[1.14d] Offset Updates Pack

This forum is for discussions on how to edit what can not be edited through the txt files, needless to say this isn't about battle net hacking.

Moderators: Nefarius, Havvoric

Post Reply
FearedBliss
Posts: 82
Joined: Sat Oct 16, 2010 4:29 pm
United States of America

[1.14d] Offset Updates Pack

Post by FearedBliss » Tue Dec 05, 2017 5:20 am

Hello all,

I updated my mod from 1.13d to 1.14d and I wanted to publish the new updates.

The updates here are all for 1.14d and are the following:

- Multiple D2 Windows
- Experience beyond two screens for party members
- Defaulting to /players 8 but not having the consequences:
> Monster Life stays at /players 1 [In Monster Data Structure]
> Monster Experience stays at /players 8 [In Monster Data Structure]
> Monster contains player count that will be used for attack rating/damage calculations. [In Monster Data Structure]
> Monster Attack Rating and Damage stays at /players 1 regardless of difficulty (Not needed if you use the above monster life/exp/player var modifications)
> Monster Item Drops and Chest/Rocks/Etc Drops are at /players 8 amounts
- Open Cow Level even if Cow King is Killed
- CPU Power Reduction
- Skip intro cinematics
- Hyperjoin
- Classic Shield Block
- Classic Whirlwind
- Defense doesn't drop while running
- Death Tax Removal
- Lift Ancients Level/Experience Rollover Cap
- Unlimited respecs
- Disable connect to Battle.Net
- Remove blocking quests (A party member can access another party member's town portal)
- Expanded Classic Stash
- Force High Affixes on Rare Items
- Prevent Nihlathak's Portal from closing when Waypoint/Quest complete

Hopefully this is useful to someone.

NOTE: Thanks to devurandom and GalaXyHaXz for their postings and code edits collection
which I used as a basis to find the 1.14d equivalents.

Multiple D2 Windows

Code: Select all

1.14d Base: 400000
1.14d Offset: F562A

CODE:

004F5622  |. 50             PUSH EAX                                 ; |Class => "Diablo II"
004F5623  |. FF15 00C56C00  CALL DWORD PTR DS:[<&USER32.FindWindowA>>; \FindWindowA
004F5629  |. 85C0           TEST EAX,EAX
004F562B  |. 74 45          JE SHORT Game.004F5672
004F562D  |. 8D8D E0FEFFFF  LEA ECX,DWORD PTR SS:[EBP-120]
004F5633  |. 68 E4C56D00    PUSH Game.006DC5E4                       ;  ASCII "Diablo II Critical Error"
004F5638  |. 51             PUSH ECX

WHAT TO DO:

Change from JE SHORT Game.004F5672 -> JMP SHORT Game.004F5672
Experience beyond two screens for party members

Code: Select all

1.14d Base: 400000
1.14d Offset: 17E654

CODE:

0057E64F  |. 0FAFC1         IMUL EAX,ECX
0057E652  |. 03D0           ADD EDX,EAX
0057E654  |. 81FA 00190000  CMP EDX,1900
0057E65A  |. 77 4F          JA SHORT Game.0057E6AB
0057E65C  |. 8B5D FC        MOV EBX,DWORD PTR SS:[EBP-4]
0057E65F  |> 8B46 44        MOV EAX,DWORD PTR DS:[ESI+44]

WHAT TO DO:

NOP both of them.

0017E654   81FA 00190000    CMP EDX,1900
0017E65A   77 4F            JA SHORT 0017E6AB
Monster Life, Experience, Attack Rating / Damage Variable, /players 8 changes

Code: Select all

1.14d Base: 400000
1.14d Life Code Offset: 1738F0
1.14d Experience Code Offset: 173910
1.14d Attack Rating/Damage Variable Offset: 173994

OLD MONSTER LIFE CODE:

005738F0   83F9 09          CMP ECX,9
005738F3   7D 08            JGE SHORT Game.005738FD
005738F5   8B048D 90156E00  MOV EAX,DWORD PTR DS:[ECX*4+6E1590]
005738FC   C3               RETN
005738FD   8D41 FE          LEA EAX,DWORD PTR DS:[ECX-2]
00573900   6BC0 32          IMUL EAX,EAX,32
00573903   C3               RETN

NEW MONSTER LIFE CODE:

005738F0   90               NOP
005738F1   90               NOP
005738F2   90               NOP
005738F3   90               NOP
005738F4   90               NOP
005738F5   B8 00000000      MOV EAX,0
005738FA   90               NOP
005738FB   90               NOP
005738FC   C3               RETN
005738FD   8D41 FE          LEA EAX,DWORD PTR DS:[ECX-2]
00573900   6BC0 32          IMUL EAX,EAX,32
00573903   C3               RETN

WHAT TO DO:

005738F0   83F9 09          CMP ECX,9
005738F3   7D 08            JGE SHORT Game.005738FD

NOP these two since we will tell the function to not increase the life by any %.

005738F5   8B048D 90156E00  MOV EAX,DWORD PTR DS:[ECX*4+6E1590]

Change the above to MOV EAX,0 which represents no % increase to life.

OLD MONSTER EXPERIENCE CODE:

00573910   83F9 09          CMP ECX,9
00573913   7D 08            JGE SHORT Game.0057391D
00573915   8B048D B4156E00  MOV EAX,DWORD PTR DS:[ECX*4+6E15B4]
0057391C   C3               RETN
0057391D   8D8489 82000000  LEA EAX,DWORD PTR DS:[ECX+ECX*4+82]
00573924   03C0             ADD EAX,EAX
00573926   C3               RETN

NEW MONSTER EXPERIENCE CODE:

00573910   90               NOP
00573911   90               NOP
00573912   90               NOP
00573913   90               NOP
00573914   90               NOP
00573915   B8 5E010000      MOV EAX,15E
0057391A   90               NOP
0057391B   90               NOP
0057391C   C3               RETN
0057391D   8D8489 82000000  LEA EAX,DWORD PTR DS:[ECX+ECX*4+82]
00573924   03C0             ADD EAX,EAX
00573926   C3               RETN

WHAT TO DO:

00573910   83F9 09          CMP ECX,9
00573913   7D 08            JGE SHORT Game.0057391D

NOP these two since we will tell the function to increase the exp by the maximum /players 8 amount (15E = 350%)

00573915   8B048D B4156E00  MOV EAX,DWORD PTR DS:[ECX*4+6E15B4]

Change this to MOV EAX,15E which represents increase the exp by 350%.

OLD CODE THAT SETS VARIABLE THAT WILL BE USED FOR MONSTER ATTACK RATING/DAMAGE CODE:
00573994 | 89 4E 10                 | MOV DWORD PTR DS:[ESI+10],ECX           | Save number of players with this monster (Will be used for attack rating/damage increase)
00573997 | EB 07                    | JMP game.5739A0                         |
00573999 | C7 46 10 01 00 00 00     | MOV DWORD PTR DS:[ESI+10],1             |

NEW CODE THAT SETS VARIABLE THAT WILL BE USED FOR MONSTER ATTACK RATING/DAMAGE CODE:
00573994 | 89 4E 10                 | MOV DWORD PTR DS:[ESI+10],ECX           |
00573997 | 90                       | NOP                                     |
00573998 | 90                       | NOP                                     |
00573999 | C7 46 10 01 00 00 00     | MOV DWORD PTR DS:[ESI+10],1             |

WHAT TO DO:
NOP the JMP so that the second assignment overrides the first. We will set ESI+10
to 1 which means that when the attack rating/damage calculation for this monster
is run later, it will not increase the attack rating/damage.
/players 8 item drops

Code: Select all

The /players command also controls how many times the game should
loop when determining how many items to drop from a monster kill,
or from opening a chest.

1.14d Offset: 15A8F4

OLD CODE:
0055A8E9 | BF 08 00 00 00           | MOV EDI,8                                          |
0055A8EE | 8B 8D D8 FA FF FF        | MOV ECX,DWORD PTR SS:[EBP-528]                     |
0055A8F4 | E8 97 AE FD FF           | CALL <game.sub_535790>                             | # of players is placed in EAX.
0055A8F9 | 2B C7                    | SUB EAX,EDI                                        |
0055A8FB | 99                       | CDQ                                                |

NEW CODE:
0055A8E9 | BF 08 00 00 00           | MOV EDI,8                               |
0055A8EE | 8B 8D D8 FA FF FF        | MOV ECX,DWORD PTR SS:[EBP-528]          |
0055A8F4 | B8 08 00 00 00           | MOV EAX,8                               |
0055A8F9 | 2B C7                    | SUB EAX,EDI                             |
0055A8FB | 99                       | CDQ                                     |

Change the CALL to MOV EAX,8 so that we can set the players amount to the maximum
needed for the max drops.

====
The number of players function is located at 0x535790.

1.14d Base: 400000
1.14d Offset: 135790

Monster Attack Rating and Damage stays at /players 1 regardless of difficulty

Code: Select all

1.14d Base: 400000
1.14d AR/Damage Offset: 1A4F20

Note: This patch is not necessary if you use the previous patch above regarding
the monster's hp, exp, player variable inside the monster data structure. 
Because we set the player variable inside the other patch for the monster,
that data is properly passed into this function and we will get our desired
behavior. This function only has 1 reference so we are 100% sure that if
we use the monster data structure's player count variable, regardless of
player difficulty, the attack rating and damage will not be increased.

OLD FUNCTION:
005A4F20 | 80 79 6D 00              | CMP BYTE PTR DS:[ECX+6D],0              | Get and compare difficulty mode. Normal difficulty does not have
005A4F24 | 77 03                    | JA game.5A4F29                          | any attack rating/damage increase regardless of player count.
005A4F26 | 33 C0                    | XOR EAX,EAX                             |
005A4F28 | C3                       | RET                                     |
005A4F29 | 83 FA 02                 | CMP EDX,2                               | We only apply the attack rating/damage increase if there is more than 1 player.
005A4F2C | 7C F8                    | JL game.5A4F26                          |
005A4F2E | 83 FA 09                 | CMP EDX,9                               | 9:'\t'
005A4F31 | 7D 08                    | JGE game.5A4F3B                         |
005A4F33 | 8B 04 95 F4 21 6E 00     | MOV EAX,DWORD PTR DS:[EDX*4+6E21F4]     | If player count is 8 or below, then retrieve the corresponding value from the table.
005A4F3A | C3                       | RET                                     |
005A4F3B | 8D 04 D5 F0 FF FF FF     | LEA EAX,DWORD PTR DS:[EDX*8-10]         | I don't think this safety default if "over players 8" is actually used anymore.
005A4F42 | C3                       | RET                                     |

Difficulty Mode: BYTE PTR DS:[ECX+6D]

0 = Normal
1 = Nightmare
2 = Hell

Calling Function:
005A4FF6 | 50                       | PUSH EAX                                |
005A4FF7 | 6A 64                    | PUSH 64                                 |
005A4FF9 | 57                       | PUSH EDI                                |
005A4FFA | E8 81 04 08 00           | CALL game.625480                        |
005A4FFF | 83 F8 01                 | CMP EAX,1                               |
005A5002 | 7D 05                    | JGE game.5A5009                         |
005A5004 | B8 01 00 00 00           | MOV EAX,1                               |
005A5009 | 8B D0                    | MOV EDX,EAX                             |
005A500B | 8B CB                    | MOV ECX,EBX                             |
005A500D | E8 0E FF FF FF           | CALL game.5A4F20                        | << Actual Call

WHAT TO DO:
We pretty much don't want any type of increases no matter what difficulty.
So we can just take the same code path as if we were in normal difficulty.

We can NOP the following two statements and call it a day:

CMP BYTE PTR DS:[ECX+6D],0
JA game.5A4F29

NEW FUNCTION:
005A4F20 | 90                       | NOP                                     |
005A4F21 | 90                       | NOP                                     |
005A4F22 | 90                       | NOP                                     |
005A4F23 | 90                       | NOP                                     |
005A4F24 | 90                       | NOP                                     |
005A4F25 | 90                       | NOP                                     |
005A4F26 | 33 C0                    | XOR EAX,EAX                             |
005A4F28 | C3                       | RET                                     |
005A4F29 | 83 FA 02                 | CMP EDX,2                               | We only apply the attack rating/damage increase if there is more than 1 player
005A4F2C | 7C F8                    | JL game.5A4F26                          |
005A4F2E | 83 FA 09                 | CMP EDX,9                               | 9:'\t'
005A4F31 | 7D 08                    | JGE game.5A4F3B                         |
005A4F33 | 8B 04 95 F4 21 6E 00     | MOV EAX,DWORD PTR DS:[EDX*4+6E21F4]     | If player count is 8 or below, then retrieve the value from the table
005A4F3A | C3                       | RET                                     |
005A4F3B | 8D 04 D5 F0 FF FF FF     | LEA EAX,DWORD PTR DS:[EDX*8-10]         | If player count is above 8, then get a constant max from [r32*8-10]
005A4F42 | C3                       | RET                                     |
Open Cow Level even if Cow King is Killed

Code: Select all

1.14d Base: 400000
1.14d Offset: 194159

OLD CODE:

00594159   85C0             TEST EAX,EAX
0059415B   0F85 EA000000    JNZ Game.0059424B
00594161   56               PUSH ESI
00594162   E8 39E00800      CALL Game.006221A0
00594167   0FB64F 6D        MOVZX ECX,BYTE PTR DS:[EDI+6D]
0059416B   8B4488 10        MOV EAX,DWORD PTR DS:[EAX+ECX*4+10]
0059416F   6A 0A            PUSH 0A
00594171   6A 04            PUSH 4
00594173   50               PUSH EAX
00594174   E8 97810C00      CALL Game.0065C310
00594179   85C0             TEST EAX,EAX
0059417B   0F85 CA000000    JNZ Game.0059424B
00594181   3947 70          CMP DWORD PTR DS:[EDI+70],EAX
00594184   75 25            JNZ SHORT Game.005941AB
00594186   56               PUSH ESI
00594187   E8 14E00800      CALL Game.006221A0

NEW CODE:

00594159   85C0             TEST EAX,EAX
0059415B   0F85 EA000000    JNZ Game.0059424B
00594161   56               PUSH ESI
00594162   E8 39E00800      CALL Game.006221A0
00594167   0FB64F 6D        MOVZX ECX,BYTE PTR DS:[EDI+6D]
0059416B   8B4488 10        MOV EAX,DWORD PTR DS:[EAX+ECX*4+10]
0059416F   6A 0A            PUSH 0A
00594171   6A 04            PUSH 4
00594173   50               PUSH EAX
00594174   E8 97810C00      CALL Game.0065C310
00594179   33C0             XOR EAX,EAX
0059417B   0F85 CA000000    JNZ Game.0059424B
00594181   3947 70          CMP DWORD PTR DS:[EDI+70],EAX
00594184   75 25            JNZ SHORT Game.005941AB
00594186   56               PUSH ESI
00594187   E8 14E00800      CALL Game.006221A0

WHAT TO DO:

Change TEST EAX,EAX to XOR EAX,EAX.

00594179   85C0             TEST EAX,EAX -> 00594179   33C0             XOR EAX,EAX
CPU Power Reduction

Code: Select all

1.14d Base: 400000
1.14d Title Screen Offset: FA66F
1.14d Single Player Offset: 51C31
1.14d Closed Battle.Net Offset: 51C3B
1.14d Open Battle.Net & TCP/IP Offset: 51C40

Title Screen:

OLD:

004FA661 | 76 05                    | JBE game.4FA668                         |
004FA663 | B8 14 00 00 00           | MOV EAX,14                              |
004FA668 | 83 3D 44 DC 72 00 00     | CMP DWORD PTR DS:[72DC44],0             |
004FA66F | 74 02                    | JE game.4FA673                          | NOP
004FA671 | 33 C0                    | XOR EAX,EAX                             | NOP
004FA673 | 50                       | PUSH EAX                                |
004FA674 | FF 15 58 C2 6C 00        | CALL DWORD PTR DS:[<&Sleep>]            |
004FA67A | 83 3D D4 DD 72 00 00     | CMP DWORD PTR DS:[72DDD4],0             |
004FA681 | 0F 85 2F FF FF FF        | JNE game.4FA5B6                         |
004FA687 | 5E                       | POP ESI                                 |

NEW:

004FA661 | 76 05                    | JBE game.4FA668                         |
004FA663 | B8 14 00 00 00           | MOV EAX,14                              |
004FA668 | 83 3D 44 DC 72 00 00     | CMP DWORD PTR DS:[72DC44],0             |
004FA66F | 90                       | NOP                                     |
004FA670 | 90                       | NOP                                     |
004FA671 | 90                       | NOP                                     |
004FA672 | 90                       | NOP                                     |
004FA673 | 50                       | PUSH EAX                                |
004FA674 | FF 15 58 C2 6C 00        | CALL DWORD PTR DS:[<&Sleep>]            |
004FA67A | 83 3D D4 DD 72 00 00     | CMP DWORD PTR DS:[72DDD4],0             |
004FA681 | 0F 85 2F FF FF FF        | JNE game.4FA5B6                         |
004FA687 | 5E                       | POP ESI                                 |

Single Player, Closed/Open Battle.Net, and TCP/IP:

OLD:

00451C2A | 83 3D E0 F7 70 00 00     | CMP DWORD PTR DS:[70F7E0],0             |
00451C31 | 75 17                    | JNE game.451C4A                         | Single Player
00451C33 | A1 10 06 7A 00           | MOV EAX,DWORD PTR DS:[7A0610]           |
00451C38 | 83 F8 06                 | CMP EAX,6                               |
00451C3B | 74 0D                    | JE game.451C4A                          | Closed Battle.Net
00451C3D | 83 F8 08                 | CMP EAX,8                               |
00451C40 | 74 08                    | JE game.451C4A                          | Open Battle.Net & TCP/IP
00451C42 | 6A 0A                    | PUSH A                                  |
00451C44 | FF 15 58 C2 6C 00        | CALL DWORD PTR DS:[<&Sleep>]            |

NEW:

00451C2A | 83 3D E0 F7 70 00 00     | CMP DWORD PTR DS:[70F7E0],0             |
00451C31 | 90                       | NOP                                     | Single Player
00451C32 | 90                       | NOP                                     |
00451C33 | A1 10 06 7A 00           | MOV EAX,DWORD PTR DS:[7A0610]           |
00451C38 | 83 F8 06                 | CMP EAX,6                               |
00451C3B | 90                       | NOP                                     | Closed Battle.Net
00451C3C | 90                       | NOP                                     |
00451C3D | 83 F8 08                 | CMP EAX,8                               |
00451C40 | 90                       | NOP                                     | Open Battle.Net & TCP/IP
00451C41 | 90                       | NOP                                     |
00451C42 | 6A 0A                    | PUSH A                                  |
00451C44 | FF 15 58 C2 6C 00        | CALL DWORD PTR DS:[<&Sleep>]            |

WHAT TO DO:
NOP the 3 commented lines.
Skip intro cinematics

Code: Select all

1.14d Offset: 35284

OLD:
00435279 | 0F 84 93 00 00 00        | JE game.435312                                |
0043527F | E8 8C 98 FD FF           | CALL game.40EB10                              |
00435284 | 85 C0                    | TEST EAX,EAX                                  |
00435286 | 6A 00                    | PUSH 0                                        |
00435288 | 75 16                    | JNE game.4352A0                               |
0043528A | 50                       | PUSH EAX                                      |
0043528B | 68 FC 4C 6D 00           | PUSH game.6D4CFC                              | 6D4CFC:"Data\\Local\\Video\\New_BLIZ640x480.bik"

NEW:
00435284 | EB 7A                    | JMP game.435300                               |

WHAT TO DO:

Switch TEST to JMP <address>:

00435284 | 85 C0                    | TEST EAX,EAX                                  |
00435284 | EB 7A                    | JMP game.435300                               |
Hyperjoin

Code: Select all

1.14d Offset: 781AC

OLD:
0047819D | F7 7D FC                 | IDIV DWORD PTR SS:[EBP-4]                     |
004781A0 | A3 B4 B3 7B 00           | MOV DWORD PTR DS:[7BB3B4],EAX                 |
004781A5 | 33 C9                    | XOR ECX,ECX                                   |
004781A7 | E8 34 E4 FD FF           | CALL <game.sub_4565E0>                        |
004781AC | 68 FA 00 00 00           | PUSH FA                                       |
004781B1 | FF D3                    | CALL EBX                                      | ebx:Sleep
004781B3 | 81 C6 00 01 00 00        | ADD ESI,100                                   |
004781B9 | 83 EF 01                 | SUB EDI,1                                     |
004781BC | 75 CA                    | JNE game.478188                               |

NEW:
0047819D | F7 7D FC                 | IDIV DWORD PTR SS:[EBP-4]                     |
004781A0 | A3 B4 B3 7B 00           | MOV DWORD PTR DS:[7BB3B4],EAX                 |
004781A5 | 33 C9                    | XOR ECX,ECX                                   |
004781A7 | E8 34 E4 FD FF           | CALL <game.sub_4565E0>                        |
004781AC | 6A 05                    | PUSH 5                                        |
004781AE | 90                       | NOP                                           |
004781AF | 90                       | NOP                                           |
004781B0 | 90                       | NOP                                           |
004781B1 | FF D3                    | CALL EBX                                      |
004781B3 | 81 C6 00 01 00 00        | ADD ESI,100                                   |
004781B9 | 83 EF 01                 | SUB EDI,1                                     |
004781BC | 75 CA                    | JNE game.478188                               |

WHAT TO DO:

Switch PUSH FA to PUSH 5:
004781AC | 68 FA 00 00 00           | PUSH FA                                       |
004781AC | 6A 05                    | PUSH 5                                        |
Classic Shield Block

Code: Select all

1.14d Offset: 2227DB

OLD:
006227CF | 33 C0                    | XOR EAX,EAX                                   |
006227D1 | 0F B6 50 49              | MOVZX EDX,BYTE PTR DS:[EAX+49]                |
006227D5 | 03 DA                    | ADD EBX,EDX                                   | ebx:sub_44EFA0
006227D7 | 83 7D 0C 00              | CMP DWORD PTR SS:[EBP+C],0                    |
006227DB | 74 31                    | JE game.62280E                                |
006227DD | 57                       | PUSH EDI                                      |
006227DE | 6A 00                    | PUSH 0                                        |
006227E0 | 6A 02                    | PUSH 2                                        |
006227E2 | 56                       | PUSH ESI                                      |
006227E3 | E8 98 2C 00 00           | CALL <game.sub_625480>                        |
006227E8 | 6A 00                    | PUSH 0                                        |
006227EA | 6A 0C                    | PUSH C                                        |
006227EC | 56                       | PUSH ESI                                      |
006227ED | 8B F8                    | MOV EDI,EAX                                   |
006227EF | E8 8C 2C 00 00           | CALL <game.sub_625480>                        |

NEW:
006227CF | 33 C0                    | XOR EAX,EAX                                   |
006227D1 | 0F B6 50 49              | MOVZX EDX,BYTE PTR DS:[EAX+49]                |
006227D5 | 03 DA                    | ADD EBX,EDX                                   |
006227D7 | 83 7D 0C 00              | CMP DWORD PTR SS:[EBP+C],0                    |
006227DB | EB 31                    | JMP game.62280E                               |
006227DD | 57                       | PUSH EDI                                      |
006227DE | 6A 00                    | PUSH 0                                        |
006227E0 | 6A 02                    | PUSH 2                                        |
006227E2 | 56                       | PUSH ESI                                      |
006227E3 | E8 98 2C 00 00           | CALL <game.sub_625480>                        |
006227E8 | 6A 00                    | PUSH 0                                        |
006227EA | 6A 0C                    | PUSH C                                        |
006227EC | 56                       | PUSH ESI                                      |
006227ED | 8B F8                    | MOV EDI,EAX                                   |
006227EF | E8 8C 2C 00 00           | CALL <game.sub_625480>                        |

WHAT TO DO:

Switch JE to JMP:
006227DB | 74 31                    | JE game.62280E                                |
006227DB | EB 31                    | JMP game.62280E                               |
Classic Whirlwind

Code: Select all

1.14d Offset: 1D9361

OLD:
005D935A | 8B 55 08                 | MOV EDX,DWORD PTR SS:[EBP+8]            |
005D935D | 83 7A 70 00              | CMP DWORD PTR DS:[EDX+70],0             |
005D9361 | 75 0D                    | JNE game.5D9370                         |
005D9363 | 5F                       | POP EDI                                 |
005D9364 | B8 01 00 00 00           | MOV EAX,1                               | eax:sub_660290+252
005D9369 | 5E                       | POP ESI                                 |
005D936A | 8B E5                    | MOV ESP,EBP                             |
005D936C | 5D                       | POP EBP                                 |
005D936D | C2 08 00                 | RET 8                                   |

NEW:
005D935A | 8B 55 08                 | MOV EDX,DWORD PTR SS:[EBP+8]            |
005D935D | 83 7A 70 00              | CMP DWORD PTR DS:[EDX+70],0             |
005D9361 | 90                       | NOP                                     |
005D9362 | 90                       | NOP                                     |
005D9363 | 5F                       | POP EDI                                 |
005D9364 | B8 01 00 00 00           | MOV EAX,1                               | eax:sub_660290+252
005D9369 | 5E                       | POP ESI                                 |
005D936A | 8B E5                    | MOV ESP,EBP                             |
005D936C | 5D                       | POP EBP                                 |
005D936D | C2 08 00                 | RET 8                                   |

WHAT TO DO:

NOP the following line: 
005D9361 | 75 0D                    | JNE game.5D9370                         |
Defense doesn't drop while running

Code: Select all

1.14d Offset: 17E009

OLD:
0057DFF8 | 85 F6                    | TEST ESI,ESI                            |
0057DFFA | 74 25                    | JE game.57E021                          |
0057DFFC | 83 3E 00                 | CMP DWORD PTR DS:[ESI],0                |
0057DFFF | 75 20                    | JNE game.57E021                         |
0057E001 | 56                       | PUSH ESI                                |
0057E002 | E8 F9 4C 0A 00           | CALL game.622D00                        | Retrieves if you were running or not (1 = running, 0 = standing)
0057E007 | 85 C0                    | TEST EAX,EAX                            |
0057E009 | 74 16                    | JE game.57E021                          |
0057E00B | 83 7E 10 02              | CMP DWORD PTR DS:[ESI+10],2             |
0057E00F | 74 10                    | JE game.57E021                          |
0057E011 | B8 56 55 55 55           | MOV EAX,55555556                        |
0057E016 | F7 EB                    | IMUL EBX                                |
0057E018 | 8B C2                    | MOV EAX,EDX                             |
0057E01A | C1 E8 1F                 | SHR EAX,1F                              |
0057E01D | 03 C2                    | ADD EAX,EDX                             |
0057E01F | 8B D8                    | MOV EBX,EAX                             |
0057E021 | 8B 46 20                 | MOV EAX,DWORD PTR DS:[ESI+20]           |
0057E024 | B9 C5 90 C6 6A           | MOV ECX,6AC690C5                        |
0057E029 | F7 E1                    | MUL ECX                                 |
0057E02B | 8B C8                    | MOV ECX,EAX                             |
0057E02D | 8B 46 24                 | MOV EAX,DWORD PTR DS:[ESI+24]           |
0057E030 | 33 FF                    | XOR EDI,EDI                             |
0057E032 | 03 C8                    | ADD ECX,EAX                             |
0057E034 | 13 D7                    | ADC EDX,EDI                             |
0057E036 | 89 56 24                 | MOV DWORD PTR DS:[ESI+24],EDX           |
0057E039 | B8 1F 85 EB 51           | MOV EAX,51EB851F                        |
0057E03E | F7 E1                    | MUL ECX                                 |
0057E040 | C1 EA 05                 | SHR EDX,5                               |
0057E043 | 6B D2 64                 | IMUL EDX,EDX,64                         |
0057E046 | 89 4E 20                 | MOV DWORD PTR DS:[ESI+20],ECX           |
0057E049 | 2B CA                    | SUB ECX,EDX                             |
0057E04B | 68 38 17 6E 00           | PUSH game.6E1738                        | 6E1738:"blocks"

NEW:
0057DFF8 | 85 F6                    | TEST ESI,ESI                            |
0057DFFA | 74 25                    | JE game.57E021                          |
0057DFFC | 83 3E 00                 | CMP DWORD PTR DS:[ESI],0                |
0057DFFF | 75 20                    | JNE game.57E021                         |
0057E001 | 56                       | PUSH ESI                                |
0057E002 | E8 F9 4C 0A 00           | CALL game.622D00                        | Retrieves if you were running or not (1 = running, 0 = standing)
0057E007 | 85 C0                    | TEST EAX,EAX                            |
0057E009 | EB 16                    | JMP game.57E021                         |
0057E00B | 83 7E 10 02              | CMP DWORD PTR DS:[ESI+10],2             |
0057E00F | 74 10                    | JE game.57E021                          |
0057E011 | B8 56 55 55 55           | MOV EAX,55555556                        |
0057E016 | F7 EB                    | IMUL EBX                                |
0057E018 | 8B C2                    | MOV EAX,EDX                             |
0057E01A | C1 E8 1F                 | SHR EAX,1F                              |
0057E01D | 03 C2                    | ADD EAX,EDX                             |
0057E01F | 8B D8                    | MOV EBX,EAX                             |
0057E021 | 8B 46 20                 | MOV EAX,DWORD PTR DS:[ESI+20]           |
0057E024 | B9 C5 90 C6 6A           | MOV ECX,6AC690C5                        |
0057E029 | F7 E1                    | MUL ECX                                 |
0057E02B | 8B C8                    | MOV ECX,EAX                             |
0057E02D | 8B 46 24                 | MOV EAX,DWORD PTR DS:[ESI+24]           |
0057E030 | 33 FF                    | XOR EDI,EDI                             |
0057E032 | 03 C8                    | ADD ECX,EAX                             |
0057E034 | 13 D7                    | ADC EDX,EDI                             |
0057E036 | 89 56 24                 | MOV DWORD PTR DS:[ESI+24],EDX           |
0057E039 | B8 1F 85 EB 51           | MOV EAX,51EB851F                        |
0057E03E | F7 E1                    | MUL ECX                                 |
0057E040 | C1 EA 05                 | SHR EDX,5                               |
0057E043 | 6B D2 64                 | IMUL EDX,EDX,64                         |
0057E046 | 89 4E 20                 | MOV DWORD PTR DS:[ESI+20],ECX           |
0057E049 | 2B CA                    | SUB ECX,EDX                             |
0057E04B | 68 38 17 6E 00           | PUSH game.6E1738                        | 6E1738:"blocks"

WHAT TO DO:
Change the first conditional jump (JE) to unconditional (JMP).
0057E009 | 74 16                    | JE game.57E021                          |
0057E009 | EB 16                    | JMP game.57E021                         |
Death Tax Removal

Code: Select all

1.14d Offset: 135ABB

OLD:

00535AB0 | 55                       | PUSH EBP                                      |
00535AB1 | 8B EC                    | MOV EBP,ESP                                   |
00535AB3 | 53                       | PUSH EBX                                      |
00535AB4 | 56                       | PUSH ESI                                      |
00535AB5 | 57                       | PUSH EDI                                      |
00535AB6 | 8B 7D 08                 | MOV EDI,DWORD PTR SS:[EBP+8]                  |
00535AB9 | 8B D9                    | MOV EBX,ECX                                   |
00535ABB | 57                       | PUSH EDI                                      |
00535ABC | 8B F2                    | MOV ESI,EDX                                   |
00535ABE | 53                       | PUSH EBX                                      |
00535ABF | E8 0C FD FF FF           | CALL <game.sub_5357D0>                        |
00535AC4 | 85 FF                    | TEST EDI,EDI                                  |
00535AC6 | 74 15                    | JE game.535ADD                                |
00535AC8 | 83 3F 00                 | CMP DWORD PTR DS:[EDI],0                      |
00535ACB | 74 18                    | JE game.535AE5                                |
00535ACD | 8B CF                    | MOV ECX,EDI                                   |
00535ACF | E8 FC 95 05 00           | CALL <game.sub_58F0D0>                        |
00535AD4 | 85 C0                    | TEST EAX,EAX                                  |
00535AD6 | 74 05                    | JE game.535ADD                                |
00535AD8 | 83 38 00                 | CMP DWORD PTR DS:[EAX],0                      |
00535ADB | 74 08                    | JE game.535AE5                                |
00535ADD | 56                       | PUSH ESI                                      |
00535ADE | 8B C3                    | MOV EAX,EBX                                   |
00535AE0 | E8 0B FF FF FF           | CALL <game.sub_5359F0>                        |
00535AE5 | 5F                       | POP EDI                                       |
00535AE6 | 5E                       | POP ESI                                       |
00535AE7 | 5B                       | POP EBX                                       |
00535AE8 | 5D                       | POP EBP                                       |
00535AE9 | C2 04 00                 | RET 4                                         |

NEW:
00535AB0 | 55                       | PUSH EBP                                      |
00535AB1 | 8B EC                    | MOV EBP,ESP                                   |
00535AB3 | 53                       | PUSH EBX                                      |
00535AB4 | 56                       | PUSH ESI                                      |
00535AB5 | 57                       | PUSH EDI                                      |
00535AB6 | 8B 7D 08                 | MOV EDI,DWORD PTR SS:[EBP+8]                  |
00535AB9 | 8B D9                    | MOV EBX,ECX                                   |
00535ABB | 90                       | NOP                                           |
00535ABC | 90                       | NOP                                           |
00535ABD | 90                       | NOP                                           |
00535ABE | 90                       | NOP                                           |
00535ABF | 90                       | NOP                                           |
00535AC0 | 90                       | NOP                                           |
00535AC1 | 90                       | NOP                                           |
00535AC2 | 90                       | NOP                                           |
00535AC3 | 90                       | NOP                                           |
00535AC4 | 85 FF                    | TEST EDI,EDI                                  |
00535AC6 | 74 15                    | JE game.535ADD                                |
00535AC8 | 83 3F 00                 | CMP DWORD PTR DS:[EDI],0                      |
00535ACB | 74 18                    | JE game.535AE5                                |
00535ACD | 8B CF                    | MOV ECX,EDI                                   |
00535ACF | E8 FC 95 05 00           | CALL <game.sub_58F0D0>                        |
00535AD4 | 85 C0                    | TEST EAX,EAX                                  |
00535AD6 | 74 05                    | JE game.535ADD                                |
00535AD8 | 83 38 00                 | CMP DWORD PTR DS:[EAX],0                      |
00535ADB | 74 08                    | JE game.535AE5                                |
00535ADD | 56                       | PUSH ESI                                      |
00535ADE | 8B C3                    | MOV EAX,EBX                                   |
00535AE0 | E8 0B FF FF FF           | CALL <game.sub_5359F0>                        |
00535AE5 | 5F                       | POP EDI                                       |
00535AE6 | 5E                       | POP ESI                                       |
00535AE7 | 5B                       | POP EBX                                       |
00535AE8 | 5D                       | POP EBP                                       |
00535AE9 | C2 04 00                 | RET 4                                         |

WHAT TO DO:

NOP the following lines:

00535ABB | 57                       | PUSH EDI                                      |
00535ABC | 8B F2                    | MOV ESI,EDX                                   |
00535ABE | 53                       | PUSH EBX                                      |
00535ABF | E8 0C FD FF FF           | CALL <game.sub_5357D0>                        |
Lift Ancients Level/Experience Rollover Cap

Code: Select all

1.14d Offset: 18C64B

OLD:
0058C63A | 57                       | PUSH EDI                                |
0058C63B | 51                       | PUSH ECX                                |
0058C63C | 89 45 F0                 | MOV DWORD PTR SS:[EBP-10],EAX           |
0058C63F | E8 BC 51 08 00           | CALL <game.sub_611800>                  |
0058C644 | 8B 4D F0                 | MOV ECX,DWORD PTR SS:[EBP-10]           |
0058C647 | 2B C8                    | SUB ECX,EAX                             |
0058C649 | 3B D9                    | CMP EBX,ECX                             |
0058C64B | 7E 03                    | JLE game.58C650                         |
0058C64D | 8B D9                    | MOV EBX,ECX                             |
0058C64F | 90                       | NOP                                     |
0058C650 | 85 DB                    | TEST EBX,EBX                            |
0058C652 | 74 72                    | JE game.58C6C6                          |
0058C654 | 6A 00                    | PUSH 0                                  |
0058C656 | 6A 1E                    | PUSH 1E                                 |
0058C658 | 56                       | PUSH ESI                                |
0058C659 | E8 52 8D 09 00           | CALL <game.sub_6253B0>                  |
0058C65E | 6A 00                    | PUSH 0                                  |
0058C660 | 6A 0D                    | PUSH D                                  |
0058C662 | 8B F8                    | MOV EDI,EAX                             |
0058C664 | 56                       | PUSH ESI                                |
0058C665 | 89 7D F0                 | MOV DWORD PTR SS:[EBP-10],EDI           |
0058C668 | E8 43 8D 09 00           | CALL <game.sub_6253B0>                  |

NEW:
0058C63A | 57                       | PUSH EDI                                |
0058C63B | 51                       | PUSH ECX                                |
0058C63C | 89 45 F0                 | MOV DWORD PTR SS:[EBP-10],EAX           |
0058C63F | E8 BC 51 08 00           | CALL <game.sub_611800>                  |
0058C644 | 8B 4D F0                 | MOV ECX,DWORD PTR SS:[EBP-10]           |
0058C647 | 2B C8                    | SUB ECX,EAX                             |
0058C649 | 3B D9                    | CMP EBX,ECX                             |
0058C64B | EB 03                    | JMP game.58C650                         |
0058C64D | 8B D9                    | MOV EBX,ECX                             |
0058C64F | 90                       | NOP                                     |
0058C650 | 85 DB                    | TEST EBX,EBX                            |
0058C652 | 74 72                    | JE game.58C6C6                          |
0058C654 | 6A 00                    | PUSH 0                                  |
0058C656 | 6A 1E                    | PUSH 1E                                 |
0058C658 | 56                       | PUSH ESI                                |
0058C659 | E8 52 8D 09 00           | CALL <game.sub_6253B0>                  |
0058C65E | 6A 00                    | PUSH 0                                  |
0058C660 | 6A 0D                    | PUSH D                                  |
0058C662 | 8B F8                    | MOV EDI,EAX                             |
0058C664 | 56                       | PUSH ESI                                |
0058C665 | 89 7D F0                 | MOV DWORD PTR SS:[EBP-10],EDI           |
0058C668 | E8 43 8D 09 00           | CALL <game.sub_6253B0>                  |

WHAT TO DO:

Change JLE to JMP:
0058C64B | 7E 03                    | JLE game.58C650                         |
0058C64B | EB 03                    | JMP game.58C650                         |
Unlimited Respecs

Code: Select all

1.14d Offset: B4C2C, 17A238, 17A261

*** The following code enables the respec option when the Akara menu is generated. ***

OLD CODE:
004B4C25 | E8 E6 76 1A 00           | CALL <game.sub_65C310>                             |
004B4C2A | 85 C0                    | TEST EAX,EAX                                       |
004B4C2C | 75 67                    | JNE game.4B4C95                                    |
004B4C2E | A1 43 0D 7C 00           | MOV EAX,DWORD PTR DS:[7C0D43]                      |
004B4C33 | 6A 01                    | PUSH 1                                             |

NEW CODE:
004B4C25 | E8 E6 76 1A 00           | CALL <game.sub_65C310>                             |
004B4C2A | 85 C0                    | TEST EAX,EAX                                       |
004B4C2C | EB 31                    | JMP game.4B4C5F                                    |
004B4C2E | A1 43 0D 7C 00           | MOV EAX,DWORD PTR DS:[7C0D43]                      |
004B4C33 | 6A 01                    | PUSH 1                                             |

WHAT TO DO:
Switch the JNE to JMP game.4B4C5F



*** When the user presses ok in the respec screen, the command should execute ***

OLD CODE:
0057A231 | E8 DA 20 0E 00           | CALL <game.sub_65C310>                             |
0057A236 | 85 C0                    | TEST EAX,EAX                                       |
0057A238 | 0F 84 9D 05 00 00        | JE game.57A7DB                                     |
0057A23E | 8B D6                    | MOV EDX,ESI                                        |
0057A240 | 8B CF                    | MOV ECX,EDI                                        |

NEW CODE:
0057A231 | E8 DA 20 0E 00           | CALL <game.sub_65C310>                             |
0057A236 | 85 C0                    | TEST EAX,EAX                                       |
0057A238 | 90                       | NOP                                                |
0057A239 | 90                       | NOP                                                |
0057A23A | 90                       | NOP                                                |
0057A23B | 90                       | NOP                                                |
0057A23C | 90                       | NOP                                                |
0057A23D | 90                       | NOP                                                |
0057A23E | 8B D6                    | MOV EDX,ESI                                        |
0057A240 | 8B CF                    | MOV ECX,EDI                                        |

WHAT TO DO:
NOP the JE so that we don't skip the respec execution code.



*** The following call is set in order to set the "has respec-ed" bit for this character,
and it will also disable it in the menu for the duration of this game session. ***

OLD CODE:
0057A25D | 8B D6                    | MOV EDX,ESI                                        |
0057A25F | 8B CF                    | MOV ECX,EDI                                        |
0057A261 | E8 EA 5A 01 00           | CALL <game.sub_58FD50>                             |
0057A266 | E9 70 05 00 00           | JMP game.57A7DB                                    |
0057A26B | 3D FF 01 00 00           | CMP EAX,1FF                                        |

NEW CODE:
0057A25D | 8B D6                    | MOV EDX,ESI                                        |
0057A25F | 8B CF                    | MOV ECX,EDI                                        |
0057A261 | 90                       | NOP                                                |
0057A262 | 90                       | NOP                                                |
0057A263 | 90                       | NOP                                                |
0057A264 | 90                       | NOP                                                |
0057A265 | 90                       | NOP                                                |
0057A266 | E9 70 05 00 00           | JMP game.57A7DB                                    |
0057A26B | 3D FF 01 00 00           | CMP EAX,1FF                                        |

WHAT TO DO:
NOP the CALL.
Disable connect to Battle.Net

Code: Select all

1.14d Offset: 3BF60

OLD CODE:
0043BF5E | CC                       | INT3                                    |
0043BF5F | CC                       | INT3                                    |
0043BF60 | 55                       | PUSH EBP                                |
0043BF61 | 8B EC                    | MOV EBP,ESP                             |
0043BF63 | 83 EC 18                 | SUB ESP,18                              |

NEW CODE:
0043BF5E | CC                       | INT3                                    |
0043BF5F | CC                       | INT3                                    |
0043BF60 | 33 C0                    | XOR EAX,EAX                             |
0043BF62 | C3                       | RET                                     |
0043BF63 | 83 EC 18                 | SUB ESP,18                              |

WHAT TO DO:

Change PUSH EBP to XOR EAX,EAX and the following to RET.
Remove blocking quests (A party member can access another party member's town portal)

Code: Select all

1.14d Offset: 184A10

*** This allows a party member to access another party member's town portal.
    Thus blocking quests are removed and behavior is like 1.09. ***

OLD CODE:
00584A0B | 8B 47 04                 | MOV EAX,DWORD PTR DS:[EDI+4]            | eax:sub_584870
00584A0E | 85 C0                    | TEST EAX,EAX                            | eax:sub_584870
00584A10 | 7E 36                    | JLE game.584A48                         |
00584A12 | 8B 55 F8                 | MOV EDX,DWORD PTR SS:[EBP-8]            |
00584A15 | 6A 00                    | PUSH 0                                  |

NEW CODE:
00584A0B | 8B 47 04                 | MOV EAX,DWORD PTR DS:[EDI+4]            | eax:sub_584870
00584A0E | 85 C0                    | TEST EAX,EAX                            | eax:sub_584870
00584A10 | EB 36                    | JMP game.584A48                         |
00584A12 | 8B 55 F8                 | MOV EDX,DWORD PTR SS:[EBP-8]            |
00584A15 | 6A 00                    | PUSH 0                                  |

WHAT TO DO:

Switch JLE to JMP
Last edited by FearedBliss on Sat Oct 27, 2018 6:59 pm, edited 4 times in total.

User avatar
devurandom
Forum Regular
Angel
Posts: 897
Joined: Sat Mar 07, 2015 9:07 pm
United States of America

Re: [1.14d] Offset Updates Pack

Post by devurandom » Mon Dec 18, 2017 8:13 am

FearedBliss" wrote: Disable connect to Battle.Net

Code: Select all

1.14d Offset: 3BF60

OLD CODE:
0043BF5E | CC                       | INT3                                               |
0043BF5F | CC                       | INT3                                               |
0043BF60 | 55                       | PUSH EBP                                           |
0043BF61 | 8B EC                    | MOV EBP,ESP                                        |
0043BF63 | 83 EC 18                 | SUB ESP,18                                         |

NEW CODE:
0043BF5E | CC                       | INT3                                               |
0043BF5F | CC                       | INT3                                               |
0043BF60 | C3                       | RET                                                |
0043BF61 | 8B EC                    | MOV EBP,ESP                                        |
0043BF63 | 83 EC 18                 | SUB ESP,18                                         |
Would recommend a change to this, as function is expected to return a value

Disable connect to Battle.Net

Code: Select all

[1.14d] Game.0x3BF60

0043BF60    55            PUSH EBP                       ; Game.0043BF60(guessed void)
0043BF61    8BEC          MOV EBP,ESP
0043BF63    83EC 18       SUB ESP,18

Change to

0043BF60    33C0          XOR EAX,EAX                    ; Game.0043BF60(guessed void)
0043BF62    C3            RETN
0043BF63    83EC 18       SUB ESP,18
Assembly Reference | 1.13d Code Edits | UVLoD | BaseMod Plugin

Fiat paper money is the most elaborate and well devised form of slavery the world has ever seen..

FearedBliss
Posts: 82
Joined: Sat Oct 16, 2010 4:29 pm
United States of America

Re: [1.14d] Offset Updates Pack

Post by FearedBliss » Thu Dec 21, 2017 4:05 pm

Thanks, I've included your improvement in my mod.

User avatar
devurandom
Forum Regular
Angel
Posts: 897
Joined: Sat Mar 07, 2015 9:07 pm
United States of America

Re: [1.14d] Offset Updates Pack

Post by devurandom » Tue Jan 16, 2018 9:08 am

You're welcome!

Cheers :)
Assembly Reference | 1.13d Code Edits | UVLoD | BaseMod Plugin

Fiat paper money is the most elaborate and well devised form of slavery the world has ever seen..

fernsehen123
Posts: 67
Joined: Tue Sep 04, 2012 4:13 am
Germany

Re: [1.14d] Offset Updates Pack

Post by fernsehen123 » Wed Apr 11, 2018 6:04 pm

edit:

nevermind. I made it work :)

thx a lot !!

fernsehen123
Posts: 67
Joined: Tue Sep 04, 2012 4:13 am
Germany

Re: [1.14d] Offset Updates Pack

Post by fernsehen123 » Fri Apr 13, 2018 7:10 am

When I open up Game.exe in XVI32, I only see adresses from 1 to 3737E7.
But I would have to change 584A0B to fulfill my needs. What's wrong for me?

spk613
Posts: 5
Joined: Fri Jun 14, 2019 2:31 pm
Korea South

Re: [1.14d] Offset Updates Pack

Post by spk613 » Mon Aug 05, 2019 11:51 am

This is so useful! thank you

hkr1987
Posts: 2
Joined: Sun Jan 20, 2013 5:05 am

Re: [1.14d] Offset Updates Pack

Post by hkr1987 » Sat Aug 24, 2019 8:51 am

FearedBliss wrote:
Tue Dec 05, 2017 5:20 am
Defaulting to /players 8 but not having the consequences:
> Monster Life stays at /players 1 [In Monster Data Structure]
> Monster Experience stays at /players 8 [In Monster Data Structure]
> Monster contains player count that will be used for attack rating/damage calculations. [In Monster Data Structure]
> Monster Attack Rating and Damage stays at /players 1 regardless of difficulty (Not needed if you use the above monster life/exp/player var modifications)
> Monster Item Drops and Chest/Rocks/Etc Drops are at /players 8 amounts
- Open Cow Level even if Cow King is Killed
- CPU Power Reduction
- Skip intro cinematics
- Hyperjoin

User avatar
karlock
Posts: 42
Joined: Mon Mar 16, 2015 1:16 pm

Re: [1.14d] Offset Updates Pack

Post by karlock » Sat Mar 20, 2021 4:11 am

Pspell Table offset

Code: Select all

Var<D2pSpellTblStrc*>{ GAME, 0x341794 };

User avatar
ChaosMarc
Dark Alliance Beta Test
Champion of the Light
Posts: 256
Joined: Fri May 28, 2004 2:00 pm
Germany

Re: [1.14d] Offset Updates Pack

Post by ChaosMarc » Fri Jul 23, 2021 11:25 am

Disable the level requirement for Ancients Quest (A5Q5):
0x58C846    C1 -> D1
Thank you @karlock

Image

Post Reply

Return to “Code Editing”