[1.298][Release] Disable experience loss in Ardream AND Bifrost!
Basically, CUser::Attack already has a check for disabling experience loss in a zone (dynamic), however it's not very useful in the case of multiple open zones. So, we'll need to add our own.In CUser::Attack we'll find the call to CUser::ExpChange at 00496956.
CODE00496956 E8 CBB7F6FF CALL 00402126Since the call is 5 bytes long, we'll replace it with a jump to our code-cave (which will also be 5 bytes, as it will be a far jump), which I've got at 00499233:
CODE00496956 E9 D8280000 JMP 00499233Upon going to the code-cave, we'll need to make sure that we can access the pointer that was used before to get to the current zone. We're just doing this again as a precaution, as there is one case where eax is re-used (so it wouldn't point to the data we want it to anymore).
CODE00499233 8B87 98800000MOV EAX,DWORD PTR DS:To save bytes, we'll conveniently store the zone ID in CL.
CODE00499239 8A48 3C MOV CL,BYTE PTR DS:Now we can go through our zone blacklist, starting with Ardream!
Compare the zone ID to 0CA (202 - Ardream).
CODE0049923C 80F9 CA CMP CL,0CAIf the zone is Ardream, we'll jump to our "don't take experience" case, down below.
CODE0049923F 74 0C JE SHORT 0049924DNow we compare the zone ID to 1F (31 - Bifrost).
CODE00499241 80F9 1F CMP CL,1FIf the zone is Bifrost, we'll jump to our "don't take experience" case, down below.
CODE00499244 74 07 JE SHORT 0049924DSince the zone is none of the above, we'll call CUser::ExpChange() to do all the experience stuff!
CODE00499246 E8 DB8EF6FF CALL 00402126Jump back to the code in CUser::Attack() (this jumps down to the actual jump at the end of the "don't take experience" case below to save bytes).
CODE0049924B EB 03 JMP SHORT 00499250This is our "don't take experience" case. This line cleans up the stack (3 DWORDs are passed into CUser::ExpChange(), they were pushed onto the stack but we aren't going to call CUser::Attack(), so we'll take them back off the stack!).
CODE0049924D 83C4 0C ADD ESP,0CJump back to CUser::Attack().
CODE00499250 ^E9 06D7FFFF JMP 0049695BCode recap
Jump to code-cave from CUser::Attack():
CODE00496956 E9 D8280000 JMP 00499233Our code-cave:
CODE00499233 8B87 98800000MOV EAX,DWORD PTR DS:
00499239 8A48 3C MOV CL,BYTE PTR DS:
0049923C 80F9 CA CMP CL,0CA
0049923F 74 0C JE SHORT Ebenezer.0049924D
00499241 80F9 1F CMP CL,1F
00499244 74 07 JE SHORT Ebenezer.0049924D
00499246 E8 DB8EF6FF CALL Ebenezer.00402126
0049924B EB 03 JMP SHORT Ebenezer.00499250
0049924D 83C4 0C ADD ESP,0C
00499250 ^E9 06D7FFFF JMP Ebenezer.0049695BHave fun!
页:
[1]