Thread: Call of Duty: World at War v1.2 PRIVATE SERVER PATCH
View Single Post
  #13  
Old 09-02-2009, 02:40
TippeX's Avatar
TippeX TippeX is offline
zeroes and ones.....
  
Join Date: Jan 2003
Posts: 3,842
Thanks: 2
Thanked 33 Times in 23 Posts
TippeX is on a distinguished road
Code:
[original]
0049A0F6 . E8 65F51200 CALL CoDWaWmp.005C9660
0049A0FB . 83C4 18 ADD ESP,18
0049A0FE . 85C0 TEST EAX,EAX
0049A100 . 75 2C JNE SHORT CoDWaWmp.0049A12E

[your patch]
0049A0F6 . E8 65F51200 CALL CoDWaWmp.005C9660
0049A0FB . 83C4 18 ADD ESP,18
0049A0FE . 85C0 TEST EAX,EAX
0049A100 . EB 2C JMP SHORT CoDWaWmp.0049A12E << the patch...
so, from that i could only assume that .5c9660 is the 'core' function that sets the conditional for the code you patch (eax)...

Code:
.005C9660: F30F7E442404                   movq        xmm0,[esp][4]
.005C9666: 53                             push        ebx
.005C9667: 83EC18                         sub         esp,018
.005C966A: 8BC4                           mov         eax,esp
.005C966C: 660FD600                       movq        [eax],xmm0
.005C9670: F30F7E442428                   movq        xmm0,[esp][028]
.005C9676: 660FD64008                     movq        [eax][8],xmm0
.005C967B: F30F7E442430                   movq        xmm0,[esp][030]
.005C9681: 660FD64010                     movq        [eax][010],xmm0
.005C9686: E875FFFFFF                     call       .0005C9600
.005C968B: 83C418                         add         esp,018
.005C968E: 85C0                           test        eax,eax
.005C9690: 7407                           jz         .0005C9699
.005C9692: B801000000                     mov         eax,1 ; successful return
.005C9697: 5B                             pop         ebx
.005C9698: C3                             retn ; -^-^-^-^-^-^-^-^-^-^-^
.005C9699: 8B0D7C8F470F                   mov         ecx,[00F478F7C]
.005C969F: 33C0                           xor         eax,eax
.005C96A1: 85C9                           test        ecx,ecx
.005C96A3: 7E35                           jle        .0005C96DA
.005C96A5: 8A54240E                       mov         dl,[esp][00E]
.005C96A9: 8DA42400000000                 lea         esp,[esp][0]
.005C96B0: 8A5C240C                       mov         bl,[esp][00C]
.005C96B4: 3A1C85808F470F                 cmp         bl,[eax]*4[00F478F80]
.005C96BB: 7516                           jnz        .0005C96D3
.005C96BD: 8A5C240D                       mov         bl,[esp][00D]
.005C96C1: 3A1C85818F470F                 cmp         bl,[eax]*4[00F478F81]
.005C96C8: 7509                           jnz        .0005C96D3
.005C96CA: 3A1485828F470F                 cmp         dl,[eax]*4[00F478F82]
.005C96D1: 74BF                           jz         .0005C9692
.005C96D3: 83C001                         add         eax,1
.005C96D6: 3BC1                           cmp         eax,ecx
.005C96D8: 7CD6                           jl         .0005C96B0
.005C96DA: 33C0                           xor         eax,eax ; unsuccessful result
.005C96DC: 5B                             pop         ebx
.005C96DD: C3                             retn ; -^-^-^-^-^-^-^-^-^-^-^-^-^
.005C96DE: CC                             int         3 ; << padding between procs for alignment
.005C96DF: CC                             int         3
so, .005C96DA should be the line we want to patch, the best method is probably to patch in a jmp to .005C9692...

we have from .005C96DC -> .005C96E0 to play which which is 6 bytes.. luckily we only need 5

which would be

Code:
.005C96DA: E9B3FFFFFF                    jmp        .0005C9692
and that fits nicely, due to the int 3 padding provided by the compiler

and, now that you've smacked the proc and NOT the conditionals acting on the return value from the proc, if the proc is called in a sneaky way it will always pass...

try it please, see if it works...
__________________
bleh
DO NOT PM me with questions, leave that in the forums...ESPECIALLY if i dont know you...
Reply With Quote