.Hi, I try to debugg Deer Hunter 2005 and do something funny (hopefully). I have traced around in the code until I found the position that was called/jumped to when you get a 1-shot-kill (headshot) but I can't manage to find the code that jump there.
When I get a 1-shot-kill OllyDbg break on 005A16F0.
If I right-click I cant pick "go to jump/call from..." and it's not the code above. How do I find the previous code that determied if it was a 1-shot-kill or not?
005A16BA . C2 0800 RETN 8
005A16BD 90 NOP
005A16BE 90 NOP
005A16BF 90 NOP
005A16C0 . 51 PUSH ECX
005A16C1 . D94424 08 FLD DWORD PTR SS:[ESP+8]
005A16C5 . DB5C24 00 FISTP DWORD PTR SS:[ESP]
005A16C9 . 8B4424 00 MOV EAX,DWORD PTR SS:[ESP]
005A16CD . 8B0D 2C365E00 MOV ECX,DWORD PTR DS:[5E362C]
005A16D3 . 8B51 0C MOV EDX,DWORD PTR DS:[ECX+C]
005A16D6 . 50 PUSH EAX
005A16D7 . 68 D4265E00 PUSH DH2005.005E26D4
005A16DC . 52 PUSH EDX
005A16DD . E8 9CA2E7FF CALL <JMP.&Aspen.?Debug@CLog@@QAAXPADZZ>
005A16E2 . B8 01000000 MOV EAX,1
005A16E7 . 83C4 10 ADD ESP,10
005A16EA . C2 0400 RETN 4
005A16ED 90 NOP
005A16EE 90 NOP
005A16EF 90 NOP
005A16F0 . A1 30365E00 MOV EAX,DWORD PTR DS:[5E3630] <------------- Here
005A16F5 . 8B80 F8000000 MOV EAX,DWORD PTR DS:[EAX+F8]
005A16FB . 83EC 0C SUB ESP,0C
005A16FE . 85C0 TEST EAX,EAX
005A1700 . 56 PUSH ESI
005A1701 . 57 PUSH EDI
005A1702 . 74 09 JE SHORT DH2005.005A170D
005A1704 . 83F8 04 CMP EAX,4
005A1707 . 0F85 05010000 JNZ DH2005.005A1812
005A170D > E8 2EEFEAFF CALL DH2005.00450640
005A1712 . 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+18]
005A1716 . 8B5424 1C MOV EDX,DWORD PTR SS:[ESP+1C]
005A171A . 8BF8 MOV EDI,EAX
005A171C . 83EC 08 SUB ESP,8
005A171F . 8BC4 MOV EAX,ESP
005A1721 . 8908 MOV DWORD PTR DS:[EAX],ECX
005A1723 . 8950 04 MOV DWORD PTR DS:[EAX+4],EDX
005A1726 . A1 30365E00 MOV EAX,DWORD PTR DS:[5E3630]
005A172B . 8B88 88000000 MOV ECX,DWORD PTR DS:[EAX+88]
005A1731 . E8 0ABDEAFF CALL DH2005.0044D440
005A1736 . 8BF0 MOV ESI,EAX
005A1738 . 85F6 TEST ESI,ESI
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}