Disassembled instructions of the encoding algorithm of Half-Life ################################################################ (source: SWDS.DLL of the retail game version 1.1.1.0) NOTE: when you run the dedicated server and want to debug SWDS.DLL, remember to add 0x5690000 to the offsets that you see in SWDS.DLL For example 0x00D2251C in runtime will be at offset 0x63b251c * Referenced by a CALL at Addresses: |:00D11A31 , :00D45E55 | :00D22460 55 push ebp :00D22461 8BEC mov ebp, esp :00D22463 51 push ecx :00D22464 8B450C mov eax, dword ptr [ebp+0C] :00D22467 24FC and al, FC :00D22469 99 cdq :00D2246A 83E203 and edx, 00000003 :00D2246D 03C2 add eax, edx :00D2246F C1F802 sar eax, 02 :00D22472 85C0 test eax, eax :00D22474 7E6E jle 00D224E4 :00D22476 8B4D10 mov ecx, dword ptr [ebp+10] :00D22479 53 push ebx :00D2247A 8B5D08 mov ebx, dword ptr [ebp+08] :00D2247D 56 push esi :00D2247E 57 push edi :00D2247F 8D7D0C lea edi, dword ptr [ebp+0C] :00D22482 F7D1 not ecx :00D22484 894DFC mov dword ptr [ebp-04], ecx :00D22487 894508 mov dword ptr [ebp+08], eax :00D2248A F7DF neg edi :00D2248C EB03 jmp 00D22491 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00D224DF(C) | :00D2248E 8B4DFC mov ecx, dword ptr [ebp-04] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00D2248C(U) | :00D22491 8B03 mov eax, dword ptr [ebx] :00D22493 33C1 xor eax, ecx :00D22495 50 push eax :00D22496 E8F5CAFFFF call 00D1EF90 :00D2249B 83C404 add esp, 00000004 :00D2249E 89450C mov dword ptr [ebp+0C], eax :00D224A1 33C9 xor ecx, ecx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00D224C8(C) | :00D224A3 8D740D0C lea esi, dword ptr [ebp+ecx+0C] :00D224A7 8AC1 mov al, cl :00D224A9 D2E0 shl al, cl :00D224AB 8D1437 lea edx, dword ptr [edi+esi] :00D224AE 83E20F and edx, 0000000F :00D224B1 8A92886CDE00 mov dl, byte ptr [edx+00DE6C88] :00D224B7 0AD0 or dl, al :00D224B9 8A06 mov al, byte ptr [esi] :00D224BB 0AD1 or dl, cl :00D224BD 80CAA5 or dl, A5 :00D224C0 32C2 xor al, dl :00D224C2 41 inc ecx :00D224C3 83F904 cmp ecx, 00000004 :00D224C6 8806 mov byte ptr [esi], al :00D224C8 7CD9 jl 00D224A3 :00D224CA 8B450C mov eax, dword ptr [ebp+0C] :00D224CD 8B7510 mov esi, dword ptr [ebp+10] :00D224D0 33C6 xor eax, esi :00D224D2 8903 mov dword ptr [ebx], eax :00D224D4 8B4508 mov eax, dword ptr [ebp+08] :00D224D7 83C304 add ebx, 00000004 :00D224DA 47 inc edi :00D224DB 48 dec eax :00D224DC 894508 mov dword ptr [ebp+08], eax :00D224DF 75AD jne 00D2248E :00D224E1 5F pop edi :00D224E2 5E pop esi :00D224E3 5B pop ebx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00D22474(C) | :00D224E4 8BE5 mov esp, ebp :00D224E6 5D pop ebp :00D224E7 C3 ret The following is the function called at offset 0x00D22496 It is a simple byteswapping function: :00D1EF90 55 push ebp :00D1EF91 8BEC mov ebp, esp :00D1EF93 8B4D08 mov ecx, dword ptr [ebp+08] :00D1EF96 8BC1 mov eax, ecx :00D1EF98 8BD1 mov edx, ecx :00D1EF9A C1F808 sar eax, 08 :00D1EF9D 81E2FF000000 and edx, 000000FF :00D1EFA3 25FF000000 and eax, 000000FF :00D1EFA8 C1E208 shl edx, 08 :00D1EFAB 03C2 add eax, edx :00D1EFAD 8BD1 mov edx, ecx :00D1EFAF C1FA10 sar edx, 10 :00D1EFB2 C1E008 shl eax, 08 :00D1EFB5 81E2FF000000 and edx, 000000FF :00D1EFBB 03C2 add eax, edx :00D1EFBD C1F918 sar ecx, 18 :00D1EFC0 C1E008 shl eax, 08 :00D1EFC3 81E1FF000000 and ecx, 000000FF :00D1EFC9 03C1 add eax, ecx :00D1EFCB 5D pop ebp :00D1EFCC C3 ret