[Development] CharObject Struct Of Client (Source)

-=DarkSim=- · Apr 12, 2013

Hello all)

Today i release emulation of ObjectStruct for client (it like OBJECTSTRUCT of GS, but for main.exe), with it very simply "decompile" some main moments and create hard customs.

Code:

#pragma pack(push, 1)
struct ObjectItem	//-> Complete (size: 107)
{
/*+0*/		short	ItemID;
/*+2*/		int		Level;
/*+6*/		char	Unknown6;
/*+7*/		char	Unknown7;
/*+8*/		char	Unknown8;
/*+9*/		short	DamageMin;
/*+11*/		short	DamageMax;
/*+13*/		char	Unknown13;
/*+14*/		short	Unknown14;
/*+16*/		short	Unknown16;
/*+18*/		char	Unknown18;
/*+19*/		char	Unknown19;
/*+20*/		short	Unknown20;
/*+22*/		char	Durability;
/*+23*/		char	ExcellentOption;
/*+24*/		char	AncientOption;
/*+25*/		short	ReqStrenght;
/*+27*/		short	ReqDextirity;
/*+29*/		short	ReqEnergy;
/*+31*/		short	ReqVitality;
/*+33*/		short	ReqCommand;
/*+35*/		short	ReqLevel;
/*+37*/		char    SpecialCount;
/*+38*/		WORD	SpecialType[8];
/*+54*/		BYTE	SpecialValue[8];
/*+62*/		int		UniqueID;
/*+66*/		char	Unknown66;
/*+67*/		char 	PosX;
/*+68*/		char 	PosY;
/*+69*/		WORD 	HarmonyType;
/*+71*/		short	HarmonyValue;
/*+73*/		char 	Is380Item;
/*+74*/		char	SocketOption[5];
/*+79*/		char	Unknown79;
/*+80*/		char	SocketSeedIndex[5];
/*+85*/		char	SocketSphereLevel[5];
/*+90*/		char	SocketSet;
BYTE gap01[5];
/*+96*/		char	DurabilityState;
/*+97*/		char 	PeriodItem;
/*+98*/		char 	ExpiredItem;
/*+99*/		int		ExpireDateConvert;
/*+103*/	int		Unknown103;
};
#pragma pack(pop)
// ----------------------------------------------------------------------------------------------

#pragma pack(push, 1)
struct UnknownStruct0
{
	/*+0*/	WORD	Unknown0;//?
	/*+2*/	WORD	Unknown2;//?
	/*+4*/	WORD	Unknown4;//?
	/*+6*/	WORD	Unknown6;
	/*+8*/	WORD	Unknown8;
	/*+10*/	WORD	Unknown10;
	/*+12*/	WORD	Unknown12;//?
	/*+14*/	WORD	Unknown14;
	/*+16*/	WORD	Unknown16;
};
#pragma pack(pop)
// ----------------------------------------------------------------------------------------------

#pragma pack(push, 1)
struct ObjectCharacter	//-> ~InDev (size: 6012) [8128AC4 | 8128AC8]
{
/*+0*/		char	Name[11];
/*+11*/		BYTE	Class;
/*+12*/		BYTE	Unknown12;
/*+13*/		BYTE	Unknown13;
/*+14*/		short	Level;
/*+16*/		DWORD	Experience;
/*+20*/		DWORD	NextExperience;
/*+24*/		short	Strength;
/*+26*/		short	Dexterity;
/*+28*/		short	Vitality;
/*+30*/		short	Energy;
/*+32*/		short	Leadership;
/*+34*/		WORD	Life;
/*+36*/		WORD	Mana;
/*+38*/		WORD	MaxLife;
/*+40*/		WORD	MaxMana;
/*+42*/		WORD	Shield;
/*+44*/		WORD	MaxShield;
/*+46*/		WORD	AttackRate;
/*+48*/		WORD	DefenseRate;
/*+50*/		short	AddStrength;
/*+52*/		short	AddDexterity;
/*+54*/		short	AddVitality;
/*+56*/		short	AddEnergy;
BYTE gap01[4];
/*+62*/		WORD	AddLeadership;	//GS use unsigned value...
/*+64*/		WORD	Stamina;
/*+66*/		WORD	MaxStamina;
/*+68*/		BYTE	ItemSpecialUseFlag;		//Bit decomposit (1, 2, 8)
BYTE UnknownGap;
/*+70*/		WORD	ItemSpecialUseTime[3];	//[ ]
/*+76*/		WORD	AddPoint;	//FruitStat start
/*+78*/		WORD	MaxAddPoint;
/*+80*/		WORD	MinusPoint;
/*+82*/		WORD	MaxMinusPoint;	//FruitStat end
/*+84*/		WORD	AttackSpeed;
/*+86*/		WORD	DamageRate;
/*+88*/		WORD	DamageMin;
/*+90*/		WORD	DamageMax;
/*+92*/		WORD	Unknown92;
/*+94*/		WORD	Unknown94;
/*+96*/		WORD	Unknown96;
BYTE gap02[10];
/*+108*/	WORD	Unknown108;
/*+110*/	WORD	Unknown110;
BYTE gap03[4];
/*+116*/	WORD	LevelPoint;
/*+118*/	BYTE	MagicCount;
/*+119*/	BYTE	Unknown119;
/*+120*/	WORD	pMagicList[650];	//maybe 150?
/*1420*/
BYTE gap04[3252];
/*+4672*/	ObjectItem pEquipment[12];
/*+5956*/	DWORD	MoneyInventory;	//(C4)
/*+5960*/	DWORD	MoneyWarehouse;	//(C4)
BYTE gap05[8];
/*+5972*/	UnknownStruct0 Unknown5972;
BYTE gap06[2];
/*+5992*/	WORD	Unknown5992;
/*+5994*/	WORD	Unknown5994;
BYTE gap07[2];
/*+5998*/	WORD	Unknown5998;
/*+6000*/	WORD	Unknown6000;
/*+6002*/	WORD	Unknown6002;
/*+6004*/	WORD	Unknown6004;
/*+6006*/	WORD	Unknown6006;
/*+6008*/	BYTE	Unknown6008;
/*+6009*/	BYTE	Unknown6009;
/*+6010*/	BYTE	Unknown6010;
/*+6011*/	BYTE	Unknown6011;
};
#pragma pack(pop)
// ----------------------------------------------------------------------------------------------

And again some moments with "Unknown" names and gaps, but it work)

Geting structure adress from OllyDbg

-=DarkSim=- - [Development] CharObject Struct Of Client (Source) - RaGEZONE Forums

7oOkQNo - [Development] CharObject Struct Of Client (Source) - RaGEZONE Forums

- (Inter commands)

- (Go to result)

-

- (Down list)

8128AC4 -> Structure adress

How call to structure from DLL

Code:

ObjectCharacter * pPlayer = &*(ObjectCharacter*)*(DWORD*)0x8128AC4;

How add structure to IDA (HexRoys)

1. Shift + F1
2. Press Insert
3. Paste all code from thread head
4. Go to any function with structure adress

IVw1GRH - [Development] CharObject Struct Of Client (Source) - RaGEZONE Forums

5. Set to he type ObjectCharacter*

uXAvxeF - [Development] CharObject Struct Of Client (Source) - RaGEZONE Forums

QNuGUQq - [Development] CharObject Struct Of Client (Source) - RaGEZONE Forums

6. View in result

Examples:
(

You must be registered to see links

,

You must be registered to see links

)

P.S.:
- Same need set it type to +4 from main structure (0x8128AC8)
- Same u can add type to ItemObject vars:

mSCK1mf - [Development] CharObject Struct Of Client (Source) - RaGEZONE Forums

Credits: Me (DarkSim)

Version: Season 6 Episode 3 GMO (maybe 1.04d+)
On other versions need make research and check all struct positions.

Bad english and etc :laugh:

Good luck to all with it)

boncha · Apr 12, 2013

Re: Character Object Struct Of Client (Source)

great job !!!
DarkSim keep suprizing

zasmqniq · Apr 12, 2013

Re: Character Object Struct Of Client (Source)

wowow thanks you darksim!

laudaicat · Apr 13, 2013

Re: Character Object Struct Of Client (Source)

Here is completely MUItemInfo struct.

PHP:

#pragma pack(push, 1)
struct MUItemInfo
{
  __int16 m_wItemType;
  int m_level;
  char gap_6[2];
  char field_8;
  __int16 m_DamageMin;
  __int16 m_DamageMax;
  char field_D;
  __int16 field_E;
  __int16 field_10;
  char gap_12[1];
  char field_13;
  __int16 field_14;
  char m_nDur;
  char m_exl;
  char m_hion;
  __int16 m_reqStr;
  __int16 m_reqAgi;
  __int16 m_reqEne;
  __int16 m_reqVit;
  __int16 m_reqLead;
  __int16 m_reqLevel;
  char m_SpeciaCount;
  WORD m_SpecialType[8];
  BYTE m_SpecialValue[8];
  int m_nUniqueID;
  char m_nCurrentActiveSlotInfex;
  char m_nPosX;
  char m_nPosY;
  WORD m_JOHType;
  __int16 m_JOHValue;
  char m_isItem380Opt;
  char m_SocketOption[5];
  char field_4F;
  char m_SocketSeedIndex[5];
  char m_SocketSphereLevel[5];
  char m_SocketBound;
  DWORD field_5B;
  char gap_5F[1];
  char m_DurabilityState;
  char m_PeriodItem;
  char m_ExpiredItem;
  int m_ExpireDateConvert;
  int m_nMaybeRefCount;
};
#pragma pack(pop)

-=DarkSim=- · Apr 13, 2013

Re: Character Object Struct Of Client (Source)

laudaicat
- u understand where signed and where unsigned value in manual search of movs in this value?

laudaicat · Apr 13, 2013

Re: Character Object Struct Of Client (Source)

-=DarkSim=- said:
laudaicat
- u understand where signed and where unsigned value in manual search of movs in this value?

I Don't really care about it, it automatic fill. I care 1 bye, 2 bye, 4 byte or custom struct.

-=DarkSim=- · Apr 13, 2013

laudaicat
- automatic?...

boncha · Apr 13, 2013

-=DarkSim=- said:
laudaicat
- automatic?...

darksim : one of the popoler main is 1.03K JPN (mabe "the popluer" main ever).
can you make full Object Struct for this main ?

thanks

-=DarkSim=- · Apr 13, 2013

boncha
- Maybe, if have time.

boncha · Apr 13, 2013

-=DarkSim=- said:
boncha
- Maybe, if have time.

if you can add makecharset decompile source that fit to 1.03K JPN .
thanks mate

podreca · Apr 17, 2013

Good job.
I wonder if you could post the struct of the MuHelper (or MuBot). I would like to add new features to it.

-=DarkSim=- · Oct 17, 2013

podreca
- 1.04.04 GMO:

Code:

#pragma pack(push, 1)
typedef struct
{
BYTE gap01[172];
/*+172*/	DWORD	HuntingRange;
/*+176*/	bool	RecoveryPotionOn;
/*+177*/	BYTE	RecoveryPotionPercent;
/*+178*/	bool	RecoveryHealOn;			//-> CLASS_ELF
/*+179*/	BYTE	RecoveryHealPercent;	//-> CLASS_ELF
/*+180*/	bool	RecoveryDrainOn;		//-> CLASS_SUMMONER
/*+181*/	BYTE	RecoveryDrainPercent;	//-> CLASS_SUMMONER
/*+182*/	bool	DistanceLongOn;
/*+183*/	bool	DistanceReturnOn;
/*+184*/	DWORD	DistanceMin;
/*+188*/	DWORD	SkillBasicID;
/*+192*/	DWORD	SkillSecond1ID;
/*+196*/	BOOL	SkillSecond1DelayOn;
/*+200*/	DWORD	SkillSecond1DelayTime;
/*+204*/	BOOL	SkillSecond1CounterOn;
/*+208*/	int		SkillSecond1CounterPre;
/*+212*/	int		SkillSecond1CounterSub;
/*+216*/	DWORD	SkillSecond2ID;
/*+220*/	BOOL	SkillSecond2DelayOn;
/*+224*/	DWORD	SkillSecond2DelayTime;
/*+228*/	BOOL	SkillSecond2CounterOn;
/*+232*/	int		SkillSecond2CounterPre;
/*+236*/	int		SkillSecond2CounterSub;
/*+240*/	bool	ComboOn;				//-> CLASS_KNIGHT
/*+241*/	bool	PartyModeOn;
/*+242*/	bool	PartyModeHealOn;		//-> CLASS_ELF
/*+243*/	BYTE	PartyModeHealPercent;	//-> CLASS_ELF
/*+244*/	BOOL	PartyModeBuffOn;
/*+248*/	DWORD	PartyModeBuffInterval;
/*+252*/	BOOL	DarkSpiritOn;			//-> CLASS_DARKLORD
/*+256*/	DWORD	DarkSpiritMode;			//-> CLASS_DARKLORD
/*+260*/	BOOL	BuffOn;
/*+264*/	DWORD	BuffSkill[3];
/*+276*/	DWORD	BuffExtra[3];
/*+288*/	DWORD	ObtainRange;
/*+292*/	bool	ObtainRepairOn;
/*+293*/	bool	ObtainPickNear;
/*+294*/	bool	ObtainPickSelected;
/*+295*/	bool	ObtainPickJewels;
/*+296*/	bool	ObtainPickAncient;
/*+297*/	bool	ObtainPickMoney;
/*+298*/	bool	ObtainPickExcellent;
/*+299*/	bool	ObtainPickExtra;
/*+300*/	BYTE	ObtainPickItemList[28][12];
/*+636*/	BYTE	Unknown636;
/*+637*/	BYTE	Unknown637;
/*+638*/	BYTE	Unknown638;
} MUHelper, * lpMUHelper;
#pragma pack(pop)

Class address:

Code:

#define pMUHelperClass			*(int*)0xE8CB7C

Example of use:

Code:

lpMUHelper MUHelper = &*(lpMUHelper)pMUHelperClass;
// ----
MUHelper->ObtainRange			= 1;
MUHelper->ObtainRepairOn			= false;
MUHelper->ObtainPickNear			= false;
MUHelper->ObtainPickSelected		= false;

P.S.: a little late maybe... :laugh:

mauka · Oct 18, 2013

vot tebe ne lenj xD

Eng: Thank you

mirraseq · Nov 4, 2013

Here is my IDA database of 1.03.25 JPN season 5 main with partially decoded ObjectStruct. There are some interesting values like object scale, rotation, current animation, skill effect counters, etc. Hoever this db is not perfect, it's little messy.

You must be registered to see links

-=DarkSim=- · Nov 4, 2013

mirraseq
- recheck db

e8oh10A - [Development] CharObject Struct Of Client (Source) - RaGEZONE Forums

---
UP, fixed)
Thanks, OBJ_STRUCT have wrong form, in true model information have own struct, like:

Code:

#pragma pack(push, 1)
struct ObjectModel_424
{
	float Unknown0;
	float Unknown4;
	float Unknown8;
	float Unknown12;
	float Unknown16;
	float Unknown20;
	float Unknown24;
	float Unknown28;
	float Unknown32;
	float Unknown36;
	float Unknown40;
	float Unknown44;
};
#pragma pack(pop)

#pragma pack(push, 1)
struct ObjectModel	//648?
{
BYTE gap00[4];
/*+4*/		BYTE	Unknown4;
BYTE gap01[4];
/*+9*/		BYTE	Unknown9;
BYTE gap02[5];
/*+15*/		BYTE	Unknown15;
BYTE gap03[2];
/*+18*/		WORD	AnimationID;
/*+20*/		WORD	Unknown20;
/*+22*/		BYTE	Unknown22;
/*+23*/		BYTE	Unknown23;
/*+24*/		BYTE	ObjectType;
BYTE gap04[13];
/*+38*/		WORD	Unknown38;
BYTE gap05[8];
/*+48*/		DWORD	Unknown48;
BYTE gap06[44];
/*+96*/		float	Scale;
BYTE gap07[16];
/*+116*/	float	Unknown116;
BYTE gap08[20];
/*+140*/	float	Unknown140;
/*+144*/	float	Unknown144;
BYTE gap09[56];
/*+204*/	VAngle	Unknown204;
/*+216*/	VAngle	Unknown216;
BYTE gap10[24];
/*+252*/	float	VecPosX;
/*+256*/	float	VecPosY;
/*+260*/	float	VecPosZ;
/*+264*/	float	Unknown264;
/*+268*/	float	Unknown268;
/*+272*/	float	Unknown272;
BYTE gap11[148];
/*+424*/	ObjectModel_424 Unknown424;
BYTE gap12[176];
/*+484*/
};
#pragma pack(pop)

in objectstruct of 1.04.04 GMO main:
/*+776*/ ObjectModel m_Model;

its auto-maked structs in ur db?

VeltonD · Apr 1, 2014

DarkSim how to generate a struct Object Character?

My Main 1.02.40 (1.02N+ CHS)

-=DarkSim=- · Apr 2, 2014

VeltonD
- I make it manually, with olly & ida

netwhw · Apr 9, 2014

-=DarkSim=- said:
VeltonD
- I make it manually, with olly & ida

Yep, there no magic, just plain old hard work ...

henrique1205 · Feb 18, 2017

How can I find the right struct in my main.exe?

0xCCCCCC · Mar 22, 2017

i cant see offset? where is objstructchar?
main 1.04j

Code:

CPU Disasm
Address   Hex dump          Command                                  Comments
00649926  |> \6A 00         PUSH 0                                   ; /TimerFunc = 00000000
00649928  |.  68 204E0000   PUSH 4E20                                ; |Timeout = 20000. ms
0064992D  |.  68 E8030000   PUSH 3E8                                 ; |TimerID = 1000.
00649932  |.  8B15 84EEAF07 MOV EDX,DWORD PTR DS:[7AFEE84]           ; |
00649938  |.  52            PUSH EDX                                 ; |hWnd => NULL
00649939  |.  FF15 C0647500 CALL DWORD PTR DS:[<&USER32.SetTimer>]   ; \USER32.SetTimer
0064993F  |.  6A 00         PUSH 0                                   ; /Arg1 = 0
00649941  |.  E8 1E220F00   CALL 0073BB64                            ; \Main.0073BB64
00649946  |.  83C4 04       ADD ESP,4
00649949  |.  50            PUSH EAX                                 ; /Arg1
0064994A  |.  E8 A1FD0E00   CALL 007396F0                            ; \Main.007396F0
0064994F  |.  83C4 04       ADD ESP,4
00649952  |.  C785 60FFFFFF MOV DWORD PTR SS:[EBP-0A0],0
0064995C  |.  EB 0F         JMP SHORT 0064996D
0064995E  |>  8B85 60FFFFFF /MOV EAX,DWORD PTR SS:[EBP-0A0]
00649964  |.  83C0 01       |ADD EAX,1
00649967  |.  8985 60FFFFFF |MOV DWORD PTR SS:[EBP-0A0],EAX
0064996D  |>  83BD 60FFFFFF |CMP DWORD PTR SS:[EBP-0A0],64
00649974  |.  7D 1C         |JGE SHORT 00649992
00649976  |.  E8 82FD0E00   |CALL 007396FD
0064997B  |.  99            |CDQ
0064997C  |.  B9 68010000   |MOV ECX,168
00649981  |.  F7F9          |IDIV ECX
00649983  |.  8B85 60FFFFFF |MOV EAX,DWORD PTR SS:[EBP-0A0]
00649989  |.  891485 A0ECAF |MOV DWORD PTR DS:[EAX*4+7AFECA0],EDX
00649990  |.^ EB CC         \JMP SHORT 0064995E
00649992  |>  E8 66FD0E00   CALL 007396FD

Welcome!

[Development] CharObject Struct Of Client (Source)

Experienced Elementalist

Attachments

Junior Spellweaver

Elite Diviner

Newbie Spellweaver

Experienced Elementalist

Newbie Spellweaver

Experienced Elementalist

Junior Spellweaver

Experienced Elementalist

Junior Spellweaver

Newbie Spellweaver

Experienced Elementalist

NN - Nord & Noob

Newbie Spellweaver

Experienced Elementalist

Attachments

Junior Spellweaver

Experienced Elementalist

Newbie Spellweaver

Newbie Spellweaver

Junior Spellweaver

About Us

Online statistics

Forum statistics

RaGEZONE Sponsor