- Joined
- Apr 9, 2012
- Messages
- 2,359
- Reaction score
- 442
introduction :
some people always saying client packet is newer than the zone in 2232, that is what cause auction house/unmanned trade not working, (you got crash when registering item to it)
after a lot of working, finally i figure it out what does it mean,
the problem is when zone 2232 send this packet :
the client is reading the packet as this struct :
see the red part, that is the new unknown packet/data
hence, when zone send the packet without Unknown data, the Client reading packet in wrong order, as for my test, the crash problem come because it read wrong itemserial and looking for it, but can't find the item, when it's being accessed, boom, client crash because access violation,
here's the explanation :
client offset what is in the [] is struct offset :
Unknown[0] (1 byte size/char/BYTE)
witemserial[1][2] (2 byte size/__int16)
unsigned int dwRegistSerial[3][4][5][6] (4 byte size/unsigned int)
what server sent :
witemserial[0][1] (2 byte size/__int16)
unsigned int dwRegistSerial[2][3][4][5] (4 byte size/unsigned int)
in 223 the unknown is not present in the server and in the client, hence it read witemserial correctly,
but in 2232 the unknown data is not present in zone but it's there in client struct,
so when 2232 client trying to read witemserial which started in offset [1], instead of reading witemserial[1][2]
it read half of witemserial[0][1] and 1/4 of dwRegistSerial[2]
so the data is messed up,
what you need to fix it is, simply make the new struct, copy the data from old struct, to new struct, fill the unknown value (you need to figure it out yourself what is the value of unknown)
then send new packet instead of the old packet,
this can be done using module, this won't fix everything, but you won't get any crash anymore after registering for example : acceleon with price of 2.000.000.000
and relog, you won't crash anymore, but you will find more problem afterward :
i suggest you to debug your client :
i use RF_Online.bin from base dir if i'm not wrong, the bin with 8mb size,
run your client, attach ida pro local windows debug, and run, when it crash, ida pro will give messagebox containt where the address that cause crash, afterward it's simply checking :
once you know where zone packet analysis function and it's packet send function, everything will be much easier,
a lot of reading, etc
i believe that this won't solve auction house right away, but it will solve crash problem, the auction house will work, but not so sure if it's not come with more problem :
any question is fine :
if you can't understand what i'm saying, simply learn ida pro and C++?
i find how powerful ida pro from this experience :
some people always saying client packet is newer than the zone in 2232, that is what cause auction house/unmanned trade not working, (you got crash when registering item to it)
after a lot of working, finally i figure it out what does it mean,
the problem is when zone 2232 send this packet :
Code:
struct _unmannedtrader_Regist_item_inform_zocl
{
struct __list
{
unsigned __int16 wItemSerial;
unsigned int dwRegistSerial;
unsigned int dwPrice;
unsigned int dwLeftSec;
unsigned int dwListIndex;
};
char byNum;
__list List[10];
};
the client is reading the packet as this struct :
Code:
struct _unmannedtrader_Regist_item_inform_zocl
{
struct __list
{
[COLOR=#ff0000]char Unknown;[/COLOR]
unsigned __int16 wItemSerial;
unsigned int dwRegistSerial;
unsigned int dwPrice;
unsigned int dwLeftSec;
unsigned int dwListIndex;
};
char byNum;
__list List[10];
};
hence, when zone send the packet without Unknown data, the Client reading packet in wrong order, as for my test, the crash problem come because it read wrong itemserial and looking for it, but can't find the item, when it's being accessed, boom, client crash because access violation,
here's the explanation :
client offset what is in the [] is struct offset :
Unknown[0] (1 byte size/char/BYTE)
witemserial[1][2] (2 byte size/__int16)
unsigned int dwRegistSerial[3][4][5][6] (4 byte size/unsigned int)
what server sent :
witemserial[0][1] (2 byte size/__int16)
unsigned int dwRegistSerial[2][3][4][5] (4 byte size/unsigned int)
in 223 the unknown is not present in the server and in the client, hence it read witemserial correctly,
but in 2232 the unknown data is not present in zone but it's there in client struct,
so when 2232 client trying to read witemserial which started in offset [1], instead of reading witemserial[1][2]
it read half of witemserial[0][1] and 1/4 of dwRegistSerial[2]
so the data is messed up,
what you need to fix it is, simply make the new struct, copy the data from old struct, to new struct, fill the unknown value (you need to figure it out yourself what is the value of unknown)
then send new packet instead of the old packet,
this can be done using module, this won't fix everything, but you won't get any crash anymore after registering for example : acceleon with price of 2.000.000.000
and relog, you won't crash anymore, but you will find more problem afterward :
i suggest you to debug your client :
i use RF_Online.bin from base dir if i'm not wrong, the bin with 8mb size,
run your client, attach ida pro local windows debug, and run, when it crash, ida pro will give messagebox containt where the address that cause crash, afterward it's simply checking :
once you know where zone packet analysis function and it's packet send function, everything will be much easier,
a lot of reading, etc
i believe that this won't solve auction house right away, but it will solve crash problem, the auction house will work, but not so sure if it's not come with more problem :
any question is fine :
if you can't understand what i'm saying, simply learn ida pro and C++?
i find how powerful ida pro from this experience :
Last edited: