1. //###############################################################
  2. //# Purpose: Change the JE/JNE after LangType comparison inside #
  3. //# CGameMode::SendMsg function for /who command #
  4. //# and inside CGameMode::Zc_User_Count #
  5. //###############################################################
  7. function EnableWhoCommand() {
  9. //Step 1a - Find LangType comparison
  10. var LANGTYPE = GetLangType();//Langtype value overrides Service settings hence they use the same variable - g_serviceType
  11. if (LANGTYPE.length === 1)
  12. return "Failed in Step 1 - " + LANGTYPE[0];
  14. var code =
  15. " A1" + LANGTYPE //MOV EAX,DWORD PTR DS:[g_serviceType]
  16. + " 83 F8 03" //CMP EAX,3
  17. + " 0F 84 AB AB 00 00" //JE addr
  18. + " 83 F8 08" //CMP EAX,8
  19. + " 0F 84 AB AB 00 00" //JE addr
  20. + " 83 F8 09" //CMP EAX,9
  21. + " 0F 84 AB AB 00 00" //JE addr
  22. + " 8D" //LEA ECX,[ESP+x]
  23. ;
  24. var offset = exe.findCode(code, PTYPE_HEX, true, "\xAB");
  26. if (offset === -1) {
  27. code = code.replace("AB 00 00 8D", "AB 00 00 B8");//Change LEA to MOV EAX
  28. offset = exe.findCode(code, PTYPE_HEX, true, "\xAB");
  29. }
  31. if (offset === -1)
  32. return "Failed in Step 1 - LangType comparison missing";
  34. //Step 1b - Replace the First JE with JMP to LEA
  35. exe.replace(offset + 5, "90 EB 18", PTYPE_HEX);
  37. //Step 2a - Find PUSH 0B2 followed by CALL MsgStr - Common pattern inside Zc_User_Count
  38. code =
  39. " 68 B2 00 00 00" //PUSH 0B2
  40. + " E8 AB AB AB AB" //CALL MsgStr
  41. + " 83 C4 04" //ADD ESP, 4
  42. ;
  44. offset = exe.findCode(code, PTYPE_HEX, true, "\xAB");
  45. if (offset === -1)
  46. return "Failed in Step 2 - MsgStr call missing";
  48. //Step 2b - Find the JNE after LangType comparison before it (closer to start of Zc_User_Count)
  49. code =
  50. " 75 AB" //JNE SHORT addr
  51. + " A1 AB AB AB 00" //MOV EAX, DWORD PTR DS:[refAddr]
  52. + " 50" //PUSH EAX
  53. + " E8 AB AB AB FF" //CALL IsGravityAid
  54. + " 83 C4 04" //ADD ESP, 4
  55. + " 84 C0" //TEST AL, AL
  56. + " 75" //JNE SHORT addr
  57. ;
  58. var offset2 = exe.find(code, PTYPE_HEX, true, "\xAB", offset - 0x60, offset);
  60. if (offset2 === -1) {
  61. code = code.replace(" A1 AB AB AB 00 50", " FF 35 AB AB AB 00"); //Change MOV EAX to PUSH DWORD PTR DS:[refAddr]
  62. offset2 = exe.find(code, PTYPE_HEX, true, "\xAB", offset - 0x60, offset);
  64. // refAddr pushed further on new exe, so !
  65. if (offset2 === -1) {
  66. code = code.replace(" FF 35 AB AB AB 00"," FF 35 AB AB AB 01");
  67. offset2 = exe.find(code, PTYPE_HEX, true, "\xAB", offset-0x60, offset);
  68. }
  69. }
  71. if (offset2 === -1)
  72. return "Failed in Step 2 - LangType comparison missing";
  74. //Step 2c - Replace First JNE with JMP
  75. exe.replace(offset2, "EB", PTYPE_HEX);
  77. return true;
  78. }

EnableWhoCommand.qs