Show Posts
1
The Workshop / FOnline multi-client
« on: March 25, 2018, 06:22:55 pm »
Hello everyone. I wanted to create a faction, but my friends couldn't find the time to assist me in a timely manner. So I took matters in my own hands.
I remember from FOR Season 2 that FOnline.exe would not bitch about being run twice. That's no longer the case, so I used my favorite disassembler to see which part of the code is causing me problems. Here are my findings:
This is the original file we're looking for. We need to go to the following addresses and change these bytes into these values:
The original code from 0x00110EA9 is 0F 84 61 01 00 00, which means "jump by 32 bit variable 0x00000161 if the result of a comparison is 0". This jump gets us into shit creek where the client complains about there already running an instance of FOnline client and promptly shuts down.
This instruction is 6 bytes long, and the one we want to make is going to be 5 bytes long: E9 1B 00 00 00 - jump unconditionally by 0x0000001B bytes.
So the problem with this is that we're left with 1 byte, 0x00110EAE, being 0. Operand 0 in x86 means "do an 8bit addition on what follows" which is clearly disruptive bullshit in the course of execution. So if we somehow manage to screw up the execution pointer and have it land our CPU's instruction decoder on that address, we need to do the least disruptive thing - no operation, 0x90.
Hope this helps. Enjoy!
I remember from FOR Season 2 that FOnline.exe would not bitch about being run twice. That's no longer the case, so I used my favorite disassembler to see which part of the code is causing me problems. Here are my findings:
Code: [Select]
FOnline.exe, size 3949568 bytes, SHA256 ad1bc7dc79988c36b62f250cb24b5403a168549ffedf8a9f5bbb437bfe9717e1This is the original file we're looking for. We need to go to the following addresses and change these bytes into these values:
Code: [Select]
00110EA9: 0F E9
00110EAA: 84 1B
00110EAB: 61 00
00110EAC: 01 00
00110EAE: 00 90The original code from 0x00110EA9 is 0F 84 61 01 00 00, which means "jump by 32 bit variable 0x00000161 if the result of a comparison is 0". This jump gets us into shit creek where the client complains about there already running an instance of FOnline client and promptly shuts down.
This instruction is 6 bytes long, and the one we want to make is going to be 5 bytes long: E9 1B 00 00 00 - jump unconditionally by 0x0000001B bytes.
So the problem with this is that we're left with 1 byte, 0x00110EAE, being 0. Operand 0 in x86 means "do an 8bit addition on what follows" which is clearly disruptive bullshit in the course of execution. So if we somehow manage to screw up the execution pointer and have it land our CPU's instruction decoder on that address, we need to do the least disruptive thing - no operation, 0x90.
Hope this helps. Enjoy!