在FPS游戏中,射击函数是调用非常频繁的,如果要对每一颗子弹的射击情况进行服务器验证的话,对服务器的压力是非常大的。尤其
This is CS LAN games, for the early years of slow computers, this pressure is even more unbearable. So a lot of important information about the shooting functions are carried out to verify locally. below
We tamper with the game code to achieve unlimited bullets, recoilless, rapid-fire three functions.
We created with a awp CS room, players can pick up the sniper rifle on the map, we have to realize rapid-fire AK-free back seat in this map.
First, the number of cartridges of AK scanned with CE, results can be obtained almost 200 (FIG.)
Each of these modifications results, found in a number of cartridges can be changed in the address (FIG)
load the game with OD, and write down the hardware breakpoint at the address, when the shooting game off again (FIG)
We can see the number of bullets is derived from eax, eax and comes on top of a dec eax, that is to say the code each time through here, eax from minus 1. We put this into dec
nop you can make the same number of bullets, if you change it inc, then it can make more you use the more bullets, but when the bullets more than a critical value will be zero, and the new increase.
We return to the outer layers to look at the shooting function (Figure)
This function takes three parameters, but only under AK fire will break, indicating that each gun shooting functions are independent. Analysis of the three parameters, two parameters can be drawn in front of
Floating-point, and the third argument is 0. Here, we first look at the value recorded the first two parameters were 0.009624999 and 0.09549999.
Here we get the sniper rifle shooting function in the same way (as shown)
Before drawing two parameters 0.001 and 1.45, the third parameter is 0. The first argument that we can not judge what is, after we compare two guns can be found in the second argument is likely to be a gun shot interval, that is, the rate of fire, because these two values and the reality is that two guns match of. To verify this, we will AK second parameter to 0.001 (Figure) (Figure)
This is what we can see shoot shooting speed was becoming a lot faster, but the gun jitter has become more powerful. So after resolving the shooting speed and number of bullets, our final task is to get rid of windows shake.
In order to verify the position of the dither where the code, we call for AK shooting function, we found a single call this function window will shake, shake that is the code inside the function.
If the jitter window with the code to achieve, in fact, a change in a person's direction, and fine-tune the orientation value while shooting can achieve jitter effect. And this value to face
to float is stored, so we analyze the code written in the internal floating point function.
In the function head off, press F8 to go down one by one, there is the argument to a function at some 1D901574 is a floating-point number assignment, we found that these values are under observation seems relatively large, and is not suitable as a orientation (FIG)
So we continue down analysis, we can see a floating-point at 1D901697 write code, but observed that after shooting interval is written here is 0.0099 (as shown)
continues to look down, we soon found that the function is over, and only one sub-function analysis was not performed (FIG.) before the end of
The function parameters are floating point, we suspect that the jitter function is the function of the window. There are two ways, the first is to continue to analyze the internal function to find the precise code jitter, the second is a direct function of the NOP off, then the same will not shake through the code. We chose the second simple and crude, of course, but also to observe the situation in the stack flat before nop function. A total of seven function function, while the internal function will retn 1C, happens to be balanced, so we talk about seven parameters and CALL are NOP off (Figure)
Then we shoot again, we found the gun very steady, indicating that we modify a success. But when we are moving or jumping, downhill, found that these changes are ineffective, indicating that shooting in different situations through the code is different, in order to make the characters in any situation recoilless rapid fire, we and change the following code (FIG) (FIG)
Then we completed the modification of the AK47, you can try to find other recoilless gun rapid-fire in the same way.
