Disassembled instructions of the decoding algorithm of Half-Life ################################################################ (source: SWDS.DLL of the retail game version 1.1.1.0) NOTE: when you run the dedicated server and want to debug SWDS.DLL, remember to add 0x5690000 to the offsets that you see in SWDS.DLL For example 0x00D2251C in runtime will be at offset 0x63b251c * Referenced by a CALL at Addresses: |:00D46228 , :00D7A946 , :00D911C7 | :00D224F0 55 push ebp :00D224F1 8BEC mov ebp, esp :00D224F3 51 push ecx :00D224F4 8B450C mov eax, dword ptr [ebp+0C] :00D224F7 24FC and al, FC :00D224F9 99 cdq :00D224FA 83E203 and edx, 00000003 :00D224FD 03C2 add eax, edx :00D224FF C1F802 sar eax, 02 :00D22502 85C0 test eax, eax :00D22504 7E6C jle 00D22572 :00D22506 8B4D10 mov ecx, dword ptr [ebp+10] :00D22509 53 push ebx :00D2250A 8B5D08 mov ebx, dword ptr [ebp+08] :00D2250D 56 push esi :00D2250E 57 push edi :00D2250F 8D7D0C lea edi, dword ptr [ebp+0C] :00D22512 F7D1 not ecx :00D22514 894DFC mov dword ptr [ebp-04], ecx :00D22517 894508 mov dword ptr [ebp+08], eax :00D2251A F7DF neg edi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00D2256D(C) | :00D2251C 8B03 mov eax, dword ptr [ebx] :00D2251E 8B4D10 mov ecx, dword ptr [ebp+10] :00D22521 33C1 xor eax, ecx :00D22523 33C9 xor ecx, ecx :00D22525 89450C mov dword ptr [ebp+0C], eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00D2254D(C) | :00D22528 8D740D0C lea esi, dword ptr [ebp+ecx+0C] :00D2252C 8AC1 mov al, cl :00D2252E D2E0 shl al, cl :00D22530 8D1437 lea edx, dword ptr [edi+esi] :00D22533 83E20F and edx, 0000000F :00D22536 8A92886CDE00 mov dl, byte ptr [edx+00DE6C88] :00D2253C 0AD0 or dl, al :00D2253E 8A06 mov al, byte ptr [esi] :00D22540 0AD1 or dl, cl :00D22542 80CAA5 or dl, A5 :00D22545 32C2 xor al, dl :00D22547 41 inc ecx :00D22548 83F904 cmp ecx, 00000004 :00D2254B 8806 mov byte ptr [esi], al :00D2254D 7CD9 jl 00D22528 :00D2254F 8B450C mov eax, dword ptr [ebp+0C] :00D22552 50 push eax :00D22553 E838CAFFFF call 00D1EF90 :00D22558 8B75FC mov esi, dword ptr [ebp-04] :00D2255B 83C404 add esp, 00000004 :00D2255E 33C6 xor eax, esi :00D22560 8903 mov dword ptr [ebx], eax :00D22562 8B4508 mov eax, dword ptr [ebp+08] :00D22565 83C304 add ebx, 00000004 :00D22568 47 inc edi :00D22569 48 dec eax :00D2256A 894508 mov dword ptr [ebp+08], eax :00D2256D 75AD jne 00D2251C :00D2256F 5F pop edi :00D22570 5E pop esi :00D22571 5B pop ebx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00D22504(C) | :00D22572 8BE5 mov esp, ebp :00D22574 5D pop ebp :00D22575 C3 ret The following is the function called at offset 0x00D22553 It is a simple byteswapping function: :00D1EF90 55 push ebp :00D1EF91 8BEC mov ebp, esp :00D1EF93 8B4D08 mov ecx, dword ptr [ebp+08] :00D1EF96 8BC1 mov eax, ecx :00D1EF98 8BD1 mov edx, ecx :00D1EF9A C1F808 sar eax, 08 :00D1EF9D 81E2FF000000 and edx, 000000FF :00D1EFA3 25FF000000 and eax, 000000FF :00D1EFA8 C1E208 shl edx, 08 :00D1EFAB 03C2 add eax, edx :00D1EFAD 8BD1 mov edx, ecx :00D1EFAF C1FA10 sar edx, 10 :00D1EFB2 C1E008 shl eax, 08 :00D1EFB5 81E2FF000000 and edx, 000000FF :00D1EFBB 03C2 add eax, edx :00D1EFBD C1F918 sar ecx, 18 :00D1EFC0 C1E008 shl eax, 08 :00D1EFC3 81E1FF000000 and ecx, 000000FF :00D1EFC9 03C1 add eax, ecx :00D1EFCB 5D pop ebp :00D1EFCC C3 ret