Results 1 to 7 of 7
  1. #1
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,221
    Thanks
    211
    Thanked 2,224 Times in 289 Posts
    Rep Power
    10

    Requiem Client modification

    Part I: Disable Requiem’s Animation

    Some comrades ask me about possibility of disabling attack animation, so here is a short guide with routines and instruction addresses for patching. All data are valid for En server, patch 378, otherwise you should try patterns for finding necessary code

    1. Attack animation
    Pattern: A1 ???????? 8945 F0 898D 28FFFFFF 8B4D 08
    0050EB30  /$  55                 PUSH EBP
    0050EB31 |. 8BEC MOV EBP,ESP
    0050EB33 |. 6A FF PUSH -1
    0050EB35 |. 68 51F78E00 PUSH 008EF751
    0050EB3A |. 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
    0050EB40 |. 50 PUSH EAX
    0050EB41 |. 64:8925 00000000 MOV DWORD PTR FS:[0],ESP
    0050EB48 |. 81EC D8000000 SUB ESP,0D8
    0050EB4E |. A1 C06C9C00 MOV EAX,DWORD PTR DS:[9C6CC0]
    0050EB53 |. 8945 F0 MOV DWORD PTR SS:[LOCAL.4],EAX
    0050EB56 |. 898D 28FFFFFF MOV DWORD PTR SS:[LOCAL.54],ECX
    0050EB5C |. 8B4D 08 MOV ECX,DWORD PTR SS:[ARG.1]
    0050EB5F |. E8 4C230800 CALL 00590EB0
    0050EB64 |. 85C0 TEST EAX,EAX

    => [NOP it] 0050EB66 |. 74 05 JE SHORT 0050EB6D

    0050EB68 |. E9 41030000 JMP 0050EEAE
    0050EB6D |> 8B45 08 MOV EAX,DWORD PTR SS:[ARG.1]
    0050EB70 |. 50 PUSH EAX
    0050EB71 |. 8D4D D4 LEA ECX,[LOCAL.11]
    0050EB74 |. 51 PUSH ECX
    ..........
    0050EBC0 |. 6A 00 PUSH 0 ; /Arg5 = 0
    0050EBC2 |. 68 0000803F PUSH 3F800000 ; |Arg4 = 3F800000
    0050EBC7 |. 6A 00 PUSH 0 ; |Arg3 = 0
    0050EBC9 |. 6A FF PUSH -1 ; |Arg2 = -1
    0050EBCB |. 68 B8699200 PUSH OFFSET 009269B8 ; |Arg1 = ASCII "attack"
    0050EBD0 |. 8B4D 08 MOV ECX,DWORD PTR SS:[ARG.1] ; |
    0050EBD3 |. E8 28850800 CALL 00597100 ; |
    0050EBD8 |. 8BC8 MOV ECX,EAX ; |
    0050EBDA |. E8 E1880600 CALL 005774C0


    2. Death animation
    Pattern: FF15 ???????? 8945 F4 8B45 F4 99B9 0A000000
    00595CFE  |.  8B8D D8FEFFFF      MOV ECX,DWORD PTR SS:[LOCAL.74]
    00595D04 |. 8B91 44040000 MOV EDX,DWORD PTR DS:[ECX+444]
    00595D0A |. 8955 CC MOV DWORD PTR SS:[LOCAL.13],EDX
    00595D0D |. 837D CC 00 CMP DWORD PTR SS:[LOCAL.13],0

    => [JMP it] 00595D11 |. 0F85 28040000 JNE 0059613F

    00595D17 |. FF15 88AB9100 CALL DWORD PTR DS:[<&MSVCR71.rand>]
    00595D1D |. 8945 F4 MOV DWORD PTR SS:[LOCAL.3],EAX
    00595D20 |. 8B45 F4 MOV EAX,DWORD PTR SS:[LOCAL.3]
    00595D23 |. 99 CDQ
    00595D24 |. B9 0A000000 MOV ECX,0A
    00595D29 |. F7F9 IDIV ECX
    00595D2B |. 8955 F4 MOV DWORD PTR SS:[LOCAL.3],EDX
    00595D2E |. C645 FB 01 MOV BYTE PTR SS:[LOCAL.2+3],1
    00595D32 |. C645 F3 00 MOV BYTE PTR SS:[LOCAL.4+3],0
    00595D36 |. 8B8D D8FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.74]
    00595D3C |. E8 FF16FFFF CALL 00587440
    00595D41 |. 8845 F3 MOV BYTE PTR SS:[LOCAL.4+3],AL
    00595D44 |. 0FB655 F3 MOVZX EDX,BYTE PTR SS:[LOCAL.4+3]
    00595D48 |. 85D2 TEST EDX,EDX
    00595D4A |. 74 3C JE SHORT 00595D88
    00595D4C |. 8B8D D8FEFFFF MOV ECX,DWORD PTR SS:[LOCAL.74]
    00595D52 |. E8 D9B1F1FF CALL 004B0F30
    00595D57 |. 8945 AC MOV DWORD PTR SS:[LOCAL.21],EAX
    00595D5A |. 8B45 AC MOV EAX,DWORD PTR SS:[LOCAL.21]
    00595D5D |. 8B48 30 MOV ECX,DWORD PTR DS:[EAX+30]
    00595D60 |. 894D A8 MOV DWORD PTR SS:[LOCAL.22],ECX
    00595D63 |. 6A 00 PUSH 0 ; /Arg5 = 0
    00595D65 |. 68 0000803F PUSH 3F800000 ; |Arg4 = 3F800000
    00595D6A |. 6A 00 PUSH 0 ; |Arg3 = 0
    00595D6C |. 6A FF PUSH -1 ; |Arg2 = -1
    00595D6E |. 68 A4869200 PUSH OFFSET 009286A4 ; |Arg1 = ASCII "die_ragdoll"
    00595D73 |. 8B4D A8 MOV ECX,DWORD PTR SS:[LOCAL.22] ; |
    00595D76 |. E8 4517FEFF CALL 005774C0


    3. Blood and damage animation
    Pattern: 8B8D ???????? FF10 ?????? ???????? 0F84 ???????? ?????? E8 ????????
    0050F2D0  |.  8B48 14                 MOV ECX,DWORD PTR DS:[EAX+14]
    0050F2D3 |. 51 PUSH ECX
    0050F2D4 |. 8B95 A8FDFFFF MOV EDX,DWORD PTR SS:[EBP-258]
    0050F2DA |. 8B02 MOV EAX,DWORD PTR DS:[EDX]
    0050F2DC |. 8B8D A8FDFFFF MOV ECX,DWORD PTR SS:[EBP-258]
    0050F2E2 |. FF10 CALL DWORD PTR DS:[EAX]
    0050F2E4 |. 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
    0050F2E7 |. 837D F0 00 CMP DWORD PTR SS:[EBP-10],0

    => [JMP it] 0050F2EB |. 0F84 1C070000 JE 0050FA0D

    0050F2F1 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
    0050F2F4 |. E8 E76E0800 CALL 005961E0
    0050F2F9 |. 0FB6C8 MOVZX ECX,AL
    0050F2FC |. 85C9 TEST ECX,ECX
    0050F2FE |. 74 05 JE SHORT 0050F305
    0050F300 |. E9 08070000 JMP 0050FA0D
    0050F305 |> 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
    0050F308 |. FF15 70C79100 CALL DWORD PTR DS:[<&[email protected]
    0050F30E |. 8338 04 CMP DWORD PTR DS:[EAX],4
    0050F311 |. 75 0C JNE SHORT 0050F31F
    0050F313 |. C785 A4FDFFFF DC699200 MOV DWORD PTR SS:[EBP-25C],OFFSET 009269 ; ASCII "npc_attack"
    0050F31D |. EB 0A JMP SHORT 0050F329
    0050F31F |> C785 A4FDFFFF E8699200 MOV DWORD PTR SS:[EBP-25C],OFFSET 009269 ; ASCII "pc_normal_attack"
    0050F329 |> 8B95 A4FDFFFF MOV EDX,DWORD PTR SS:[EBP-25C]
    0050F32F |. 52 PUSH EDX
    0050F330 |. 8D4D D0 LEA ECX,[EBP-30]
    0050F333 |. FF15 B0A99100 CALL DWORD PTR DS:[<&MSVCP71.??0?$basic_



    Part II: Miscellaneous

    1. Requiem messages
    Just find instruction PUSH 0BB8 and put break point at the beginning of the next function (in example: CALL 007A22C0). You will catch all requiem messages which appearing in during game (location name, “unable to use skills” etc)
    00407696  |.  68 B80B0000             PUSH 0BB8
    0040769B |. 8B8D 50F0FFFF MOV ECX,DWORD PTR SS:[EBP-0FB0]
    004076A1 |. 51 PUSH ECX
    004076A2 |. 8B0D C0F99C00 MOV ECX,DWORD PTR DS:[9CF9C0]
    004076A8 |. E8 13AC3900 CALL 007A22C0


    by Dwar
    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  2. The Following 5 Users Say Thank You to Dwar For This Useful Post:


  3. #2
    ADACH
    ADACH is offline
    Member-in-training ADACH's Avatar
    Join Date
    2010 May
    Posts
    170
    Thanks
    25
    Thanked 168 Times in 46 Posts
    Rep Power
    8
    Я делал немного по иному...
    .Animation blocking
    Установив хук на [email protected]@@[email protected] @[email protected] можно блокировать любые категории анимации (бег/атака/etc...)
    Псевдокод ф-и фильтра блокирующего анимацию атаки:
    Code:
    //original fn template: class Category * __thiscall AnimTemplate::GetCategory(char const *)
    DWORD animFilter(const char * category)
    {
        if(category == "attack")
            return 0;
        else
            return callOriginalFn(category);
    }
    .Requiem messages
    Сообщения requiem online можно получить установив хук на [email protected][email protected]@[email protected]

  4. #3
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,221
    Thanks
    211
    Thanked 2,224 Times in 289 Posts
    Rep Power
    10
    ADACH
    Yeah, I know it, but some people never used hooks and they don't know how to deal with such thing. So the simplest way is just jmp over procedure.

    Anyways, as already shown by Adach, every animation has it's own string identifier (e.g. "attack", "die_ragdoll" etc)

    P.S. Кстати по сообщениям. При попытке отправить клиенту сообщения, часть нормально отображается, а часть вообще не выводится
    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  5. #4
    demonbob
    demonbob is offline
    New member
    Join Date
    2010 Dec
    Posts
    24
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    If you change 0050EB33 to push a positive 1 it makes the monsters you defeat look like they morph and fly back to some alien planet, It looks really funny.

  6. #5
    wired
    wired is offline
    Guest
    Join Date
    2010 Dec
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    а по проще можно объяснить ? мне нужно убрать только анимацию

  7. #6
    HighLevel
    HighLevel is offline
    New member HighLevel's Avatar
    Join Date
    2010 Jul
    Location
    СССР
    Posts
    29
    Thanks
    23
    Thanked 7 Times in 3 Posts
    Rep Power
    0
    Quote Originally Posted by wired View Post
    а по проще можно объяснить ? мне нужно убрать только анимацию
    ты хотел сказать разжевать и в рот положить?) куда уже проще)

  8. #7
    bangason
    bangason is offline
    New member
    Join Date
    2010 Dec
    Posts
    6
    Thanks
    0
    Thanked 2 Times in 2 Posts
    Rep Power
    0
    would love to try it out but i dont know what file to open and what i need to edit such a file

Visitors found this page by searching for:

.requiem online

mov dword ptr fs

mov dword ptr ds:

MOV EAX DWORD PTR FS:[0]

mov ecx dword ptr ss [local

MOV EAX DWORD PTR SS:[ARG.1]

ss[arg.1]

mov dword ss :local

requiem online cheat modification

MOV EDX DWORD PTR SS:[arg.1]

mov dword ptr ss hack

HOW TO UNDERSTAND MOV DWORD PTR SS:[EBP-0D8]

mov dword local

mov eax dword ptr fs

MOV ECX DWORD PTR SS:[EBP-10]

related:firewall comodo

CALL DWORD PTR DS:[EDX 0D8]

modification client requiem

esp .animation

mov byte ptr ss:[local.2 3] al

pro and client modification

push dword ptr ds modification

mov dword prt ss:[00000000] eax

animation esp ebp

guide client modification

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •