← Back to DevelopmentAging & Mixing viewer.dll generatorProgramsClan filesInternet Information ServiceOllyDbg tutorialsMiscellaneousSkinsLinks / Files

party_player_level

← Back to Miscellaneous
This is the complete portion of code you are looking for :

OllyDbg - Client side

00528B02  |.  83F9 0A       |CMP ECX,0A
00528B05  |.  7E 34         |JLE SHORT 00528B3B
00528B07  |.  B8 67666666   |MOV EAX,66666667
00528B0C  |.  F7E9          |IMUL ECX
00528B0E  |.  C1FA 02       |SAR EDX,2
00528B11  |.  8BC2          |MOV EAX,EDX
00528B13  |.  68 88935C00   |PUSH OFFSET 1873_quantumfusion_local.00 ; /<%s> = "x"
00528B18  |.  C1E8 1F       |SHR EAX,1F                              ; |
00528B1B  |.  03D0          |ADD EDX,EAX                             ; |
00528B1D  |.  52            |PUSH EDX                                ; |<%d>
00528B1E  |.  68 90D05D00   |PUSH OFFSET 1873_quantumfusion_local.00 ; |<%s> = "L"
00528B23  |.  8D8C24 AC0000 |LEA ECX,[ESP+0AC]                       ; |
00528B2A  |.  68 74425D00   |PUSH OFFSET 1873_quantumfusion_local.00 ; |Format = "%s%d%s"
00528B2F  |.  51            |PUSH ECX                                ; |Buf
00528B30  |.  FF15 D4A25B00 |CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \USER32.wsprintfA
00528B36  |.  83C4 14       |ADD ESP,14
00528B39  |.  EB 1C         |JMP SHORT 00528B57
00528B3B  |>  51            |PUSH ECX                                ; /<%d>
00528B3C  |.  68 90D05D00   |PUSH OFFSET 1873_quantumfusion_local.00 ; |<%s> = "L"
00528B41  |.  8D9424 A80000 |LEA EDX,[ESP+0A8]                       ; |
00528B48  |.  68 80375D00   |PUSH OFFSET 1873_quantumfusion_local.00 ; |Format = "%s%d"
00528B4D  |.  52            |PUSH EDX                                ; |Buf
00528B4E  |.  FF15 D4A25B00 |CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \USER32.wsprintfA


If you look closer, it starts with a comparison with 0A (cool it's 10, the level before 11 are written without the 'x' notation). If the level is less or equal than 10, we jump to the second part at 00528B3B and we use the 'L%s' notation. If not, we don't jump and use the 'L%sx' notation.

OllyDbg - Client side

00528B02  |.  83F9 0A       |CMP ECX,0A
00528B05  |.  7E 34         |JLE SHORT 00528B3B
[...]
00528B13  |.  68 88935C00   |PUSH OFFSET 1873_quantumfusion_local.00 ; /<%s> = "x"
[...]
00528B1E  |.  68 90D05D00   |PUSH OFFSET 1873_quantumfusion_local.00 ; |<%s> = "L"
[...]
00528B2A  |.  68 74425D00   |PUSH OFFSET 1873_quantumfusion_local.00 ; |Format = "%s%d%s"
[...]
00528B3B  |>  51            |PUSH ECX                                ; /<%d>
00528B3C  |.  68 90D05D00   |PUSH OFFSET 1873_quantumfusion_local.00 ; |<%s> = "L"
[...]
00528B48  |.  68 80375D00   |PUSH OFFSET 1873_quantumfusion_local.00 ; |Format = "%s%d"


What you need to do, is simply make it jump all the time, with an unconditional jump JMP.

OllyDbg - Client side

00528B05     /EB 34         JMP SHORT 00528B3B