It's more like notes I keep when I do the hack.
Not everypart of the code/binary patches is here fgure it yourself. This is for unpacked helgame v2.95 dated 2003-11-05 with a new section (Offset 600000h, size 4000h) injected (for loads of possible features without hooking). The maplist is not included, figure it yourself. Using IDA Pro will make it easier to analyze the exe.
Code: Select all
Delay for Restarting
--------------------
00459DF3 |. C686 A4DF0600 05 mov byte ptr [esi+6DFA4], 5
00459DF3 C686 A4DF0600 00 mov byte ptr [esi+6DFA4], 0
Delay for logging out
---------------------
00459D58 |. C74424 20 0B000000 mov dword ptr [esp+20], 0B
0049CF72 . C74424 2C 0B000000 mov dword ptr [esp+2C], 0B
Curse
-----
0049DC98 |. 0F84 F9020000 je HelFart.0049DF97
0049DC98 E9 FA020000 jmp HelFart.0049DF97
0049DC9D 90 nop
Global Spam
-----------
0044E9E3 . 3C 21 cmp al, 21
0044E9E3 EB 1E jmp short HelFart.0044EA03
No drink pot delay
------------------
0044E65B |. 75 14 jnz short HelFart.0044E671
0044E65B EB 28 jmp short HelFart.0044E685
0044E7C7 |. 75 14 jnz short HelFart.0044E7DD
0044E7C7 EB 39 jmp short HelFart.0044E802
00457C8D |. 75 1C jnz short HelFart.00457CAB
00457C8D EB 1C jmp short HelFart.00457CAB
No wait for using scroll after damage
-------------------------------------
00458528 |. 75 38 jnz short HelFart.00458562
00458528 EB 38 jmp short HelFart.00458562
Beholder
--------
.text:0041A91B test al, 10h
.text:0041E127 test al, 10h
.text:0041F0F5 test al, 10h
.text:00425275 test al, 10h
.text:004281B9 test al, 10h
.text:0042BCE5 test al, 10h
.text:00433A4E test al, 10h
0041A92D |. 8DB5 8DE00600 lea esi, dword ptr [ebp+6E08D]
0041E135 |. 8DB3 8DE00600 lea esi, dword ptr [ebx+6E08D]
0041F10A |. 8DB5 8DE00600 lea esi, dword ptr [ebp+6E08D]
00425287 |. 8DB5 8DE00600 lea esi, dword ptr [ebp+6E08D]
004281CE |. 8DB5 8DE00600 lea esi, dword ptr [ebp+6E08D]
0042BCF7 |. 8DB5 8DE00600 lea esi, dword ptr [ebp+6E08D]
00433A60 |. 8DB5 8DE00600 lea esi, dword ptr [ebp+6E08D]
0041A92D EB 0B jmp short HelFart.0041A93A
0041A92F 90 nop
0041A930 90 nop
0041A931 90 nop
0041A932 90 nop
0041E135 EB 1B jmp short HelFart.0041E152
0041E137 90 nop
0041E138 90 nop
0041E139 90 nop
0041E13A 90 nop
no stun
-------
004843D4 |. E8 D7C10000 call HelFart.004905B0
004843D4 -E9 27BF1700 jmp HelFart.00600300
00600300 8B4424 60 mov eax, dword ptr [esp+60]
00600304 66:83F8 06 cmp ax, 6
00600308 7C 43 jl short HelFart.0060034D
0060030A 66:83F8 07 cmp ax, 7
0060030E 7F 7B jg short HelFart.0060038B
00600310 8BD9 mov ebx, ecx
00600312 8BCA mov ecx, edx
00600314 66:81F9 3075 cmp cx, 7530
00600319 72 06 jb short HelFart.00600321
0060031B 81C1 D08A0000 add ecx, 8AD0
00600321 81E1 FFFF0000 and ecx, 0FFFF
00600327 8BB48B F4019000 mov esi, dword ptr [ebx+ecx*4+9001F4]
0060032E 85F6 test esi, esi
00600330 7E 59 jle short HelFart.0060038B
00600332 0FBF83 80AB9300 movsx eax, word ptr [ebx+93AB80]
00600339 2BF0 sub esi, eax
0060033B 0FBF83 82AB9300 movsx eax, word ptr [ebx+93AB82]
00600342 8BBC8B B4D69100 mov edi, dword ptr [ebx+ecx*4+91D6B4]
00600349 2BF8 sub edi, eax
0060034B 85F6 test esi, esi
0060034D 7C 3C jl short HelFart.0060038B
0060034F 83FE 28 cmp esi, 28
00600352 7D 37 jge short HelFart.0060038B
00600354 85FF test edi, edi
00600356 7C 33 jl short HelFart.0060038B
00600358 83FF 23 cmp edi, 23
0060035B 7D 2E jge short HelFart.0060038B
0060035D 8D04F5 00000000 lea eax, dword ptr [esi*8]
00600364 2BC6 sub eax, esi
00600366 8D0C87 lea ecx, dword ptr [edi+eax*4]
00600369 03C1 add eax, ecx
0060036B 8BC8 mov ecx, eax
0060036D C1E0 04 shl eax, 4
00600370 03C1 add eax, ecx
00600372 B9 05000000 mov ecx, 5
00600377 8DBD 8DE00600 lea edi, dword ptr [ebp+6E08D]
0060037D 8DB4C3 620B0000 lea esi, dword ptr [ebx+eax*8+B62]
00600384 33C0 xor eax, eax
00600386 66:F3:A7 repe cmps word ptr es:[edi], word ptr [esi]
00600389 74 10 je short HelFart.0060039B
0060038B 8B8D 94980600 mov ecx, dword ptr [ebp+69894]
00600391 E8 1A02E9FF call HelFart.004905B0
00600396 -E9 3E40E8FF jmp HelFart.004843D9
0060039B 83C4 44 add esp, 44
0060039E -E9 3640E8FF jmp HelFart.004843D9
Default music off
-----------------
.text:004042A0 * mov [ebp+6D3F4h], eax
.text:0044E269 mov [ebp+6D3F4h], esi
.text:0044E2F2 mov [ebp+6D3F4h], edi
.text:00459B42 mov dword ptr [esi+6D3F4h], 0
.text:00459B92 mov [esi+6D3F4h], eax
004042A0 |. 8985 F4D30600 mov dword ptr [ebp+6D3F4], eax ; |
004042A0 89B5 F4D30600 mov dword ptr [ebp+6D3F4], esi
New Title
---------
004C1578 'Helbreath Crusade', 0
004C1578 'Stupid & Lame Game'
uninterruptible
---------------
.text:00484695 mov ecx, 5 ; case 0x6
.text:0048469A lea edi, [ebp+6E08Dh]
.text:004846A0 lea esi, [esp+0DCh+var_90]
.text:004846A4 xor edx, edx
.text:004846A6 repe cmpsw
.text:004846A9 jnz loc_48474C
.text:004846AF * lea eax, [esp+0DCh+var_B8]
.text:004846B3 xor edi, edi
.text:004846B5 * push eax
.text:004846B6 * lea ecx, [ebp+6D8A8h]
.text:004846BC * mov [esp+0E0h+var_B8], edi
.text:004846C0 * call sub_4A0640
.text:004846C5 lea esi, [ebp+6DBBCh]
.text:004846CB * mov dword ptr [ebp+6DCECh], 0FFFFFFFFh
.text:004846D5 mov ecx, esi
.text:004846D7 * mov [ebp+0Ch], di
.text:004846DB call sub_4A0660
.text:004846E0 cmp eax, 1
.text:004846E3 jnz short loc_48473C
.text:004846E5 push eax
.text:004846E6 push 0Ah
.text:004846E8 push offset aStoppedUsingTh; "Stopped using the skill."
004846AF . 8D4424 24 lea eax, dword ptr [esp+24]
004846B3 . 33FF xor edi, edi
004846B5 . 50 push eax
004846B6 . 8D8D A8D80600 lea ecx, dword ptr [ebp+6D8A8]
004846BC . 897C24 28 mov dword ptr [esp+28], edi
004846C0 . E8 7BBF0100 call HelFart.004A0640
004846C5 . 8DB5 BCDB0600 lea esi, dword ptr [ebp+6DBBC]
004846CB . C785 ECDC0600 FFFFFFFF mov dword ptr [ebp+6DCEC], -1
004846D5 . 8BCE mov ecx, esi
004846D7 . 66:897D 0C mov word ptr [ebp+C], di
004846AF 33FF xor edi, edi
004846B1 8DB5 BCDB0600 lea esi, dword ptr [ebp+6DBBC]
004846B7 8BCE mov ecx, esi
004846B9 EB 20 jmp short HelFart.004846DB
004846BB 90 nop(32)
no cast delay
-------------
004646A1 |. 8D5424 3C lea edx, dword ptr [esp+3C]
004646A5 |. 8D8D E0D30600 lea ecx, dword ptr [ebp+6D3E0]
004646AB |. 52 push edx
004646AC |. C74424 40 00000000 mov dword ptr [esp+40], 0
004646B4 |. E8 87BF0300 call HelFart.004A0640
004646B9 |. FF15 64124B00 call dword ptr [<&WINMM.timeGetTime>] ; WINMM.timeGetTime
004646BF |. 8985 74D30600 mov dword ptr [ebp+6D374], eax
004646A1 EB 22 jmp short HelFart.004646C5
004646A3 90 nop
004646A4 90 nop
Key Flags
---------
6D8C4 = SHIFT
6D8BC = CONTROL
.text:00477DC4 movsx ecx, word ptr [eax+36h]; case 0xd
.text:00477DC8 push ecx
.text:00477DC9 lea edx, [esp+350h+String]
.text:00477DCD push offset aAvailableFor_2; "Available for above Int %d"
.text:00477DD2 push edx
.text:00477DD3 call wsprintfA
.text:00477DD9 movsx eax, byte ptr [ebx+0ADEh]
.text:00477DE0 add esp, 0Ch
.text:00477DE3 mov ecx, [ebx+eax*4+6BCD4h]
.text:00477DEA * mov eax, [ebx+6DCACh]
.text:00477DF0 movsx edx, word ptr [ecx+36h]
.text:00477DF4 jmp loc_477C37
self-invi
---------
0049D131 > 8B0D 848C4C00 mov ecx, dword ptr [4C8C84] ; Case 105 of switch 0049CDFE
0049D131 -E9 CA401600 jmp HelFart.00601200
0049D136 90 nop
6DCACh = INT (intelligent)
006011FA 8485 80799090 test byte ptr [ebp+90907980], al
00601200 8B0D 848C4C00 mov ecx, dword ptr [4C8C84]
00601206 83FE 79 cmp esi, 79
00601209 -0F85 28BFE9FF jnz HelFart.0049D137
0060120F 83B9 ACDC0600 1F cmp dword ptr [ecx+6DCAC], 1F
00601216 -0F8C 1BBFE9FF jl HelFart.0049D137
0060121C 8BF9 mov edi, ecx
0060121E 0FBF91 B2DD0600 movsx edx, word ptr [ecx+6DDB2]
00601225 85D2 test edx, edx
00601227 7C 19 jl short HelFart.00601242
00601229 33C0 xor eax, eax
0060122B 50 push eax
0060122C 50 push eax
0060122D 50 push eax
0060122E 50 push eax
0060122F 52 push edx
00601230 50 push eax
00601231 68 0A0A0000 push 0A0A
00601236 68 DC14A30F push 0FA314DC
0060123B E8 D046E0FF call HelFart.00405910
00601240 8BCF mov ecx, edi
00601242 33C0 xor eax, eax
00601244 83B9 BCD80600 01 cmp dword ptr [ecx+6D8BC], 1
0060124B 75 03 jnz short HelFart.00601250
0060124D 83C0 01 add eax, 1
00601250 83B9 C4D80600 01 cmp dword ptr [ecx+6D8C4], 1
00601257 75 03 jnz short HelFart.0060125C
00601259 83C0 02 add eax, 2
0060125C 8A80 FA116000 mov al, byte ptr [eax+6011FA]
00601262 6A 00 push 0
00601264 6A 00 push 0
00601266 50 push eax
00601267 0FBF81 C4DD0600 movsx eax, word ptr [ecx+6DDC4]
0060126E 50 push eax
0060126F 0FBF81 C2DD0600 movsx eax, word ptr [ecx+6DDC2]
00601276 50 push eax
00601277 6A 00 push 0
00601279 68 0D0A0000 push 0A0D
0060127E 68 DC14A30F push 0FA314DC
00601283 E8 8846E0FF call HelFart.00405910
00601288 8BCF mov ecx, edi
0060128A -E9 A8BEE9FF jmp HelFart.0049D137
0060128F 90 nop
No Freeze
---------
00484300 . F6C4 F0 test ah, 0F0
00484303 . 89B5 D4DD0600 mov dword ptr [ebp+6DDD4], esi
00484300 -E9 3BC11700 jmp HelFart.00600440
00484305 90 nop
00484306 F6C4 F0 test ah, 0F0
00600440 81E6 BFFFFFFF and esi, FFFFFFBF
00600446 89B5 D4DD0600 mov dword ptr [ebp+6DDD4], esi
0060044C -E9 B53EE8FF jmp HelFart.00484306
00600451 90 nop
No Freeze2
----------
.text:00461962 mov [esi+6DDD4h], ecx
.text:00461AEF mov [esi+6DDD4h], ecx
.text:00483C3B mov [ebp+6DDD4h], ecx
00461962 |. 898E D4DD0600 mov dword ptr [esi+6DDD4], ecx
00461962 -E9 F9EA1900 jmp HelFart.00600460
00461967 90 nop
00461AEF |. 898E D4DD0600 mov dword ptr [esi+6DDD4], ecx
00461AEF -E9 8CE91900 jmp HelFart.00600480
00461AF4 90 nop
00483C3B |. 898D D4DD0600 mov dword ptr [ebp+6DDD4], ecx
00483C3B -E9 60C81700 jmp HelFart.006004A0
00483C40 90 nop
00600460 83E1 BF and ecx, FFFFFFBF
00600463 898E D4DD0600 mov dword ptr [esi+6DDD4], ecx
00600469 -E9 FA14E6FF jmp HelFart.00461968
00600480 83E1 BF and ecx, FFFFFFBF
00600483 898E D4DD0600 mov dword ptr [esi+6DDD4], ecx
00600489 -E9 6716E6FF jmp HelFart.00461AF5
006004A0 83E1 BF and ecx, FFFFFFBF
006004A3 898D D4DD0600 mov dword ptr [ebp+6DDD4], ecx
006004A9 -E9 9337E8FF jmp HelFart.00483C41
True Identity
-------------
.text:0045A394 cmp [ebx+6DD20h], ebp ; Illusion
.text:0045A39A jnz loc_45AB39
.text:0045A3A0 cmp [ebx+6DC04h], ebp ; Crusade
.text:0045A3A6 jnz short loc_45A3C5
.text:0045A3A8 mov ecx, [esp+78h+arg_8]
.text:0045A3AF lea edx, [esp+78h+var_40]
.text:0045A3B3 push ecx
.text:0045A3B4 push offset aS_0 ; "%s"
.text:0045A3B9 push edx
.text:0045A3BA call wsprintfA
.text:0045A3C0 add esp, 0Ch
.text:0045A3C3 jmp short loc_45A423
.text:0045A3C5; ---------------------------------------------------------------------------
.text:0045A3C5
.text:0045A3C5 loc_45A3C5: ; CODE XREF: sub_45A320+86j
.text:0045A3C5 mov eax, ds:dword_4C4B18
.text:0045A3CA cmp ax, 2710h
.text:0045A3CE * jb short loc_45A3DB
.text:0045A3D0 lea edx, [esp+78h+var_40]
.text:0045A3D4 mov edi, offset aMercenary; "Mercenary"
.text:0045A3D9 jmp short loc_45A406
0045A3CE |. 72 0B jb short HelFart.0045A3DB
0045A3CE ^72 D8 jb short HelFart.0045A3A8
Enemy Indicator
---------------
.text:0041892E 1* mov eax, [esi+6DC04h]
.text:0041B1D6 2* mov eax, [ebp+6DC04h]; default
.text:0041D5A8 3* mov eax, [ebx+6DC04h]; default
.text:0041E3EC 4* mov eax, [ebx+6DC04h]
.text:0041F915 5* mov eax, [ebp+6DC04h]
.text:00423973 6* mov eax, [esi+6DC04h]
.text:00425A27 7* mov ecx, [ebp+6DC04h]
.text:004286B0 8* mov eax, [ebp+6DC04h]
.text:0042C3BD 9* mov eax, [ebp+6DC04h]
.text:004305D9 0 mov eax, [esi+6DC04h]
.text:00433EA0 1* mov eax, [ebp+6DC04h]
00418944 |. 74 34 je short HelFart.0041897A
0041B1DE . 74 48 je short HelFart.0041B228
0041D5B8 |. 74 35 je short HelFart.0041D5EF
0041E3FC . 74 35 je short HelFart.0041E433
0041F92B . 74 34 je short HelFart.0041F961
00423983 |. 74 32 je short HelFart.004239B7
00425A2F . 74 4A je short HelFart.00425A7B
004286BC . 74 41 je short HelFart.004286FF
0042C3D3 . 74 35 je short HelFart.0042C40A
00433EA8 . 74 44 je short HelFart.00433EEE
magic pause
-----------
.text:004624E5 push eax
.text:004624E6 mov [esp+0F4h+var_D8], esi
.text:004624EA call sub_4A0640
.text:004624EF call timeGetTime ; Get system time, in milliseconds
004624E5 . 50 push eax
004624E6 . 897424 1C mov dword ptr [esp+1C], esi
004624E5 -E9 B6ED1900 jmp HelFart.006012A0
006012A0 50 push eax
006012A1 C74424 1C 01000000 mov dword ptr [esp+1C], 1
006012A9 -E9 3C12E6FF jmp HelFart.004624EA
speed limit
-----------
00461EFC . 81FE 2C010000 cmp esi, 12C
00461EFC 81FE 00010000 cmp esi, 100
speed trap
----------
00461F08 . 8B8D 98980600 mov ecx, dword ptr [ebp+69898]
00461F08 E9 D6280000 jmp HelFart.004647E3
00461F0D 90 nop
Window Title
------------
006007D8 68 E0076000 push HELGAME.006007E0 ; ASCII "%s kicking ass in %s"
006007DD 90 nop
006007DE 0000 add byte ptr [eax], al
006007E0 25 73206B69 and eax, 696B2073
006007E5 636B 69 arpl dword ptr [ebx+69], ebp
006007E8 6E outs dx, byte ptr es:[edi] ; I/O command
006007E9 67:2061 73 and byte ptr [bx+di+73], ah
006007ED 73 20 jnb short HELGAME.0060080F
006007EF 696E 20 25730000 imul ebp, dword ptr [esi+20], 7325
00483EF6 . E8 F5D3F8FF call HelFart.004112F0
00483EF6 -E9 55C91700 jmp HelFart.00600850
00600850 E8 9B0AE1FF call HelFart.004112F0
00600855 8D85 A8E10600 lea eax, dword ptr [ebp+6E1A8]
0060085B 8D8D 8DE00600 lea ecx, dword ptr [ebp+6E08D]
00600861 50 push eax
00600862 51 push ecx
00600863 68 E0076000 push HelFart.006007E0 ; ASCII "%s kicking ass in %s"
00600868 68 00086000 push HelFart.00600800
0060086D FF15 04124B00 call dword ptr [<&USER32.wsprintfA>] ; USER32.wsprintfA
00600873 83C4 10 add esp, 10
00600876 68 00086000 push HelFart.00600800
0060087B 6A 00 push 0
0060087D 6A 0C push 0C
0060087F FF35 80C75600 push dword ptr [56C780]
00600885 FF15 F4114B00 call dword ptr [<&USER32.DefWindowProcA>] ; USER32.DefWindowProcA
0060088B C605 600F6000 00 mov byte ptr [600F60], 0
00600892 -E9 6436E8FF jmp HelFart.00483EFB
00600897 90 nop
0048147D |. 68 CCF94B00 push HelFart.004BF9CC ; ASCII "you have died!"
00481482 |. 8BCE mov ecx, esi
00481484 |. E8 67FEF8FF call HelFart.004112F0
006008A0 E8 4B0AE1FF call HelFart.004112F0
006008A5 8D85 A8E10600 lea eax, dword ptr [ebp+6E1A8]
006008AB 8D8D 8DE00600 lea ecx, dword ptr [ebp+6E08D]
006008B1 50 push eax
006008B2 51 push ecx
006008B3 68 E8086000 push HelFart.006008E8 ; ASCII "%s R.I.P in %s"
006008B8 68 00086000 push HelFart.00600800
006008BD FF15 04124B00 call dword ptr [<&USER32.wsprintfA>] ; USER32.wsprintfA
006008C3 83C4 10 add esp, 10
006008C6 68 00086000 push HelFart.00600800
006008CB 6A 00 push 0
006008CD 6A 0C push 0C
006008CF FF35 80C75600 push dword ptr [56C780]
006008D5 FF15 F4114B00 call dword ptr [<&USER32.DefWindowProcA>] ; USER32.DefWindowProcA
006008DB -E9 A90BE8FF jmp HelFart.00481489
006008E0 0000 add byte ptr [eax], al
006008E2 0000 add byte ptr [eax], al
006008E4 0000 add byte ptr [eax], al
006008E6 0000 add byte ptr [eax], al
006008E8 25 7320522E and eax, 2E522073
006008ED 49 dec ecx
006008EE 2E:50 push eax ; Superfluous prefix
006008F0 2069 6E and byte ptr [ecx+6E], ch
006008F3 2025 73000000 and byte ptr [73], ah
006008F9 90 nop
/ Commands
----------
/indion ;8;600000
/indioff ;9;60000A
/nofly0 ;8;600014
/nofly1 ;8;60001D
/nofly2 ;8;600026
/nofly3 ;8;60002F
/shield1 ;9;600038
/shield2 ;9;600044
/nodelayon ;B;600050
/nodelayoff ;C;60005C
come ;6;60006B
come %d %d ;B;600073
/woofon ;8;60007F
/woofoff ;9;600088
/showspawn ;B;600094
/itembig ;A;6000A0
/itemsmall ;B;6000AB
/go ;4;6000B7
Command parser
--------------
/go
/setbase
/nofly0
/nofly1
/nofly2
/nofly3
/shield1
/shield2
/nodelayon
/nodelayoff
0045C6E6 |. 83E1 03 and ecx, 3
0045C6E9 |. 33D2 xor edx, edx
0045C6EB |. F3:A4 rep movs byte ptr es:[edi], byte ptr [esi]
0045C6ED |. B9 05000000 mov ecx, 5
0045C6F2 |. BF 00BB4B00 mov edi, HelFart.004BBB00 ; ASCII "/showframe"
0045C6F7 |. 8D7424 28 lea esi, dword ptr [esp+28]
0045C6FB |. 66:F3:A7 repe cmps word ptr es:[edi], word ptr [esi]
0045C6FE |. 75 1D jnz short HelFart.0045C71D
0045C6E6 -E9 15491A00 jmp HelFart.00601000
00601000 83E1 03 and ecx, 3
00601003 33D2 xor edx, edx
00601005 F3:A4 rep movs byte ptr es:[edi], byte ptr [esi]
00601007 8D7424 28 lea esi, dword ptr [esp+28]
0060100B 803E 2F cmp byte ptr [esi], 2F
0060100E -0F85 3DBBE5FF jnz HelFart.0045CB51
00601014 33D2 xor edx, edx
00601016 8D04D5 00000000 lea eax, dword ptr [edx*8]
0060101D 8BBC90 001F6000 mov edi, dword ptr [eax+edx*4+601F00]
00601024 8D7424 28 lea esi, dword ptr [esp+28]
00601028 8B8C90 041F6000 mov ecx, dword ptr [eax+edx*4+601F04]
0060102F F3:A6 repe cmps byte ptr es:[edi], byte ptr [esi]
00601031 75 09 jnz short HelFart.0060103C
00601033 8B8490 081F6000 mov eax, dword ptr [eax+edx*4+601F08]
0060103A FFE0 jmp eax
0060103C 42 inc edx
0060103D 83FA 01 cmp edx, 1
00601040 ^7C D4 jl short HelFart.00601016
00601042 -E9 A6B6E5FF jmp HelFart.0045C6ED
00601047 90 nop
teleport
--------
006012F0 ^7C B6 jl short HelFart.006012A8
006012F2 4B dec ebx
006012F3 0000 add byte ptr [eax], al
006012F5 0000 add byte ptr [eax], al
006012F7 0000 add byte ptr [eax], al
006012F9 0000 add byte ptr [eax], al
006012FB 0000 add byte ptr [eax], al
006012FD 90 nop
006012FE 90 nop
006012FF 90 nop
00601300 803E 00 cmp byte ptr [esi], 0
00601303 -0F84 41B8E5FF je HelFart.0045CB4A
00601309 8935 E4126000 mov dword ptr [6012E4], esi
0060130F 46 inc esi
00601310 803E 00 cmp byte ptr [esi], 0
00601313 -0F84 31B8E5FF je HelFart.0045CB4A
00601319 803E 20 cmp byte ptr [esi], 20
0060131C ^75 F1 jnz short HelFart.0060130F
0060131E C606 00 mov byte ptr [esi], 0
00601321 46 inc esi
00601322 803E 20 cmp byte ptr [esi], 20
00601325 ^74 FA je short HelFart.00601321
00601327 803E 00 cmp byte ptr [esi], 0
0060132A -0F84 1AB8E5FF je HelFart.0045CB4A
00601330 8935 E8126000 mov dword ptr [6012E8], esi
00601336 46 inc esi
00601337 803E 00 cmp byte ptr [esi], 0
0060133A 0F84 4A000000 je HelFart.0060138A
00601340 803E 20 cmp byte ptr [esi], 20
00601343 ^75 F1 jnz short HelFart.00601336
00601345 C606 00 mov byte ptr [esi], 0
00601348 46 inc esi
00601349 803E 20 cmp byte ptr [esi], 20
0060134C ^74 FA je short HelFart.00601348
0060134E 803E 00 cmp byte ptr [esi], 0
00601351 74 37 je short HelFart.0060138A
00601353 8935 E0126000 mov dword ptr [6012E0], esi
00601359 46 inc esi
0060135A 803E 00 cmp byte ptr [esi], 0
0060135D 74 08 je short HelFart.00601367
0060135F 803E 20 cmp byte ptr [esi], 20
00601362 ^75 F5 jnz short HelFart.00601359
00601364 C606 00 mov byte ptr [esi], 0
00601367 FF35 E0126000 push dword ptr [6012E0]
0060136D E8 6101EAFF call HelFart.004A14D3
00601372 83C4 04 add esp, 4
00601375 83F8 20 cmp eax, 20
00601378 -0F83 CCB7E5FF jnb HelFart.0045CB4A
0060137E 8B0485 00146000 mov eax, dword ptr [eax*4+601400]
00601385 A3 F0126000 mov dword ptr [6012F0], eax
0060138A FF35 E4126000 push dword ptr [6012E4]
00601390 E8 3E01EAFF call HelFart.004A14D3
00601395 A3 F4126000 mov dword ptr [6012F4], eax
0060139A FF35 E8126000 push dword ptr [6012E8]
006013A0 E8 2E01EAFF call HelFart.004A14D3
006013A5 A3 F8126000 mov dword ptr [6012F8], eax
006013AA 83C4 08 add esp, 8
006013AD 8BCB mov ecx, ebx
006013AF 6A 00 push 0
006013B1 FF35 F0126000 push dword ptr [6012F0]
006013B7 6A 00 push 0
006013B9 FF35 F8126000 push dword ptr [6012F8]
006013BF FF35 F4126000 push dword ptr [6012F4]
006013C5 6A 00 push 0
006013C7 68 540A0000 push 0A54
006013CC 68 DC14A30F push 0FA314DC
006013D1 E8 3A45E0FF call HelFart.00405910
006013D6 6A 00 push 0
006013D8 6A 00 push 0
006013DA 6A 00 push 0
006013DC 6A 00 push 0
006013DE 6A 00 push 0
006013E0 6A 00 push 0
006013E2 68 550A0000 push 0A55
006013E7 68 DC14A30F push 0FA314DC
006013EC 8BCB mov ecx, ebx
006013EE E8 1D45E0FF call HelFart.00405910
006013F3 -E9 52B7E5FF jmp HelFart.0045CB4A
No Confusion/Illusion
---------------------
00481A87 |. 68 34FD4B00 push HelFart.004BFD34 ; ASCII "Confusion magic casted, impossible to determine player allegience."
00481A8C |. 8BCE mov ecx, esi
00481A8E |. E8 5DF8F8FF call HelFart.004112F0
00481A93 |. C786 F4DB0600 01000000 mov dword ptr [esi+6DBF4], 1
00481B1B |. 68 BCFC4B00 push HelFart.004BFCBC ; ASCII "You are thrown into confusion, and you are flustered yourself."
00481B20 |. 8BCE mov ecx, esi
00481B22 |. C786 F8DB0600 01000000 mov dword ptr [esi+6DBF8], 1
0045A394 . 39AB 20DD0600 cmp dword ptr [ebx+6DD20], ebp ; Illusion
0045A39A . 0F85 99070000 jnz HelFart.0045AB39
0045A3A0 . 39AB 04DC0600 cmp dword ptr [ebx+6DC04], ebp ; Crusade
00481A93 C786 F4DB0600 00000000 mov dword ptr [esi+6DBF4], 0
00481B22 C786 F8DB0600 00000000 mov dword ptr [esi+6DBF8], 0
0045A394 . 39AB 20DD0600 cmp dword ptr [ebx+6DD20], ebp
0045A39A . 0F85 99070000 jnz HelFart.0045AB39
0045A394 EB 0A jmp short HelFart.0045A3A0
0045A396 90 nop
0045A397 90 nop
0045A398 90 nop
0045A399 90 nop