Ok I am going to show you how I found the offset for NoMountModels. This is probably one of the easiest ones to find IMHO. THings you will need are Calc, and IDA Pro Demo :http://www.datarescue.be/idademo/idademo49.exe .
Install IDA so we can use it first.
Drag and drop eqgame.exe ontop of IDA Pro Icon on the desktop. A Box will pop up, click OK, then another will pop, just click cancel. Now let IDA disassemble the EXE for a good bit of time, and move on to the next part.
First we need to open a file in the EQ directory called eqstr_us.txt using Notepad or a text editor. This contains a bunch of text to things like "You have been Summoned", etc. Now look for this text inside there "horse models". You should get a line that contains "5524" and text that you would see if you didn't have horse models enabled. Now lets open CALC first make sure you change VIEW to Scientific so we can use both Hex and Dec. Ok make sure DEC is checked and put in 5524, now click HEX and what number to we get? 1594. Write this down.
Now after you have let the EXE disassemble for a good 10 minutes, we are going to go back to IDA Pro. Make sure you let it decompile for a bit, otherwise it won't have everything, and your search will be no good. Now click on search on the top, then click text. Now put in "Push 1594h" and make sure "all occurences" is NOT checked. Hit Enter.
You should see something like this and your cursor will be on 4BA16F:
Well now look up to where what is called a JUMP is (4BA16A). This is where the offset you want to modify is located. Generally it is a JUMP you want to change and this is it. So look at this in HEX :
Hence we get :
Will try to make future ones more graphical, but I hope people can sorta follow this.
Install IDA so we can use it first.
Drag and drop eqgame.exe ontop of IDA Pro Icon on the desktop. A Box will pop up, click OK, then another will pop, just click cancel. Now let IDA disassemble the EXE for a good bit of time, and move on to the next part.
First we need to open a file in the EQ directory called eqstr_us.txt using Notepad or a text editor. This contains a bunch of text to things like "You have been Summoned", etc. Now look for this text inside there "horse models". You should get a line that contains "5524" and text that you would see if you didn't have horse models enabled. Now lets open CALC first make sure you change VIEW to Scientific so we can use both Hex and Dec. Ok make sure DEC is checked and put in 5524, now click HEX and what number to we get? 1594. Write this down.
Now after you have let the EXE disassemble for a good 10 minutes, we are going to go back to IDA Pro. Make sure you let it decompile for a bit, otherwise it won't have everything, and your search will be no good. Now click on search on the top, then click text. Now put in "Push 1594h" and make sure "all occurences" is NOT checked. Hit Enter.
You should see something like this and your cursor will be on 4BA16F:
Code:
.text:004BA163
.text:004BA163 loc_4BA163: ; CODE XREF: sub_4B9F9D+E4j
.text:004BA163 call sub_47F55A
.text:004BA168 test al, al
.text:004BA16A jz short loc_4BA1B5
.text:004BA16C push ebx
.text:004BA16D push 0Dh
.text:004BA16F push 1594h
.text:004BA174
.text:004BA174 loc_4BA174: ; CODE XREF: sub_4B9F9D+B1j
.text:004BA174 mov eax, dword_908218
.text:004BA179 mov ecx, eax
.text:004BA17B add eax, 0C388h
.text:004BA180 neg ecx
.text:004BA182 sbb ecx, ecx
.text:004BA184 and ecx, eax
.text:004BA186 push ecx
.text:004BA187 call sub_468B4C
.text:004BA18C mov ecx, dword_908218
.text:004BA192 add esp, 10h
.text:004BA195 push ebx
.text:004BA196 add ecx, 0C388h
.text:004BA19C push 71h
.text:004BA19E call sub_413729
.text:004BA1A3 mov ecx, dword_908218
.text:004BA1A9 add ecx, 0C388h
.text:004BA1AF push eax
.text:004BA1B0 call sub_416C4F
Well now look up to where what is called a JUMP is (4BA16A). This is where the offset you want to modify is located. Generally it is a JUMP you want to change and this is it. So look at this in HEX :
Code:
---------------- 0 1 2 3 4 5 6 7 8 9 A B C D E F --------
.text:004BA160 FF EB 52 E8 F2 53 FC FF 84 C0 74 49 53 6A 0D 68 dRF=Sn ä+tISjh
.text:004BA170 94 15 00 00 A1 18 82 90 00 8B C8 05 88 C3 00 00 ö§..íéÉ.ï+ê+..
.text:004BA180 F7 D9 1B C9 23 C8 51 E8 C0 E9 FA FF 8B 0D 18 82 ˜++#+QF+T· ïé
.text:004BA190 90 00 83 C4 10 53 81 C1 88 C3 00 00 6A 71 E8 86 É.â-Sü-ê+..jqFå
.text:004BA1A0 95 F5 FF 8B 0D 18 82 90 00 81 C1 88 C3 00 00 50 ò) ïéÉ.ü-ê+..P
.text:004BA1B0 E8 9A CA F5 FF
Hence we get :
Code:
[NoMountModels]
Description="No Mount Models"
Version="2005.12.15"
address0=4BA16A
normal0="74"
crack0="EB"
Will try to make future ones more graphical, but I hope people can sorta follow this.
Last edited: