Page 3 of 3
Re: [TUT] Convert/Find/Update TWMS to MSEA
Posted: Tue Oct 20, 2009 1:19 am
by xcelestialx
and this is the code for nds
Code: Select all
[ENABLE]
registersymbol(FixTime)
alloc(FixTime,1024)
registersymbol(FixTimeOF)
alloc(FixTimeOF,4)
registersymbol(Fix)
alloc(Fix,1024)
registersymbol(FixSSTime)
alloc(FixSSTime,4)
registersymbol(FixSSTime10C)
alloc(FixSSTime10C,4)
label(Fix00)
label(Fix01)
//-----------------------------------------------
Fix:
push eax
mov eax,[ebx+0000010c]
cmp [FixSSTime10C],eax
pop eax
je Fix01
push eax
mov eax,[FixTimeOF]
cmp eax,[FixSSTime]
pop eax
je Fix00
push eax
mov eax,[ebx+0000010c]
mov [FixSSTime10C],eax
mov eax,[FixTimeOF]
mov [FixSSTime],eax
pop eax
Fix01:
push [ebx+000000b0]
call 006efb78
pop ecx
mov ecx,esi
sub ecx,[ebx+0000010c]
push esi
mov ecx,ebx
call 00723397
jmp 00722747
//-----------------------------------------------
Fix00:
jg 00722747
cmp dword ptr [ebx+000000c0],01
jmp 007226DF
//-----------------------------------------------
FixTime:
add [FixTimeOF],2710
mov eax,[FixTimeOF]
ret
007226D6:
jmp Fix
db 90 90 90 90
00723DB8:
call FixTime
//-----------------------------------------------
[DISABLE]
007226D6:
jg 00722747
cmp dword ptr [ebx+000000c0],01
//-----------------------------------------------
dealloc(FixTime)
unregistersymbol(FixTime)
//-----------------------------------------------
dealloc(Fix)
unregistersymbol(Fix)
dealloc(Fix)
unregistersymbol(Fix)
im trying to search for this push [ebx+000000b0], but when i found it, the one in msea has 2 extra lines in between, wat does that mean ? the 2 extra lines are
cmp ecx,eax
jle 007ebe89
btw, can we use ollydbg in msea ?
Re: [TUT] Convert/Find/Update TWMS to MSEA
Posted: Tue Oct 20, 2009 10:26 am
by iHEARTx3
Code: Select all
No Delay Summon
//TWMS CRC No Delay Summon v100 by zgenden
[ENABLE]
registersymbol(FixTime)
alloc(FixTime,1024)
registersymbol(FixTimeOF)
alloc(FixTimeOF,4)
registersymbol(Fix)
alloc(Fix,1024)
registersymbol(FixSSTime)
alloc(FixSSTime,4)
registersymbol(FixSSTime10C)
alloc(FixSSTime10C,4)
label(Fix00)
label(Fix01)
//-----------------------------------------------
Fix:
push eax
mov eax,[ebx+0000010c]
cmp [FixSSTime10C],eax
pop eax
je Fix01
push eax
mov eax,[FixTimeOF]
cmp eax,[FixSSTime]
pop eax
je Fix00
push eax
mov eax,[ebx+0000010c]
mov [FixSSTime10C],eax
mov eax,[FixTimeOF]
mov [FixSSTime],eax
pop eax
Fix01:
push [ebx+000000b0]
call 006efb78
pop ecx
mov ecx,esi
sub ecx,[ebx+0000010c]
push esi
mov ecx,ebx
call 00723397
jmp 00722747
//-----------------------------------------------
Fix00:
jg 00722747
cmp dword ptr [ebx+000000c0],01
jmp 007226DF
//-----------------------------------------------
FixTime:
add [FixTimeOF],2710
mov eax,[FixTimeOF]
ret
007226D6:
jmp Fix
db 90 90 90 90
00723DB8:
call FixTime
//-----------------------------------------------
[DISABLE]
007226D6:
jg 00722747
cmp dword ptr [ebx+000000c0],01
//-----------------------------------------------
dealloc(FixTime)
unregistersymbol(FixTime)
//-----------------------------------------------
dealloc(Fix)
unregistersymbol(Fix)
dealloc(Fix)
unregistersymbol(Fix)No Delay Summon
//TWMS CRC No Delay Summon v100 by zgenden
[ENABLE]
registersymbol(FixTime)
alloc(FixTime,1024)
registersymbol(FixTimeOF)
alloc(FixTimeOF,4)
registersymbol(Fix)
alloc(Fix,1024)
registersymbol(FixSSTime)
alloc(FixSSTime,4)
registersymbol(FixSSTime10C)
alloc(FixSSTime10C,4)
label(Fix00)
label(Fix01)
//-----------------------------------------------
Fix:
push eax
mov eax,[ebx+0000010c]
cmp [FixSSTime10C],eax
pop eax
je Fix01
push eax
mov eax,[FixTimeOF]
cmp eax,[FixSSTime]
pop eax
je Fix00
push eax
mov eax,[ebx+0000010c]
mov [FixSSTime10C],eax
mov eax,[FixTimeOF]
mov [FixSSTime],eax
pop eax
Fix01:
push [ebx+000000b0]
call 006efb78
pop ecx
mov ecx,esi
sub ecx,[ebx+0000010c]
push esi
mov ecx,ebx
call 00723397
jmp 00722747
//-----------------------------------------------
Fix00:
jg 00722747
cmp dword ptr [ebx+000000c0],01
jmp 007226DF
//-----------------------------------------------
FixTime:
add [FixTimeOF],2710
mov eax,[FixTimeOF]
ret
007226D6:
jmp Fix
db 90 90 90 90
00723DB8:
call FixTime
//-----------------------------------------------
[DISABLE]
007226D6:
jg 00722747
cmp dword ptr [ebx+000000c0],01
//-----------------------------------------------
dealloc(FixTime)
unregistersymbol(FixTime)
//-----------------------------------------------
dealloc(Fix)
unregistersymbol(Fix)
dealloc(Fix)
unregistersymbol(Fix)
So This Is The TWMS Script For Maplesea v82 .
How Do I Find The Array Of Bytes?
Sorry.
I didnt understand the Array Of Bytes In Chinese.
[ Please Help ]
Re: [TUT] Convert/Find/Update TWMS to MSEA
Posted: Tue Oct 20, 2009 12:45 pm
by xiaocross
xcelestialx wrote:
im trying to search for this push [ebx+000000b0], but when i found it, the one in msea has 2 extra lines in between, wat does that mean ? the 2 extra lines are
cmp ecx,eax
jle 007ebe89
btw, can we use ollydbg in msea ?
i tried to find the address by using sub ecx,[ebx+0000010c] and got the 2 extra lines similar to yours, hope someone can help to clarify if we need to add the 2 lines into our script or we have done some wrong steps in between.
I'm not sure about ollydbg but my msea crashed when i open olly
Re: [TUT] Convert/Find/Update TWMS to MSEA
Posted: Tue Oct 20, 2009 6:16 pm
by lols
any could post twms soul dem script pls ?
thanks !
Re: [TUT] Convert/Find/Update TWMS to MSEA
Posted: Tue Oct 20, 2009 9:03 pm
by wizme
in the twms script they never put the 2 line? so just follow? lol... try man, if wrong then try without it.... always try b4 asking =).
Re: [TUT] Convert/Find/Update TWMS to MSEA
Posted: Tue Oct 20, 2009 10:14 pm
by xiaocross
wizme wrote:in the twms script they never put the 2 line? so just follow? lol... try man, if wrong then try without it.... always try b4 asking =).
I tried twice once without adding the 2 lines and the other time adding the 2 lines however both times my summon did not do any dmg. I guess I gotten wrong address but after several tries I still got back the same addresses could kind soul add my msn and guide me on which part im wrong pls?
Re: [TUT] Convert/Find/Update TWMS to MSEA
Posted: Wed Oct 21, 2009 2:21 pm
by ltitusl
If its only a 1 line coding how find?
Code: Select all
[ENABLE]
004f43ec:
je 004f43f8
[DISABLE]
004f43ec:
db eb 4e
Re: [TUT] Convert/Find/Update TWMS to MSEA
Posted: Wed Oct 21, 2009 5:07 pm
by iHEARTx3
Twms NDS Script Main One Izit This ? -
- This IS NDS TWMS Script -
Code: Select all
[ENABLE]
registersymbol(FixTime)
alloc(FixTime,1024)
registersymbol(FixTimeOF)
alloc(FixTimeOF,4)
registersymbol(Fix)
alloc(Fix,1024)
registersymbol(FixSSTime)
alloc(FixSSTime,4)
registersymbol(FixSSTime10C)
alloc(FixSSTime10C,4)
label(Fix00)
label(Fix01)
//-----------------------------------------------
Fix:
push eax
mov eax,[color=#FF0000][ebx+0000010c][/color]
cmp [FixSSTime10C],eax
pop eax
je Fix01
push eax
mov eax,[FixTimeOF]
cmp eax,[FixSSTime]
pop eax
je Fix00
push eax
mov eax,[ebx+0000010c]
mov [FixSSTime10C],eax
mov eax,[FixTimeOF]
mov [FixSSTime],eax
pop eax
Fix01:
push [ebx+000000b0]
call 006efb78
pop ecx
mov ecx,esi
sub ecx,[ebx+0000010c]
push esi
mov ecx,ebx
call 00723397
jmp 00722747
//-----------------------------------------------
Fix00:
jg 00722747
cmp dword ptr [ebx+000000c0],01
jmp 007226DF
//-----------------------------------------------
FixTime:
add [FixTimeOF],2710
mov eax,[FixTimeOF]
ret
007226D6:
jmp Fix
db 90 90 90 90
00723DB8:
call FixTime
//-----------------------------------------------
[DISABLE]
007226D6:
jg 00722747
cmp dword ptr [ebx+000000c0],01
//-----------------------------------------------
dealloc(FixTime)
unregistersymbol(FixTime)
//-----------------------------------------------
dealloc(Fix)
unregistersymbol(Fix)
dealloc(Fix)
unregistersymbol(Fix)
The One I Highlighted Red , izit the Main ?
I Search - > Assembly Code But Keep On Not Responding !
Wizme help me please .
Re: [TUT] Convert/Find/Update TWMS to MSEA
Posted: Tue Dec 08, 2009 10:55 am
by iSean
The Fastest way is Updating by AoB. I will fail due Updating Because It only works for a few time for me