Guide: Debug console

Page 2 of 2 1 2
12/27/2008 14:59 plixbugmenot#16
you used
Code:
MOV DWORD PTR ES:[939F70],1
but 939F70 was the memory addres for pw international 1.3.9, could have been changed since last release (release at the moment of writing this is v 1.4.0 build 2265)

so you will have to find out the addres to write the 1 to yourself.

this is the function call:

Code:
0043B7AF   |.  68 709F9300       PUSH ecDMCMul.00939F70
0043B7B4   |.  68 FC168E00       PUSH ecDMCMul.008E16FC                                     ;  UNICODE "console:%d"
0043B7B9   |.  50                PUSH EAX
0043B7BA   |.  FFD3              CALL EBX
see that PUSH ecDMCMul.00939F70 ?

and call ebx calls swscanf, and swscanf returns the value (it gets that value from console:1, since the other parameter is console:%d it writes 1) in 00939F70.

Now for your version lets take a look

it is PUSH CFclient.903E80

so to patch your client into having console, you will have to do it like this:

Code:
MOV DWORD PTR ES:[903E80],1
JMP SHORT CFclient.0043B81F
12/27/2008 17:07 ColdFire_#17
Thanks :) You're really a kind friendly helpful person ^.^
12/27/2008 22:49 plixbugmenot#18
You are welcome :)
04/05/2009 09:37 stt_blaine#19
yeah works fne but i know u can spawn some mobs with special items.but how???
any1 an idea??
04/07/2009 19:23 plixbugmenot#20
no, it is only good for showing mob id's (which is only usefull for bot developers) and some other minor stuff. You can't do anything with it that will benefit you.
04/07/2009 23:58 dedesayang#21
wew.. please.. tutor in indonesia
04/08/2009 08:51 fusioncal#22
Unless "d_godmode ON" or "d_unlimited_ammo 1" command works, most of the commands aren't useful for normal uses. :D
04/08/2009 11:47 aloa#23
work this also for the MY-EN Version?
04/08/2009 17:03 aloa#24
3 you will see this code:
Code:
0043BB70      PUSH perfectw.008F3794  ;  UNICODE "console:"
0043BB75      PUSH ESI
0043BB76      CALL EDI
0043BB78      ADD ESP,8
4 Replace that code with this
Code:
0043BB70      XOR EAX,EAX			;sets EAX to 0
0043BB72      INC EAX				;sets EAX to 1
0043BB73      MOV DWORD PTR ES:[94D450],EAX 	;puts EAX into 94D450
0043BB79      JMP SHORT perfectw.[COLOR="Red"]0043BB8F[/COLOR] 	;jumps to the end of the function
For me, the numbers are slightly different. How do I take the point which I've marked in red?
04/11/2009 16:57 plixbugmenot#25
the number in red is from where the function begins to end.

in this case it's from here:

Code:
0043B7A0    >  26:C705 709F9300 >MOV DWORD PTR ES:[939F70],1
0043B7AB    .  EB 12             JMP SHORT ecDMCMul.[COLOR="Red"]0043B7BF[/COLOR]
0043B7AD    .  74 10             JE SHORT ecDMCMul.0043B7BF
0043B7AF    .  68 709F9300       PUSH ecDMCMul.00939F70
0043B7B4    .  68 FC168E00       PUSH ecDMCMul.008E16FC                                     ;  UNICODE "console:%d"
0043B7B9    .  50                PUSH EAX
0043B7BA    .  FFD3              CALL EBX
0043B7BC    .  83C4 0C           ADD ESP,0C
[COLOR="Red"]0043B7BF[/COLOR]    >  5F                POP EDI                                                    ;  kernel32.7C817067
0043B7C0    .  5E                POP ESI                                                    ;  kernel32.7C817067
0043B7C1    .  5B                POP EBX                                                    ;  kernel32.7C817067
0043B7C2    .  C3                RETN
the address here is different too, but the idea behind it is the same :)
11/07/2010 14:31 billythebad#26
hello dono if people still watching and replying to this but.. i keep getting wrong parameter number...
01/13/2011 04:22 hottrodd#27
All the seemingly useful ones do nothing, even the ones that don't get wrong parameter number.(NOT INCLUDING GM)
Page 2 of 2 1 2