Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Fix for the stall gold bug (Confirmed to be Working)

MorbidA
Member
Joined
May 28, 2006
Messages
247
Reaction score
32
Hey,

I'm sure most of you have seen the video by now that someone found out how to dupe gold on selling items they setup in a store by swapping items around and putting a high value then selling item to vendor for same price as they put in store.

Was looking around a 1750 server in asm and might have a solution to fix this, please keep in mind that i have not tested this at all so can make no guarantees if it will work or not, but the new code that is inserted will only run if you get the server error up so it will still work as intended on normal operation.

As i said i used a 1750 gameserver so offsets will vary if you are using a different version.

Code:
0047D709 MOV EDX,DWORD PTR SS:[ESP+18]
0047D70D PUSH 1
0047D70F SUB ESP,8
0047D712 MOV EAX,ESP
0047D714 MOV DWORD PTR DS:[EAX],EBP
0047D716 MOV ECX,EDI
0047D718 MOV DWORD PTR DS:[ESI+1C],EDX
0047D71B MOV BYTE PTR DS:[EAX+4],BL
0047D71E CALL RylGameS.CCharacter::MoveItem
0047D723 TEST AL,AL
0047D725 JNZ RylGameS.0047D832
0047D72B MOV DWORD PTR SS:[ESP+30],1
0047D733 JMP RylGameS.0047D832

The bug here is that the price is always set on the item even if the item fails to register in stall, we're gonna change that.

To do so you'll need to find a place with some empty code space because we're gonna be adding some code and there isn't room here for this. Usually you'll want to go to the end of the file for the needed space, for 1750 i used the area 005050EE->00505101

Alright enough talking, on with the code, change the following:

Code:
0047D72B MOV DWORD PTR SS:[ESP+30],1
NOP out, and replace with a far jump to the available codespace.
Code:
0047D72B JMP RylGameS.005050EE
0047D730 NOP
0047D731 NOP
0047D732 NOP

Go to your free codespace and write the replacement code:
Code:
005050EE MOV DWORD PTR SS:[ESP+30],1 ; Set error to Server Error
005050F6 MOV DWORD PTR DS:[ESI+1C],0 ; Stall Price = 0
005050FD JMP RylGameS.0047D832       ; Return to stall code

And we're done, rightclick->copy to executeable->all modifications (select copy on all) rightclick->backup->save data to file (input a new filename for instance gameserver_.exe)

A little explanation about what this mod does, it will set the stall price as usual but in case the item fails to register in stall it will overwrite the price with 0 and send a server error. As i said previously this is untested so i cannot guarantee it will work but I'm fairly sure it will, and please remember these offsets and combination of registers will only work for 1750 server, other versions WILL vary though be somewhat similar.

Enjoy.

Edit: Just got confirmation from someone that tried this that it does in fact fix the problem, so off you go fix your servers ;)
 
Last edited:
Banned
Banned
Joined
Jan 21, 2009
Messages
58
Reaction score
4
Thanks for the tut, can you do it to version 557 please? its the more usable version for ryl1 and its so needed to online servers.

im waiting for your reply
 
MorbidA
Member
Joined
May 28, 2006
Messages
247
Reaction score
32
RYL1 600 Server:

Code:
0048961A MOV EAX,DWORD PTR SS:[ESP+14]
0048961E SUB ESP,8
00489621 MOV ECX,ESP
00489623 MOV DWORD PTR DS:[ECX],EDI
00489625 MOV BYTE PTR DS:[ECX+4],BL
00489628 MOV ECX,EBP
0048962A MOV DWORD PTR DS:[ESI+1C],EAX
0048962D CALL RylGameS.CCharacter::MoveItem
00489632 TEST AL,AL
00489634 JNZ SHORT RylGameS.0048963E
00489636 MOV DWORD PTR SS:[ESP+2C],1
0048963E MOV EDX,DWORD PTR SS:[ESP+2C]

Change the following:

Code:
00489636 MOV DWORD PTR SS:[ESP+2C],1
NOP out, and replace with a far jump to the available codespace.
Code:
00489636 JMP 004D40F7
0048963B NOP
0048963C NOP
0048963D NOP

Go to your free codespace and write the replacement code:
Code:
004D40F7 MOV DWORD PTR SS:[ESP+2C],1
004D40FF MOV DWORD PTR DS:[ESI+1C],0
004D4106 JMP 0048963E

In case you're not that comfortable with asm edits and want to do this mod as hex search/replace find/replace the following:

Find:
C744242C010000008B54242C
Replace with:
E9BCAA04009090908B54242C

Find:
E9B3AAFFFF000000000000000000000000000000000000000000
Replace with:
E9B3AAFFFF00C744242C01000000C7461C00000000E93355FBFF
 
Last edited:
Junior Spellweaver
Joined
Jun 25, 2005
Messages
135
Reaction score
40
I would like to get feedback (especially from RYL1 users) if they have some odd zone crashes after this modification...i noticed some unusual zone crashes after applied this and it seems to be related something to "RemoveItem" function.

As i havent done any other server update recently, i assume its possibly side effect of this modification...maybe some ppl trying to do gold bug and they getting things bugged that it crashes zone...
 
MorbidA
Member
Joined
May 28, 2006
Messages
247
Reaction score
32
Anything is possible, but highly unlikely this would lead to any crashes if you applied it correctly, as essentially it does the exact same thing as would normally be done when you remove an item from a stall as the owner and nothing else. It doesn't even do anything at all with the RemoveItem function.
 
Last edited:
Initiate Mage
Joined
Apr 20, 2007
Messages
49
Reaction score
1
my server zone crash but
not itst ok after restart
i dont know what happen
myb some one try to do gold bug
anyway thnks tyfix and arpa for the 600
 
Initiate Mage
Joined
Jul 19, 2005
Messages
97
Reaction score
3
another way should be disallowing player sell item to any NPC.
 
Junior Spellweaver
Joined
Oct 17, 2008
Messages
113
Reaction score
0
Thanks for the tut, Bro Tyfix can you do it to ROW version 1010 please? its the more usable version for ROW and its so needed to online servers.
 
MorbidA
Member
Joined
May 28, 2006
Messages
247
Reaction score
32
The bug doesn't work on row to begin with.
 
Back
Top