What to look for? to add more models.

[Scriptkiddie13]

Hi, please move this thread if I'm in the wrong section.

I need help in debugging the .dll in ollydbg.

What I am trying to do is to change ID for PCMesh so that I can add more 3d model/mesh/ID to be use in the future.

The default ID for the PCMesh,

Start ID is 10301 = 283D
End ID is 10999 = 2AF7







If I will just try to expand 10999 to 11999/12999 etc it cannot be done because on 11,000-300,000+ is use by NPC Dialogue and others.

So to be safe I want to change it to start ID in 400,000 and end ID in 405,000.

I edited two location of PCMesh offset 10025348 and 10045C90.






After that when I test it, this one appears.





I look at the crash report but I cannot understand what to change.





It seems I have to edit something inside HT3DHeaven.dll.

I tried looking the offset in HT3DHeaven.dll from the crash report but I dont have any clue or idea what to do next.

Please help, thank you.

Code: Select all

https://mega.nz/#!3pMUUTRZ!Ykf5V3XUF9t6B_fpaYCfmIDR2UC8Ei6U4PTNJCqhMEY

[Scriptkiddie13]

Up, please help.

[atom0s]

From the look of your 2nd screenshot before the edits, the code is doing a big if / else if table such as:

Code: Select all

if (EAX < 0x283D || EAX > 0x2AF7) {
    EAX = "PCMesh";
}
else if (EAX < 0x4E21 || EAX > 0x55EF) {
    EAX = "PCTex";
}

And so on. Based on that, I would say your hot-patching is not the way to go to fix this or do what you want. Instead, an inline patch that jumps to a cave and continues the if/else checks would probably be your better bet. Either at the top or bottom if that large if/else (ja/jb) table, create a code cave jump to your own code and add onto the checks using your custom range that you want to also use for PCMesh. As normal in a code cave, replace any code you used to create the jump, then jump back as normal etc.

[Scriptkiddie13]

From the look of your 2nd screenshot before the edits, the code is doing a big if / else if table such as:

Code: Select all

if (EAX < 0x283D || EAX > 0x2AF7) {
    EAX = "PCMesh";
}
else if (EAX < 0x4E21 || EAX > 0x55EF) {
    EAX = "PCTex";
}

And so on. Based on that, I would say your hot-patching is not the way to go to fix this or do what you want. Instead, an inline patch that jumps to a cave and continues the if/else checks would probably be your better bet. Either at the top or bottom if that large if/else (ja/jb) table, create a code cave jump to your own code and add onto the checks using your custom range that you want to also use for PCMesh. As normal in a code cave, replace any code you used to create the jump, then jump back as normal etc.

I see, thank you for the advice. I will look for more tutorial about codecave since this is my first time and I dont really know about ASM Language.

I'll get back as soon as I get it and post the code for more advice if problem occurs.

A question though,

- I will make 1 codecave from the if/else right?
- and the second code for pcmesh is ok to edit right away?

I have a private question to ask @atom0s, kindly check your inbox. Thank you.

[atom0s]

The cave depends on how you want to approach it, do you want to just patch the exe? Do you want to create a loader that does the patch for you leaving the original exe untouched? Do you want to inject a DLL that makes the patches, again leaving the original exe untouched?

The idea is that you need to find some area in the games exe that is either just 00's, 90's or CC's in a big enough chunk that you can make your cave inside of it, have the code you need to add, then jump back to the original code. You also need to make sure that the area of memory you use is not used for anything else at some point in the game. Generally, this is why creating your own block of memory for a cave is generally better if possible. (ie. using VirtualAlloc within the process, or VirtualAllocEx remotely.)

You will want to jump from the original code, anywhere you feel is best be it at the start of that if/else or the end of it, or even in the middle of it, up to you really. Restore any code you altered within the cave, do your new code, then jump back to the original.

I wouldn't suggest editing the code as-is, and instead do what you need within the cave only since you want to add new ranges for the game to look for new things.

[Scriptkiddie13]

The cave depends on how you want to approach it, do you want to just patch the exe? Do you want to create a loader that does the patch for you leaving the original exe untouched? Do you want to inject a DLL that makes the patches, again leaving the original exe untouched?

The idea is that you need to find some area in the games exe that is either just 00's, 90's or CC's in a big enough chunk that you can make your cave inside of it, have the code you need to add, then jump back to the original code. You also need to make sure that the area of memory you use is not used for anything else at some point in the game. Generally, this is why creating your own block of memory for a cave is generally better if possible. (ie. using VirtualAlloc within the process, or VirtualAllocEx remotely.)

You will want to jump from the original code, anywhere you feel is best be it at the start of that if/else or the end of it, or even in the middle of it, up to you really. Restore any code you altered within the cave, do your new code, then jump back to the original.

I wouldn't suggest editing the code as-is, and instead do what you need within the cave only since you want to add new ranges for the game to look for new things.

I would really like to have a DLL that make the patches because it's flexible but with my skill set and knowledge as of now I think I will just do the patches in the exe.

Yes, I understand now. There is a huge space at the end of the exe there I could make the cave and jump back to the target block.

What I dont know yet is how to make 2 set of range of ID like the "PCTMD" tab, it uses two range.

I want to make the "PCMesh" to add new set of ID instead of changing the old one.

If I will copy the code of "PCTMD" second range of ID, I dont know what I will edit so that I can connect it to PCMesh to establish new set of ID.

I think I will try to do some trial and error for now and get back here with the codes.

[atom0s]

If you inject a DLL you can use a 'naked' function inside of your DLL to be the cave instead of worrying about finding usable memory or allocating more inside of the game.