NoxPatch- Enable SciprtCode 'CreateMover'

Everything related to modding, mapping and software or hacks

NoxPatch- Enable SciprtCode 'CreateMover'

Postby panic » Fri Sep 01, 2017 9:34 am

now, you can use 'CreateMover' function of builtins functions

int CreateMover(int unit_id, int waypoint_num, float speed);
//returns ID_of_New_mover

Example:

Code: Select all
void Function()
{
    int ankh = CreateObject("Ankh", Waypoint("MovingAnkhPut"));
    CreateMover(ankh, Waypoint("GoAnkh"), 10.0);
}


download link: http://cfile232.uf.daum.net/attach/9978 ... 0B5428B54B

asm Opcode:

Code: Select all
GAME_patched.EXE+1130E0 - push esi
GAME_patched.EXE+1130E1 - push GAME_patched.EXE+1C34E8 { ["Mover"] }
GAME_patched.EXE+1130E6 - call GAME_patched.EXE+E3810
GAME_patched.EXE+1130EB - mov esi,eax
GAME_patched.EXE+1130ED - add esp,04 { 4 }
GAME_patched.EXE+1130F0 - test esi,esi
GAME_patched.EXE+1130F2 - jne GAME_patched.EXE+1130FD
GAME_patched.EXE+1130F4 - mov eax,[esp+0C]
GAME_patched.EXE+1130F8 - mov [eax+08],esi
GAME_patched.EXE+1130FB - pop esi
GAME_patched.EXE+1130FC - ret
GAME_patched.EXE+1130FD - push edi
GAME_patched.EXE+1130FE - mov edi,[esp+0C]
GAME_patched.EXE+113102 - push 00 { 0 }
GAME_patched.EXE+113104 - mov ecx,[edi+3C]
GAME_patched.EXE+113107 - mov edx,[edi+38]
GAME_patched.EXE+11310A - push ecx
GAME_patched.EXE+11310B - push edx
GAME_patched.EXE+11310C - push 00 { 0 }
GAME_patched.EXE+11310E - push esi
GAME_patched.EXE+11310F - call GAME_patched.EXE+DAA50
GAME_patched.EXE+113114 - mov eax,[esi+000002EC]
GAME_patched.EXE+11311A - push esi
GAME_patched.EXE+11311B - mov [eax+1C],edi
GAME_patched.EXE+11311E - mov edx,[edi+24]
GAME_patched.EXE+113121 - mov [edi+28],edx
GAME_patched.EXE+113124 - mov [eax+20],edx
GAME_patched.EXE+113127 - mov edi,[esp+28]
GAME_patched.EXE+11312B - mov ecx,[edi+04]
GAME_patched.EXE+11312E - mov [eax+08],ecx
GAME_patched.EXE+113131 - mov edx,[edi]
GAME_patched.EXE+113133 - mov [eax+04],edx
GAME_patched.EXE+113136 - mov byte ptr [eax],00 { 0 }
GAME_patched.EXE+113139 - mov [esi+50],00000000 { 0 }
GAME_patched.EXE+113140 - mov [esi+54],00000000 { 0 }
GAME_patched.EXE+113147 - call GAME_patched.EXE+E75B0
GAME_patched.EXE+11314C - push esi
GAME_patched.EXE+11314D - call GAME_patched.EXE+DA8D0
GAME_patched.EXE+113152 - mov eax,[esi+2C]
GAME_patched.EXE+113155 - add esp,1C { 28 }
GAME_patched.EXE+113158 - mov [edi+08],eax
GAME_patched.EXE+11315B - pop edi
GAME_patched.EXE+11315C - pop esi
GAME_patched.EXE+11315D - ret



Thank you!
Last edited by panic on Fri Sep 01, 2017 10:59 am, edited 1 time in total.
panic
Adept
Posts: 263
Joined: Thu Nov 12, 2015 3:47 pm

Re: NoxPatch- Enable SciprtCode 'CreateMover'

Postby panic » Fri Sep 01, 2017 9:38 am

Patch Result.
Attachments
1709011637.jpg
Result
1709011637.jpg (199.78 KiB) Viewed 663 times
panic
Adept
Posts: 263
Joined: Thu Nov 12, 2015 3:47 pm

Re: NoxPatch- Enable SciprtCode 'CreateMover'

Postby panic » Mon Sep 04, 2017 3:57 am

NoxPatch2
finally, you can use array overflow on stable. this patch was include 'CreateMover' patch

Download Patch: http://cfile234.uf.daum.net/attach/994B ... B0FC2A6D15

Gvar0 = -2 (0xfffffffe)
Gvar1 = -1 (0xffffffff)
Gvar2 = 1 (true)
Gvar3 = 0 (false)
Gvar4[2] << Global_variable_section_Address

Example Usage Code:

Code: Select all
int ARRAY[2];

void MapInitialize()
{
   FrameTimerWithArg(200, TestFunction);
}

void TestFunction()
{
   Print(IntToString(GetMemory(0x75ae28 + 4)));
}

int GetMemory(int addr)
{
   int base;

   if (!base)
      base = (ARRAY[0] + 16 - 0x400000) / 4;
   return ARRAY[(addr - 0x400000) / 4 - base];
}


Patch Target Function Address: 00507290

Patch Opcode
Code: Select all
GAME_patched.EXE+107290 - mov al,[GAME_patched.EXE+35AE48] { [00000000] }
GAME_patched.EXE+107295 - mov [GAME_patched.EXE+5795DC],00000000 { [00000000] }
GAME_patched.EXE+10729F - mov [GAME_patched.EXE+5795E0],al { [00000000] }
GAME_patched.EXE+1072A4 - mov eax,[GAME_patched.EXE+35AE28] { [00000000] }
GAME_patched.EXE+1072A9 - test eax,eax
GAME_patched.EXE+1072AB - mov [GAME_patched.EXE+5795D8],00000000 { [00000000] }
GAME_patched.EXE+1072B5 - je GAME_patched.EXE+1072ED
GAME_patched.EXE+1072B7 - mov ecx,[eax+4C]
GAME_patched.EXE+1072BA - mov [ecx],FFFFFFFE { -2 }
GAME_patched.EXE+1072C0 - mov [ecx+04],FFFFFFFF { -1 }
GAME_patched.EXE+1072C7 - mov [ecx+08],00000001 { 1 }
GAME_patched.EXE+1072CE - mov [ecx+0C],00000000 { 0 }
GAME_patched.EXE+1072D5 - mov [ecx+10],ecx
GAME_patched.EXE+1072D8 - call GAME_patched.EXE+DB240
GAME_patched.EXE+1072DD - test eax,eax
GAME_patched.EXE+1072DF - jne GAME_patched.EXE+1072ED
GAME_patched.EXE+1072E1 - push eax
GAME_patched.EXE+1072E2 - push eax
GAME_patched.EXE+1072E3 - push 01 { 1 }
GAME_patched.EXE+1072E5 - call GAME_patched.EXE+107310
GAME_patched.EXE+1072EA - add esp,0C { 12 }
GAME_patched.EXE+1072ED - ret


Thank you
panic
Adept
Posts: 263
Joined: Thu Nov 12, 2015 3:47 pm

Re: NoxPatch- Enable SciprtCode 'CreateMover'

Postby panic » Fri Sep 15, 2017 1:55 pm

oops.. Sorry. There was one bug in the previous patch.

The 5th global variable was incorrect when loading a saved game from a single-player game

Global Variables Table
base+0x0 = 0xfffffffe (Gvar0)
base+0x4 = 0xffffffff (Gvar1)
base+0x8 = 0x1 (true)
base+0xc = 0x0 (false)
base+0x10 = global_variable_memory_address (but, There was a bug here.)

I fixed it.
so You can not reliably use memory overflows.
Instead, the function 'Unknownb8' can read the memory.

int Unknownb8(int addr); //This function argument is the target memory address.
This function will return the value of the address.

Also, This version can directly set the value of the memory address.
memory change function is 'Unused58'

void Unused58(int addr, int set_value);

ReadMemoryAddress 'Unknownb8'
opcode:
Code: Select all
GAME_patched.EXE+116790 - call GAME_patched.EXE+107250
GAME_patched.EXE+116795 - push eax
GAME_patched.EXE+116796 - push [eax]
GAME_patched.EXE+116798 - call GAME_patched.EXE+107230
GAME_patched.EXE+11679D - xor eax,eax
GAME_patched.EXE+11679F - add esp,08 { 8 }
GAME_patched.EXE+1167A2 - ret


WriteMemoryAddress 'Unused58'
opcode:
Code: Select all
GAME_patched.EXE+113F10 - call GAME_patched.EXE+107250
GAME_patched.EXE+113F15 - mov edi,eax
GAME_patched.EXE+113F17 - call GAME_patched.EXE+107250
GAME_patched.EXE+113F1C - mov [eax],edi
GAME_patched.EXE+113F1E - ret


Originally, I tried to exclude the memory change feature as a security risk.
Attachments
SetMemory_fix.zip
Support for bug fixes and memory changes
(1.79 MiB) Downloaded 24 times
panic
Adept
Posts: 263
Joined: Thu Nov 12, 2015 3:47 pm


Return to Modding & Mapping

Who is online

Users browsing this forum: No registered users and 2 guests

cron