fix EnemyDamageSync crash on Xbox at connect time

2025-10-26 21:06:02 -07:00
parent b39b4197ed
commit 27b5556e4b
3 changed files with 250 additions and 217 deletions
@@ -17,10 +17,140 @@ start:
  call      write_static_patches
  call      write_incr_hp_with_sync
  call      write_6x0A_patch
  call      write_6xE4_handler
  ret
 call_write_call_to_code:
  call      write_call_to_code_multi
  ret
 write_6xE4_handler:
  push      0  # Absolute address, not call opcode
  push      <VERS 0x00537184 0x00537804 0x0053EB24 0x0053BFA4 0x0053B844 0x0053BFA4 0x0053C344>
  push      1
  call      +4
  .deltaof  handle_6xE4, handle_6xE4_end
  pop       eax
  push      dword [eax]
  call      call_write_call_to_code
 handle_6xE4:  # [std] (G_6xE4* cmd @ [esp + 4]) -> void
  push      ebx
  push      esi
  push      edi
  test      byte [<VERS 0x00630590 0x00630BF0 0x00638738 0x00635C20 0x006354B8 0x00635C20 0x00635FB8>], 0x80
  jz        handle_6xE4_return
  mov       ebx, [esp + 0x10]  # cmd
  movzx     eax, word [ebx + 2]
  cmp       eax, 0x1000
  jl        handle_6xE4_return
  cmp       eax, 0x1B50
  jge       handle_6xE4_return
  mov       edi, eax
  mov       eax, <VERS 0x002B36B0 0x002B4180 0x002B5710 0x002B5220 0x002B5400 0x002B5240 0x002B5510>
  call      eax  # TObjEnemy* ene = get_enemy_entity(cmd->header.entity_id);
  push      eax
  movzx     eax, word [ebx + 2]
  and       eax, 0x0FFF
  imul      eax, eax, 0x0C
  add       eax, [<VERS 0x00633068 0x006336C8 0x0063B210 0x006386F8 0x00637F90 0x006386F8 0x00638A90>]  # eax = state_for_enemy(cmd->header.entity_id)
  cmp       dword [ebx + 0x0C], 0
  jl        handle_6xE4_not_proportional
  mov       cx, [ebx + 0x0A]  # cmd->max_hp
  sub       cx, [eax + 0x06]  # st.total_damage
  movzx     ecx, cx
  xor       edx, edx
  cmp       ecx, edx
  cmovl     ecx, edx
  push      ecx
  fild      st0, dword [esp]  # current_hp = static_cast<float>(max<int32_t>(cmd->max_hp - st.total_damage, 0))
  fld       st0, dword [ebx + 0x0C]
  fmulp     st1, st0
  fistp     dword [esp], st0
  mov       ecx, dword [esp]  # adjusted_hit_amount = static_cast<int16_t>(current_hp * cmd->factor)
  add       esp, 4
  xor       edx, edx
  inc       edx
  cmp       ecx, edx
  cmovl     ecx, edx
  mov       [ebx + 0x04], cx  # cmd->hit_amount = min<int32_t>(1, adjusted_hit_amount)
 handle_6xE4_not_proportional:
  movzx     edx, word [eax + 0x06]  # st.total_damage
  movsx     esi, word [ebx + 0x04]  # cmd->hit_amount
  movzx     edi, word [ebx + 0x0A]  # cmd->max_hp
  add       edx, esi  # st.total_damage + cmd->hit_amount
  cmp       edx, edi
  jl        handle_6xE4_damage_less_than_max_hp
  mov       [eax + 0x06], di  # st.total_damage = cmd->max_hp;
  mov       edx, [eax]
  test      edx, 0x800
  jnz       handle_6xE4_return_pop_ene
  or        edx, 0x800
  mov       [eax], edx
  cmp       dword [esp], 0
  je        handle_6xE4_return_pop_ene
  push      edx  # out_cmd.flags
  sub       esp, 8
  mov       word [esp], 0x030A  # out_cmd.header.{subcommand,size}
  mov       si, [ebx + 2]
  mov       [esp + 2], si  # out_cmd.header.entity_id
  and       si, 0x0FFF
  mov       [esp + 4], si  # out_cmd.entity_index
  mov       [esp + 6], di  # out_cmd.total_damage
  mov       ecx, esp
  push      ecx  # For handle_60 later
  mov       ebx, [<VERS 0x0071EEFC 0x0071F55C 0x007270A0 0x0072459C 0x00723E20 0x0072459C 0x00724920>]  # root_protocol
  test      ebx, ebx
  jz        handle_6xE4_root_protocol_missing
  mov       eax, 0x0C
  mov       edx, <VERS 0x002DA120 0x002DACF0 0x002DC5B0 0x002DC080 0x002DC580 0x002DC0B0 0x002DC600>
  call      edx  # send_60(root_protocol, &out_cmd, sizeof(out_cmd))
 handle_6xE4_root_protocol_missing:
  mov       dword [<VERS 0x0071E8C8 0x0071EF28 0x00726A68 0x00723F68 0x007237E8 0x00723F68 0x007242E8>], 1
  mov       eax, <VERS 0x002DBC30 0x002DC7B0 0x002DE070 0x002DDB90 0x002DE090 0x002DDBC0 0x002DE0C0>
  call      eax  # handle_60(&out_cmd)
  mov       dword [<VERS 0x0071E8C8 0x0071EF28 0x00726A68 0x00723F68 0x007237E8 0x00723F68 0x007242E8>], 0
  add       esp, 0x14
  jmp       handle_6xE4_return
 handle_6xE4_damage_less_than_max_hp:
  xor       edi, edi
  cmp       edx, edx
  cmovl     edx, edi
  mov       [eax + 0x06], dx  # st.total_damage = std::max<int16_t>(st.total_damage + cmd->hit_amount, 0);
  mov       esi, eax  # esi = ene_st
  mov       eax, [esp]  # eax = ene
  test      eax, eax
  jz        handle_6xE4_return_pop_ene
  mov       ecx, eax
  push      esi
  mov       edx, [ecx]
  call      [edx + 0x138]  # ene->vtable[0x4E](ene, &st);
 handle_6xE4_return_pop_ene:
  add       esp, 4
 handle_6xE4_return:
  pop       edi
  pop       esi
  pop       ebx
  ret
 handle_6xE4_end:
 write_6x0A_patch:
  push      5
  push      <VERS 0x002B3B55 0x002B4625 0x002B5BB5 0x002B56C5 0x002B58A5 0x002B56E5 0x002B59B5>
@@ -29,7 +159,7 @@ write_6x0A_patch:
  .deltaof  on_6x0A_patch_start, on_6x0A_patch_end
  pop       eax
  push      dword [eax]
-  call      on_6x0A_patch_end
+  call      call_write_call_to_code
 on_6x0A_patch_start:  # (TObjectV004434c8* this @ eax, int16_t amount @ cx) -> bool @ eax
  test      byte [<VERS 0x00630590 0x00630BF0 0x00638738 0x00635C20 0x006354B8 0x00635C20 0x00635FB8>], 0x80
@@ -37,11 +167,7 @@ on_6x0A_patch_start:  # (TObjectV004434c8* this @ eax, int16_t amount @ cx) -> b
  mov       [esp + 0x16], ax
 on_6x0A_patch_skip_write:
  ret
 on_6x0A_patch_end:
  call      write_call_to_code_multi
  ret
  # Write TObjectV004434c8::incr_hp_with_sync
@@ -81,7 +207,7 @@ write_incr_hp_with_sync:
  .deltaof  on_add_or_subtract_hp_start, on_add_or_subtract_hp_end
  pop       eax
  push      dword [eax]
-  call      on_add_or_subtract_hp_end
+  call      call_write_call_to_code
 on_add_or_subtract_hp_start:  # (TObjectV004434c8* this @ eax, int16_t amount @ cx) -> bool @ eax
  # Check if callsite is subtract_hp_if_not_in_state_2
@@ -153,16 +279,15 @@ on_add_or_subtract_hp_skip_send:
  pop       ecx
  pop       eax
  jmp       edx
 on_add_or_subtract_hp_end:
  call      write_call_to_code_multi
  ret
 write_static_patches:
  .include WriteCodeBlocksXB
  .data     <VERS 0x002DB7A0 0x002DC370 0x002DDC30 0x002DD700 0x002DDC00 0x002DD730 0x002DDC80>
  .data     9
 flag_check_start:
@@ -170,123 +295,13 @@ flag_check_start:
  jz        +0x38
 flag_check_end:
  # Replace 6x09 handler with 6xE4
  .data     <VERS 0x00537180 0x00537800 0x0053EB20 0x0053BFA0 0x0053B840 0x0053BFA0 0x0053C340>
-  .data     8
+  .data     4
  .data     0x000600E4  # subcommand=0xE4, flags=6
-  .addrof   handle_6xE4
+  # Handler address written by write_6xE4_handler
  .data     <VERS 0x002DA510 0x002DB0E0 0x002DC9A0 0x002DC470 0x002DC970 0x002DC4A0 0x002DC9F0>
  .deltaof  handle_91_replacement, handle_6xE4_end
  .address  <VERS 0x002DA510 0x002DB0E0 0x002DC9A0 0x002DC470 0x002DC970 0x002DC4A0 0x002DC9F0>
 handle_91_replacement:  # [std] (S_91* cmd @ [esp + 4]) -> void
  ret       4
 handle_6xE4:  # [std] (G_6xE4* cmd @ [esp + 4]) -> void
  push      ebx
  push      esi
  push      edi
  test      byte [<VERS 0x00630590 0x00630BF0 0x00638738 0x00635C20 0x006354B8 0x00635C20 0x00635FB8>], 0x80
  jz        handle_6xE4_return
  mov       ebx, [esp + 0x10]  # cmd
  movzx     eax, word [ebx + 2]
  cmp       eax, 0x1000
  jl        handle_6xE4_return
  cmp       eax, 0x1B50
  jge       handle_6xE4_return
  mov       edi, eax
  call      <VERS 0x002B36B0 0x002B4180 0x002B5710 0x002B5220 0x002B5400 0x002B5240 0x002B5510>  # TObjEnemy* ene = get_enemy_entity(cmd->header.entity_id);
  push      eax
  movzx     eax, word [ebx + 2]
  and       eax, 0x0FFF
  imul      eax, eax, 0x0C
  add       eax, [<VERS 0x00633068 0x006336C8 0x0063B210 0x006386F8 0x00637F90 0x006386F8 0x00638A90>]  # eax = state_for_enemy(cmd->header.entity_id)
  cmp       dword [ebx + 0x0C], 0
  jl        handle_6xE4_not_proportional
  mov       cx, [ebx + 0x0A]  # cmd->max_hp
  sub       cx, [eax + 0x06]  # st.total_damage
  movzx     ecx, cx
  xor       edx, edx
  cmp       ecx, edx
  cmovl     ecx, edx
  push      ecx
  fild      st0, dword [esp]  # current_hp = static_cast<float>(max<int32_t>(cmd->max_hp - st.total_damage, 0))
  fld       st0, dword [ebx + 0x0C]
  fmulp     st1, st0
  fistp     dword [esp], st0
  mov       ecx, dword [esp]  # adjusted_hit_amount = static_cast<int16_t>(current_hp * cmd->factor)
  add       esp, 4
  xor       edx, edx
  inc       edx
  cmp       ecx, edx
  cmovl     ecx, edx
  mov       [ebx + 0x04], cx  # cmd->hit_amount = min<int32_t>(1, adjusted_hit_amount)
 handle_6xE4_not_proportional:
  movzx     edx, word [eax + 0x06]  # st.total_damage
  movsx     esi, word [ebx + 0x04]  # cmd->hit_amount
  movzx     edi, word [ebx + 0x0A]  # cmd->max_hp
  add       edx, esi  # st.total_damage + cmd->hit_amount
  cmp       edx, edi
  jl        handle_6xE4_damage_less_than_max_hp
  mov       [eax + 0x06], di  # st.total_damage = cmd->max_hp;
  mov       edx, [eax]
  test      edx, 0x800
  jnz       handle_6xE4_return_pop_ene
  or        edx, 0x800
  mov       [eax], edx
  cmp       dword [esp], 0
  je        handle_6xE4_return_pop_ene
  push      edx  # out_cmd.flags
  sub       esp, 8
  mov       word [esp], 0x030A  # out_cmd.header.{subcommand,size}
  mov       si, [ebx + 2]
  mov       [esp + 2], si  # out_cmd.header.entity_id
  and       si, 0x0FFF
  mov       [esp + 4], si  # out_cmd.entity_index
  mov       [esp + 6], di  # out_cmd.total_damage
  mov       ecx, esp
  push      ecx  # For handle_60 later
  mov       ebx, [<VERS 0x0071EEFC 0x0071F55C 0x007270A0 0x0072459C 0x00723E20 0x0072459C 0x00724920>]  # root_protocol
  test      ebx, ebx
  jz        handle_6xE4_root_protocol_missing
  mov       eax, 0x0C
  call      <VERS 0x002DA120 0x002DACF0 0x002DC5B0 0x002DC080 0x002DC580 0x002DC0B0 0x002DC600>  # send_60(root_protocol, &out_cmd, sizeof(out_cmd))
 handle_6xE4_root_protocol_missing:
  mov       dword [<VERS 0x0071E8C8 0x0071EF28 0x00726A68 0x00723F68 0x007237E8 0x00723F68 0x007242E8>], 1
  call      <VERS 0x002DBC30 0x002DC7B0 0x002DE070 0x002DDB90 0x002DE090 0x002DDBC0 0x002DE0C0>  # handle_60(&out_cmd)
  mov       dword [<VERS 0x0071E8C8 0x0071EF28 0x00726A68 0x00723F68 0x007237E8 0x00723F68 0x007242E8>], 0
  add       esp, 0x14
  jmp       handle_6xE4_return
 handle_6xE4_damage_less_than_max_hp:
  xor       edi, edi
  cmp       edx, edx
  cmovl     edx, edi
  mov       [eax + 0x06], dx  # st.total_damage = std::max<int16_t>(st.total_damage + cmd->hit_amount, 0);
  mov       esi, eax  # esi = ene_st
  mov       eax, [esp]  # eax = ene
  test      eax, eax
  jz        handle_6xE4_return_pop_ene
  mov       ecx, eax
  push      esi
  mov       edx, [ecx]
  call      [edx + 0x138]  # ene->vtable[0x4E](ene, &st);
 handle_6xE4_return_pop_ene:
  add       esp, 4
 handle_6xE4_return:
  pop       edi
  pop       esi
  pop       ebx
  ret
 handle_6xE4_end:
@@ -12,7 +12,7 @@ write_call_to_code:
  # [esp + 0x18] = code size
  # [esp + 0x1C] = callsite count
  # [esp + 0x20] = callsite address
-  # [esp + 0x24] = callsite size
+  # [esp + 0x24] = callsite size (if zero, write absolute address instead)
  # ... (further callsite address/size pairs)
  # esi = allocated code addr
  # edi = version_info
@@ -55,21 +55,32 @@ next_callsite:
  call      [ecx]  # MmQueryAddressProtect(callsite_addr)
  push      eax
-  push      0x04
+  mov       edx, 4
-  push      dword [esp + ebp + 0x0C]
+  push      edx  # XBOX_PAGE_READWRITE
  mov       ecx, [esp + ebp + 0x0C]  # callsite_size
  test      ecx, ecx
  cmovz     ecx, edx
  push      ecx
  push      dword [esp + ebp + 0x0C]
  mov       ecx, [edi + 0x08]
  call      [ecx]  # MmSetAddressProtect(callsite_addr, callsite_size, XBOX_PAGE_READWRITE)
-  mov       edx, [esp + ebp + 4]  # edx = jump callsite
+  mov       edx, [esp + ebp + 4]  # edx = callsite addr
  mov       eax, [esp + ebp + 8]  # eax = callsite size
  test      eax, eax
  jnz       write_call_opcode_and_nops
 write_address:
  mov       [edx], esi
  jmp       this_callsite_done
 write_call_opcode_and_nops:
  lea       ecx, [esi - 5]
-  sub       ecx, edx  # ecx = (dest code addr) - (jump callsite) - 5
+  sub       ecx, edx  # ecx = (dest code addr) - (callsite addr) - 5
  mov       byte [edx], 0xE8
  mov       [edx + 1], ecx  # Write E8 (call) followed by delta
  # Write as many nops after the call opcode as necessary
  mov       ecx, 5
  mov       eax, [esp + ebp + 8]
 write_nop_again:
  cmp       ecx, eax
  jge       this_callsite_done
@@ -80,7 +91,11 @@ write_nop_again:
 this_callsite_done:
  # Restore the previous protection
  # Previous protection is still on the stack from MmQueryAddressProtect call
-  push      dword [esp + ebp + 8]
+  mov       edx, 4
  mov       ecx, [esp + ebp + 8]
  test      ecx, ecx
  cmovz     ecx, edx
  push      ecx
  push      dword [esp + ebp + 8]
  mov       ecx, [edi + 0x08]
  call      [ecx]  # MmSetAddressProtect(callsite_addr, callsite_size, prev_protection)
@@ -955,8 +955,8 @@ I 34886 2025-07-21 23:45:01 - [Commands] Received from C-3 (Jess Lv.51) @ ip:127
 0000 | B3 00 0C 00 55 45 4F 34 00 00 00 00             |     UEO4
 I 34886 2025-07-21 23:45:01 - [C-3] Version detected as 344F4555
 I 34886 2025-07-21 23:45:22 - [Commands] Sending to C-3 (Jess Lv.51) @ ip:127.0.0.1:54521 (version=XB_V3 command=B2 flag=00)
-0000 | B2 00 28 06 18 06 00 00 00 00 00 00 00 00 00 00 |   (
+0000 | B2 00 58 06 48 06 00 00 00 00 00 00 00 00 00 00 |   X H
-0010 | 7C 01 00 00 51 52 E8 B0 00 00 00 42 4A 4F 34 60 | |   QR     BJO4`
+0010 | 9D 01 00 00 51 52 E8 B0 00 00 00 42 4A 4F 34 60 |     QR     BJO4`
 0020 | D4 43 00 78 05 40 00 7C 05 40 00 F0 63 2C 00 E0 |  C x @ | @  c,
 0030 | 05 63 00 44 4A 4F 34 D0 D7 43 00 18 09 40 00 1C |  c DJO4  C   @
 0040 | 09 40 00 40 6F 2C 00 40 0C 63 00 55 4A 4F 34 E0 |  @ @o, @ c UJO4
@@ -970,90 +970,93 @@ I 34886 2025-07-21 23:45:22 - [Commands] Sending to C-3 (Jess Lv.51) @ ip:127.0.
 00C0 | 60 63 00 00 00 00 00 00 00 00 00 5A 31 C0 83 EA | `c         Z1
 00D0 | 18 83 C2 18 8B 4A 04 85 C9 74 0A 81 39 44 72 65 |      J   t  9Dre
 00E0 | 61 75 EE 89 D0 5A 59 53 55 56 57 89 C7 8B 4C 24 | au   ZYSUVW   L$
-00F0 | 18 8B 57 14 8B 12 FF 57 10 85 C0 74 78 89 C6 8B |   W    W   tx
+00F0 | 18 8B 57 14 8B 12 FF 57 10 85 C0 0F 84 95 00 00 |   W    W
-0100 | 54 24 14 8B 4C 24 18 49 8A 1C 0A 88 1C 0E 85 C9 | T$  L$ I
+0100 | 00 89 C6 8B 54 24 14 8B 4C 24 18 49 8A 1C 0A 88 |     T$  L$ I
-0110 | 75 F5 6A 40 FF 74 24 1C 56 8B 4F 08 FF 11 8B 5C | u j@ t$ V O    \
+0110 | 1C 0E 85 C9 75 F5 6A 40 FF 74 24 1C 56 8B 4F 08 |     u j@ t$ V O
-0120 | 24 1C BD 20 00 00 00 56 8B 4F 0C FF 11 50 6A 04 | $      V O   Pj
+0120 | FF 11 8B 5C 24 1C BD 20 00 00 00 56 8B 4F 0C FF |    \$      V O
-0130 | FF 74 2C 0C FF 74 2C 0C 8B 4F 08 FF 11 8B 54 2C |  t,  t,  O    T,
+0130 | 11 50 BA 04 00 00 00 52 8B 4C 2C 0C 85 C9 0F 44 |  P     R L,    D
-0140 | 04 8D 4E FB 29 D1 C6 02 E8 89 4A 01 B9 05 00 00 |   N )     J
+0140 | CA 51 FF 74 2C 0C 8B 4F 08 FF 11 8B 54 2C 04 8B |  Q t,  O    T,
-0150 | 00 8B 44 2C 08 39 C1 7D 07 C6 04 0A 90 41 EB F5 |   D, 9 }     A
+0150 | 44 2C 08 85 C0 75 04 89 32 EB 1B 8D 4E FB 29 D1 | D,   u  2   N )
-0160 | FF 74 2C 08 FF 74 2C 08 8B 4F 08 FF 11 83 C5 08 |  t,  t,  O
+0160 | C6 02 E8 89 4A 01 B9 05 00 00 00 39 C1 7D 07 C6 |     J      9 }
-0170 | 4B 75 B4 89 E9 8B 3C 24 8B 74 24 04 8B 6C 24 08 | Ku    <$ t$  l$
+0170 | 04 0A 90 41 EB F5 BA 04 00 00 00 8B 4C 2C 08 85 |    A        L,
-0180 | 8B 5C 24 0C 8B 44 24 10 01 CC FF E0 E8 A8 01 00 |  \$  D$
+0180 | C9 0F 44 CA 51 FF 74 2C 08 8B 4F 08 FF 11 83 C5 |   D Q t,  O
-0190 | 00 E8 35 00 00 00 E8 01 00 00 00 C3 6A 05 68 A5 |   5         j h
+0190 | 08 4B 75 97 89 E9 8B 3C 24 8B 74 24 04 8B 6C 24 |  Ku    <$ t$  l$
-01A0 | 58 2B 00 6A 01 E8 04 00 00 00 0F 00 00 00 58 FF | X+ j          X
+01A0 | 08 8B 5C 24 0C 8B 44 24 10 01 CC FF E0 E8 F4 02 |   \$  D$
-01B0 | 30 E8 0F 00 00 00 F6 05 B8 54 63 00 80 75 05 66 | 0        Tc  u f
+01B0 | 00 00 E8 87 01 00 00 E8 59 01 00 00 E8 07 00 00 |         Y
-01C0 | 89 44 24 16 C3 E8 4A FE FF FF C3 6A 05 68 EF 7C |  D$   J    j h |
+01C0 | 00 C3 E8 4D FE FF FF C3 6A 00 68 44 B8 53 00 6A |    M    j hD S j
-01D0 | 2A 00 6A 05 68 AD 9C 2A 00 6A 05 68 1B 85 2A 00 | * j h  * j h  *
+01D0 | 01 E8 04 00 00 00 33 01 00 00 58 FF 30 E8 E0 FF |       3   X 0
-01E0 | 6A 05 68 2D 81 2A 00 6A 05 68 DA 81 2A 00 6A 05 | j h- * j h  * j
+01E0 | FF FF 53 56 57 F6 05 B8 54 63 00 80 0F 84 1F 01 |   SVW   Tc
-01F0 | 68 90 82 2A 00 6A 05 68 89 83 2A 00 6A 05 68 39 | h  * j h  * j h9
+01F0 | 00 00 8B 5C 24 10 0F B7 43 02 3D 00 10 00 00 0F |    \$   C =
-0200 | 88 2A 00 6A 05 68 CC 88 2A 00 6A 05 68 D2 8C 2A |  * j h  * j h  *
+0200 | 8C 0C 01 00 00 3D 50 1B 00 00 0F 8D 01 01 00 00 |      =P
-0210 | 00 6A 05 68 13 8D 2A 00 6A 05 68 E8 92 2A 00 6A |  j h  * j h  * j
+0210 | 89 C7 B8 00 54 2B 00 FF D0 50 0F B7 43 02 25 FF |     T+   P  C %
-0220 | 05 68 77 95 2A 00 6A 05 68 70 96 2A 00 6A 05 68 |  hw * j hp * j h
+0220 | 0F 00 00 6B C0 0C 03 05 90 7F 63 00 83 7B 0C 00 |    k      c  {
-0230 | FF 98 2A 00 6A 0F E8 04 00 00 00 EC 00 00 00 58 |   * j          X
+0230 | 7C 30 66 8B 4B 0A 66 2B 48 06 0F B7 C9 31 D2 39 | |0f K f+H    1 9
-0240 | FF 30 E8 EC 00 00 00 50 51 53 F6 05 B8 54 63 00 |  0     PQS   Tc
+0240 | D1 0F 4C CA 51 DB 04 24 D9 43 0C DE C9 DB 1C 24 |   L Q  $ C     $
-0250 | 80 0F 84 C2 00 00 00 0F B7 50 1C 81 FA 00 10 00 |          P
+0250 | 8B 0C 24 83 C4 04 31 D2 42 39 D1 0F 4C CA 66 89 |   $   1 B9  L f
-0260 | 00 0F 8C B2 00 00 00 81 FA 50 1B 00 00 0F 8D A6 |          P
+0260 | 4B 04 0F B7 50 06 0F BF 73 04 0F B7 7B 0A 01 F2 | K   P   s   {
-0270 | 00 00 00 81 E2 FF 0F 00 00 6B D2 0C 03 15 90 7F |          k
+0270 | 39 FA 7C 7B 66 89 78 06 8B 10 F7 C2 00 08 00 00 | 9 |{f x
-0280 | 63 00 83 EC 10 66 C7 04 24 E4 04 66 8B 58 1C 66 | c    f  $  f X f
+0280 | 0F 85 88 00 00 00 81 CA 00 08 00 00 89 10 83 3C |                <
-0290 | 89 5C 24 02 81 7C 24 1C 20 85 2A 00 75 03 66 F7 |  \$  |$   * u f
+0290 | 24 00 74 7A 52 83 EC 08 66 C7 04 24 0A 03 66 8B | $ tzR   f  $  f
-02A0 | D9 66 89 4C 24 04 66 8B 5A 06 66 89 5C 24 06 66 |  f L$ f Z f \$ f
+02A0 | 73 02 66 89 74 24 02 66 81 E6 FF 0F 66 89 74 24 | s f t$ f    f t$
-02B0 | 8B 98 30 03 00 00 66 89 5C 24 08 66 8B 98 BC 02 |   0   f \$ f
+02B0 | 04 66 89 7C 24 06 89 E1 51 8B 1D 20 3E 72 00 85 |  f |$   Q   >r
-02C0 | 00 00 66 89 5C 24 0A C7 44 24 0C 00 00 80 BF 81 |   f \$  D$
+02C0 | DB 74 0C B8 0C 00 00 00 BA 80 C5 2D 00 FF D2 C7 |  t         -
-02D0 | 7C 24 1C 04 99 2A 00 75 25 66 B9 64 00 66 2B 4C | |$   * u%f d f+L
+02D0 | 05 E8 37 72 00 01 00 00 00 B8 90 E0 2D 00 FF D0 |   7r        -
-02E0 | 24 34 0F BF C9 51 DB 04 24 D8 4C 24 3C C7 04 24 | $4   Q  $ L$<  $
+02E0 | C7 05 E8 37 72 00 00 00 00 00 83 C4 14 EB 22 31 |    7r         "1
-02F0 | 00 00 C8 42 D8 34 24 83 C4 04 D9 5C 24 0C 89 E1 |    B 4$    \$
+02F0 | FF 39 D2 0F 4C D7 66 89 50 06 89 C6 8B 04 24 85 |  9  L f P     $
-0300 | 8B 1D 20 3E 72 00 85 DB 74 0F B8 10 00 00 00 BA |    >r   t
+0300 | C0 74 0B 89 C1 56 8B 11 FF 92 38 01 00 00 83 C4 |  t   V    8
-0310 | 80 C5 2D 00 FF D2 83 C4 10 BA E0 9C 2A 00 B8 10 |   -         *
+0310 | 04 5F 5E 5B C3 6A 05 68 A5 58 2B 00 6A 01 E8 04 |  _^[ j h X+ j
-0320 | 9D 2A 00 81 7C 24 0C 20 85 2A 00 0F 44 D0 5B 59 |  *  |$   *  D [Y
+0320 | 00 00 00 0F 00 00 00 58 FF 30 E8 93 FE FF FF F6 |        X 0
-0330 | 58 FF E2 E8 DC FC FF FF C3 51 52 E8 B0 00 00 00 | X        QR
+0330 | 05 B8 54 63 00 80 75 05 66 89 44 24 16 C3 6A 05 |   Tc  u f D$  j
-0340 | 42 4A 4F 34 60 D4 43 00 78 05 40 00 7C 05 40 00 | BJO4` C x @ | @
+0340 | 68 EF 7C 2A 00 6A 05 68 AD 9C 2A 00 6A 05 68 1B | h |* j h  * j h
-0350 | F0 63 2C 00 E0 05 63 00 44 4A 4F 34 D0 D7 43 00 |  c,   c DJO4  C
+0350 | 85 2A 00 6A 05 68 2D 81 2A 00 6A 05 68 DA 81 2A |  * j h- * j h  *
-0360 | 18 09 40 00 1C 09 40 00 40 6F 2C 00 40 0C 63 00 |   @   @ @o, @ c
+0360 | 00 6A 05 68 90 82 2A 00 6A 05 68 89 83 2A 00 6A |  j h  * j h  * j
-0370 | 55 4A 4F 34 E0 0F 44 00 3C 3E 40 00 40 3E 40 00 | UJO4  D <>@ @>@
+0370 | 05 68 39 88 2A 00 6A 05 68 CC 88 2A 00 6A 05 68 |  h9 * j h  * j h
-0380 | E0 84 2C 00 8C 87 63 00 44 45 4F 34 4C 17 44 00 |   ,   c DEO4L D
+0380 | D2 8C 2A 00 6A 05 68 13 8D 2A 00 6A 05 68 E8 92 |   * j h  * j h
-0390 | 18 45 40 00 1C 45 40 00 30 80 2C 00 74 5C 63 00 |  E@  E@ 0 , t\c
+0390 | 2A 00 6A 05 68 77 95 2A 00 6A 05 68 70 96 2A 00 | * j hw * j hp *
-03A0 | 55 45 4F 34 EC 0F 44 00 3C 3E 40 00 40 3E 40 00 | UEO4  D <>@ @>@
+03A0 | 6A 05 68 FF 98 2A 00 6A 0F E8 04 00 00 00 EC 00 | j h  * j
-03B0 | 10 82 2C 00 0C 55 63 00 44 50 4F 34 68 17 44 00 |   ,  Uc DPO4h D
+03B0 | 00 00 58 FF 30 E8 08 FE FF FF 50 51 53 F6 05 B8 |   X 0     PQS
-03C0 | 38 45 40 00 3C 45 40 00 60 80 2C 00 74 5C 63 00 | 8E@ <E@ ` , t\c
+03C0 | 54 63 00 80 0F 84 C2 00 00 00 0F B7 50 1C 81 FA | Tc          P
-03D0 | 55 50 4F 34 F8 1A 44 00 1C 49 40 00 20 49 40 00 | UPO4  D  I@  I@
+03D0 | 00 10 00 00 0F 8C B2 00 00 00 81 FA 50 1B 00 00 |             P
-03E0 | 30 83 2C 00 0C 60 63 00 00 00 00 00 00 00 00 00 | 0 ,  `c
+03E0 | 0F 8D A6 00 00 00 81 E2 FF 0F 00 00 6B D2 0C 03 |             k
-03F0 | 5A 31 C0 83 EA 18 83 C2 18 8B 4A 04 85 C9 74 0A | Z1        J   t
+03F0 | 15 90 7F 63 00 83 EC 10 66 C7 04 24 E4 04 66 8B |    c    f  $  f
-0400 | 81 39 44 72 65 61 75 EE 89 D0 5A 59 85 C0 75 01 |  9Dreau   ZY  u
+0400 | 58 1C 66 89 5C 24 02 81 7C 24 1C 20 85 2A 00 75 | X f \$  |$   * u
-0410 | C3 56 57 53 89 C7 EB 47 5B 83 7B 04 00 75 09 5B |  VWS   G[ {  u [
+0410 | 03 66 F7 D9 66 89 4C 24 04 66 8B 5A 06 66 89 5C |  f  f L$ f Z f \
-0420 | 5F 5E B8 01 00 00 00 C3 FF 33 8B 4F 0C FF 11 89 | _^       3 O
+0420 | 24 06 66 8B 98 30 03 00 00 66 89 5C 24 08 66 8B | $ f  0   f \$ f
-0430 | C6 6A 04 FF 73 04 FF 33 8B 4F 08 FF 11 31 C9 8B |  j  s  3 O   1
+0430 | 98 BC 02 00 00 66 89 5C 24 0A C7 44 24 0C 00 00 |      f \$  D$
-0440 | 13 8A 44 0B 08 88 04 0A 41 39 4B 04 75 F3 56 FF |   D     A9K u V
+0440 | 80 BF 81 7C 24 1C 04 99 2A 00 75 25 66 B9 64 00 |    |$   * u%f d
-0450 | 73 04 FF 33 8D 5C 0B 08 8B 4F 08 FF 11 EB BA E8 | s  3 \   O
+0450 | 66 2B 4C 24 34 0F BF C9 51 DB 04 24 D8 4C 24 3C | f+L$4   Q  $ L$<
-0460 | B4 FF FF FF 00 DC 2D 00 09 00 00 00 F6 05 B8 54 |       -        T
+0460 | C7 04 24 00 00 C8 42 D8 34 24 83 C4 04 D9 5C 24 |   $   B 4$    \$
-0470 | 63 00 01 74 38 40 B8 53 00 08 00 00 00 E4 00 06 | c  t8@ S
+0470 | 0C 89 E1 8B 1D 20 3E 72 00 85 DB 74 0F B8 10 00 |       >r   t
-0480 | 00 73 C9 2D 00 70 C9 2D 00 30 01 00 00 C2 04 00 |  s - p - 0
+0480 | 00 00 BA 80 C5 2D 00 FF D2 83 C4 10 BA E0 9C 2A |      -         *
-0490 | 53 56 57 F6 05 B8 54 63 00 80 0F 84 19 01 00 00 | SVW   Tc
+0490 | 00 B8 10 9D 2A 00 81 7C 24 0C 20 85 2A 00 0F 44 |     *  |$   *  D
-04A0 | 8B 5C 24 10 0F B7 43 02 3D 00 10 00 00 0F 8C 06 |  \$   C =
+04A0 | D0 5B 59 58 FF E2 51 52 E8 B0 00 00 00 42 4A 4F |  [YX  QR     BJO
-04B0 | 01 00 00 3D 50 1B 00 00 0F 8D FB 00 00 00 89 C7 |    =P
+04B0 | 34 60 D4 43 00 78 05 40 00 7C 05 40 00 F0 63 2C | 4` C x @ | @  c,
-04C0 | E8 58 8A FD FF 50 0F B7 43 02 25 FF 0F 00 00 6B |  X   P  C %    k
+04C0 | 00 E0 05 63 00 44 4A 4F 34 D0 D7 43 00 18 09 40 |    c DJO4  C   @
-04D0 | C0 0C 03 05 90 7F 63 00 83 7B 0C 00 7C 30 66 8B |       c  {  |0f
+04D0 | 00 1C 09 40 00 40 6F 2C 00 40 0C 63 00 55 4A 4F |    @ @o, @ c UJO
-04E0 | 4B 0A 66 2B 48 06 0F B7 C9 31 D2 39 D1 0F 4C CA | K f+H    1 9  L
+04E0 | 34 E0 0F 44 00 3C 3E 40 00 40 3E 40 00 E0 84 2C | 4  D <>@ @>@   ,
-04F0 | 51 DB 04 24 D9 43 0C DE C9 DB 1C 24 8B 0C 24 83 | Q  $ C     $  $
+04F0 | 00 8C 87 63 00 44 45 4F 34 4C 17 44 00 18 45 40 |    c DEO4L D  E@
-0500 | C4 04 31 D2 42 39 D1 0F 4C CA 66 89 4B 04 0F B7 |   1 B9  L f K
+0500 | 00 1C 45 40 00 30 80 2C 00 74 5C 63 00 55 45 4F |   E@ 0 , t\c UEO
-0510 | 50 06 0F BF 73 04 0F B7 7B 0A 01 F2 39 FA 7C 77 | P   s   {   9 |w
+0510 | 34 EC 0F 44 00 3C 3E 40 00 40 3E 40 00 10 82 2C | 4  D <>@ @>@   ,
-0520 | 66 89 78 06 8B 10 F7 C2 00 08 00 00 0F 85 84 00 | f x
+0520 | 00 0C 55 63 00 44 50 4F 34 68 17 44 00 38 45 40 |   Uc DPO4h D 8E@
-0530 | 00 00 81 CA 00 08 00 00 89 10 83 3C 24 00 74 76 |            <$ tv
+0530 | 00 3C 45 40 00 60 80 2C 00 74 5C 63 00 55 50 4F |  <E@ ` , t\c UPO
-0540 | 52 83 EC 08 66 C7 04 24 0A 03 66 8B 73 02 66 89 | R   f  $  f s f
+0540 | 34 F8 1A 44 00 1C 49 40 00 20 49 40 00 30 83 2C | 4  D  I@  I@ 0 ,
-0550 | 74 24 02 66 81 E6 FF 0F 66 89 74 24 04 66 89 7C | t$ f    f t$ f |
+0550 | 00 0C 60 63 00 00 00 00 00 00 00 00 00 5A 31 C0 |   `c         Z1
-0560 | 24 06 89 E1 51 8B 1D 20 3E 72 00 85 DB 74 0A B8 | $   Q   >r   t
+0560 | 83 EA 18 83 C2 18 8B 4A 04 85 C9 74 0A 81 39 44 |        J   t  9D
-0570 | 0C 00 00 00 E8 24 FB FF FF C7 05 E8 37 72 00 01 |      $      7r
+0570 | 72 65 61 75 EE 89 D0 5A 59 85 C0 75 01 C3 56 57 | reau   ZY  u  VW
-0580 | 00 00 00 E8 25 16 00 00 C7 05 E8 37 72 00 00 00 |     %      7r
+0580 | 53 89 C7 EB 47 5B 83 7B 04 00 75 09 5B 5F 5E B8 | S   G[ {  u [_^
-0590 | 00 00 83 C4 14 EB 22 31 FF 39 D2 0F 4C D7 66 89 |       "1 9  L f
+0590 | 01 00 00 00 C3 FF 33 8B 4F 0C FF 11 89 C6 6A 04 |       3 O     j
-05A0 | 50 06 89 C6 8B 04 24 85 C0 74 0B 89 C1 56 8B 11 | P     $  t   V
+05A0 | FF 73 04 FF 33 8B 4F 08 FF 11 31 C9 8B 13 8A 44 |  s  3 O   1    D
-05B0 | FF 92 38 01 00 00 83 C4 04 5F 5E 5B C3 A0 9C 2A |   8      _^[   *
+05B0 | 0B 08 88 04 0A 41 39 4B 04 75 F3 56 FF 73 04 FF |      A9K u V s
-05C0 | 00 13 00 00 00 66 83 B8 28 03 00 00 02 75 03 31 |      f  (    u 1
+05C0 | 33 8D 5C 0B 08 8B 4F 08 FF 11 EB BA E8 B4 FF FF | 3 \   O
-05D0 | C0 C3 E8 FF FF FF FF C3 EA 7C 2A 00 1A 00 00 00 |          |*
+05D0 | FF 00 DC 2D 00 09 00 00 00 F6 05 B8 54 63 00 01 |    -        Tc
-05E0 | 66 89 C1 89 F8 E8 FF FF FF FF EB 0E CC CC CC CC | f
+05E0 | 74 38 40 B8 53 00 04 00 00 00 E4 00 06 00 A0 9C | t8@ S
-05F0 | CC CC CC CC CC CC CC CC CC CC 00 00 00 00 00 00 |
+05F0 | 2A 00 13 00 00 00 66 83 B8 28 03 00 00 02 75 03 | *     f  (    u
-0600 | 00 00 00 00 00 00 00 00 F4 05 00 00 01 00 00 00 |
+0600 | 31 C0 C3 E8 FF FF FF FF C3 EA 7C 2A 00 1A 00 00 | 1         |*
-0610 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
+0610 | 00 66 89 C1 89 F8 E8 FF FF FF FF EB 0E CC CC CC |  f
-0620 | 00 00 00 00 00 00 00 00                         |
+0620 | CC CC CC CC CC CC CC CC CC CC CC 00 00 00 00 00 |
 0630 | 00 00 00 00 00 00 00 00 24 06 00 00 01 00 00 00 |         $
 0640 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
 0650 | 00 00 00 00 00 00 00 00                         |
 I 34886 2025-07-21 23:45:24 - [Commands] Received from C-3 (Jess Lv.51) @ ip:127.0.0.1:54521 (version=XB_V3 command=B3 flag=00)
 0000 | B3 00 0C 00 46 25 E8 00 00 00 00 00             |     F%
 I 34886 2025-07-21 23:45:25 - [Commands] Received from C-3 (Jess Lv.51) @ ip:127.0.0.1:54521 (version=XB_V3 command=60 flag=00)