To make the lives of cheaters more difficult (especially to decrease the likelihood of duping stackable items [without serials] - which dupe scanners cannot pick up) I decided to try to patch the only dupe I know (thanks Vision). If you know any dupe methods you'd like to see patched, PLEASE PM me them! I would love to have a go at patching them!
The dupe itself is quite easy, it requires 3 characters:
- Player A
- Player B
- Player C
I won't go into all of the dupe method, but we will need to understand where the problem lies - so here's most of it:
- Player A trades Player C
- Player C accepts
- Player A types /trade (Player C is already selected) - and the trade window will be cancelled... for Player A only!
Player C's trade window remains up, meaning the Player C thinks they're still trading. In this time, Player A can then trade Player B, and perform the rest of the dupe.
The problem I see here, as you may have noticed from me highlighting it, is that both trade windows DO NOT CLOSE!
Looking into CUser::ExchangeReq() (exchange request) I see that it isn't calling CUser::ExchangeCancel() at all! Instead, it's just sending the cancel packet to the local session - which isn't good at all as you will soon find out.
What CUser::ExchangeCancel() does, is it resets the coins being traded and then calls CUser::InitExchange() to revert the items being traded as well as resets the variable m_sExchangeUser - which stores the session ID of the player they're trading.
Once that's done, CUser::ExchangeCancel() will then, if the session ID of the other player is valid, call ExchangeCancel() for their session (so that it will repeat the above process for the other session) and then send a cancel packet to the other player.
As CUser::ExchangeReq() is only sending the packet to the local session, we're:
a. Not reverting the exchanged items list,
b. Not reverting the coins being transferred,
c. Not sending the packet to the other client!
So, what we clearly need to do is call CUser::ExchangeCancel() instead (of course, only in the instance where the user is trying to perform the dupe).
To do this, we'll need extra code - so we'll use a code-cave. The code-cave I will use starts at 004ABD60, however I will start it at 004ABD61, just to separate it from the main function a little bit. :P
Note:
ESI is a pointer to the current instance of CUser (I'll refer to it as "this" to emphasise the fact it is the current instance),
EDI is a pointer to the other player's instance of CUser (I'll refer to it as pUser, as it is referred to in the old source).
In CUser::ExchangeReq() you will need to patch over the follow lines:
(BEFORE)
Compare pUser->m_sExchangeUser to -1
- 004ABBCA |. 66:83BF 408100>CMP WORD PTR DS:[EDI+8140],0FFFF
- 004ABBD2 |. 0F85 B8000000 JNZ 004ABC90
(AFTER)
Compare this->m_sExchangeUser to -1- 004ABBCA 66:81BE 408100>CMP WORD PTR DS:[ESI+8140],0FFFF
- 004ABBD3 E9 89010000 JMP 004ABD61
Continuing from the above, if this->m_sExchangeUser not equal to -1, that means they are trading someone already - so we'll jump to some more of our own code which will then cancel both trade windows properly with CUser::ExchangeCancel().- 004ABD61 75 14 JNZ SHORT 004ABD77
- 004ABD63 66:81BF 408100>CMP WORD PTR DS:[EDI+8140],0FFFF
- 004ABD6C ^0F85 1EFFFFFF JNZ 004ABC90
- 004ABD72 ^E9 61FEFFFF JMP 004ABBD8
- 004ABD77 8BCE MOV ECX,ESI
- 004ABD79 E8 0B79F5FF CALL 00403689
- 004ABD7E ^E9 2DFFFFFF JMP 004ABCB0
|
没看明白
進來花了我2金幣還錢················