olly convert your CE script to ollydbg repair fuction that anantasia fixed

Acidburncx · 11/04/2007, 02:55

was wondering f u could do the olly convert your CE script just like what u did on sv 1.17 this is the code anantasia made hope u can help me really appriciate it :P

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(exit)
label(check1)
label(check2)
label(check3)
label(check4)
label(check5)
label(check6)

cotobo.dll+1260:
jmp newmem
nop
nop
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
//place your code here

mov ecx,[cotobo.dll+1c440]
mov ebx,lea[ecx+6b]
cmp ebx,0
je check1

mov word ptr[esp+1c],0014 // fix head = 1
mov word ptr[esp+1e],03f1
mov [esp+20],ebx
mov [esp+24],00000001
mov [esp+28],00000006
call edi
lea ecx,[esp+1c]
push 14
push ecx
mov [esp+34],eax
call sendtoserver
add esp,08

mov word ptr[esp+1c],0014
mov word ptr[esp+1e],03f1
mov [esp+20],ebx
mov [esp+24],00000000
mov [esp+28],0000000e
call edi
lea ecx,[esp+1c]
push 14
push ecx
mov [esp+34],eax
call sendtoserver
add esp,08

mov word ptr[esp+1c],0014
mov word ptr[esp+1e],03f1
mov [esp+20],ebx
mov [esp+24],00000001
mov [esp+28],00000004
call edi
lea ecx,[esp+1c]
push 14
push ecx
mov [esp+34],eax
call sendtoserver
add esp,08

check1:
mov ecx,[cotobo.dll+1c440]
mov ebx,lea[ecx+9E]
cmp ebx,0
je check2

mov word ptr[esp+1c],0014 // fix neck = 2
mov word ptr[esp+1e],03f1
mov [esp+20],ebx
mov [esp+24],00000002
mov [esp+28],00000006
call edi
lea ecx,[esp+1c]
push 14
push ecx
mov [esp+34],eax
call sendtoserver
add esp,08

mov word ptr[esp+1c],0014
mov word ptr[esp+1e],03f1
mov [esp+20],ebx
mov [esp+24],00000000
mov [esp+28],0000000e
call edi
lea ecx,[esp+1c]
push 14
push ecx
mov [esp+34],eax
call sendtoserver
add esp,08

mov word ptr[esp+1c],0014
mov word ptr[esp+1e],03f1
mov [esp+20],ebx
mov [esp+24],00000002
mov [esp+28],00000004
call edi
lea ecx,[esp+1c]
push 14
push ecx
mov [esp+34],eax
call sendtoserver
add esp,08

check2:
mov ecx,[cotobo.dll+1c440]
mov ebx,lea[ecx+d1]
cmp ebx,0
je check3

mov word ptr[esp+1c],0014 // fix armour = 3
mov word ptr[esp+1e],03f1
mov [esp+20],ebx
mov [esp+24],00000003
mov [esp+28],00000006
call edi
lea ecx,[esp+1c]
push 14
push ecx
mov [esp+34],eax
call sendtoserver
add esp,08

mov word ptr[esp+1c],0014
mov word ptr[esp+1e],03f1
mov [esp+20],ebx
mov [esp+24],00000000
mov [esp+28],0000000e
call edi
lea ecx,[esp+1c]
push 14
push ecx
mov [esp+34],eax
call sendtoserver
add esp,08

mov word ptr[esp+1c],0014
mov word ptr[esp+1e],03f1
mov [esp+20],ebx
mov [esp+24],00000003
mov [esp+28],00000004
call edi
lea ecx,[esp+1c]
push 14
push ecx
mov [esp+34],eax
call sendtoserver
add esp,08

check3:
mov ecx,[cotobo.dll+1c440]
mov ebx,lea[ecx+137]
cmp ebx,0
je check4

mov word ptr[esp+1c],0014 // fix weapon 2 or shiled = 4
mov word ptr[esp+1e],03f1
mov [esp+20],ebx
mov [esp+24],00000005
mov [esp+28],00000006
call edi
lea ecx,[esp+1c]
push 14
push ecx
mov [esp+34],eax
call sendtoserver
add esp,08

mov word ptr[esp+1c],0014
mov word ptr[esp+1e],03f1
mov [esp+20],ebx
mov [esp+24],00000000
mov [esp+28],0000000e
call edi
lea ecx,[esp+1c]
push 14
push ecx
mov [esp+34],eax
call sendtoserver
add esp,08

push ebx // save register ebx for future use

mov ecx,[cotobo.dll+1c440]
mov ebx,lea[ecx+104]

mov word ptr[esp+1c],0014 // fix weapon 1
mov word ptr[esp+1e],03f1
call setinifilea+1890
mov [esp+20],ebx
mov [esp+24],00000004
mov [esp+28],00000006
call edi
lea ecx,[esp+1c]
push 14
push ecx
mov [esp+34],eax
call sendtoserver
add esp,08

mov word ptr[esp+1c],0014
mov word ptr[esp+1e],03f1
mov [esp+20],ebx
mov [esp+24],00000000
mov [esp+28],0000000e
call edi
lea ecx,[esp+1c]
push 14
push ecx
mov [esp+34],eax
call sendtoserver
add esp,08

mov word ptr[esp+1c],0014
mov word ptr[esp+1e],03f1
mov [esp+20],ebx
mov [esp+24],00000004
mov [esp+28],00000004
call edi
lea ecx,[esp+1c]
push 14
push ecx
mov [esp+34],eax
call sendtoserver
add esp,08

pop ebx // return ebx for fix weapon 2

mov word ptr[esp+1c],0014
mov word ptr[esp+1e],03f1
mov [esp+20],ebx
mov [esp+24],00000005
mov [esp+28],00000004
call edi
lea ecx,[esp+1c]
push 14
push ecx
mov [esp+34],eax
call sendtoserver
add esp,08
jmp check5

check4:
mov ecx,[cotobo.dll+1c440]
mov ebx,lea[ecx+104]
cmp ebx,0
je check5

mov word ptr[esp+1c],0014 // fix weapon = 4
mov word ptr[esp+1e],03f1
mov [esp+20],ebx
mov [esp+24],00000004
mov [esp+28],00000006
call edi
lea ecx,[esp+1c]
push 14
push ecx
mov [esp+34],eax
call sendtoserver
add esp,08

mov word ptr[esp+1c],0014
mov word ptr[esp+1e],03f1
mov [esp+20],ebx
mov [esp+24],00000000
mov [esp+28],0000000e
call edi
lea ecx,[esp+1c]
push 14
push ecx
mov [esp+34],eax
call sendtoserver
add esp,08

mov word ptr[esp+1c],0014
mov word ptr[esp+1e],03f1
mov [esp+20],ebx
mov [esp+24],00000004
mov [esp+28],00000004
call edi
lea ecx,[esp+1c]
push 14
push ecx
mov [esp+34],eax
call sendtoserver
add esp,08

check5:
mov ecx,[cotobo.dll+1c440]
mov ebx,lea[ecx+16A]
cmp ebx,0
je check6

mov word ptr[esp+1c],0014 // fix ring = 6
mov word ptr[esp+1e],03f1
mov [esp+20],ebx
mov [esp+24],00000006
mov [esp+28],00000006
call edi
lea ecx,[esp+1c]
push 14
push ecx
mov [esp+34],eax
call sendtoserver
add esp,08

mov word ptr[esp+1c],0014
mov word ptr[esp+1e],03f1
mov [esp+20],ebx
mov [esp+24],00000000
mov [esp+28],0000000e
call edi
lea ecx,[esp+1c]
push 14
push ecx
mov [esp+34],eax
call sendtoserver
add esp,08

mov word ptr[esp+1c],0014
mov word ptr[esp+1e],03f1
mov [esp+20],ebx
mov [esp+24],00000006
mov [esp+28],00000004
call edi
lea ecx,[esp+1c]
push 14
push ecx
mov [esp+34],eax
call sendtoserver
add esp,08

check6:
mov ecx,[cotobo.dll+1c440]
mov ebx,lea[ecx+1D0]
cmp ebx,0
je exit

mov word ptr[esp+1c],0014 // fix boot = 8
mov word ptr[esp+1e],03f1
mov [esp+20],ebx
mov [esp+24],00000008
mov [esp+28],00000006
call edi
lea ecx,[esp+1c]
push 14
push ecx
mov [esp+34],eax
call sendtoserver
add esp,08

mov word ptr[esp+1c],0014
mov word ptr[esp+1e],03f1
mov [esp+20],ebx
mov [esp+24],00000000
mov [esp+28],0000000e
call edi
lea ecx,[esp+1c]
push 14
push ecx
mov [esp+34],eax
call sendtoserver
add esp,08

mov word ptr[esp+1c],0014
mov word ptr[esp+1e],03f1
mov [esp+20],ebx
mov [esp+24],00000008
mov [esp+28],00000004
call edi
lea ecx,[esp+1c]
push 14
push ecx
mov [esp+34],eax
call sendtoserver
add esp,08

exit:
jmp cotobo.dll+12c6

[DISABLE]
//code from here till the end of the code will be used to disable the cheat

cotobo.dll+1260:
mov ecx,esi
call setinifilea+1920

Acidburncx · 11/05/2007, 04:26

i hope *M* answer me so i would knw he can manage to help or nt :P

*M* · 11/05/2007, 09:24

I can do it if there is enough free bytes at the end of the DLL, possibly not from looking at it but chokoman is back now so he may build that feature in officially if he makes a new cotobo.

Anyway if you understood my last tut with sv you can apply the exact same method for this.

Acidburncx · 11/05/2007, 10:29

well not very good at it that why i ask for u help on this um f chokoman does not release a new version can u help on this :P oh didnt knw chokoman would come back

daveq · 11/05/2007, 15:45

I tried, and while I'm not exceptionally good at hex editing, I don't think there is enuf space at the end of cotobo.dll to fit the function in. Ofc, I could be going about it all wrong. With any luck, it will be integrated into cotobo if/when chocoman decides to continue the project now that he's back.