[Required tools]
OllyDbg
GameServer version 97d unpacked
1° Open or OllyDbg, click the menu, Open > File and select the GameServer.
2° Changing the limit of the maps:
Replace all values 11 change for 19 limit will be 25 because in Hex 19 = 25.
3° Changing the limit maps
change the values 10 to 18
CMP [ARG.1],10 || CMP EAX,10 || CMP [ARG.2],10
4° The map does not drops, so now need to remove the limit of drops.
changed by JMP:
JE SHORT || JNZ SHORT || JE SHORT
5° Now let's add the respawn of the new maps, if a monster dies he is reborn again.
changed by JMP : JNZ SHORT
6° In offset 00473371 write:
7° Now let's make a dll to read the new maps:
mapas.cpp
mapas.h
7° And now can add up to 25 maps (Terrain)
[Credits]
Cahir (Original 1.00.18 tutorial)
Disconnect (Translating to English)
Motto (Offsets for 97d)
OllyDbg
GameServer version 97d unpacked
1° Open or OllyDbg, click the menu, Open > File and select the GameServer.
2° Changing the limit of the maps:
PHP:
00489489 |. 68 711C4000 PUSH GameServ.00401C71 ; Entry address
0048948E |. 6A 11 PUSH 11
00489490 |. 68 68DB0400 PUSH 4DB68
PHP:
0047C7CF |. /7C 06 JL SHORT GameServ.0047C7D7
0047C7D1 |. |837D FC 11 CMP [LOCAL.1],11
0047C7D5 |. |7C 0A JL SHORT GameServ.0047C7E1
PHP:
0047C7F9 |. /7C 06 JL SHORT GameServ.0047C801
0047C7FB |. |837D F8 11 CMP [LOCAL.2],11
0047C7FF |. |7C 0A JL SHORT GameServ.0047C80B
PHP:
00473348 |. 8955 FC |MOV [LOCAL.1],EDX
0047334B |> 837D FC 11 CMP [LOCAL.1],11
0047334F |. 7D 16 |JGE SHORT GameServ.004733673° Changing the limit maps
PHP:
0044377D |. /7C 06 JL SHORT GameServ.00443785
0044377F |. |837D 08 10 CMP [ARG.1],10
00443783 |. |7E 04 JLE SHORT GameServ.00443789
PHP:
0045C61C |. 33C9 XOR ECX,ECX
0045C61E |. 83F8 10 CMP EAX,10
0045C621 |. 0F9EC1 SETLE CL
PHP:
0045BA59 |. C745 FC 00000000 MOV [LOCAL.1],0
0045BA60 |. 837D 0C 10 CMP [ARG.2],10
0045BA64 |. 7E 29 JLE SHORT GameServ.0045BA8FCMP [ARG.1],10 || CMP EAX,10 || CMP [ARG.2],10
4° The map does not drops, so now need to remove the limit of drops.
PHP:
00409F86 |. /74 4A JE SHORT GameServ.00409FD2
PHP:
004188EE |. /75 49 JNZ SHORT GameServ.00418939
PHP:
00444ED7 |. 74 53 JE SHORT GameServ.00444F2CJE SHORT || JNZ SHORT || JE SHORT
5° Now let's add the respawn of the new maps, if a monster dies he is reborn again.
PHP:
00472F7F |. /75 4C |JNZ SHORT GameServ.00472FCD6° In offset 00473371 write:
PHP:
00473371 83F8 01 CMP EAX,1
00473374 75 05 JNZ SHORT 0047337B
00473376 ^ E9 06FCFFFF JMP 00472F81
0047337B 83F8 12 CMP EAX,12
0047337E 75 05 JNZ SHORT 00473385
00473380 ^ E9 FCFBFFFF JMP 00472F81
00473385 83F8 13 CMP EAX,13
00473388 ^ 0F85 3FFCFFFF JNZ 00472FCD
0047338E ^ E9 EEFBFFFF JMP 00472F81mapas.cpp
PHP:
#include*"mapas.h"
void*LoadMaps()
{
LoadMap("..\\data\\Terrain19.att",18);
LoadMap("..\\data\\Terrain20.att",19);
LoadMap("..\\data\\Terrain21.att",20);
LoadMap("..\\data\\Terrain22.att",21);
LoadMap("..\\data\\Terrain23.att",22);
LoadMap("..\\data\\Terrain24.att",23);
LoadMap("..\\data\\Terrain25.att",24);
}
__declspec*(naked)*void*LoadMap*(char*mapname,*DWORD*mapnr)
{
_asm
{
PUSH*EBP
MOV*EBP,*ESP
SUB*ESP,*4
MOV*ECX,*mapnr
IMUL*ECX,*ECX,*0x4DB68
ADD*ECX,*0x6354C78
MOV*EDX,*0x402225
CALL*EDX
MOV*EAX,*mapname
PUSH*EAX
MOV*ECX,*mapnr
IMUL*ECX,*ECX,*0x4DB68
ADD*ECX,*0x6354C78
MOV*EDX,*0x401FC3
CALL*EDX
MOV*ESP,*EBP
POP*EBP
RETN
}
}*
PHP:
#include*<stdio.h>
#include*<windows.h>
void*LoadMaps();
void*LoadMap*(char***mapname,*DWORD*mapnr);*[Credits]
Cahir (Original 1.00.18 tutorial)
Disconnect (Translating to English)
Motto (Offsets for 97d)
