Adding maps into Engine.dll

[someone]

This is not Done, when it will be done, I will make it to load the Map files from a file. The code is from 1279 client.

I posted this here since its not a finished guide.

 

Creates instances of ZoneInfo

CPU Disasm
Address Hex dump Command Comments
100AF900 . 68 04040000 PUSH 404 ;20 * nr_maps + 4 ; memory to alocate
100AF905 C706 20000000 MOV DWORD PTR DS:[ESI],20 ;nr of maps
100AF90B . E8 A8AE3A00 CALL ; Jump to msvcrt.operator new

 

This code initializes the instances usually null values

CPU Disasm
Address Hex dump Command Comments
100AF921 . 68 20420B10 PUSH Engine.100B4220 ; /Arg5 = Engine.100B4220, Entry point
100AF926 . 68 A0410B10 PUSH Engine.100B41A0 ; |Arg4 = Engine.100B41A0, Entry point
100AF92B . 6A 20 PUSH 20 ; |Arg3 = 20 ;change into the number of maps you have
100AF92D . 8D78 04 LEA EDI,[EAX+4] ; |
100AF930 . 6A 20 PUSH 20 ; |Arg2 = 20 ;remains 20
100AF932 . 57 PUSH EDI ; |Arg1
100AF933 . C700 20000000 MOV DWORD PTR DS:[EAX],20 ; |;change into the number of maps you have
100AF939 . E8 80AE3A00 CALL Engine.1045A7BE ; \Engine.1045A7BE

 

I saw a pattern here(like EDX,EAX,ECX, EAX+3CC is calculated into eax+X, where X is 20*n + C, and n is a counter from 0 to number of maps.

CPU Disasm
Address Hex dump Command Comments
100AFA55 . 89B8 CC030000 MOV DWORD PTR DS:[EAX+3CC],EDI ;EAX+3CC is calculated into eax + X
100AFA5B . 8B4E 04 MOV ECX,DWORD PTR DS:[ESI+4]

100AFA55 . 89B8 CC030000 MOV DWORD PTR DS:[EAX+3EC],EDI
100AFA5B . 8B4E 04 MOV EdX,DWORD PTR DS:[ESI+4]

;THE METHOD EDX,EAX,ECX

;if something is like this

;100AFA5B . 8B4E 04 MOV ECX,DWORD PTR DS:[ESI+4]

;the nextone will be like this

;100AFA5B . 8B4E 04 MOV EDX,DWORD PTR DS:[ESI+4]

 

This will save the first map so the only thing, where to store the info, the code is ECX+3EC, which is ECX+X, where X is 20*n + C, where n is a value from number of maps+1 till 2*number of maps.

CPU Disasm
Address Hex dump Command Comments
100AFA61 . 68 B00F5C10 PUSH OFFSET Engine.105C0FB0 ; Arg1 = ASCII "data\world\StartZone\StartZone.wld"
100AFA66 . 895D FC MOV DWORD PTR SS:[EBP-4],EBX
100AFA69 89B9 0C040000 MOV DWORD PTR DS:[ECX+40C],EDI ;change form ecx+3ec into ecx+40c
100AFA6F . E8 9CE33400 CALL Engine.StringDuplicate

 

;Jump to your code location.

CPU Disasm
Address Hex dump Command Comments
100B036F . jmp xxxxxx

You can copy paste this code for the client to read you map string.

CPU Disasm
Address Hex dump Command Comments
100AFDC3 . 68 60115C10 PUSH OFFSET Engine.105C1160 ; /Arg1 = ASCII "data\world\P_Dungeon1\P_dungeon1.wld"
100AFDC8 . E8 43E03400 CALL Engine.StringDuplicate ; \Engine.StringDuplicate
100AFDCD . 8945 EC MOV DWORD PTR SS:[EBP-14],EAX
100AFDD0 . 8B4E 04 MOV ECX,DWORD PTR DS:[ESI+4]
100AFDD3 . 81C1 94010000 ADD ECX,194
100AFDD9 . 50 PUSH EAX ; /Arg1
100AFDDA . C745 FC 0D000 MOV DWORD PTR SS:[EBP-4],0D ; |Map Number(1 startzone)
100AFDE1 . 894D F0 MOV DWORD PTR SS:[EBP-10],ECX ; |
100AFDE4 . E8 27E03400 CALL Engine.StringDuplicate ; \Engine.StringDuplicate
100AFDE9 . 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
100AFDEC . 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX
100AFDEF . 8B02 MOV EAX,DWORD PTR DS:[EDX]
100AFDF1 . 50 PUSH EAX ; /Arg1
100AFDF2 . E8 69DF3400 CALL Engine.StringFree ; \Engine.StringFree
100AFDF7 . 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
100AFDFA . 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
100AFDFD . 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
100AFE00 . 50 PUSH EAX ; /Arg1
100AFE01 . 890A MOV DWORD PTR DS:[EDX],ECX ; |
100AFE03 . 895D FC MOV DWORD PTR SS:[EBP-4],EBX ; |
100AFE06 . E8 55DF3400 CALL Engine.StringFree ; \Engine.StringFree

; dont forget to put "ADD ESP,10" after this instruction

then jump back to the code

The rest of the code till return will look something like this:

CPU Disasm
Address Hex dump Command Comments
100B04AA . 8D0CBD 040000 LEA ECX,[EDI*4+4]
100B04B1 . 51 PUSH ECX
100B04B2 . E8 01A33A00 CALL ; Jump to msvcrt.operator new
100B04B7 . 83C4 04 ADD ESP,4
100B04BA . 8945 EC MOV DWORD PTR SS:[EBP-14],EAX
100B04BD . 85C0 TEST EAX,EAX
100B04BF C745 FC 21000 MOV DWORD PTR SS:[EBP-4],21 ; max_maps+n, where n is a value from 1 to max_maps
100B04C6 . 74 20 JE SHORT Engine.100B04E8
100B04C8 . 68 A0210010 PUSH Engine.CTString::~CTString ; /Arg5 = Engine.CTString::~CTString
100B04CD . 68 F0200010 PUSH Engine.CTString::CTString ; |Arg4 = Engine.CTString::CTString
100B04D2 . 57 PUSH EDI ; |Arg3
100B04D3 . 8938 MOV DWORD PTR DS:[EAX],EDI ; |
100B04D5 . 83C0 04 ADD EAX,4 ; |
100B04D8 . 6A 04 PUSH 4 ; |Arg2 = 4
100B04DA . 50 PUSH EAX ; |Arg1
100B04DB . 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX ; |
100B04DE . E8 DBA23A00 CALL Engine.1045A7BE ; \Engine.1045A7BE
100B04E3 . 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
100B04E6 . EB 02 JMP SHORT Engine.100B04EA
100B04E8 > 33C0 XOR EAX,EAX
100B04EA > 8B56 04 MOV EDX,DWORD PTR DS:[ESI+4]
100B04ED . 8942 1C MOV DWORD PTR DS:[EDX+1C],EAX
100B04F0 . 8B46 04 MOV EAX,DWORD PTR DS:[ESI+4]
100B04F3 . 8B78 24 MOV EDI,DWORD PTR DS:[EAX+24]

I know no one will understand this, thats why I posted it.

[lol102]

Its nice, but how do we can add it ?

[damona]

tairan dont crash when i add it in enigme.dll ?

 

mfg DamonA

[Koko]

Since the client map files cant load properly, i dont think it will work.

[filix_93]

thats sound nice all you that are espert and nice worker pls try tairen *.*

[Wizatek]

U are right, i dont understand a thing when i look at it.

But nonetheless im impressed that there are people (like u) who look at it and really understand what its saying.

Furthermore i just want to say, Thanks! without people like u, blankname, falo, these lastchaos serverfiles were still useless.

Its really appreciated!