naked) void ____WeaponUnknown1_Hook_1() { __asm { mov eax, [esi+0x115] test eax, eax jmp ____WeaponUnknown_Hook_1_Return } } __declspec(naked) void ____WeaponUnknown2_Hook_1() { __asm { mov eax, [esi + 0x115] test eax, eax jmp ____WeaponUnknown_Hook_2_Return } } __declspec(naked) void ____WeaponUnknown3_Hook_1() { __asm { mov eax, [esi + 0x115] test eax, eax jmp ____WeaponUnknown_Hook_3_Return } } __declspec(naked) void ____StartWeaponsScripts_Hook_1() { __asm { mov ebx, [ecx+0x115] mov byte ptr [esi-0x1], 0 test ebx, ebx jmp ____StartWeaponsScripts_Hook_1_Return } } __declspec(naked) void ____PacketDispatcher_Hook_1() { __asm { mov edi, [esp+0x10] //inc edi mov [Stor_2], edi // feature destroy packet mov eax, [edi+6] // weapon id mov [Stor_1], eax } if (Stor_1 == 253) // weapon id { __asm { xor eax, eax xor ecx, ecx mov edi, [Stor_2] mov ax, [edi + 0x4] mov cx, [edi + 0x2] push 0 push eax push ecx call ____FeaturesDestroy253 } } else if (Stor_1 == 254) { __asm { xor ecx, ecx xor edx, edx mov edi, [Stor_2] mov cx, [edi + 0x4] mov dx, [edi + 0x2] push 1 push ecx push edx call ____FeaturesDestroy254 } } else if (Stor_1 == 255) { __asm { xor eax, eax xor ecx, ecx mov edi, [Stor_2] mov ax, [edi + 0x4] mov cx, [edi + 0x2] push 1 push eax push ecx call ____FeaturesDestroy255 } } else { __asm { xor edx, edx xor esi, esi mov edi, [Stor_2] mov dx, [edi + 0x4] mov si, [edi + 0x2] mov eax, [Stor_1] push eax call ____LoadWeaponFromTDF_Hook_1_HelperA // ------------------------------------------------------------------------------ push eax // weapon ptr push edx push esi push edx push esi call ____GetGridPlotPos push eax call ____FeaturesDestroyDefault } } __asm { mov eax, 0x00455F50 // lazy atm - pls fix! jmp eax } //__asm //{ //mov ecx, [edi+/* New ID Offset */0x06] // adjust packet send ---------- not done yet!! //mov eax, ecx //sub eax, 253 //jz ____TotalA_jumpToCode_WeaponId253 //dec eax //jz ____TotalA_jumpToCode_WeaponId254 //dec eax //jz ____TotalA_jumpToCode_WeaponId255 //// eax is trashed after in a GetGridPosPlot call //xor edx, edx //mov dx, [edi+0x4] //xor esi, esi //mov si, [edi+0x2] //pushad //pushfd //push ecx //call ____LoadWeaponFromTDF_Hook_1_HelperA //mov [Stor_1], eax //popfd //popad //mov ecx, [Stor_1] //// rewriting chunk instead //jmp ____PacketDispatcher_Hook_1_Return //____TotalA_jumpToCode_WeaponId253: //jmp ____TotalA_jumpToCode_WeaponId253_4554D4 //____TotalA_jumpToCode_WeaponId254: //jmp ____TotalA_jumpToCode_WeaponId254_4554BA //____TotalA_jumpToCode_WeaponId255: //jmp ____TotalA_jumpToCode_WeaponId255_4554A0 //} } // rewrite chunk instead //__declspec(naked) void ____PacketDispatcher_Hook_2() //{ // __asm // { // pushad // pushfd // // // // popfd // popad // // // // jmp ____PacketDispatcher_Hook_2_Return // } //} //////////////__declspec(naked) void ____ReceiveWeaponFired_Hook_1() //////////////{ ////////////// __asm ////////////// { ////////////// mov edx, [eax+/* updated receive weapon fired packet offset */0x24] // weapon id ////////////// push esi ////////////// push edi ////////////// ////////////// ////////////// ////////////// pushad ////////////// pushfd ////////////// ////////////// push edx ////////////// call ____LoadWeaponFromTDF_Hook_1_HelperA ////////////// mov [Stor_1], eax ////////////// ////////////// //push edx ////////////// //call ____LoadWeaponFromTDF_Hook_1_HelperA ////////////// //mov [Stor_2], eax ////////////// ////////////// popfd ////////////// popad ////////////// ////////////// mov ebp, [Stor_1] // weapontypedef ptr ////////////// //mov edx, [Stor_2] // weapontypedef ptr ////////////// mov [esp+0x1C], ebp // var stack weapontypedef ptr for rest of function ////////////// ////////////// add ebp, 0x111 ////////////// mov edx, [ebp] ////////////// and edx, 0x20 ////////////// shr edx, 5 ////////////// test dl, 1 ////////////// ////////////// ////////////// jz ____TotalA_jmpToCode_49D329 ////////////// ////////////// jmp ____ReceiveWeaponFired_Hook_1_Return ////////////// ////////////// ____TotalA_jmpToCode_49D329: ////////////// jmp ____TotalA_jmpToCode_InCode_49D329 ////////////// ////////////// ////////////// ////////////// ////////////// } //////////////} ////////////// ////////////// ////////////// ////////////// ////////////// void WINAPI ____FeaturesTakeWeaponDamage_Hook_1_HelperA() { if (SendFeaturePacketBuffer1) { ____free(SendFeaturePacketBuffer1); } SendFeaturePacketBuffer1 = (PacketFeatureDestroy*)____malloc(sizeof(PacketFeatureDestroy)); ____memset(SendFeaturePacketBuffer1, 0, sizeof(PacketFeatureDestroy)); } //DWORD FeaturesPacketInited; __declspec(naked) void ____FeaturesTakeWeaponDamage_Hook_0_1() // 0x004244B0 // ret 0x004244B6 { __asm { mov [Stor_1], eax mov [Stor_2], edx mov [Stor_3], ecx mov [Stor_4], ebx mov [Stor_5], esi mov [Stor_6], edi mov [Stor_7], ebp call ____FeaturesTakeWeaponDamage_Hook_1_HelperA mov eax, [Stor_1] mov edx, [Stor_2] mov ecx, [Stor_3] mov ebx, [Stor_4] mov esi, [Stor_5] mov edi, [Stor_6] mov ebp, [Stor_7] mov ecx, dword ptr ds:[0x511DE8] jmp ____FeaturesTakeWeaponDamage_Hook_0_1_Return } } __declspec(naked) void ____FeaturesTakeWeaponDamage_Hook_1() { __asm { //pushad //pushfd //call ____FeaturesTakeWeaponDamage_Hook_1_HelperA //mov dword ptr [FeaturesPacketInited], 1 //popfd //popad mov eax, [esp+0x28] mov eax, [eax+0x115] mov [Stor_1], eax mov ax, [esp+0x20] // eax is trashed after anyway mov [wStor_1], ax mov ax, [esp+0x24] // stack adjusted mov [wStor_2], ax mov [Stor_8], eax mov [Stor_2], edx mov [Stor_3], ecx mov [Stor_4], ebx mov [Stor_5], esi mov [Stor_6], edi mov [Stor_7], ebp } SendFeaturePacketBuffer1->PacketType = 15; // Packet Type: 0xF (15) SendFeaturePacketBuffer1->ExpandedWeaponId = Stor_1; SendFeaturePacketBuffer1->xPos = wStor_1; SendFeaturePacketBuffer1->yPos = wStor_2; //mov [Stor_1], edi //mov edi, [SendFeaturePacketBuffer1] // ptr //mov byte ptr [edi+0x0], 15 // packet type //mov edx, [esp+0x28] // weapontypedef ptr //mov eax, [edx+0x115] // new weapon id //mov dword ptr [edi+0x6], eax // buffer new weapon id //mov cx, [esp+0x20] //push 10 // 0xA new packet size //mov dx, [esp+0x20] //push edi // packet buffer start ptr //mov [edi+0x2], cx //mov [edi+0x4], dx __asm { mov eax, [Stor_8] mov edx, [Stor_2] mov ecx, [Stor_3] mov ebx, [Stor_4] mov esi, [Stor_5] mov edi, [Stor_6] mov ebp, [Stor_7] push 6 + 4 // new packet size mov eax, [SendFeaturePacketBuffer1] // buffer ptr push eax jmp ____FeaturesTakeWeaponDamage_Hook_1_Return } } __declspec(naked) void ____FeaturesTakeWeaponDamage_Hook_2() { __asm { //test dword ptr [FeaturesPacketInited], 0 //jz skip mov [Stor_1], edi mov edi, [SendFeaturePacketBuffer1] mov dword ptr [edi+0x6], 252 mov edi, [Stor_1] //skip: jmp ____FeaturesTakeWeaponDamage_Hook_2_Return } } __declspec(naked) void ____FeaturesTakeWeaponDamage_Hook_3() { __asm { //test dword ptr [FeaturesPacketInited], 0 //jz skip mov [Stor_1], edi mov edi, [SendFeaturePacketBuffer1] mov dword ptr [edi+0x6], 253 mov edi, [Stor_1] //skip: jmp ____FeaturesTakeWeaponDamage_Hook_3_Return } } __declspec(naked) void ____FeaturesTakeWeaponDamage_Hook_4() { __asm { //pushad //pushfd //test dword ptr [FeaturesPacketInited], 0 //jz skip mov [Stor_1], edi mov edi, [SendFeaturePacketBuffer1] mov dword ptr [edi+0x6], 253 mov edi, [Stor_1] //skip: //popfd //popad jmp ____FeaturesTakeWeaponDamage_Hook_4_Return } } BOOL WINAPI ____FeaturesTakeWeaponDamage_Hook_5_HelperA(DWORD Id) { if (Id > 252 && Id < 256) { return true; } return false; } // should be done __declspec(naked) void ____FeaturesTakeWeaponDamage_Hook_5() { __asm { //pushad //pushfd //call ____FeaturesTakeWeaponDamage_Hook_1_HelperA //popfd //popad mov eax, [esp+0x28] mov eax, [eax+0x115] mov [Stor_1], eax push eax call ____FeaturesTakeWeaponDamage_Hook_5_HelperA test eax, eax jz ____TotalA_jmpToCode_42469F mov ax, [esp+0x20] // eax is trashed after anyway mov [wStor_1], ax mov ax, [esp+0x24] // stack adjusted mov [wStor_2], ax jmp skipJmpToCode ____TotalA_jmpToCode_42469F: jmp ____TotalA_jmpToCode_InCode_42469F // same as ____FeaturesTakeWeaponDamage_Hook_1_Return skipJmpToCode: } SendFeaturePacketBuffer1->PacketType = 15; // Packet Type: 0xF (15) SendFeaturePacketBuffer1->ExpandedWeaponId = Stor_1; SendFeaturePacketBuffer1->xPos = wStor_1; SendFeaturePacketBuffer1->yPos = wStor_2; __asm { push 6 + 4 // new packet size //push SendFeaturePacketBuffer1 // buffer ptr mov eax, [SendFeaturePacketBuffer1] push eax jmp ____FeaturesTakeWeaponDamage_Hook_5_Return } } //__asm //{ // pushad // pushfd // mov edi, [SendFeaturePacketBuffer1] // mov esi, [edi+0x6] // push esi // call ____FeaturesTakeWeaponDamage_Hook_5_HelperA // test eax, eax // jz ____TotalA_jmpToCode_0042469F // jump if false // //cmp [edi+0x6], 252 // //jbe // mov byte ptr [edi+0x0], 15 // packet type // // mov [edi+0x6], un-needed // mov [edi+0x2], bx // mov [edi+0x4], ax // popfd // popad // push 10 // packet size // push edi // jmp ____FeaturesTakeWeaponDamage_Hook_5_Return // ____TotalA_jmpToCode_0042469F: // popfd // popad // jmp ____TotalA_jmpToCode_InCode_42469F //} //} void WINAPI ____SendFireWeapon_Hook_1_HelperA() { if (SendFireWeaponPacketBuffer1) { ____free(SendFireWeaponPacketBuffer1); } SendFireWeaponPacketBuffer1 = (PacketWeaponProjectile*)____malloc(sizeof(PacketWeaponProjectile)); ____memset(SendFireWeaponPacketBuffer1, 0, sizeof(PacketWeaponProjectile)); } ////////////// ////////////// ////////////// ////////////// ////////////// //////////////__declspec(naked) void ____SendFireWeapon_Hook_1() //////////////{ ////////////// __asm ////////////// { ////////////// ////////////// ////////////// pushad ////////////// pushfd ////////////// ////////////// push esi ////////////// ////////////// call ____SendFireWeapon_Hook_1_HelperA ////////////// ////////////// push edi ////////////// mov edi, [SendFireWeaponPacketBuffer1] ////////////// ////////////// mov [edi+0x0], 13 // packet type ////////////// mov ecx, [esp+0x34+0x28+0x4] // position start ////////////// mov edx, [esp+0x38+0x28+0x4] // position end ////////////// mov eax, [ecx+0x0] // start x ////////////// mov [edi+0x1], eax ////////////// mov eax, [ecx+0x4] ////////////// mov [edi+0x5], eax ////////////// mov eax, [ecx+0x8] ////////////// mov [edi+0x9], eax ////////////// ////////////// mov eax, [edx+0x0] // end x ////////////// mov [edi+13], eax ////////////// mov eax, [edx+0x4] ////////////// mov [edi+17], eax ////////////// mov eax, [edx+0x8] ////////////// mov [edi+21], eax ////////////// ////////////// mov esi, [esp+0x28+0x2C+0x4] // weapontypedef ////////////// mov eax, [esi+0x115] // expanded weapon id ////////////// mov [edi+0x24], eax ////////////// ////////////// mov al, [esi+0x1B] ////////////// shr al, 2 ////////////// and al, 3 ////////////// mov [edi+0x23], al // weapon index ////////////// ////////////// mov edx, [esp+0x28+0x30+0x4] ////////////// test edx, edx ////////////// jnz JmpOver1 ////////////// mov [edi+0x21], dx ////////////// jmp Post1 ////////////// JmpOver1: ////////////// mov si, [edx+0xA8] ////////////// mov [edi+0x21], si ////////////// Post1: ////////////// mov esi, [esp+0x28+0x34+0x4] ////////////// test esi, esi ////////////// jnz JmpOver2 ////////////// mov [edi+0x1F], si ////////////// jmp Post2 ////////////// JmpOver2: ////////////// mov si, [esi+0xA8] ////////////// mov [edi+0x1F], si ////////////// Post2: ////////////// mov eax, [esp+0x28+0x2C+0x4] ////////////// mov si, [eax+0x16] ////////////// mov ax, [eax+0x18] ////////////// mov [edi+0x1B], si // angle ////////////// mov [edi+0x1D], ax // trajectory result ////////////// ////////////// mov eax, [esp+0x28+0x2C+0x4] ////////////// mov ecx, [eax+0x111] ////////////// mov al, [edi+0x1A] ////////////// shr ecx, 0x1E ////////////// xor cl, al ////////////// push 0x24+0x4 // added 4 bytes for expanded weapon ids DWORD ////////////// and cl, 1 ////////////// xor al, cl ////////////// mov ecx, [edx+0x96] ////////////// mov [edi+0x1A], al ////////////// push edi ////////////// mov edx, [ecx+0x4] ////////////// //push eax ////////////// push edx ////////////// call ____TotalA_HAPIBroadcastMessage ////////////// ////////////// pop esi ////////////// pop edi ////////////// ////////////// popfd ////////////// popad ////////////// ////////////// jmp ____SendFireWeapon_Hook_1_Return ////////////// } //////////////} ////////////// ////////////// ////////////// void WINAPI ____AreaOfEffectDamage_Hook_1_HelperA() { if (SendAreaOfEffectDamageBuffer1 != nullptr) { ____free(SendAreaOfEffectDamageBuffer1); } SendAreaOfEffectDamageBuffer1 = (PacketAreaOfEffectDamage*)____malloc(sizeof(PacketAreaOfEffectDamage)); ____memset(SendAreaOfEffectDamageBuffer1, 0, sizeof(PacketAreaOfEffectDamage)); } ////////////// ////////////// //////////////__declspec(naked) void ____AreaOfEffectDamage_Hook_1() //////////////{ ////////////// __asm ////////////// { ////////////// pushad ////////////// pushfd ////////////// ////////////// call ____AreaOfEffectDamage_Hook_1_HelperA ////////////// ////////////// popfd ////////////// popad ////////////// ////////////// lea ecx, [ebx+0x1C] ////////////// mov edi, [SendAreaOfEffectDamageBuffer1] ////////////// mov [edi+0x0], 14 // packet types ////////////// push 0xE+0x4 ////////////// mov edx, [ecx] ////////////// mov [edi+0x1], edx ////////////// mov edx, [esi] ////////////// mov eax, [ecx+0x4] ////////////// mov esi, [ebp+0x8] ////////////// mov [edi+0x5], eax ////////////// mov ecx, [ecx+0x8] ////////////// mov [edi+0x9], ecx ////////////// mov eax, [edx+0x115] ////////////// mov edx, [esi+0x52] ////////////// mov [edi+0xE], eax ////////////// push edi ////////////// mov eax, [edx+0x96] ////////////// push ecx ////////////// mov ecx, [eax+0x4] ////////////// push ecx ////////////// call ____TotalA_HAPIBroadcastMessage // edi preserved ////////////// lea edx, [esi+0x28] ////////////// mov [edi+0x0], 14 // whoa be careful xD almost typed 0x14, well i did but xD yeah fixed now ////////////// push 0xE+0x4 ////////////// mov eax, [edx] ////////////// mov [edi+0x1], eax ////////////// mov eax, [esi] ////////////// mov ecx, [edx+0x4] ////////////// mov [edi+0x5], ecx ////////////// mov edx, [edx+0x8] ////////////// mov [edi+0x9], edx ////////////// mov ecx, [eax+0x115] // expanded weapon ids ////////////// mov eax, [esi+0x52] ////////////// mov [edi+0xE], ecx ////////////// push edi ////////////// mov ecx, [eax+0x96] ////////////// //push edx ////////////// mov edx, [ecx+0x4] ////////////// push edx ////////////// call ____TotalA_HAPIBroadcastMessage ////////////// ////////////// jmp ____AreaOfEffectDamage_Hook_1_Return ////////////// } //////////////} ////////////// ////////////// ////////////// ////////////// ////////////// __declspec(naked) void ____ReceiveAreaOfEffectDamage_Hook_1() { __asm { mov ebx, [ebx+0x115] cmp ebx, [edi+0xE] jmp ____ReceiveAreaOfEffectDamage_Hook_1_Return } } ////////////// ////////////// ////////////// //////////////// i dont know if this works //////////////__declspec(naked) void ____FireCallBack1_Hook_1() //////////////{ ////////////// __asm ////////////// { ////////////// ////////////// ////////////// pushad ////////////// pushfd ////////////// ////////////// //push ebp ////////////// ////////////// call ____SendFireWeapon_Hook_1_HelperA ////////////// ////////////// //pop ebp ////////////// ////////////// push edi ////////////// mov edi, [SendFireWeaponPacketBuffer1] ////////////// ////////////// mov [edi+0x0], 13 // packet type ////////////// lea ecx, [esp+0x54-0x3C+0x20+0x4+0x4] // position start ////////////// mov edx, ebp // position end ////////////// ////////////// push eax ////////////// ////////////// mov eax, [ecx+0x0] // start x ////////////// mov [edi+0x1], eax ////////////// mov eax, [ecx+0x4] ////////////// mov [edi+0x5], eax ////////////// mov eax, [ecx+0x8] ////////////// mov [edi+0x9], eax ////////////// ////////////// mov eax, [edx+0x0] // end x ////////////// mov [edi+13], eax ////////////// mov eax, [edx+0x4] ////////////// mov [edi+17], eax ////////////// mov eax, [edx+0x8] ////////////// mov [edi+21], eax ////////////// ////////////// mov ebx, [esi+0xC] ////////////// //mov esi, [esp+0x28+0x2C] // weapontypedef ////////////// mov eax, [ebx+0x115] // expanded weapon id ////////////// mov [edi+0x24], eax ////////////// ////////////// pop eax ////////////// ////////////// //mov al, [esi+0x1B] ////////////// shr al, 2 ////////////// and al, 3 ////////////// mov [edi+0x23], al // weapon index ////////////// ////////////// pop edi ////////////// ////////////// //mov edx, [edi+0xA8] ////////////// test edx, edx ////////////// ////////////// push edi ////////////// mov edi, [SendFireWeaponPacketBuffer1] ////////////// ////////////// jnz JmpOver1 ////////////// ////////////// ////////////// ////////////// mov [edi+0x1F], dx ////////////// //mov [edi+0x21], dx ////////////// ////////////// push edi ////////////// mov edi, [SendFireWeaponPacketBuffer1] ////////////// ////////////// jmp Post1 ////////////// JmpOver1: ////////////// push esi ////////////// mov si, [edx+0xA8] ////////////// mov [edi+0x1F], si ////////////// //mov [edi+0x21], si ////////////// pop esi ////////////// Post1: ////////////// ////////////// pop edi ////////////// ////////////// ////////////// ////////////// //mov esi, [esp+0x28+0x34] // should not be needed ////////////// test esi, esi ////////////// ////////////// ////////////// ////////////// jnz JmpOver2 ////////////// ////////////// push edi ////////////// mov edi, [SendFireWeaponPacketBuffer1] ////////////// mov [edi+0x1F], si ////////////// //mov [edi+0x21], si ////////////// pop edi ////////////// ////////////// ////////////// jmp Post2 ////////////// JmpOver2: ////////////// push esi ////////////// mov si, [edi+0xA8] ////////////// ////////////// push edi ////////////// mov edi, [SendFireWeaponPacketBuffer1] ////////////// mov [edi+0x1F], si ////////////// //mov [edi+0x21], si ////////////// pop edi ////////////// ////////////// ////////////// pop esi ////////////// Post2: ////////////// ////////////// //pop edi ////////////// ////////////// mov eax, esi // no error here due to checks ////////////// ////////////// push edi ////////////// mov edi, [SendFireWeaponPacketBuffer1] ////////////// ////////////// push esi ////////////// mov si, [eax+0x16] ////////////// mov ax, [eax+0x18] ////////////// mov [edi+0x1B], si // angle ////////////// mov [edi+0x1D], ax // trajectory result ////////////// pop esi ////////////// ////////////// mov ecx, [esi+0xC] ////////////// mov ecx, [ecx+0x111] ////////////// mov al, [edi+0x1A] ////////////// shr ecx, 0x1E ////////////// xor cl, al ////////////// ////////////// and cl, 1 ////////////// xor al, cl ////////////// mov [edi+0x1A], al ////////////// //mov ecx, [esi+0xC] ////////////// //mov eax, [ecx+0x111] ////////////// pop edi ////////////// ////////////// mov ecx, [edi+0x96] ////////////// ////////////// push edi ////////////// mov edi, [SendFireWeaponPacketBuffer1] ////////////// ////////////// push 0x24+0x4 // added 4 bytes for expanded weapon ids DWORD ////////////// push edi ////////////// mov edx, [ecx+0x4] ////////////// //push eax ////////////// push edx ////////////// call ____TotalA_HAPIBroadcastMessage ////////////// ////////////// pop edi ////////////// ////////////// popfd ////////////// popad ////////////// ////////////// ////////////// ////////////// jmp ____FireCallBack1_Hook_1_Return ////////////// ////////////// //0049d7ad 8b 4c 24 1c MOV ECX,dword ptr [ESP + 0x1c] ////////////// //0049d7b1 8b 54 24 18 MOV EDX,dword ptr [ESP + 0x18] ////////////// //0049d7b5 89 4c 24 35 MOV dword ptr [ESP + 0x35],ECX ////////////// //0049d7b9 8b 4d 00 MOV ECX,dword ptr [EBP] ////////////// //0049d7bc 89 54 24 31 MOV dword ptr [ESP + 0x31],EDX ////////////// //0049d7c0 8b 54 24 20 MOV EDX,dword ptr [ESP + 0x20] ////////////// //0049d7c4 89 4c 24 3d MOV dword ptr [ESP + 0x3d],ECX ////////////// //0049d7c8 8b 4d 08 MOV ECX,dword ptr [EBP + 0x8] ////////////// //0049d7cb 89 54 24 39 MOV dword ptr [ESP + 0x39],EDX ////////////// //0049d7cf 8b 55 04 MOV EDX,dword ptr [EBP + 0x4] ////////////// //0049d7d2 89 4c 24 45 MOV dword ptr [ESP + 0x45],ECX ////////////// //0049d7d6 8b 4e 0c MOV ECX,dword ptr [ESI + 0xc] ////////////// //0049d7d9 c0 e8 02 SHR AL,0x2 ////////////// //0049d7dc c6 44 24 MOV byte ptr [ESP + 0x30],0xd ////////////// // 30 0d ////////////// //0049d7e1 89 54 24 41 MOV dword ptr [ESP + 0x41],EDX ////////////// //0049d7e5 8a 91 0a MOV DL,byte ptr [ECX + 0x10a] ////////////// // 01 00 00 ////////////// //0049d7eb 24 03 AND AL,0x3 ////////////// //0049d7ed 88 44 24 53 MOV byte ptr [ESP + 0x53],AL ////////////// //0049d7f1 33 c0 XOR EAX,EAX ////////////// //0049d7f3 3b f8 CMP EDI,EAX ////////////// //0049d7f5 88 54 24 49 MOV byte ptr [ESP + 0x49],DL ////////////// //0049d7f9 75 07 JNZ LAB_0049d802 ////////////// //0049d7fb 66 89 44 MOV word ptr [ESP + 0x51],AX ////////////// // 24 51 ////////////// //0049d800 eb 0c JMP LAB_0049d80e ////////////// // LAB_0049d802 XREF[1]: 0049d7f9(j) ////////////// //0049d802 66 8b 97 MOV DX,word ptr [EDI + 0xa8] ////////////// // a8 00 00 00 ////////////// //0049d809 66 89 54 MOV word ptr [ESP + 0x51],DX ////////////// // 24 51 ////////////// // LAB_0049d80e XREF[1]: 0049d800(j) ////////////// //0049d80e 3b d8 CMP EBX,EAX ////////////// //0049d810 74 07 JZ LAB_0049d819 ////////////// //0049d812 66 8b 83 MOV AX,word ptr [EBX + 0xa8] ////////////// // a8 00 00 00 ////////////// // LAB_0049d819 XREF[1]: 0049d810(j) ////////////// //0049d819 66 8b 56 16 MOV DX,word ptr [ESI + 0x16] ////////////// //0049d81d 66 89 44 MOV word ptr [ESP + 0x4f],AX ////////////// // 24 4f ////////////// //0049d822 66 8b 46 18 MOV AX,word ptr [ESI + 0x18] ////////////// //0049d826 66 89 54 MOV word ptr [ESP + 0x4b],DX ////////////// // 24 4b ////////////// //0049d82b 66 89 44 MOV word ptr [ESP + 0x4d],AX ////////////// // 24 4d ////////////// //0049d830 8b 89 11 MOV ECX,dword ptr [ECX + 0x111] ////////////// // 01 00 00 ////////////// //0049d836 8a 44 24 4a MOV AL,byte ptr [ESP + 0x4a] ////////////// //0049d83a 8d 54 24 30 LEA EDX,[ESP + 0x30] ////////////// //0049d83e c1 e9 1e SHR ECX,0x1e ////////////// //0049d841 32 c8 XOR CL,AL ////////////// //0049d843 6a 24 PUSH 0x24 ////////////// //0049d845 80 e1 01 AND CL,0x1 ////////////// //0049d848 52 PUSH EDX ////////////// //0049d849 32 c1 XOR AL,CL ////////////// //0049d84b 88 44 24 52 MOV byte ptr [ESP + 0x52],AL ////////////// //0049d84f 8b 87 96 MOV EAX,dword ptr [EDI + 0x96] ////////////// // 00 00 00 ////////////// //0049d855 8b 48 04 MOV ECX,dword ptr [EAX + 0x4] ////////////// //0049d858 51 PUSH ECX ////////////// //0049d859 e8 92 45 CALL FUN_00451df0 undefined4 FUN_00451df0(uint par ////////////// // fb ff ////////////// ////////////// } //////////////} ////////////// ////////////// ////////////// ////////////// ////////////// //////////////__declspec(naked) void ____FireCallBack2_Hook_1() //////////////{ ////////////// __asm ////////////// { ////////////// ////////////// ////////////// pushad ////////////// pushfd ////////////// ////////////// call ____SendFireWeapon_Hook_1_HelperA ////////////// ////////////// push edi ////////////// ////////////// mov edi, [SendFireWeaponPacketBuffer1] ////////////// ////////////// mov [edi+0x0], 13 // packet type ////////////// ////////////// pop edi ////////////// ////////////// mov ecx, [edi+0x6A] // unit position start ////////////// ////////////// push edi ////////////// mov edi, [SendFireWeaponPacketBuffer1] ////////////// ////////////// //mov ecx, [esp+0x18+0x24] // position start ////////////// mov edx, ebx // position end ////////////// ////////////// //push eax ////////////// ////////////// mov eax, [ecx+0x0] // start x ////////////// mov [edi+0x1], eax ////////////// mov eax, [ecx+0x4] ////////////// mov [edi+0x5], eax ////////////// mov eax, [ecx+0x8] ////////////// mov [edi+0x9], eax ////////////// ////////////// mov eax, [edx+0x0] // end x ////////////// mov [edi+13], eax ////////////// mov eax, [edx+0x4] ////////////// mov [edi+17], eax ////////////// mov eax, [edx+0x8] ////////////// mov [edi+21], eax ////////////// ////////////// //mov esi, [esp+0x28+0x2C] // weapontypedef ////////////// //push esi ////////////// ////////////// mov eax, [esi+0xC] ////////////// mov eax, [eax+0x115] // expanded weapon id ////////////// mov [edi+0x24], eax ////////////// ////////////// //pop eax ////////////// ////////////// mov eax, [esi+0xC] ////////////// mov al, [eax+0x1B] ////////////// shr al, 2 ////////////// and al, 3 ////////////// mov [edi+0x23], al // weapon index ////////////// ////////////// pop edi ////////////// ////////////// xor edx, edx ////////////// //mov edx, edi ////////////// cmp edi, edx ////////////// ////////////// push edi ////////////// mov edi, [SendFireWeaponPacketBuffer1] ////////////// ////////////// jnz JmpOver1 ////////////// ////////////// ////////////// ////////////// mov [edi+0x21], dx ////////////// jmp Post1 ////////////// JmpOver1: ////////////// push esi ////////////// mov si, [edx+0xA8] ////////////// mov [edi+0x21], si ////////////// pop esi ////////////// Post1: ////////////// ////////////// ////////////// pop edi ////////////// ////////////// ////////////// //mov esi, [esp+0x28+0x34] // should not be needed ////////////// cmp ebp, edx ////////////// jnz JmpOver2 ////////////// mov [edi+0x1F], si ////////////// jmp Post2 ////////////// JmpOver2: ////////////// push esi ////////////// mov si, [esi+0xA8] ////////////// mov [edi+0x1F], si ////////////// pop esi ////////////// Post2: ////////////// ////////////// ////////////// ////////////// ////////////// ////////////// ////////////// ////////////// ////////////// mov eax, esi // no error here due to checks ////////////// ////////////// push esi ////////////// mov si, [eax+0x16] ////////////// mov ax, [eax+0x18] ////////////// mov [edi+0x1B], si // angle ////////////// mov [edi+0x1D], ax // trajectory result ////////////// pop esi ////////////// ////////////// mov ecx, [esi+0xC] ////////////// mov ecx, [ecx+0x111] ////////////// mov al, [edi+0x1A] ////////////// ////////////// pop edi ////////////// ////////////// shr ecx, 0x1E ////////////// xor cl, al ////////////// ////////////// and cl, 1 ////////////// xor al, cl ////////////// ////////////// push edi ////////////// mov edi, [SendFireWeaponPacketBuffer1] ////////////// ////////////// mov [edi+0x1A], al ////////////// ////////////// ////////////// ////////////// //mov ecx, [esi+0xC] ////////////// ////////////// pop edi ////////////// ////////////// push 0x24+0x4 // added 4 bytes for expanded weapon ids DWORD ////////////// ////////////// //mov eax, [ecx+0x111] ////////////// mov ecx, [edi+0x96] ////////////// push edi ////////////// mov edx, [ecx+0x4] ////////////// //push eax ////////////// push edx ////////////// call ____TotalA_HAPIBroadcastMessage ////////////// ////////////// ////////////// ////////////// ////////////// popfd ////////////// popad ////////////// ////////////// jmp ____FireCallBack4_Hook_1_Return ////////////// ////////////// ////////////// } //////////////} ////////////// ////////////// ////////////// ////////////// ////////////// ////////////// //////////////// its labeled weird in the idb and here but whatever ;) //////////////// doing them in order by Ghidra search //////////////__declspec(naked) void ____FireCallBack3_Hook_1() //////////////{ ////////////// __asm ////////////// { ////////////// ////////////// ////////////// pushad ////////////// pushfd ////////////// ////////////// call ____SendFireWeapon_Hook_1_HelperA ////////////// ////////////// push edi ////////////// ////////////// mov edi, [SendFireWeaponPacketBuffer1] ////////////// ////////////// mov [edi+0x0], 13 // packet type ////////////// ////////////// pop edi ////////////// ////////////// lea ecx, [esp+0x24+0x10] // unit position start ////////////// ////////////// ////////////// //mov ecx, [esp+0x18+0x24] // position start ////////////// mov edx, edi // position end ////////////// ////////////// push edi ////////////// mov edi, [SendFireWeaponPacketBuffer1] ////////////// ////////////// //push eax ////////////// ////////////// mov eax, [ecx+0x0] // start x ////////////// mov [edi+0x1], eax ////////////// mov eax, [ecx+0x4] ////////////// mov [edi+0x5], eax ////////////// mov eax, [ecx+0x8] ////////////// mov [edi+0x9], eax ////////////// ////////////// mov eax, [edx+0x0] // end x ////////////// mov [edi+13], eax ////////////// mov eax, [edx+0x4] ////////////// mov [edi+17], eax ////////////// mov eax, [edx+0x8] ////////////// mov [edi+21], eax ////////////// ////////////// //mov esi, [esp+0x28+0x2C] // weapontypedef ////////////// //push esi ////////////// mov eax, [esi+0xC] ////////////// mov eax, [eax+0x115] // expanded weapon id ////////////// //pop esi ////////////// mov [edi+0x24], eax ////////////// ////////////// //pop eax ////////////// ////////////// //mov eax, [esi+0xC] ////////////// mov al, [esi+0x1B] ////////////// shr al, 2 ////////////// and al, 3 ////////////// mov [edi+0x23], al // weapon index ////////////// ////////////// pop edi ////////////// ////////////// xor edx, edx ////////////// //mov edx, edi ////////////// cmp ebx, edx ////////////// ////////////// push edi ////////////// mov edi, [SendFireWeaponPacketBuffer1] ////////////// ////////////// ////////////// jnz JmpOver1 ////////////// ////////////// ////////////// ////////////// mov [edi+0x21], dx ////////////// jmp Post1 ////////////// JmpOver1: ////////////// push esi ////////////// mov si, [ebx+0xA8] ////////////// mov [edi+0x21], si ////////////// pop esi ////////////// Post1: ////////////// ////////////// pop edi ////////////// ////////////// ////////////// ////////////// //mov esi, [esp+0x28+0x34] // should not be needed ////////////// cmp ebp, edx ////////////// jnz JmpOver2 ////////////// mov [edi+0x1F], si ////////////// jmp Post2 ////////////// JmpOver2: ////////////// push esi ////////////// mov si, [ebx+0xA8] ////////////// mov [edi+0x1F], si ////////////// pop esi ////////////// Post2: ////////////// ////////////// ////////////// ////////////// ////////////// ////////////// ////////////// ////////////// ////////////// mov eax, [esi] // no error here due to checks ////////////// ////////////// push esi ////////////// mov si, [eax+0x16] ////////////// mov ax, [eax+0x18] ////////////// mov [edi+0x1B], si // angle ////////////// mov [edi+0x1D], ax // trajectory result ////////////// pop esi ////////////// ////////////// ////////////// mov ecx, [esi+0xC] ////////////// mov ecx, [ecx+0x111] ////////////// mov al, [edi+0x1A] ////////////// shr ecx, 0x1E ////////////// xor cl, al ////////////// push 0x24+0x4 // added 4 bytes for expanded weapon ids DWORD ////////////// and cl, 1 ////////////// xor al, cl ////////////// mov [edi+0x1A], al ////////////// //mov ecx, [esi+0xC] ////////////// //mov eax, [ecx+0x111] ////////////// mov ecx, [ebx+0x96] ////////////// push edi ////////////// mov edx, [ecx+0x4] ////////////// //push eax ////////////// push edx ////////////// call ____TotalA_HAPIBroadcastMessage ////////////// ////////////// pop edi ////////////// ////////////// ////////////// popfd ////////////// popad ////////////// ////////////// jmp ____FireCallBack3_Hook_1_Return ////////////// ////////////// ////////////// } //////////////} ////////////// ////////////// ////////////// ////////////// ////////////// ////////////// ////////////// ////////////// ////////////// ////////////// ////////////// ////////////// //////////////// its labeled weird in the idb and here but whatever ;) //////////////// doing them in order by Ghidra search //////////////__declspec(naked) void ____FireCallBack4_Hook_1() //////////////{ ////////////// __asm ////////////// { ////////////// ////////////// ////////////// pushad ////////////// pushfd ////////////// ////////////// call ____SendFireWeapon_Hook_1_HelperA ////////////// ////////////// push edi ////////////// ////////////// mov edi, [SendFireWeaponPacketBuffer1] ////////////// ////////////// mov [edi+0x0], 13 // packet type ////////////// ////////////// pop edi ////////////// ////////////// mov ecx, [esp+0x24+0x10] // unit position start ////////////// ////////////// ////////////// //mov ecx, [esp+0x18+0x24] // position start ////////////// lea edx, [esp+0x24+0x50] // position end ////////////// ////////////// push edi ////////////// mov edi, [SendFireWeaponPacketBuffer1] ////////////// ////////////// //push eax ////////////// ////////////// mov eax, [ecx+0x0] // start x ////////////// mov [edi+0x1], eax ////////////// mov eax, [ecx+0x4] ////////////// mov [edi+0x5], eax ////////////// mov eax, [ecx+0x8] ////////////// mov [edi+0x9], eax ////////////// ////////////// mov eax, [edx+0x0] // end x ////////////// mov [edi+13], eax ////////////// mov eax, [edx+0x4] ////////////// mov [edi+17], eax ////////////// mov eax, [edx+0x8] ////////////// mov [edi+21], eax ////////////// ////////////// //mov esi, [esp+0x28+0x2C] // weapontypedef ////////////// //push esi ////////////// mov eax, [esi+0xC] ////////////// mov eax, [eax+0x115] // expanded weapon id ////////////// //pop esi ////////////// mov [edi+0x24], eax ////////////// ////////////// //pop eax ////////////// ////////////// //mov eax, [esi+0xC] ////////////// mov al, [esi+0x1B] ////////////// shr al, 2 ////////////// and al, 3 ////////////// mov [edi+0x23], al // weapon index ////////////// ////////////// pop edi ////////////// ////////////// xor ebp, ebp ////////////// //mov edx, edi ////////////// cmp ebp, edi ////////////// ////////////// push edi ////////////// mov edi, [SendFireWeaponPacketBuffer1] ////////////// ////////////// jnz JmpOver1 ////////////// ////////////// ////////////// ////////////// mov [edi+0x21], bp ////////////// jmp Post1 ////////////// JmpOver1: ////////////// push esi ////////////// mov si, [ebx+0xA8] ////////////// mov [edi+0x21], si ////////////// pop esi ////////////// Post1: ////////////// ////////////// ////////////// pop edi ////////////// ////////////// ////////////// //mov esi, [esp+0x28+0x34] // should not be needed ////////////// mov ecx, [esp+0x24+0x4C] ////////////// cmp ecx, ebp ////////////// jnz JmpOver2 ////////////// mov [edi+0x1F], bp ////////////// jmp Post2 ////////////// JmpOver2: ////////////// push esi ////////////// mov si, [ecx+0xA8] ////////////// mov [edi+0x1F], si ////////////// pop esi ////////////// Post2: ////////////// ////////////// ////////////// ////////////// ////////////// ////////////// ////////////// ////////////// ////////////// mov eax, esi // no error here due to checks ////////////// ////////////// push esi ////////////// ////////////// mov si, [eax+0x16] ////////////// mov ax, [eax+0x18] ////////////// mov [edi+0x1B], si // angle ////////////// mov [edi+0x1D], ax // trajectory result ////////////// ////////////// pop esi ////////////// ////////////// mov ecx, [esi+0xC] ////////////// mov ecx, [ecx+0x111] ////////////// mov al, [edi+0x1A] ////////////// shr ecx, 0x1E ////////////// xor cl, al ////////////// push 0x24+0x4 // added 4 bytes for expanded weapon ids DWORD ////////////// and cl, 1 ////////////// xor al, cl ////////////// mov [edi+0x1A], al ////////////// //mov ecx, [esi+0xC] ////////////// //mov eax, [ecx+0x111] ////////////// mov ecx, [ebx+0x96] ////////////// push edi ////////////// mov edx, [ecx+0x4] ////////////// //push eax ////////////// push edx ////////////// call ____TotalA_HAPIBroadcastMessage ////////////// ////////////// pop edi ////////////// ////////////// ////////////// popfd ////////////// popad ////////////// ////////////// jmp ____FireCallBack4_Hook_1_Return ////////////// ////////////// ////////////// } //////////////} ////////////// ////////////// ////////////// ////////////// ////////////// //////////////__declspec(naked) void ____FireMapWeapon_Hook_1() //////////////{ ////////////// __asm ////////////// { ////////////// mov edx, dword ptr ds:[0x511DE8] ////////////// test [edx+0x2A44], 1 ////////////// jz Return ////////////// ////////////// ////////////// ////////////// pushad ////////////// pushfd ////////////// ////////////// mov ecx, edi ////////////// ////////////// push edi ////////////// mov edi, [SendFireWeaponPacketBuffer1] ////////////// ////////////// push eax ////////////// ////////////// mov eax, [ecx+0x0] // start x ////////////// mov [edi+0x1], eax ////////////// mov eax, [ecx+0x4] ////////////// mov [edi+0x5], eax ////////////// mov eax, [ecx+0x8] ////////////// mov [edi+0x9], eax ////////////// ////////////// pop eax ////////////// mov edx, eax ////////////// ////////////// mov eax, [edx+0x0] // end x ////////////// mov [edi+13], eax ////////////// mov eax, [edx+0x4] ////////////// mov [edi+17], eax ////////////// mov eax, [edx+0x8] ////////////// mov [edi+21], eax ////////////// ////////////// mov [edi+0x0], 13 // packet type ////////////// ////////////// //mov esi, [esp+0x28+0x2C] // weapontypedef ////////////// //push esi ////////////// mov eax, [ebx+0xC] ////////////// mov eax, [eax+0x115] // expanded weapon id ////////////// //pop esi ////////////// mov [edi+0x24], eax ////////////// ////////////// ////////////// push 0x24+0x4 // expanded weapon packet ////////////// push edi ////////////// ////////////// call ____TotalA_GetLocalPlayerDPID ////////////// push eax ////////////// ////////////// call ____TotalA_HAPIBroadcastMessage ////////////// ////////////// ////////////// popfd ////////////// popad ////////////// ////////////// ////////////// Return: ////////////// jmp ____FireMapWeapon_Hook_1_Return ////////////// } //////////////} ////////////// __declspec(naked) void ____PacketSize_PacketFeatureExplode_Hook_1() { __asm { mov dword ptr ds:[0x00512B14], 6 + 4 // weapon ids jmp ____PacketSize_PacketFeatureExplode_Hook_1_Return } } PacketWeaponProjectile* IncomingPacketPtr; // dont use function headers!! __declspec(naked) void WINAPI ____ReceiveWeaponFired_Hook_1(/*LPVOID PlayerPtr, PacketWeaponProjectile* IncomingPacket*/) { __asm { mov eax, [esp + 0x8] mov[IncomingPacketPtr], eax sub esp, 16 // 4 vars push ebx push ebp push esi push edi } ExpandedWeaponId = IncomingPacketPtr->ExpandedWeaponId; CorrespondingWeaponIdOffset = ____LoadWeaponFromTDF_Hook_1_HelperA(ExpandedWeaponId); __asm { mov ebp, [CorrespondingWeaponIdOffset] mov [esp + 32 - 4], ebp mov eax, [IncomingPacketPtr] mov ecx, dword ptr ds:[0x511DE8] mov edx, ebp mov edx, [edx+0x111] shr edx, 5 test dl, 1 jmp ____ReceiveWeaponFired_Hook_1_Return_Jmp1 } //if ((*((DWORD*)((DWORD)CorrespondingWeaponIdOffset + 0x111)) & 0x20) != 0) //{ // __asm // { // mov ebp, [CorrespondingWeaponIdOffset] // mov [esp+32-4], ebp // mov eax, [IncomingPacketPtr] // mov ecx, dword ptr ds:[0x511DE8] // jmp ____ReceiveWeaponFired_Hook_1_Return_JNZ // } //} //__asm //{ // mov ebp, [CorrespondingWeaponIdOffset] // mov [esp+32-4], ebp // mov eax, [IncomingPacketPtr] // mov ecx, dword ptr ds : [0x511DE8] // jmp ____ReceiveWeaponFired_Hook_1_Return_JZ //} } PositionDWORD* PositionStart; PositionDWORD* PositionEnd; DWORD AttackerDPID; __declspec(naked) void ____FireCallback1_Hook_1() { __asm { mov [Stor_1], eax } ____SendFireWeapon_Hook_1_HelperA(); __asm { lea eax, [esp+0x18] mov [PositionStart], eax // ebp should still be the same mov [PositionEnd], ebp // esi should still be the same mov [Stor_5], esi mov eax, [esi+0xC] mov [Stor_6], eax mov edx, [eax+0x115] mov [Stor_2], edx // edi should still be the same mov [Stor_3], edi // ebx should still be the same mov [Stor_4], ebx } SendFireWeaponPacketBuffer1->StartX = PositionStart->x; SendFireWeaponPacketBuffer1->StartY = PositionStart->y; SendFireWeaponPacketBuffer1->StartZ = PositionStart->z; SendFireWeaponPacketBuffer1->EndX = PositionEnd->x; SendFireWeaponPacketBuffer1->EndY = PositionEnd->y; SendFireWeaponPacketBuffer1->EndZ = PositionEnd->z; SendFireWeaponPacketBuffer1->PacketType = 13; SendFireWeaponPacketBuffer1->WeaponIndex = (Stor_1 >> 2) & 3; SendFireWeaponPacketBuffer1->ExpandedWeaponId = Stor_2; if (Stor_3) // attacker ptr SendFireWeaponPacketBuffer1->AttackerUnitId = *((WORD*)((DWORD)Stor_3 + 0xA8)); else SendFireWeaponPacketBuffer1->AttackerUnitId = 0; if(Stor_4) SendFireWeaponPacketBuffer1->TargetUnitId = *((WORD*)((DWORD)Stor_4 + 0xA8)); SendFireWeaponPacketBuffer1->Angle = *((WORD*)((DWORD)Stor_5 + 0x16)); SendFireWeaponPacketBuffer1->TrajectoryResult = *((WORD*)((DWORD)Stor_5 + 0x18)); SendFireWeaponPacketBuffer1->Interceptor ^= (SendFireWeaponPacketBuffer1->Interceptor ^ (*((DWORD*)((DWORD)Stor_6 + 0x111)) >> 30 )) & 1; AttackerDPID = *((DWORD*)(* ((DWORD*)((DWORD)Stor_3 + 0x96)) + 0x4)); __asm { push 36 + 4 mov eax, [SendFireWeaponPacketBuffer1] push eax mov eax, [AttackerDPID] push eax call ____TotalA_HAPIBroadcastMessage jmp ____FireCallback1_Hook_1_Return } } //PositionDWORD* PositionStart; //PositionDWORD* PositionEnd; //DWORD AttackerDPID; __declspec(naked) void ____FireCallback2_Hook_1() { //__asm //{ // mov [Stor_1], eax //} // DONT TOUCH ____SendFireWeapon_Hook_1_HelperA(); __asm { lea eax, [esp+0x10] mov [PositionStart], eax // edi should still be the same mov [PositionEnd], edi // esi should still be the same mov [Stor_5], esi mov al, [esi+0x1B] mov [bStor_1], al mov eax, [esi+0xC] mov [Stor_6], eax // weapon mov eax, [Stor_6] mov edx, [eax+0x115] mov [Stor_2], edx // ebx should still be the same mov [Stor_3], ebx // ebp should still be the same mov eax, [esp+0x4C] mov [Stor_4], ebp } SendFireWeaponPacketBuffer1->StartX = PositionStart->x; SendFireWeaponPacketBuffer1->StartY = PositionStart->y; SendFireWeaponPacketBuffer1->StartZ = PositionStart->z; SendFireWeaponPacketBuffer1->EndX = PositionEnd->x; SendFireWeaponPacketBuffer1->EndY = PositionEnd->y; SendFireWeaponPacketBuffer1->EndZ = PositionEnd->z; SendFireWeaponPacketBuffer1->PacketType = 13; SendFireWeaponPacketBuffer1->WeaponIndex = (bStor_1 >> 2) & 3; SendFireWeaponPacketBuffer1->ExpandedWeaponId = Stor_2; if (Stor_3) // attacker ptr SendFireWeaponPacketBuffer1->AttackerUnitId = *((WORD*)((DWORD)Stor_3 + 0xA8)); else SendFireWeaponPacketBuffer1->AttackerUnitId = 0; if(Stor_4) SendFireWeaponPacketBuffer1->TargetUnitId = *((WORD*)((DWORD)Stor_4 + 0xA8)); SendFireWeaponPacketBuffer1->Angle = *((WORD*)((DWORD)Stor_5 + 0x16)); SendFireWeaponPacketBuffer1->TrajectoryResult = *((WORD*)((DWORD)Stor_5 + 0x18)); SendFireWeaponPacketBuffer1->Interceptor ^= (SendFireWeaponPacketBuffer1->Interceptor ^ (*((DWORD*)((DWORD)Stor_6 + 0x111)) >> 30 )) & 1; AttackerDPID = *((DWORD*)(* ((DWORD*)((DWORD)Stor_3 + 0x96)) + 0x4)); __asm { push 36 + 4 mov eax, [SendFireWeaponPacketBuffer1] push eax mov eax, [AttackerDPID] push eax call ____TotalA_HAPIBroadcastMessage jmp ____FireCallback2_Hook_1_Return } } __declspec(naked) void ____FireCallback3_Hook_1() { //__asm //{ // mov [Stor_1], eax //} // TOUCH - 3 ____SendFireWeapon_Hook_1_HelperA(); __asm { lea eax, [esp+0x10] mov [PositionStart], eax mov eax, [esp+0x50] mov [PositionEnd], eax // unitweapon mov [Stor_5], ebx mov al, [ebx+0x1B] mov [bStor_1], al // weapontypedef ptr mov eax, [ebx+0xC] mov [Stor_6], eax // weapon mov eax, [Stor_6] mov edx, [eax+0x115] mov [Stor_2], edx mov [Stor_3], edi // victim (target) unit mov ecx, [esp+0x4C] mov [Stor_4], ecx } SendFireWeaponPacketBuffer1->StartX = PositionStart->x; SendFireWeaponPacketBuffer1->StartY = PositionStart->y; SendFireWeaponPacketBuffer1->StartZ = PositionStart->z; SendFireWeaponPacketBuffer1->EndX = PositionEnd->x; SendFireWeaponPacketBuffer1->EndY = PositionEnd->y; SendFireWeaponPacketBuffer1->EndZ = PositionEnd->z; SendFireWeaponPacketBuffer1->PacketType = 13; SendFireWeaponPacketBuffer1->WeaponIndex = (bStor_1 >> 2) & 3; SendFireWeaponPacketBuffer1->ExpandedWeaponId = Stor_2; if (Stor_3) // attacker ptr SendFireWeaponPacketBuffer1->AttackerUnitId = *((WORD*)((DWORD)Stor_3 + 0xA8)); else SendFireWeaponPacketBuffer1->AttackerUnitId = 0; if (Stor_4) SendFireWeaponPacketBuffer1->TargetUnitId = *((WORD*)((DWORD)Stor_4 + 0xA8)); SendFireWeaponPacketBuffer1->Angle = *((WORD*)((DWORD)Stor_5 + 0x16)); SendFireWeaponPacketBuffer1->TrajectoryResult = *((WORD*)((DWORD)Stor_5 + 0x18)); SendFireWeaponPacketBuffer1->Interceptor ^= (SendFireWeaponPacketBuffer1->Interceptor ^ (*((DWORD*)((DWORD)Stor_6 + 0x111)) >> 30)) & 1; AttackerDPID = *((DWORD*)(*((DWORD*)((DWORD)Stor_3 + 0x96)) + 0x4)); __asm { push 36 + 4 mov eax, [SendFireWeaponPacketBuffer1] push eax mov eax, [AttackerDPID] push eax call ____TotalA_HAPIBroadcastMessage jmp ____FireCallback3_Hook_1_Return } } __declspec(naked) void ____FireCallback4_Hook_1() { //__asm //{ // mov [Stor_1], eax //} // TOUCH - 4 ____SendFireWeapon_Hook_1_HelperA(); __asm { // attacker ptr for pos lea eax, [edi+0x6A] mov [PositionStart], eax // is ebx mov [PositionEnd], ebx // is esi mov [Stor_5], esi mov al, [esi+0x1B] mov [bStor_1], al // weapontypedef mov eax, [esi+0xC] mov [Stor_6], eax // weapon mov eax, [Stor_6] mov edx, [eax+0x115] mov [Stor_2], edx // attacker mov [Stor_3], edi // victim (target) mov [Stor_4], ebp } SendFireWeaponPacketBuffer1->StartX = PositionStart->x; SendFireWeaponPacketBuffer1->StartY = PositionStart->y; SendFireWeaponPacketBuffer1->StartZ = PositionStart->z; SendFireWeaponPacketBuffer1->EndX = PositionEnd->x; SendFireWeaponPacketBuffer1->EndY = PositionEnd->y; SendFireWeaponPacketBuffer1->EndZ = PositionEnd->z; SendFireWeaponPacketBuffer1->PacketType = 13; SendFireWeaponPacketBuffer1->WeaponIndex = (bStor_1 >> 2) & 3; SendFireWeaponPacketBuffer1->ExpandedWeaponId = Stor_2; if (Stor_3) // attacker ptr SendFireWeaponPacketBuffer1->AttackerUnitId = *((WORD*)((DWORD)Stor_3 + 0xA8)); else SendFireWeaponPacketBuffer1->AttackerUnitId = 0; if (Stor_4) SendFireWeaponPacketBuffer1->TargetUnitId = *((WORD*)((DWORD)Stor_4 + 0xA8)); SendFireWeaponPacketBuffer1->Angle = *((WORD*)((DWORD)Stor_5 + 0x16)); SendFireWeaponPacketBuffer1->TrajectoryResult = *((WORD*)((DWORD)Stor_5 + 0x18)); SendFireWeaponPacketBuffer1->Interceptor ^= (SendFireWeaponPacketBuffer1->Interceptor ^ (*((DWORD*)((DWORD)Stor_6 + 0x111)) >> 30)) & 1; AttackerDPID = *((DWORD*)(*((DWORD*)((DWORD)Stor_3 + 0x96)) + 0x4)); __asm { push 36 + 4 mov eax, [SendFireWeaponPacketBuffer1] push eax mov eax, [AttackerDPID] push eax call ____TotalA_HAPIBroadcastMessage jmp ____FireCallback4_Hook_1_Return } } __declspec(naked) void ____SendFireWeapon_Hook_1() { //__asm //{ // mov [Stor_1], eax //} // TOUCH - 4 ____SendFireWeapon_Hook_1_HelperA(); __asm { push esi // attacker ptr for pos mov eax, [esp+0x34+0x4] // everything below stack adjusted already! mov [PositionStart], eax // position end mov eax, [esp+0x3C] mov [PositionEnd], eax // is mov eax, [esp+0x2C] mov [Stor_5], eax mov eax, [Stor_5] // redundant but meh mov al, [eax+0x1B] mov [bStor_1], al // weapontypedef mov eax, [Stor_5] mov eax, [eax+0xC] mov [Stor_6], eax // weapon mov eax, [Stor_6] // redundant but idc mov edx, [eax+0x115] mov [Stor_2], edx // attacker mov eax, [esp+0x34] mov [Stor_3], eax // victim (target) mov eax, [esp+0x30] mov [Stor_4], eax } SendFireWeaponPacketBuffer1->StartX = PositionStart->x; SendFireWeaponPacketBuffer1->StartY = PositionStart->y; SendFireWeaponPacketBuffer1->StartZ = PositionStart->z; SendFireWeaponPacketBuffer1->EndX = PositionEnd->x; SendFireWeaponPacketBuffer1->EndY = PositionEnd->y; SendFireWeaponPacketBuffer1->EndZ = PositionEnd->z; SendFireWeaponPacketBuffer1->PacketType = 13; SendFireWeaponPacketBuffer1->WeaponIndex = (bStor_1 >> 2) & 3; SendFireWeaponPacketBuffer1->ExpandedWeaponId = Stor_2; if (Stor_3) // attacker ptr SendFireWeaponPacketBuffer1->AttackerUnitId = *((WORD*)((DWORD)Stor_3 + 0xA8)); else SendFireWeaponPacketBuffer1->AttackerUnitId = 0; if (Stor_4) SendFireWeaponPacketBuffer1->TargetUnitId = *((WORD*)((DWORD)Stor_4 + 0xA8)); SendFireWeaponPacketBuffer1->Angle = *((WORD*)((DWORD)Stor_5 + 0x16)); SendFireWeaponPacketBuffer1->TrajectoryResult = *((WORD*)((DWORD)Stor_5 + 0x18)); SendFireWeaponPacketBuffer1->Interceptor ^= (SendFireWeaponPacketBuffer1->Interceptor ^ (*((DWORD*)((DWORD)Stor_6 + 0x111)) >> 30)) & 1; AttackerDPID = *((DWORD*)(*((DWORD*)((DWORD)Stor_3 + 0x96)) + 0x4)); __asm { push 36 + 4 mov eax, [SendFireWeaponPacketBuffer1] push eax mov eax, [AttackerDPID] push eax call ____TotalA_HAPIBroadcastMessage pop esi jmp ____SendFireWeapon_Hook_1_Return } } DWORD OwnerDPID; __declspec(naked) void ____AreaOfEffectDamage_Hook_1() { ____AreaOfEffectDamage_Hook_1_HelperA(); __asm { mov [PositionStart], ebx mov eax, [esi] // weapon projectile to weapon mov [Stor_1], eax mov eax, [Stor_1] // redundant mov eax, [eax+0x115] mov [Stor_2], eax // expanded weapon id mov eax, ebp // projectile ptr mov eax, [eax+8] // ebp stack +8 // projectile ptr mov [Stor_3], eax mov eax, [Stor_3] // projectile ptr - redundant mov eax, [eax+0x52] // attacker unit ptr mov eax, [eax+0x96] // owner ptr mov eax, [eax+0x4] // DPID from mov [OwnerDPID], eax } SendAreaOfEffectDamageBuffer1->PacketType = 14; // 0xE SendAreaOfEffectDamageBuffer1->xPos = PositionStart->x; SendAreaOfEffectDamageBuffer1->yPos = PositionStart->y; SendAreaOfEffectDamageBuffer1->zPos = PositionStart->z; SendAreaOfEffectDamageBuffer1->ExpandedWeaponId = Stor_2; __asm { push 14 + 4 mov eax, [SendAreaOfEffectDamageBuffer1] push eax mov eax, [OwnerDPID] push eax call ____TotalA_HAPIBroadcastMessage } ____AreaOfEffectDamage_Hook_1_HelperA(); __asm { mov eax, [Stor_3] lea eax, [eax+0x28] mov [PositionEnd], eax mov eax, [Stor_1] // stored weapon from above (double packet) mov eax, [eax+115] // weapon mov [Stor_4], eax } SendAreaOfEffectDamageBuffer1->PacketType = 14; // 0xE SendAreaOfEffectDamageBuffer1->xPos = PositionEnd->x; SendAreaOfEffectDamageBuffer1->yPos = PositionEnd->y; SendAreaOfEffectDamageBuffer1->zPos = PositionEnd->z; SendAreaOfEffectDamageBuffer1->ExpandedWeaponId = Stor_4; __asm { push 14 + 4 mov eax, [SendAreaOfEffectDamageBuffer1] push eax mov eax, [OwnerDPID] push eax call ____TotalA_HAPIBroadcastMessage jmp ____AreaOfEffectDamage_Hook_1_Return } } __declspec(naked) void ____FireMapWeapon_Hook_1() { __asm { mov [Stor_1], eax mov [Stor_2], edx mov [Stor_3], ecx mov [Stor_4], ebx mov [Stor_5], esi mov [Stor_6], edi mov [Stor_7], ebp } ____SendFireWeapon_Hook_1_HelperA(); __asm { mov eax, [Stor_1] mov edx, [Stor_2] mov ecx, [Stor_3] mov ebx, [Stor_4] mov esi, [Stor_5] mov edi, [Stor_6] mov ebp, [Stor_7] } __asm { mov [Stor_1], eax mov eax, [ebx+0x115] mov [Stor_2], eax mov [PositionStart], edi mov eax, [Stor_1] mov [PositionEnd], eax } SendFireWeaponPacketBuffer1->PacketType = 13; SendFireWeaponPacketBuffer1->StartX = PositionStart->x; SendFireWeaponPacketBuffer1->StartY = PositionStart->y; SendFireWeaponPacketBuffer1->StartZ = PositionStart->z; SendFireWeaponPacketBuffer1->EndX = PositionEnd->x; SendFireWeaponPacketBuffer1->EndY = PositionEnd->y; SendFireWeaponPacketBuffer1->EndZ = PositionEnd->z; SendFireWeaponPacketBuffer1->ExpandedWeaponId = Stor_2; __asm { push 36 + 4 mov eax, [SendFireWeaponPacketBuffer1] push eax call ____TotalA_GetLocalPlayerDPID push eax call ____TotalA_HAPIBroadcastMessage jmp ____FireMapWeapon_Hook_1_Return } } __declspec(naked) void ____StartTreeBurn_Hook_1() { __asm { mov [Stor_1], eax mov [Stor_2], edx mov [Stor_3], ecx mov [Stor_4], ebx mov [Stor_5], esi mov [Stor_6], edi mov [Stor_7], ebp call ____FeaturesTakeWeaponDamage_Hook_1_HelperA mov eax, [Stor_1] mov edx, [Stor_2] mov ecx, [Stor_3] mov ebx, [Stor_4] mov esi, [Stor_5] mov edi, [Stor_6] mov ebp, [Stor_7] mov [wStor_1], si mov [wStor_2], bp } SendFeaturePacketBuffer1->xPos = wStor_1; SendFeaturePacketBuffer1->yPos = wStor_2; SendFeaturePacketBuffer1->ExpandedWeaponId = 254; SendFeaturePacketBuffer1->PacketType = 0xF; __asm { push 6 + 4 mov eax, [SendFeaturePacketBuffer1] push eax jmp ____StartTreeBurn_Hook_1_Return } } __declspec(naked) void ____ReclaimFinished_Hook_1() { __asm { mov [Stor_1], eax mov [Stor_2], edx mov [Stor_3], ecx mov [Stor_4], ebx mov [Stor_5], esi mov [Stor_6], edi mov [Stor_7], ebp call ____FeaturesTakeWeaponDamage_Hook_1_HelperA mov eax, [Stor_1] mov edx, [Stor_2] mov ecx, [Stor_3] mov ebx, [Stor_4] mov esi, [Stor_5] mov edi, [Stor_6] mov ebp, [Stor_7] mov [wStor_1], di mov [wStor_2], bp } __asm { mov [Stor_1], eax mov [Stor_2], edx mov [Stor_3], ecx mov [Stor_4], ebx mov [Stor_5], esi mov [Stor_6], edi mov [Stor_7], ebp } SendFeaturePacketBuffer1->PacketType = 0xF; SendFeaturePacketBuffer1->ExpandedWeaponId = 255; SendFeaturePacketBuffer1->xPos = wStor_1; SendFeaturePacketBuffer1->yPos = wStor_2; __asm { mov eax, [Stor_1] mov edx, [Stor_2] mov ecx, [Stor_3] mov ebx, [Stor_4] mov esi, [Stor_5] mov edi, [Stor_6] mov ebp, [Stor_7] mov edx, [esi+0x96] push 6 + 4 mov ecx, [SendFeaturePacketBuffer1] push ecx mov eax, [edx+0x4] push eax call ____TotalA_HAPIBroadcastMessage jmp ____ReclaimFinished_Hook_1_Return } } __declspec(naked) void ____Order_Resurrect_Hook_1() { __asm { mov [Stor_1], eax mov [Stor_2], edx mov [Stor_3], ecx mov [Stor_4], ebx mov [Stor_5], esi mov [Stor_6], edi mov [Stor_7], ebp call ____FeaturesTakeWeaponDamage_Hook_1_HelperA mov eax, [Stor_1] mov edx, [Stor_2] mov ecx, [Stor_3] mov ebx, [Stor_4] mov esi, [Stor_5] mov edi, [Stor_6] mov ebp, [Stor_7] mov ebx, dword ptr ds:[0x511DE8] mov eax, 0x4EC4EC4F push 6 + 4 sub edi, [ebx+0x14287] imul edi sar edx, 2 mov eax, edx mov edi, [ebx+0x14233] shr eax, 0x1F add edx, eax mov ecx, edx mov eax, ecx cdq idiv edi mov eax, ecx //// ebx gets trashed later //mov ebx, [SendFeaturePacketBuffer1] //mov [ebx+0], 0xF // packet type //mov dword ptr [ebx+6], 255 mov bx, dx cdq idiv edi //mov ecx, edx //mov eax, ecx //cdq //idiv edi //mov eax, ecx // lea and push buffer // //push ebx // done // //mov bx, dx //cdq //idiv edi mov [Stor_7], ebp mov ebp, [SendFeaturePacketBuffer1] push ebp mov byte ptr [ebp+0], 0xF // packet type mov dword ptr [ebp+6], 255 mov word ptr [ebp+2], bx mov word ptr [ebp+4], ax mov ebp, [Stor_7] mov edx, [ebp+0x96] mov eax, [edx+4] push eax call ____TotalA_HAPIBroadcastMessage jmp ____Order_Resurrect_Hook_1_Return } } __declspec(naked) void ____SaveGame_SaveUnit_Hook_1() { __asm { mov edx, [ecx+0x115] jmp ____SaveGame_SaveUnit_Hook_1_Return } } __declspec(naked) void ____LoadGame_LoadUnit_Hook_1() { __asm { mov ecx, [edi-0x14] add eax, 0x1C mov [edx+0x115], ecx jmp ____LoadGame_LoadUnit_Hook_1_Return } } // dll functions void ApplyWeaponIdsPatches() { // singleplayer WriteJumpHook((LPVOID)0x0042E316, (LPVOID)____LoadAllWeapons_Hook_1); WriteJumpHook((LPVOID)0x0042E468, (LPVOID)____LoadWeaponFromTDF_Hook_1); WriteJumpHook((LPVOID)0x0042EC99, (LPVOID)____LoadWeaponFromTDF_Hook_2); WriteJumpHook((LPVOID)0x0042F340, (LPVOID)____LoadWeaponFromTDF_Hook_3); WriteJumpHook((LPVOID)0x0042ED46, (LPVOID)____LoadWeaponFromTDF_Hook_4); WriteJumpHook((LPVOID)0x0042CDCD, (LPVOID)____LoadUnitInfoFromFBI_Hook_1); WriteJumpHook((LPVOID)0x0049E5B0, (LPVOID)____WeaponNameToWeaponTypeDefinition_Replace); WriteJumpHook((LPVOID)0x0040954D, (LPVOID)____WeaponUnknown1_Hook_1); WriteJumpHook((LPVOID)0x00409682, (LPVOID)____WeaponUnknown2_Hook_1); WriteJumpHook((LPVOID)0x00409682, (LPVOID)____WeaponUnknown3_Hook_1); WriteJumpHook((LPVOID)0x0049E0C2, (LPVOID)____StartWeaponsScripts_Hook_1); // attempt 2 in cpp for Multiplayer // capture the stack // capture each necessary pointer // cpp assign data to packet // send // receive WriteJumpHook((LPVOID)0x0049D270, (LPVOID)____ReceiveWeaponFired_Hook_1); WriteJumpHook((LPVOID)0x0049D7AD, (LPVOID)____FireCallback1_Hook_1); WriteJumpHook((LPVOID)0x0049DC71, (LPVOID)____FireCallback2_Hook_1); // re-test ballistics - test successful WriteJumpHook((LPVOID)0x0049DE32, (LPVOID)____FireCallback3_Hook_1); WriteJumpHook((LPVOID)0x0049DA9F, (LPVOID)____FireCallback4_Hook_1); //////// multiplayer //////// here comes the mess of code xD WriteJumpHook((LPVOID)0x0045544D, (LPVOID)____PacketDispatcher_Hook_1); ////////WriteJumpHook((LPVOID)0x00455474, (LPVOID)____PacketDispatcher_Hook_2); //////WriteJumpHook((LPVOID)0x0049D27B, (LPVOID)____ReceiveWeaponFired_Hook_1); ////// //////// FeaturesTakeWeaponDamage ////////*((BYTE*)(0x004244B6+2)) = 8+10; // original stack size + new packet size WriteJumpHook((LPVOID)0x004244B0, ____FeaturesTakeWeaponDamage_Hook_0_1); WriteJumpHook((LPVOID)0x0042453B, (LPVOID)____FeaturesTakeWeaponDamage_Hook_1); WriteJumpHook((LPVOID)0x0042458C, (LPVOID)____FeaturesTakeWeaponDamage_Hook_2); WriteJumpHook((LPVOID)0x0042462D, (LPVOID)____FeaturesTakeWeaponDamage_Hook_3); WriteJumpHook((LPVOID)0x0042465F, (LPVOID)____FeaturesTakeWeaponDamage_Hook_4); WriteJumpHook((LPVOID)0x00424672, (LPVOID)____FeaturesTakeWeaponDamage_Hook_5); //////// SendFireWeapon WriteJumpHook((LPVOID)0x00499AC5, (LPVOID)____SendFireWeapon_Hook_1); //////// AreaOfEffectDamage WriteJumpHook((LPVOID)0x0049A769, (LPVOID)____AreaOfEffectDamage_Hook_1); WriteJumpHook((LPVOID)0x0049AFCB, (LPVOID)____ReceiveAreaOfEffectDamage_Hook_1); //////// Fire Callback 1 //////WriteJumpHook((LPVOID)0x0049D7AD, (LPVOID)____FireCallBack1_Hook_1); //////WriteJumpHook((LPVOID)0x0049DA9F, (LPVOID)____FireCallBack2_Hook_1); //////WriteJumpHook((LPVOID)0x0049DC71, (LPVOID)____FireCallBack3_Hook_1); //////WriteJumpHook((LPVOID)0x0049DE32, (LPVOID)____FireCallBack4_Hook_1); WriteJumpHook((LPVOID)0x0049DFA3, (LPVOID)____FireMapWeapon_Hook_1); WriteJumpHook((LPVOID)0x00423516, (LPVOID)____StartTreeBurn_Hook_1); WriteJumpHook((LPVOID)0x0042397F, (LPVOID)____ReclaimFinished_Hook_1); WriteJumpHook((LPVOID)0x004051B9, (LPVOID)____Order_Resurrect_Hook_1); // packet classes *((DWORD*)(0x00452117+6)) = 36 + 4; // weapon ids *((DWORD*)(0x00452126+6)) = 14 + 4; // weapon ids WriteJumpHook((LPVOID)0x00452135, (LPVOID)____PacketSize_PacketFeatureExplode_Hook_1); //*((DWORD*)(0x00512B14)) = 6 + 4; // weapon ids // Save Games // Do Save Units WriteJumpHook((LPVOID)0x00487A1C, (LPVOID)____SaveGame_SaveUnit_Hook_1); // Do Load Units WriteJumpHook((LPVOID)0x00487622, (LPVOID)____LoadGame_LoadUnit_Hook_1); } void StaticInitializers_WeaponIds() { // asm x86 returns ____LoadAllWeapons_Hook_1_Return = (LPVOID)0x0042E345; ____LoadWeaponFromTDF_Hook_1_Return = (LPVOID)0x0042E490; ____LoadWeaponFromTDF_Hook_2_Return = (LPVOID)0x0042ECF9; ____LoadUnitInfoFromFBI_Hook_1_Return = (LPVOID)0x0042CDEE; ____WeaponUnknown_Hook_1_Return = (LPVOID)0x00409555; ____WeaponUnknown_Hook_2_Return = (LPVOID)0x00409682; ____WeaponUnknown_Hook_3_Return = (LPVOID)0x00409948; ____StartWeaponsScripts_Hook_1_Return = (LPVOID)0x0049E0CE; ____PacketDispatcher_Hook_1_Return = (LPVOID)0x0045548B; ____SendFireWeapon_Hook_1_Return = (LPVOID)0x00499B90; //////////LPVOID ____PacketDispatcher_Hook_2_Return = (LPVOID); ////////LPVOID ____ReceiveWeaponFired_Hook_1_Return = (LPVOID)0x0049D2AF; ____FeaturesTakeWeaponDamage_Hook_1_Return = (LPVOID)0x00424569; ____FeaturesTakeWeaponDamage_Hook_2_Return = (LPVOID)0x00424591; ____FeaturesTakeWeaponDamage_Hook_3_Return = (LPVOID)0x00424632; ____FeaturesTakeWeaponDamage_Hook_4_Return = (LPVOID)0x00424664; ____FeaturesTakeWeaponDamage_Hook_5_Return = (LPVOID)0x00424694; ____AreaOfEffectDamage_Hook_1_Return = (LPVOID)0x0049A7EE; ____ReceiveAreaOfEffectDamage_Hook_1_Return = (LPVOID)0x0049AFD4; ____FireCallback1_Hook_1_Return = (LPVOID)0x0049D85E; ____FireCallback2_Hook_1_Return = (LPVOID)0x0049DD2C; ____FireCallback3_Hook_1_Return = (LPVOID)0x0049DEF3; ____FireCallback4_Hook_1_Return = (LPVOID)0x0049DB52; ____FireMapWeapon_Hook_1_Return = (LPVOID)0x0049DFFB; ____ReceiveWeaponFired_Hook_1_Return = (LPVOID)0x0049D2AD; ____ReceiveWeaponFired_Hook_1_Return_Jmp1 = (LPVOID)0x0049D2AD; ____ReceiveWeaponFired_Hook_1_Return_JNZ = (LPVOID)0x0049D2AF; ____ReceiveWeaponFired_Hook_1_Return_JZ = (LPVOID)0x0049D329; ____SaveGame_SaveUnit_Hook_1_Return = (LPVOID)0x00487A22; ____LoadGame_LoadUnit_Hook_1_Return = (LPVOID)0x0048762E; ____PacketSize_PacketFeatureExplode_Hook_1_Return = (LPVOID)0x0045213B; ____TotalA_strcmpi = (LPVOID)0x004F8A70; ____TotalA_HAPIBroadcastMessage = (LPVOID)0x00451DF0; ____TotalA_GetLocalPlayerDPID = (LPVOID)0x0044FDB0; ____TotalA_jmpToCode_42ECF9 = (LPVOID)0x0042ECF9; ____TotalA_jmpToCode_42F340 = (LPVOID)0x0042F340; ____TotalA_jmpToCode_42EDA1 = (LPVOID)0x0042EDA1; ____TotalA_jmpToCode_42ED7B = (LPVOID)0x0042ED7B; ____TotalA_jumpToCode_WeaponId253_4554D4 = (LPVOID)0x004554D4; ____TotalA_jumpToCode_WeaponId254_4554BA = (LPVOID)0x004554BA; ____TotalA_jumpToCode_WeaponId255_4554A0 = (LPVOID)0x004554A0; ____TotalA_jmpToCode_InCode_49D329 = (LPVOID)0x0049D329; ____TotalA_jmpToCode_InCode_42469F = (LPVOID)0x0042469F; ____FeaturesDestroy253 = (LPVOID)0x00423550; // same ____FeaturesDestroy254 = (LPVOID)0x004233A0; // diff ____FeaturesDestroy255 = (LPVOID)0x00423550; // same ____FeaturesDestroyDefault = (LPVOID)0x004244B0; ____GetGridPlotPos = (LPVOID)0x00481550; //____FeaturesTakeWeaponDamage_Hook_0_1 = (LPVOID)0x004244B0; ____FeaturesTakeWeaponDamage_Hook_0_1_Return = (LPVOID)0x004244B6; ____StartTreeBurn_Hook_1_Return = (LPVOID)0x00423531; ____ReclaimFinished_Hook_1_Return = (LPVOID)0x004239A9; ____Order_Resurrect_Hook_1_Return = (LPVOID)0x00405215; } void WeaponIds() { StaticInitializers_WeaponIds(); //AllocateNewArray(); // will be done by game, not here ApplyWeaponIdsPatches(); } void AllocateNewArray() { if (WeaponTypeDefinitions) { ____free(WeaponTypeDefinitions); WeaponTypeDefinitions = 0; } // implement new array if (WeaponTypeDefinitions == 0) { WeaponTypeDefinitions = (BYTE*)____malloc(MAX_NUMBER_OF_WEAPONS * WEAPON_ID_STRUCT_SIZE); if (WeaponTypeDefinitions != 0) { ____memset(WeaponTypeDefinitions, 0, MAX_NUMBER_OF_WEAPONS * WEAPON_ID_STRUCT_SIZE); for (SIZE_T off = 0, id = 0; off < MAX_NUMBER_OF_WEAPONS * WEAPON_ID_STRUCT_SIZE; off += WEAPON_ID_STRUCT_SIZE, id++) { // set ids, names already zero'd from memset *((DWORD*)((DWORD)WeaponTypeDefinitions + off + 0x115)) = (DWORD)id; // new offset for id [0x115] } } } }