Cara editing GS Perfect World Private Server menjadi incast / nocast dengan menggunakan IDA Pro 6.8.
Sebelum nya, ambil file gs yang ada di dalam folder gamed. Pastikan di PC sudah terinstall IDA Pro 6.8
Ikuti petunjuk dibawah ini, jika tidak mengerti dengan bahasa inggris, harap gunakan google translate.
=====================
I will not go into details of what, how and why, but just show you how to do it.
For a start, the full code of encoding function:
First, fill in VALUE (They are completely dependent on the version)
VALUE1
Ida pro has a wonderful structure tab (Structures), and even there is a search in it (Search-> text). We drive session_skill into it and see this, if the block is closed, press Ctrl + Numpad + on the keyboard to open it:
We need the _target_list field, we look: its offset is 44, we replace VALUE1 with 44h in our code
VALUE2
The same structure is only now the _data field, we see 24 change VALUE2 to 24h
VALUE3 and 5
Here on all you need to find the end of the function, value5 so far, we also set one, change it at the very end:
Change them to loc_80D1E47
VALUE4
All the same structure, the _next_interval field is visible 38, change VALUE4 to 38h
The function that we will need to edit:
Finds the following code snippet:
Put the mouse on loc_80D1CFE (these names also depend on the version), and click Edit-> Patch Program-> Change Bytes (hereinafter simply Change Bytes) and change 07 C7 to 34 8D. Click ok.
Next, put the mouse on line 3 in this block and click Edit-> Patch Program-> Assembly (hereinafter simply Assembly) and enter all our code in order:
When done, before the knights will be jg short and so on, click on it and go again in Change Bytes and change 32 to 13:
As you can see, we have a new block, click on the same jg short and click Assembly, change the address to the one that appeared.
If you did everything correctly, then in the asm, your function will look like this:
And when you press f5 and scroll to the end, like this:
To fix the re-cast, you need to change the function:
Immediately open the pseudo-code (F5) and see 90, to this value, the singing is reduced when you roll. We poke PCM-> Jump to Disasm directly on it, go to Assembly and change 5a to 63:
To save changes click Edit-> Patch Program-> apply patches to input file-> ok. Fill the server and test \ rejoice
If you can’t write something, maybe I’ve a bug and wrote something wrong, we’ll find a mistake together and fix it.
p.s whole example was shown on version 1.4.2
Sebelum nya, ambil file gs yang ada di dalam folder gamed. Pastikan di PC sudah terinstall IDA Pro 6.8
Ikuti petunjuk dibawah ini, jika tidak mengerti dengan bahasa inggris, harap gunakan google translate.
=====================
I will not go into details of what, how and why, but just show you how to do it.
For a start, the full code of encoding function:
Code:
lea eax, [ebp+type]
push eax
mov ebx, [ebp+this]
add ebx, VALUE1
push ebx
call _ZNK5abase6vectorI3XIDNS_10fast_allocILi4ELi128EEEE4sizeEv
pop edx
push eax
push ebx
call _ZN5abase6vectorI3XIDNS_10fast_allocILi4ELi128EEEE5beginEv
pop edx
push eax
sub ebx, VALUE2
push ebx
sub ebx, 20h
push dword ptr [ebx]
call _ZN11gactive_imp8RunSkillERN5SKILL4DataEPK3XIDiRi
add esp, 14h
and dword ptr [ebp+var_14], 0
jmp VALUE3
mov ebx, [ebp+this]
mov ecx, [ebp+first_interval]
mov eax, 51EB851Fh
imul ecx
sar edx, 4
mov eax, ecx
sar eax, 1Fh
sub edx, eax
mov [ebp+first_interval], edx
mov ecx, [ebx+VALUE4]
mov eax, 51EB851Fh
imul ecx
sar edx, 4
mov eax, ecx
sar eax, 1Fh
sub edx, eax
mov [ebx+VALUE4], edx
cmp dword ptr [ebp+first_interval], 0
jg short VALUE5
mov dword ptr [ebp+first_interval], 1
nop - 12 piecesVALUE1
Ida pro has a wonderful structure tab (Structures), and even there is a search in it (Search-> text). We drive session_skill into it and see this, if the block is closed, press Ctrl + Numpad + on the keyboard to open it:
We need the _target_list field, we look: its offset is 44, we replace VALUE1 with 44h in our code
VALUE2
The same structure is only now the _data field, we see 24 change VALUE2 to 24h
VALUE3 and 5
Here on all you need to find the end of the function, value5 so far, we also set one, change it at the very end:
Change them to loc_80D1E47
VALUE4
All the same structure, the _next_interval field is visible 38, change VALUE4 to 38h
The function that we will need to edit:
Code:
session_skill::StartSessionPut the mouse on loc_80D1CFE (these names also depend on the version), and click Edit-> Patch Program-> Change Bytes (hereinafter simply Change Bytes) and change 07 C7 to 34 8D. Click ok.
Next, put the mouse on line 3 in this block and click Edit-> Patch Program-> Assembly (hereinafter simply Assembly) and enter all our code in order:
When done, before the knights will be jg short and so on, click on it and go again in Change Bytes and change 32 to 13:
As you can see, we have a new block, click on the same jg short and click Assembly, change the address to the one that appeared.
If you did everything correctly, then in the asm, your function will look like this:
And when you press f5 and scroll to the end, like this:
To fix the re-cast, you need to change the function:
Code:
GNET::Skill::FirstRunTo save changes click Edit-> Patch Program-> apply patches to input file-> ok. Fill the server and test \ rejoice
If you can’t write something, maybe I’ve a bug and wrote something wrong, we’ll find a mistake together and fix it.
p.s whole example was shown on version 1.4.2
Last edited:
