I updated my mod from 1.13d to 1.14d and I wanted to publish the new updates.
The updates here are all for 1.14d and are the following:
- Multiple D2 Windows
- Experience beyond two screens for party members
- Defaulting to /players 8 but not having the consequences:
> Monster Life stays at /players 1 [In Monster Data Structure]
> Monster Experience stays at /players 8 [In Monster Data Structure]
> Monster contains player count that will be used for attack rating/damage calculations. [In Monster Data Structure]
> Monster Attack Rating and Damage stays at /players 1 regardless of difficulty (Not needed if you use the above monster life/exp/player var modifications)
> Monster Item Drops and Chest/Rocks/Etc Drops are at /players 8 amounts
- Open Cow Level even if Cow King is Killed
- CPU Power Reduction
- Skip intro cinematics
- Hyperjoin
- Classic Shield Block
- Classic Whirlwind
- Defense doesn't drop while running
- Death Tax Removal
- Lift Ancients Level/Experience Rollover Cap
- Unlimited respecs
- Disable connect to Battle.Net
- Remove blocking quests (A party member can access another party member's town portal)
- Expanded Classic Stash
- Force High Affixes on Rare Items
- Prevent Nihlathak's Portal from closing when Waypoint/Quest complete
Hopefully this is useful to someone.
NOTE: Thanks to devurandom and GalaXyHaXz for their postings and code edits collection
which I used as a basis to find the 1.14d equivalents.
Multiple D2 Windows
Code: Select all
1.14d Base: 400000
1.14d Offset: F562A
CODE:
004F5622 |. 50 PUSH EAX ; |Class => "Diablo II"
004F5623 |. FF15 00C56C00 CALL DWORD PTR DS:[<&USER32.FindWindowA>>; \FindWindowA
004F5629 |. 85C0 TEST EAX,EAX
004F562B |. 74 45 JE SHORT Game.004F5672
004F562D |. 8D8D E0FEFFFF LEA ECX,DWORD PTR SS:[EBP-120]
004F5633 |. 68 E4C56D00 PUSH Game.006DC5E4 ; ASCII "Diablo II Critical Error"
004F5638 |. 51 PUSH ECX
WHAT TO DO:
Change from JE SHORT Game.004F5672 -> JMP SHORT Game.004F5672
Code: Select all
1.14d Base: 400000
1.14d Offset: 17E654
CODE:
0057E64F |. 0FAFC1 IMUL EAX,ECX
0057E652 |. 03D0 ADD EDX,EAX
0057E654 |. 81FA 00190000 CMP EDX,1900
0057E65A |. 77 4F JA SHORT Game.0057E6AB
0057E65C |. 8B5D FC MOV EBX,DWORD PTR SS:[EBP-4]
0057E65F |> 8B46 44 MOV EAX,DWORD PTR DS:[ESI+44]
WHAT TO DO:
NOP both of them.
0017E654 81FA 00190000 CMP EDX,1900
0017E65A 77 4F JA SHORT 0017E6AB
Code: Select all
1.14d Base: 400000
1.14d Life Code Offset: 1738F0
1.14d Experience Code Offset: 173910
1.14d Attack Rating/Damage Variable Offset: 173994
OLD MONSTER LIFE CODE:
005738F0 83F9 09 CMP ECX,9
005738F3 7D 08 JGE SHORT Game.005738FD
005738F5 8B048D 90156E00 MOV EAX,DWORD PTR DS:[ECX*4+6E1590]
005738FC C3 RETN
005738FD 8D41 FE LEA EAX,DWORD PTR DS:[ECX-2]
00573900 6BC0 32 IMUL EAX,EAX,32
00573903 C3 RETN
NEW MONSTER LIFE CODE:
005738F0 90 NOP
005738F1 90 NOP
005738F2 90 NOP
005738F3 90 NOP
005738F4 90 NOP
005738F5 B8 00000000 MOV EAX,0
005738FA 90 NOP
005738FB 90 NOP
005738FC C3 RETN
005738FD 8D41 FE LEA EAX,DWORD PTR DS:[ECX-2]
00573900 6BC0 32 IMUL EAX,EAX,32
00573903 C3 RETN
WHAT TO DO:
005738F0 83F9 09 CMP ECX,9
005738F3 7D 08 JGE SHORT Game.005738FD
NOP these two since we will tell the function to not increase the life by any %.
005738F5 8B048D 90156E00 MOV EAX,DWORD PTR DS:[ECX*4+6E1590]
Change the above to MOV EAX,0 which represents no % increase to life.
OLD MONSTER EXPERIENCE CODE:
00573910 83F9 09 CMP ECX,9
00573913 7D 08 JGE SHORT Game.0057391D
00573915 8B048D B4156E00 MOV EAX,DWORD PTR DS:[ECX*4+6E15B4]
0057391C C3 RETN
0057391D 8D8489 82000000 LEA EAX,DWORD PTR DS:[ECX+ECX*4+82]
00573924 03C0 ADD EAX,EAX
00573926 C3 RETN
NEW MONSTER EXPERIENCE CODE:
00573910 90 NOP
00573911 90 NOP
00573912 90 NOP
00573913 90 NOP
00573914 90 NOP
00573915 B8 5E010000 MOV EAX,15E
0057391A 90 NOP
0057391B 90 NOP
0057391C C3 RETN
0057391D 8D8489 82000000 LEA EAX,DWORD PTR DS:[ECX+ECX*4+82]
00573924 03C0 ADD EAX,EAX
00573926 C3 RETN
WHAT TO DO:
00573910 83F9 09 CMP ECX,9
00573913 7D 08 JGE SHORT Game.0057391D
NOP these two since we will tell the function to increase the exp by the maximum /players 8 amount (15E = 350%)
00573915 8B048D B4156E00 MOV EAX,DWORD PTR DS:[ECX*4+6E15B4]
Change this to MOV EAX,15E which represents increase the exp by 350%.
OLD CODE THAT SETS VARIABLE THAT WILL BE USED FOR MONSTER ATTACK RATING/DAMAGE CODE:
00573994 | 89 4E 10 | MOV DWORD PTR DS:[ESI+10],ECX | Save number of players with this monster (Will be used for attack rating/damage increase)
00573997 | EB 07 | JMP game.5739A0 |
00573999 | C7 46 10 01 00 00 00 | MOV DWORD PTR DS:[ESI+10],1 |
NEW CODE THAT SETS VARIABLE THAT WILL BE USED FOR MONSTER ATTACK RATING/DAMAGE CODE:
00573994 | 89 4E 10 | MOV DWORD PTR DS:[ESI+10],ECX |
00573997 | 90 | NOP |
00573998 | 90 | NOP |
00573999 | C7 46 10 01 00 00 00 | MOV DWORD PTR DS:[ESI+10],1 |
WHAT TO DO:
NOP the JMP so that the second assignment overrides the first. We will set ESI+10
to 1 which means that when the attack rating/damage calculation for this monster
is run later, it will not increase the attack rating/damage.
Code: Select all
The /players command also controls how many times the game should
loop when determining how many items to drop from a monster kill,
or from opening a chest.
1.14d Offset: 15A8F4
OLD CODE:
0055A8E9 | BF 08 00 00 00 | MOV EDI,8 |
0055A8EE | 8B 8D D8 FA FF FF | MOV ECX,DWORD PTR SS:[EBP-528] |
0055A8F4 | E8 97 AE FD FF | CALL <game.sub_535790> | # of players is placed in EAX.
0055A8F9 | 2B C7 | SUB EAX,EDI |
0055A8FB | 99 | CDQ |
NEW CODE:
0055A8E9 | BF 08 00 00 00 | MOV EDI,8 |
0055A8EE | 8B 8D D8 FA FF FF | MOV ECX,DWORD PTR SS:[EBP-528] |
0055A8F4 | B8 08 00 00 00 | MOV EAX,8 |
0055A8F9 | 2B C7 | SUB EAX,EDI |
0055A8FB | 99 | CDQ |
Change the CALL to MOV EAX,8 so that we can set the players amount to the maximum
needed for the max drops.
====
The number of players function is located at 0x535790.
1.14d Base: 400000
1.14d Offset: 135790
Monster Attack Rating and Damage stays at /players 1 regardless of difficulty
Code: Select all
1.14d Base: 400000
1.14d AR/Damage Offset: 1A4F20
Note: This patch is not necessary if you use the previous patch above regarding
the monster's hp, exp, player variable inside the monster data structure.
Because we set the player variable inside the other patch for the monster,
that data is properly passed into this function and we will get our desired
behavior. This function only has 1 reference so we are 100% sure that if
we use the monster data structure's player count variable, regardless of
player difficulty, the attack rating and damage will not be increased.
OLD FUNCTION:
005A4F20 | 80 79 6D 00 | CMP BYTE PTR DS:[ECX+6D],0 | Get and compare difficulty mode. Normal difficulty does not have
005A4F24 | 77 03 | JA game.5A4F29 | any attack rating/damage increase regardless of player count.
005A4F26 | 33 C0 | XOR EAX,EAX |
005A4F28 | C3 | RET |
005A4F29 | 83 FA 02 | CMP EDX,2 | We only apply the attack rating/damage increase if there is more than 1 player.
005A4F2C | 7C F8 | JL game.5A4F26 |
005A4F2E | 83 FA 09 | CMP EDX,9 | 9:'\t'
005A4F31 | 7D 08 | JGE game.5A4F3B |
005A4F33 | 8B 04 95 F4 21 6E 00 | MOV EAX,DWORD PTR DS:[EDX*4+6E21F4] | If player count is 8 or below, then retrieve the corresponding value from the table.
005A4F3A | C3 | RET |
005A4F3B | 8D 04 D5 F0 FF FF FF | LEA EAX,DWORD PTR DS:[EDX*8-10] | I don't think this safety default if "over players 8" is actually used anymore.
005A4F42 | C3 | RET |
Difficulty Mode: BYTE PTR DS:[ECX+6D]
0 = Normal
1 = Nightmare
2 = Hell
Calling Function:
005A4FF6 | 50 | PUSH EAX |
005A4FF7 | 6A 64 | PUSH 64 |
005A4FF9 | 57 | PUSH EDI |
005A4FFA | E8 81 04 08 00 | CALL game.625480 |
005A4FFF | 83 F8 01 | CMP EAX,1 |
005A5002 | 7D 05 | JGE game.5A5009 |
005A5004 | B8 01 00 00 00 | MOV EAX,1 |
005A5009 | 8B D0 | MOV EDX,EAX |
005A500B | 8B CB | MOV ECX,EBX |
005A500D | E8 0E FF FF FF | CALL game.5A4F20 | << Actual Call
WHAT TO DO:
We pretty much don't want any type of increases no matter what difficulty.
So we can just take the same code path as if we were in normal difficulty.
We can NOP the following two statements and call it a day:
CMP BYTE PTR DS:[ECX+6D],0
JA game.5A4F29
NEW FUNCTION:
005A4F20 | 90 | NOP |
005A4F21 | 90 | NOP |
005A4F22 | 90 | NOP |
005A4F23 | 90 | NOP |
005A4F24 | 90 | NOP |
005A4F25 | 90 | NOP |
005A4F26 | 33 C0 | XOR EAX,EAX |
005A4F28 | C3 | RET |
005A4F29 | 83 FA 02 | CMP EDX,2 | We only apply the attack rating/damage increase if there is more than 1 player
005A4F2C | 7C F8 | JL game.5A4F26 |
005A4F2E | 83 FA 09 | CMP EDX,9 | 9:'\t'
005A4F31 | 7D 08 | JGE game.5A4F3B |
005A4F33 | 8B 04 95 F4 21 6E 00 | MOV EAX,DWORD PTR DS:[EDX*4+6E21F4] | If player count is 8 or below, then retrieve the value from the table
005A4F3A | C3 | RET |
005A4F3B | 8D 04 D5 F0 FF FF FF | LEA EAX,DWORD PTR DS:[EDX*8-10] | If player count is above 8, then get a constant max from [r32*8-10]
005A4F42 | C3 | RET |
Code: Select all
1.14d Base: 400000
1.14d Offset: 194159
OLD CODE:
00594159 85C0 TEST EAX,EAX
0059415B 0F85 EA000000 JNZ Game.0059424B
00594161 56 PUSH ESI
00594162 E8 39E00800 CALL Game.006221A0
00594167 0FB64F 6D MOVZX ECX,BYTE PTR DS:[EDI+6D]
0059416B 8B4488 10 MOV EAX,DWORD PTR DS:[EAX+ECX*4+10]
0059416F 6A 0A PUSH 0A
00594171 6A 04 PUSH 4
00594173 50 PUSH EAX
00594174 E8 97810C00 CALL Game.0065C310
00594179 85C0 TEST EAX,EAX
0059417B 0F85 CA000000 JNZ Game.0059424B
00594181 3947 70 CMP DWORD PTR DS:[EDI+70],EAX
00594184 75 25 JNZ SHORT Game.005941AB
00594186 56 PUSH ESI
00594187 E8 14E00800 CALL Game.006221A0
NEW CODE:
00594159 85C0 TEST EAX,EAX
0059415B 0F85 EA000000 JNZ Game.0059424B
00594161 56 PUSH ESI
00594162 E8 39E00800 CALL Game.006221A0
00594167 0FB64F 6D MOVZX ECX,BYTE PTR DS:[EDI+6D]
0059416B 8B4488 10 MOV EAX,DWORD PTR DS:[EAX+ECX*4+10]
0059416F 6A 0A PUSH 0A
00594171 6A 04 PUSH 4
00594173 50 PUSH EAX
00594174 E8 97810C00 CALL Game.0065C310
00594179 33C0 XOR EAX,EAX
0059417B 0F85 CA000000 JNZ Game.0059424B
00594181 3947 70 CMP DWORD PTR DS:[EDI+70],EAX
00594184 75 25 JNZ SHORT Game.005941AB
00594186 56 PUSH ESI
00594187 E8 14E00800 CALL Game.006221A0
WHAT TO DO:
Change TEST EAX,EAX to XOR EAX,EAX.
00594179 85C0 TEST EAX,EAX -> 00594179 33C0 XOR EAX,EAX
Code: Select all
1.14d Base: 400000
1.14d Title Screen Offset: FA66F
1.14d Single Player Offset: 51C31
1.14d Closed Battle.Net Offset: 51C3B
1.14d Open Battle.Net & TCP/IP Offset: 51C40
Title Screen:
OLD:
004FA661 | 76 05 | JBE game.4FA668 |
004FA663 | B8 14 00 00 00 | MOV EAX,14 |
004FA668 | 83 3D 44 DC 72 00 00 | CMP DWORD PTR DS:[72DC44],0 |
004FA66F | 74 02 | JE game.4FA673 | NOP
004FA671 | 33 C0 | XOR EAX,EAX | NOP
004FA673 | 50 | PUSH EAX |
004FA674 | FF 15 58 C2 6C 00 | CALL DWORD PTR DS:[<&Sleep>] |
004FA67A | 83 3D D4 DD 72 00 00 | CMP DWORD PTR DS:[72DDD4],0 |
004FA681 | 0F 85 2F FF FF FF | JNE game.4FA5B6 |
004FA687 | 5E | POP ESI |
NEW:
004FA661 | 76 05 | JBE game.4FA668 |
004FA663 | B8 14 00 00 00 | MOV EAX,14 |
004FA668 | 83 3D 44 DC 72 00 00 | CMP DWORD PTR DS:[72DC44],0 |
004FA66F | 90 | NOP |
004FA670 | 90 | NOP |
004FA671 | 90 | NOP |
004FA672 | 90 | NOP |
004FA673 | 50 | PUSH EAX |
004FA674 | FF 15 58 C2 6C 00 | CALL DWORD PTR DS:[<&Sleep>] |
004FA67A | 83 3D D4 DD 72 00 00 | CMP DWORD PTR DS:[72DDD4],0 |
004FA681 | 0F 85 2F FF FF FF | JNE game.4FA5B6 |
004FA687 | 5E | POP ESI |
Single Player, Closed/Open Battle.Net, and TCP/IP:
OLD:
00451C2A | 83 3D E0 F7 70 00 00 | CMP DWORD PTR DS:[70F7E0],0 |
00451C31 | 75 17 | JNE game.451C4A | Single Player
00451C33 | A1 10 06 7A 00 | MOV EAX,DWORD PTR DS:[7A0610] |
00451C38 | 83 F8 06 | CMP EAX,6 |
00451C3B | 74 0D | JE game.451C4A | Closed Battle.Net
00451C3D | 83 F8 08 | CMP EAX,8 |
00451C40 | 74 08 | JE game.451C4A | Open Battle.Net & TCP/IP
00451C42 | 6A 0A | PUSH A |
00451C44 | FF 15 58 C2 6C 00 | CALL DWORD PTR DS:[<&Sleep>] |
NEW:
00451C2A | 83 3D E0 F7 70 00 00 | CMP DWORD PTR DS:[70F7E0],0 |
00451C31 | 90 | NOP | Single Player
00451C32 | 90 | NOP |
00451C33 | A1 10 06 7A 00 | MOV EAX,DWORD PTR DS:[7A0610] |
00451C38 | 83 F8 06 | CMP EAX,6 |
00451C3B | 90 | NOP | Closed Battle.Net
00451C3C | 90 | NOP |
00451C3D | 83 F8 08 | CMP EAX,8 |
00451C40 | 90 | NOP | Open Battle.Net & TCP/IP
00451C41 | 90 | NOP |
00451C42 | 6A 0A | PUSH A |
00451C44 | FF 15 58 C2 6C 00 | CALL DWORD PTR DS:[<&Sleep>] |
WHAT TO DO:
NOP the 3 commented lines.
Code: Select all
1.14d Offset: 35284
OLD:
00435279 | 0F 84 93 00 00 00 | JE game.435312 |
0043527F | E8 8C 98 FD FF | CALL game.40EB10 |
00435284 | 85 C0 | TEST EAX,EAX |
00435286 | 6A 00 | PUSH 0 |
00435288 | 75 16 | JNE game.4352A0 |
0043528A | 50 | PUSH EAX |
0043528B | 68 FC 4C 6D 00 | PUSH game.6D4CFC | 6D4CFC:"Data\\Local\\Video\\New_BLIZ640x480.bik"
NEW:
00435284 | EB 7A | JMP game.435300 |
WHAT TO DO:
Switch TEST to JMP <address>:
00435284 | 85 C0 | TEST EAX,EAX |
00435284 | EB 7A | JMP game.435300 |
Code: Select all
1.14d Offset: 781AC
OLD:
0047819D | F7 7D FC | IDIV DWORD PTR SS:[EBP-4] |
004781A0 | A3 B4 B3 7B 00 | MOV DWORD PTR DS:[7BB3B4],EAX |
004781A5 | 33 C9 | XOR ECX,ECX |
004781A7 | E8 34 E4 FD FF | CALL <game.sub_4565E0> |
004781AC | 68 FA 00 00 00 | PUSH FA |
004781B1 | FF D3 | CALL EBX | ebx:Sleep
004781B3 | 81 C6 00 01 00 00 | ADD ESI,100 |
004781B9 | 83 EF 01 | SUB EDI,1 |
004781BC | 75 CA | JNE game.478188 |
NEW:
0047819D | F7 7D FC | IDIV DWORD PTR SS:[EBP-4] |
004781A0 | A3 B4 B3 7B 00 | MOV DWORD PTR DS:[7BB3B4],EAX |
004781A5 | 33 C9 | XOR ECX,ECX |
004781A7 | E8 34 E4 FD FF | CALL <game.sub_4565E0> |
004781AC | 6A 05 | PUSH 5 |
004781AE | 90 | NOP |
004781AF | 90 | NOP |
004781B0 | 90 | NOP |
004781B1 | FF D3 | CALL EBX |
004781B3 | 81 C6 00 01 00 00 | ADD ESI,100 |
004781B9 | 83 EF 01 | SUB EDI,1 |
004781BC | 75 CA | JNE game.478188 |
WHAT TO DO:
Switch PUSH FA to PUSH 5:
004781AC | 68 FA 00 00 00 | PUSH FA |
004781AC | 6A 05 | PUSH 5 |
Code: Select all
1.14d Offset: 2227DB
OLD:
006227CF | 33 C0 | XOR EAX,EAX |
006227D1 | 0F B6 50 49 | MOVZX EDX,BYTE PTR DS:[EAX+49] |
006227D5 | 03 DA | ADD EBX,EDX | ebx:sub_44EFA0
006227D7 | 83 7D 0C 00 | CMP DWORD PTR SS:[EBP+C],0 |
006227DB | 74 31 | JE game.62280E |
006227DD | 57 | PUSH EDI |
006227DE | 6A 00 | PUSH 0 |
006227E0 | 6A 02 | PUSH 2 |
006227E2 | 56 | PUSH ESI |
006227E3 | E8 98 2C 00 00 | CALL <game.sub_625480> |
006227E8 | 6A 00 | PUSH 0 |
006227EA | 6A 0C | PUSH C |
006227EC | 56 | PUSH ESI |
006227ED | 8B F8 | MOV EDI,EAX |
006227EF | E8 8C 2C 00 00 | CALL <game.sub_625480> |
NEW:
006227CF | 33 C0 | XOR EAX,EAX |
006227D1 | 0F B6 50 49 | MOVZX EDX,BYTE PTR DS:[EAX+49] |
006227D5 | 03 DA | ADD EBX,EDX |
006227D7 | 83 7D 0C 00 | CMP DWORD PTR SS:[EBP+C],0 |
006227DB | EB 31 | JMP game.62280E |
006227DD | 57 | PUSH EDI |
006227DE | 6A 00 | PUSH 0 |
006227E0 | 6A 02 | PUSH 2 |
006227E2 | 56 | PUSH ESI |
006227E3 | E8 98 2C 00 00 | CALL <game.sub_625480> |
006227E8 | 6A 00 | PUSH 0 |
006227EA | 6A 0C | PUSH C |
006227EC | 56 | PUSH ESI |
006227ED | 8B F8 | MOV EDI,EAX |
006227EF | E8 8C 2C 00 00 | CALL <game.sub_625480> |
WHAT TO DO:
Switch JE to JMP:
006227DB | 74 31 | JE game.62280E |
006227DB | EB 31 | JMP game.62280E |
Code: Select all
1.14d Offset: 1D9361
OLD:
005D935A | 8B 55 08 | MOV EDX,DWORD PTR SS:[EBP+8] |
005D935D | 83 7A 70 00 | CMP DWORD PTR DS:[EDX+70],0 |
005D9361 | 75 0D | JNE game.5D9370 |
005D9363 | 5F | POP EDI |
005D9364 | B8 01 00 00 00 | MOV EAX,1 | eax:sub_660290+252
005D9369 | 5E | POP ESI |
005D936A | 8B E5 | MOV ESP,EBP |
005D936C | 5D | POP EBP |
005D936D | C2 08 00 | RET 8 |
NEW:
005D935A | 8B 55 08 | MOV EDX,DWORD PTR SS:[EBP+8] |
005D935D | 83 7A 70 00 | CMP DWORD PTR DS:[EDX+70],0 |
005D9361 | 90 | NOP |
005D9362 | 90 | NOP |
005D9363 | 5F | POP EDI |
005D9364 | B8 01 00 00 00 | MOV EAX,1 | eax:sub_660290+252
005D9369 | 5E | POP ESI |
005D936A | 8B E5 | MOV ESP,EBP |
005D936C | 5D | POP EBP |
005D936D | C2 08 00 | RET 8 |
WHAT TO DO:
NOP the following line:
005D9361 | 75 0D | JNE game.5D9370 |
Code: Select all
1.14d Offset: 17E009
OLD:
0057DFF8 | 85 F6 | TEST ESI,ESI |
0057DFFA | 74 25 | JE game.57E021 |
0057DFFC | 83 3E 00 | CMP DWORD PTR DS:[ESI],0 |
0057DFFF | 75 20 | JNE game.57E021 |
0057E001 | 56 | PUSH ESI |
0057E002 | E8 F9 4C 0A 00 | CALL game.622D00 | Retrieves if you were running or not (1 = running, 0 = standing)
0057E007 | 85 C0 | TEST EAX,EAX |
0057E009 | 74 16 | JE game.57E021 |
0057E00B | 83 7E 10 02 | CMP DWORD PTR DS:[ESI+10],2 |
0057E00F | 74 10 | JE game.57E021 |
0057E011 | B8 56 55 55 55 | MOV EAX,55555556 |
0057E016 | F7 EB | IMUL EBX |
0057E018 | 8B C2 | MOV EAX,EDX |
0057E01A | C1 E8 1F | SHR EAX,1F |
0057E01D | 03 C2 | ADD EAX,EDX |
0057E01F | 8B D8 | MOV EBX,EAX |
0057E021 | 8B 46 20 | MOV EAX,DWORD PTR DS:[ESI+20] |
0057E024 | B9 C5 90 C6 6A | MOV ECX,6AC690C5 |
0057E029 | F7 E1 | MUL ECX |
0057E02B | 8B C8 | MOV ECX,EAX |
0057E02D | 8B 46 24 | MOV EAX,DWORD PTR DS:[ESI+24] |
0057E030 | 33 FF | XOR EDI,EDI |
0057E032 | 03 C8 | ADD ECX,EAX |
0057E034 | 13 D7 | ADC EDX,EDI |
0057E036 | 89 56 24 | MOV DWORD PTR DS:[ESI+24],EDX |
0057E039 | B8 1F 85 EB 51 | MOV EAX,51EB851F |
0057E03E | F7 E1 | MUL ECX |
0057E040 | C1 EA 05 | SHR EDX,5 |
0057E043 | 6B D2 64 | IMUL EDX,EDX,64 |
0057E046 | 89 4E 20 | MOV DWORD PTR DS:[ESI+20],ECX |
0057E049 | 2B CA | SUB ECX,EDX |
0057E04B | 68 38 17 6E 00 | PUSH game.6E1738 | 6E1738:"blocks"
NEW:
0057DFF8 | 85 F6 | TEST ESI,ESI |
0057DFFA | 74 25 | JE game.57E021 |
0057DFFC | 83 3E 00 | CMP DWORD PTR DS:[ESI],0 |
0057DFFF | 75 20 | JNE game.57E021 |
0057E001 | 56 | PUSH ESI |
0057E002 | E8 F9 4C 0A 00 | CALL game.622D00 | Retrieves if you were running or not (1 = running, 0 = standing)
0057E007 | 85 C0 | TEST EAX,EAX |
0057E009 | EB 16 | JMP game.57E021 |
0057E00B | 83 7E 10 02 | CMP DWORD PTR DS:[ESI+10],2 |
0057E00F | 74 10 | JE game.57E021 |
0057E011 | B8 56 55 55 55 | MOV EAX,55555556 |
0057E016 | F7 EB | IMUL EBX |
0057E018 | 8B C2 | MOV EAX,EDX |
0057E01A | C1 E8 1F | SHR EAX,1F |
0057E01D | 03 C2 | ADD EAX,EDX |
0057E01F | 8B D8 | MOV EBX,EAX |
0057E021 | 8B 46 20 | MOV EAX,DWORD PTR DS:[ESI+20] |
0057E024 | B9 C5 90 C6 6A | MOV ECX,6AC690C5 |
0057E029 | F7 E1 | MUL ECX |
0057E02B | 8B C8 | MOV ECX,EAX |
0057E02D | 8B 46 24 | MOV EAX,DWORD PTR DS:[ESI+24] |
0057E030 | 33 FF | XOR EDI,EDI |
0057E032 | 03 C8 | ADD ECX,EAX |
0057E034 | 13 D7 | ADC EDX,EDI |
0057E036 | 89 56 24 | MOV DWORD PTR DS:[ESI+24],EDX |
0057E039 | B8 1F 85 EB 51 | MOV EAX,51EB851F |
0057E03E | F7 E1 | MUL ECX |
0057E040 | C1 EA 05 | SHR EDX,5 |
0057E043 | 6B D2 64 | IMUL EDX,EDX,64 |
0057E046 | 89 4E 20 | MOV DWORD PTR DS:[ESI+20],ECX |
0057E049 | 2B CA | SUB ECX,EDX |
0057E04B | 68 38 17 6E 00 | PUSH game.6E1738 | 6E1738:"blocks"
WHAT TO DO:
Change the first conditional jump (JE) to unconditional (JMP).
0057E009 | 74 16 | JE game.57E021 |
0057E009 | EB 16 | JMP game.57E021 |
Code: Select all
1.14d Offset: 135ABB
OLD:
00535AB0 | 55 | PUSH EBP |
00535AB1 | 8B EC | MOV EBP,ESP |
00535AB3 | 53 | PUSH EBX |
00535AB4 | 56 | PUSH ESI |
00535AB5 | 57 | PUSH EDI |
00535AB6 | 8B 7D 08 | MOV EDI,DWORD PTR SS:[EBP+8] |
00535AB9 | 8B D9 | MOV EBX,ECX |
00535ABB | 57 | PUSH EDI |
00535ABC | 8B F2 | MOV ESI,EDX |
00535ABE | 53 | PUSH EBX |
00535ABF | E8 0C FD FF FF | CALL <game.sub_5357D0> |
00535AC4 | 85 FF | TEST EDI,EDI |
00535AC6 | 74 15 | JE game.535ADD |
00535AC8 | 83 3F 00 | CMP DWORD PTR DS:[EDI],0 |
00535ACB | 74 18 | JE game.535AE5 |
00535ACD | 8B CF | MOV ECX,EDI |
00535ACF | E8 FC 95 05 00 | CALL <game.sub_58F0D0> |
00535AD4 | 85 C0 | TEST EAX,EAX |
00535AD6 | 74 05 | JE game.535ADD |
00535AD8 | 83 38 00 | CMP DWORD PTR DS:[EAX],0 |
00535ADB | 74 08 | JE game.535AE5 |
00535ADD | 56 | PUSH ESI |
00535ADE | 8B C3 | MOV EAX,EBX |
00535AE0 | E8 0B FF FF FF | CALL <game.sub_5359F0> |
00535AE5 | 5F | POP EDI |
00535AE6 | 5E | POP ESI |
00535AE7 | 5B | POP EBX |
00535AE8 | 5D | POP EBP |
00535AE9 | C2 04 00 | RET 4 |
NEW:
00535AB0 | 55 | PUSH EBP |
00535AB1 | 8B EC | MOV EBP,ESP |
00535AB3 | 53 | PUSH EBX |
00535AB4 | 56 | PUSH ESI |
00535AB5 | 57 | PUSH EDI |
00535AB6 | 8B 7D 08 | MOV EDI,DWORD PTR SS:[EBP+8] |
00535AB9 | 8B D9 | MOV EBX,ECX |
00535ABB | 90 | NOP |
00535ABC | 90 | NOP |
00535ABD | 90 | NOP |
00535ABE | 90 | NOP |
00535ABF | 90 | NOP |
00535AC0 | 90 | NOP |
00535AC1 | 90 | NOP |
00535AC2 | 90 | NOP |
00535AC3 | 90 | NOP |
00535AC4 | 85 FF | TEST EDI,EDI |
00535AC6 | 74 15 | JE game.535ADD |
00535AC8 | 83 3F 00 | CMP DWORD PTR DS:[EDI],0 |
00535ACB | 74 18 | JE game.535AE5 |
00535ACD | 8B CF | MOV ECX,EDI |
00535ACF | E8 FC 95 05 00 | CALL <game.sub_58F0D0> |
00535AD4 | 85 C0 | TEST EAX,EAX |
00535AD6 | 74 05 | JE game.535ADD |
00535AD8 | 83 38 00 | CMP DWORD PTR DS:[EAX],0 |
00535ADB | 74 08 | JE game.535AE5 |
00535ADD | 56 | PUSH ESI |
00535ADE | 8B C3 | MOV EAX,EBX |
00535AE0 | E8 0B FF FF FF | CALL <game.sub_5359F0> |
00535AE5 | 5F | POP EDI |
00535AE6 | 5E | POP ESI |
00535AE7 | 5B | POP EBX |
00535AE8 | 5D | POP EBP |
00535AE9 | C2 04 00 | RET 4 |
WHAT TO DO:
NOP the following lines:
00535ABB | 57 | PUSH EDI |
00535ABC | 8B F2 | MOV ESI,EDX |
00535ABE | 53 | PUSH EBX |
00535ABF | E8 0C FD FF FF | CALL <game.sub_5357D0> |
Code: Select all
1.14d Offset: 18C64B
OLD:
0058C63A | 57 | PUSH EDI |
0058C63B | 51 | PUSH ECX |
0058C63C | 89 45 F0 | MOV DWORD PTR SS:[EBP-10],EAX |
0058C63F | E8 BC 51 08 00 | CALL <game.sub_611800> |
0058C644 | 8B 4D F0 | MOV ECX,DWORD PTR SS:[EBP-10] |
0058C647 | 2B C8 | SUB ECX,EAX |
0058C649 | 3B D9 | CMP EBX,ECX |
0058C64B | 7E 03 | JLE game.58C650 |
0058C64D | 8B D9 | MOV EBX,ECX |
0058C64F | 90 | NOP |
0058C650 | 85 DB | TEST EBX,EBX |
0058C652 | 74 72 | JE game.58C6C6 |
0058C654 | 6A 00 | PUSH 0 |
0058C656 | 6A 1E | PUSH 1E |
0058C658 | 56 | PUSH ESI |
0058C659 | E8 52 8D 09 00 | CALL <game.sub_6253B0> |
0058C65E | 6A 00 | PUSH 0 |
0058C660 | 6A 0D | PUSH D |
0058C662 | 8B F8 | MOV EDI,EAX |
0058C664 | 56 | PUSH ESI |
0058C665 | 89 7D F0 | MOV DWORD PTR SS:[EBP-10],EDI |
0058C668 | E8 43 8D 09 00 | CALL <game.sub_6253B0> |
NEW:
0058C63A | 57 | PUSH EDI |
0058C63B | 51 | PUSH ECX |
0058C63C | 89 45 F0 | MOV DWORD PTR SS:[EBP-10],EAX |
0058C63F | E8 BC 51 08 00 | CALL <game.sub_611800> |
0058C644 | 8B 4D F0 | MOV ECX,DWORD PTR SS:[EBP-10] |
0058C647 | 2B C8 | SUB ECX,EAX |
0058C649 | 3B D9 | CMP EBX,ECX |
0058C64B | EB 03 | JMP game.58C650 |
0058C64D | 8B D9 | MOV EBX,ECX |
0058C64F | 90 | NOP |
0058C650 | 85 DB | TEST EBX,EBX |
0058C652 | 74 72 | JE game.58C6C6 |
0058C654 | 6A 00 | PUSH 0 |
0058C656 | 6A 1E | PUSH 1E |
0058C658 | 56 | PUSH ESI |
0058C659 | E8 52 8D 09 00 | CALL <game.sub_6253B0> |
0058C65E | 6A 00 | PUSH 0 |
0058C660 | 6A 0D | PUSH D |
0058C662 | 8B F8 | MOV EDI,EAX |
0058C664 | 56 | PUSH ESI |
0058C665 | 89 7D F0 | MOV DWORD PTR SS:[EBP-10],EDI |
0058C668 | E8 43 8D 09 00 | CALL <game.sub_6253B0> |
WHAT TO DO:
Change JLE to JMP:
0058C64B | 7E 03 | JLE game.58C650 |
0058C64B | EB 03 | JMP game.58C650 |
Code: Select all
1.14d Offset: B4C2C, 17A238, 17A261
*** The following code enables the respec option when the Akara menu is generated. ***
OLD CODE:
004B4C25 | E8 E6 76 1A 00 | CALL <game.sub_65C310> |
004B4C2A | 85 C0 | TEST EAX,EAX |
004B4C2C | 75 67 | JNE game.4B4C95 |
004B4C2E | A1 43 0D 7C 00 | MOV EAX,DWORD PTR DS:[7C0D43] |
004B4C33 | 6A 01 | PUSH 1 |
NEW CODE:
004B4C25 | E8 E6 76 1A 00 | CALL <game.sub_65C310> |
004B4C2A | 85 C0 | TEST EAX,EAX |
004B4C2C | EB 31 | JMP game.4B4C5F |
004B4C2E | A1 43 0D 7C 00 | MOV EAX,DWORD PTR DS:[7C0D43] |
004B4C33 | 6A 01 | PUSH 1 |
WHAT TO DO:
Switch the JNE to JMP game.4B4C5F
*** When the user presses ok in the respec screen, the command should execute ***
OLD CODE:
0057A231 | E8 DA 20 0E 00 | CALL <game.sub_65C310> |
0057A236 | 85 C0 | TEST EAX,EAX |
0057A238 | 0F 84 9D 05 00 00 | JE game.57A7DB |
0057A23E | 8B D6 | MOV EDX,ESI |
0057A240 | 8B CF | MOV ECX,EDI |
NEW CODE:
0057A231 | E8 DA 20 0E 00 | CALL <game.sub_65C310> |
0057A236 | 85 C0 | TEST EAX,EAX |
0057A238 | 90 | NOP |
0057A239 | 90 | NOP |
0057A23A | 90 | NOP |
0057A23B | 90 | NOP |
0057A23C | 90 | NOP |
0057A23D | 90 | NOP |
0057A23E | 8B D6 | MOV EDX,ESI |
0057A240 | 8B CF | MOV ECX,EDI |
WHAT TO DO:
NOP the JE so that we don't skip the respec execution code.
*** The following call is set in order to set the "has respec-ed" bit for this character,
and it will also disable it in the menu for the duration of this game session. ***
OLD CODE:
0057A25D | 8B D6 | MOV EDX,ESI |
0057A25F | 8B CF | MOV ECX,EDI |
0057A261 | E8 EA 5A 01 00 | CALL <game.sub_58FD50> |
0057A266 | E9 70 05 00 00 | JMP game.57A7DB |
0057A26B | 3D FF 01 00 00 | CMP EAX,1FF |
NEW CODE:
0057A25D | 8B D6 | MOV EDX,ESI |
0057A25F | 8B CF | MOV ECX,EDI |
0057A261 | 90 | NOP |
0057A262 | 90 | NOP |
0057A263 | 90 | NOP |
0057A264 | 90 | NOP |
0057A265 | 90 | NOP |
0057A266 | E9 70 05 00 00 | JMP game.57A7DB |
0057A26B | 3D FF 01 00 00 | CMP EAX,1FF |
WHAT TO DO:
NOP the CALL.
Code: Select all
1.14d Offset: 3BF60
OLD CODE:
0043BF5E | CC | INT3 |
0043BF5F | CC | INT3 |
0043BF60 | 55 | PUSH EBP |
0043BF61 | 8B EC | MOV EBP,ESP |
0043BF63 | 83 EC 18 | SUB ESP,18 |
NEW CODE:
0043BF5E | CC | INT3 |
0043BF5F | CC | INT3 |
0043BF60 | 33 C0 | XOR EAX,EAX |
0043BF62 | C3 | RET |
0043BF63 | 83 EC 18 | SUB ESP,18 |
WHAT TO DO:
Change PUSH EBP to XOR EAX,EAX and the following to RET.
Code: Select all
1.14d Offset: 184A10
*** This allows a party member to access another party member's town portal.
Thus blocking quests are removed and behavior is like 1.09. ***
OLD CODE:
00584A0B | 8B 47 04 | MOV EAX,DWORD PTR DS:[EDI+4] | eax:sub_584870
00584A0E | 85 C0 | TEST EAX,EAX | eax:sub_584870
00584A10 | 7E 36 | JLE game.584A48 |
00584A12 | 8B 55 F8 | MOV EDX,DWORD PTR SS:[EBP-8] |
00584A15 | 6A 00 | PUSH 0 |
NEW CODE:
00584A0B | 8B 47 04 | MOV EAX,DWORD PTR DS:[EDI+4] | eax:sub_584870
00584A0E | 85 C0 | TEST EAX,EAX | eax:sub_584870
00584A10 | EB 36 | JMP game.584A48 |
00584A12 | 8B 55 F8 | MOV EDX,DWORD PTR SS:[EBP-8] |
00584A15 | 6A 00 | PUSH 0 |
WHAT TO DO:
Switch JLE to JMP