We make use of the TargetChange column in the MAGIC_TYPE9 table to reverse the hidden user.
The reason it's almost perfect is because, ultimately, the buff icon does not show for the hidden user (however, they're hidden and no other side-effects ensue). Without the second piece of the patch, the buff icon does show but the targeted user is shown using the skill (oops!). So eh, much too fiddly for my liking. Regardless, here's the almost-perfect solution.

Ebenezer patch:

1. 
   
2. 00046BC5F ^E9 6CFBFFFF JMP 0046B7D0 ; Jump to main code-cave
   
3. 
   
4. 0046B7D0 8A47 08 MOV AL,BYTE PTR DS:[EDI+8] ; Store TargetChange in AL
   
5. 0046B7D3 84C0 TEST AL,AL
   
6. 0046B7D5 75 1B JNZ SHORT 0046B7F2 ; If AL (TargetChange) is NOT zero, skip to the end (do what it normally would do)
   
7. 0046B7D7 50 PUSH EAX ; Push EAX onto the stack (so we can restore the original value)
   
8. 0046B7D8 51 PUSH ECX ; Push ECX onto the stack (likewise)
   
9. 0046B7D9 A1 24286800 MOV EAX,DWORD PTR DS:[682824] ; Store the address of the start of the user/socket array
   
10. 0046B7DE 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0C] ; Store the source ID (the one who is using beast hiding)
    
11. 0046B7E1 8B3488 MOV ESI,DWORD PTR DS:[EAX+ECX*4] ; Overwrite the user's instance with that of the source ID (so everything that would apply to the player targeted [hiding] now applies to the player who used the skill)
    
12. 0046B7E4 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10] ; Hackily swap the two IDs (they're not used for anything else besides letting everything know they were hidden)
    
13. 0046B7E7 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0C]
    
14. 0046B7EA 8945 0C MOV DWORD PTR SS:[EBP+C],EAX
    
15. 0046B7ED 894D 10 MOV DWORD PTR SS:[EBP+10],ECX
    
16. 0046B7F0 59 POP ECX ; Restore ECX
    
17. 0046B7F1 58 POP EAX ; Restore EAX
    
18. 0046B7F2 8A47 09 MOV AL,BYTE PTR DS:[EDI+9] ; Perform the original check (on StatusChange)
    
19. 0046B7F5 3C 01 CMP AL,1
    
20. 0046B7F7 E9 68040000 JMP 0046BC64 ; Back to where we were!
    
21. 
    
22. 0046BE9B ^E9 5DF9FFFF JMP 0046B7FD ; Jump to the second code-cave (before the packet is sent)
    
23. 
    
24. 0046B7FD 8A47 08 MOV AL,BYTE PTR DS:[EDI+8] ; Store TargetChange in AL
    
25. 0046B800 84C0 TEST AL,AL
    
26. 0046B802 75 0C JNZ SHORT 0046B810 ; If AL (TargetChange) is NOT zero, skip to the end (do what it normally would do)
    
27. 0046B804 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10] ; Otherwise, swap the user IDs back again (to prevent it from showing the targeted player attacking...)
    
28. 0046B807 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C]
    
29. 0046B80A 8945 0C MOV DWORD PTR SS:[EBP+C],EAX
    
30. 0046B80D 894D 10 MOV DWORD PTR SS:[EBP+10],ECX
    
31. 0046B810 68 80000000 PUSH 80 ; Perform the original code
    
32. 0046B815 E9 86060000 JMP 0046BEA0 ; Jump back to where we were!

复制代码

1. UPDATE MAGIC_TYPE9 SET TargetChange = 0 WHERE iNum IN(108680, 208680)

复制代码

We make use of the TargetChange column in the MAGIC_TYPE9 table to reverse the hidden user.
The reason it's almost perfect is because, ultimately, the buff icon does not show for the hidden user (however, they're hidden and no other side-effects ensue). Without the second piece of the patch, the buff icon does show but the targeted user is shown using the skill (oops!). So eh, much too fiddly for my liking. Regardless, here's the almost-perfect solution.

Ebenezer patch:

1. 
   
2. 00046BC5F ^E9 6CFBFFFF JMP 0046B7D0 ; Jump to main code-cave
   
3. 
   
4. 0046B7D0 8A47 08 MOV AL,BYTE PTR DS:[EDI+8] ; Store TargetChange in AL
   
5. 0046B7D3 84C0 TEST AL,AL
   
6. 0046B7D5 75 1B JNZ SHORT 0046B7F2 ; If AL (TargetChange) is NOT zero, skip to the end (do what it normally would do)
   
7. 0046B7D7 50 PUSH EAX ; Push EAX onto the stack (so we can restore the original value)
   
8. 0046B7D8 51 PUSH ECX ; Push ECX onto the stack (likewise)
   
9. 0046B7D9 A1 24286800 MOV EAX,DWORD PTR DS:[682824] ; Store the address of the start of the user/socket array
   
10. 0046B7DE 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0C] ; Store the source ID (the one who is using beast hiding)
    
11. 0046B7E1 8B3488 MOV ESI,DWORD PTR DS:[EAX+ECX*4] ; Overwrite the user's instance with that of the source ID (so everything that would apply to the player targeted [hiding] now applies to the player who used the skill)
    
12. 0046B7E4 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10] ; Hackily swap the two IDs (they're not used for anything else besides letting everything know they were hidden)
    
13. 0046B7E7 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0C]
    
14. 0046B7EA 8945 0C MOV DWORD PTR SS:[EBP+C],EAX
    
15. 0046B7ED 894D 10 MOV DWORD PTR SS:[EBP+10],ECX
    
16. 0046B7F0 59 POP ECX ; Restore ECX
    
17. 0046B7F1 58 POP EAX ; Restore EAX
    
18. 0046B7F2 8A47 09 MOV AL,BYTE PTR DS:[EDI+9] ; Perform the original check (on StatusChange)
    
19. 0046B7F5 3C 01 CMP AL,1
    
20. 0046B7F7 E9 68040000 JMP 0046BC64 ; Back to where we were!
    
21. 
    
22. 0046BE9B ^E9 5DF9FFFF JMP 0046B7FD ; Jump to the second code-cave (before the packet is sent)
    
23. 
    
24. 0046B7FD 8A47 08 MOV AL,BYTE PTR DS:[EDI+8] ; Store TargetChange in AL
    
25. 0046B800 84C0 TEST AL,AL
    
26. 0046B802 75 0C JNZ SHORT 0046B810 ; If AL (TargetChange) is NOT zero, skip to the end (do what it normally would do)
    
27. 0046B804 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10] ; Otherwise, swap the user IDs back again (to prevent it from showing the targeted player attacking...)
    
28. 0046B807 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C]
    
29. 0046B80A 8945 0C MOV DWORD PTR SS:[EBP+C],EAX
    
30. 0046B80D 894D 10 MOV DWORD PTR SS:[EBP+10],ECX
    
31. 0046B810 68 80000000 PUSH 80 ; Perform the original code
    
32. 0046B815 E9 86060000 JMP 0046BEA0 ; Jump back to where we were!

复制代码

1. UPDATE MAGIC_TYPE9 SET TargetChange = 0 WHERE iNum IN(108680, 208680)

复制代码