Finding offsets question(s) (1 Viewer)

[()===D====>]

What I don't understand is the 9090 / NOP thing. Can someone please give me a little bit of a clue when it comes to this?

And when do you use the jump calculator?

 

[()===D====>]

For the 9/16 patch, for no encumberence, the offset I got was 416D94, and the that worked was 416D59.

 

[()===D====>]

What does

normal0="0F 85 8D 01 00 00" 
crack0="90 90 90 90 90 90"

mean?

 

[Cade]

normal0 is the hex that comes right after the address, you put a space between bytes though. Crack0 is what you want to change those to. So for example in the line (which is part of no current offset for docrack)

:00416D18   756E   jne 00416D8

The address is 416D18 and the normal is "75 6E"

 

[()===D====>]

How does

:00416D18   756E   jne 00416D88

transfer to the normal0=XX XX XX XX numbers, and same for the crack0?

 

[Cade]

In normal0, all you have to do is put a space between every two numbers after the address.

The normal0 in

:00416D18   [highlight]756E[/highlight]   jne 00416D88

is 75 6E. All you do is put a space between every two numbers/letters.

As for the crack...

the crack is what you need to change the normal to.

90 = no op
EB = jump unconditionaly
74 = jump is values are equal
75 = jump if values are not equal

 

[()===D====>]

oh........

 

[agentno4]

Ok, not sure how in depth you want to get here, but here goes. The normal and the cracks are basically assembly code. In your example

address=xxxxxxxx
normal0="0F 85 8D 01 00 00"

immediately follows a test. The first part of this normal is the assembly command, i.e. 0F = Jump near if above. The rest of the line is how far in memory you are going to jump. Since the assmebly code for no opperation is 90,

crack0="90 90 90 90 90 90"

is going to negate the outcome of the test it just did. So that jump will never be taken, i.e. you won't be encumbered.

 

[()===D====>]

Thanks :P

The crack is what you need to change the normal to

sorry for being a dumbass, but how do you know if it needs to jump, or no op, and how often it needs to jump?

 

[agentno4]

Bah, see what happens when I go do something else in the middle of a post.

 

[agentno4]

What your crack needs to do depends on what the normal does. I suggest going through the tutorial here it works through several examples to help you get the hang of it.

 

[()===D====>]

Well, lets go with a current offset.

I found

[Follow NPC]
Offset=471577

but not the rest.

Cade came along and saved the day with

[Follow-NPC]
Description="Auto-follow NPCs"
Version="2005.09.21"
address0=471577
normal0="0F 85 8D 01 00 00"
crack0="90 90 90 90 90 90"

:P

 

[agentno4]

ahh gotcha.

 

[()===D====>]

Yeah, it follow the normal0 now, but cant pull off the crack. It looks like with the NOP, there is one 90 for every group of Normal XX digits.

 

[()===D====>]

Not bad for a first day trying I hate to say it, but I cant wait until the next patch :P

 

[Cade]

I cant wait until the next patch

traitor...

 

[()===D====>]

heh. Cant help it :P

 

[()===D====>]

Let me ask this. Does crack0 change from time to time? Can it be 74 on time, and EB the next?

 

[Cade]

Yes, it could, but it would require a hell of a lot of changes on SoE's part to make it work.

 

[()===D====>]

So basically stick with what has been done and if it doesnt work, let someone else help me figure it out. :P lol.

 

[Cade]

exactly! =p