- Joined
- Feb 17, 2011
- Messages
- 9
- Reaction score
- 0
waa..
Most visitors online was 8830 , on 6 Feb 2024
Fix for the stall gold bug (Confirmed to be Working)
- Thread starter Tyfix
- Start date
Newbie Spellweaver
- Joined
- Mar 21, 2009
- Messages
- 10
- Reaction score
- 0
Can you supply what you did, I nee dit for 2240 also,
Thank you
Dunno know if TyFix said ti will work on 2240's
Newbie Spellweaver
- Joined
- Jan 30, 2011
- Messages
- 28
- Reaction score
- 0
nice guide TY.
- Joined
- Mar 24, 2010
- Messages
- 109
- Reaction score
- 4
look at page 1.. ryllady already post the offset for 2240
Newbie Spellweaver
- Joined
- Jul 21, 2008
- Messages
- 88
- Reaction score
- 0
change it using ollydbg?
- Joined
- Jun 6, 2010
- Messages
- 396
- Reaction score
- 85
no.. change it using Chair or Table 
Junior Spellweaver
- Joined
- Oct 17, 2008
- Messages
- 113
- Reaction score
- 0
bump for usefull topic
- Joined
- Mar 17, 2007
- Messages
- 22
- Reaction score
- 3
- Joined
- Jul 9, 2010
- Messages
- 25
- Reaction score
- 5
If this is for gameserver.exe 2240
and change the following
change to
What i need change at
Code:
0047FED9 MOV EDX,DWORD PTR SS:[ESP+18]
0047FEDD PUSH 1
0047FEDF SUB ESP,8
0047FEE2 MOV EAX,ESP
0047FEE4 MOV DWORD PTR DS:[EAX],EBP
0047FEE6 MOV ECX,EDI
0047FEE8 MOV DWORD PTR DS:[ESI+1C],EDX
0047FEEB MOV BYTE PTR DS:[EAX+4],BL
0047FEEE CALL RylGameS.00428DA0
0047FEF3 TEST AL,AL
0047FEF5 JNZ RylGameS.00480002
0047FEFB MOV DWORD PTR SS:[ESP+30],1
0047FF03 JMP RylGameS.00480002
0047FF08 MOV ECX,DWORD PTR SS:[ESP+22]
0047FF0C PUSH ECXand change the following
Code:
0047FEFB MOV DWORD PTR SS:[ESP+30],1
0047FF03 JMP RylGameS.00480002
0047FF08 MOV ECX,DWORD PTR SS:[ESP+22]
0047FF0C PUSH ECXchange to
Code:
0047FEFB JMP RylGameS.????????
0047FF03 NOP
0047FF08 NOP
0047FF0C NOPWhat i need change at
Code:
0047FEFB JMP RylGameS.[U]????????[/U]
Last edited:
gameserver.exe 2240
0047FED9 MOV EDX,DWORD PTR SS:[ESP+18]
0047FEDD PUSH 1
0047FEDF SUB ESP,8
0047FEE2 MOV EAX,ESP
0047FEE4 MOV DWORD PTR DS:[EAX],EBP
0047FEE6 MOV ECX,EDI
0047FEE8 MOV DWORD PTR DS:[ESI+1C],EDX
0047FEEB MOV BYTE PTR DS:[EAX+4],BL
0047FEEE CALL RylGameS.00428DA0
0047FEF3 TEST AL,AL
0047FEF5 JNZ RylGameS.00480002
0047FEFB JMP RylGameS.0050A1D8
0047FF00 NOP
0047FF01 NOP
0047FF02 NOP
0047FF03 JMP RylGameS.00480002
0050A1D8 MOV DWORD PTR SS:[ESP+30],1
0050A1E0 MOV DWORD PTR DS:[ESI+1C],0
0050A1E7 JMP RylGameS.00480002
0047FED9 MOV EDX,DWORD PTR SS:[ESP+18]
0047FEDD PUSH 1
0047FEDF SUB ESP,8
0047FEE2 MOV EAX,ESP
0047FEE4 MOV DWORD PTR DS:[EAX],EBP
0047FEE6 MOV ECX,EDI
0047FEE8 MOV DWORD PTR DS:[ESI+1C],EDX
0047FEEB MOV BYTE PTR DS:[EAX+4],BL
0047FEEE CALL RylGameS.00428DA0
0047FEF3 TEST AL,AL
0047FEF5 JNZ RylGameS.00480002
0047FEFB JMP RylGameS.0050A1D8
0047FF00 NOP
0047FF01 NOP
0047FF02 NOP
0047FF03 JMP RylGameS.00480002
0050A1D8 MOV DWORD PTR SS:[ESP+30],1
0050A1E0 MOV DWORD PTR DS:[ESI+1C],0
0050A1E7 JMP RylGameS.00480002
Last edited:
0047FED9 MOV EDX,DWORD PTR SS:[ESP+18]
0047FEDD PUSH 1
0047FEDF SUB ESP,8
0047FEE2 MOV EAX,ESP
0047FEE4 MOV DWORD PTR DS:[EAX],EBP
0047FEE6 MOV ECX,EDI
0047FEE8 MOV DWORD PTR DS:[ESI+1C],EDX
0047FEEB MOV BYTE PTR DS:[EAX+4],BL
0047FEEE CALL RylGameS.00428DA0
0047FEF3 TEST AL,AL
0047FEF5 JNZ RylGameS.00480002
0047FEFB JMP RylGameS.0050A1D8
0047FF00 NOP
0047FF01 NOP
0047FF02 NOP
0047FF03 JMP RylGameS.00480002
0050A1D8 MOV DWORD PTR SS:[ESP+30],1
0050A1E0 MOV DWORD PTR DS:[ESI+1C],0
0050A1E7 JMP RylGameS.00480002
is the fix?
0047FEDD PUSH 1
0047FEDF SUB ESP,8
0047FEE2 MOV EAX,ESP
0047FEE4 MOV DWORD PTR DS:[EAX],EBP
0047FEE6 MOV ECX,EDI
0047FEE8 MOV DWORD PTR DS:[ESI+1C],EDX
0047FEEB MOV BYTE PTR DS:[EAX+4],BL
0047FEEE CALL RylGameS.00428DA0
0047FEF3 TEST AL,AL
0047FEF5 JNZ RylGameS.00480002
0047FEFB JMP RylGameS.0050A1D8
0047FF00 NOP
0047FF01 NOP
0047FF02 NOP
0047FF03 JMP RylGameS.00480002
0050A1D8 MOV DWORD PTR SS:[ESP+30],1
0050A1E0 MOV DWORD PTR DS:[ESI+1C],0
0050A1E7 JMP RylGameS.00480002
is the fix?
- Joined
- Jun 16, 2011
- Messages
- 216
- Reaction score
- 16
Hey,
I'm sure most of you have seen the video by now that someone found out how to dupe gold on selling items they setup in a store by swapping items around and putting a high value then selling item to vendor for same price as they put in store.
Was looking around a 1750 server in asm and might have a solution to fix this, please keep in mind that i have not tested this at all so can make no guarantees if it will work or not, but the new code that is inserted will only run if you get the server error up so it will still work as intended on normal operation.
As i said i used a 1750 gameserver so offsets will vary if you are using a different version.
Code:0047D709 MOV EDX,DWORD PTR SS:[ESP+18] 0047D70D PUSH 1 0047D70F SUB ESP,8 0047D712 MOV EAX,ESP 0047D714 MOV DWORD PTR DS:[EAX],EBP 0047D716 MOV ECX,EDI 0047D718 MOV DWORD PTR DS:[ESI+1C],EDX 0047D71B MOV BYTE PTR DS:[EAX+4],BL 0047D71E CALL RylGameS.CCharacter::MoveItem 0047D723 TEST AL,AL 0047D725 JNZ RylGameS.0047D832 0047D72B MOV DWORD PTR SS:[ESP+30],1 0047D733 JMP RylGameS.0047D832
The bug here is that the price is always set on the item even if the item fails to register in stall, we're gonna change that.
To do so you'll need to find a place with some empty code space because we're gonna be adding some code and there isn't room here for this. Usually you'll want to go to the end of the file for the needed space, for 1750 i used the area 005050EE->00505101
Alright enough talking, on with the code, change the following:
NOP out, and replace with a far jump to the available codespace.Code:0047D72B MOV DWORD PTR SS:[ESP+30],1
Code:0047D72B JMP RylGameS.005050EE 0047D730 NOP 0047D731 NOP 0047D732 NOP
Go to your free codespace and write the replacement code:
Code:005050EE MOV DWORD PTR SS:[ESP+30],1 ; Set error to Server Error 005050F6 MOV DWORD PTR DS:[ESI+1C],0 ; Stall Price = 0 005050FD JMP RylGameS.0047D832 ; Return to stall code
And we're done, rightclick->copy to executeable->all modifications (select copy on all) rightclick->backup->save data to file (input a new filename for instance gameserver_.exe)
A little explanation about what this mod does, it will set the stall price as usual but in case the item fails to register in stall it will overwrite the price with 0 and send a server error. As i said previously this is untested so i cannot guarantee it will work but I'm fairly sure it will, and please remember these offsets and combination of registers will only work for 1750 server, other versions WILL vary though be somewhat similar.
Enjoy.
Edit: Just got confirmation from someone that tried this that it does in fact fix the problem, so off you go fix your servers
How about fix stall gold bug in row?
You must be registered to see links
Last edited:
- Joined
- Nov 11, 2009
- Messages
- 308
- Reaction score
- 107
omg omg omg !!!
row file didnt fix that..
how bad...
row file didnt fix that..
how bad...
- Joined
- Dec 25, 2008
- Messages
- 234
- Reaction score
- 81
how how you guys are strange. Open gameserver in olydbg and start debug. Find out command where is gold outside take. Then just trun ower that take. When take out gold will deposit, i to last time that RYL GOW !!! All time only asking help some time is nice when you guys start use own brains !!!
Good luck all who work closed exe files !!!
Good luck all who work closed exe files !!!
- Joined
- Jan 15, 2009
- Messages
- 332
- Reaction score
- 11
Just to be sure : i have a 1700 client.exe (version should be 1753), and im using gameserver.exe 1,57mb. The addres is same of this?
0047D709 MOV EDX,DWORD PTR SS:[ESP+18]
0047D70D PUSH 1
0047D70F SUB ESP,8
0047D712 MOV EAX,ESP
0047D714 MOV DWORD PTR DS:[EAX],EBP
0047D716 MOV ECX,EDI
0047D718 MOV DWORD PTR DS:[ESI+1C],EDX
0047D71B MOV BYTE PTR DS:[EAX+4],BL
0047D71E CALL RylGameS.CCharacter::MoveItem????what value here?
0047D723 TEST AL,AL
0047D725 JNZ RylGameS.0047D832
0047D72B JMP RylGameS.005050EE
0047D730 NOP
0047D731 NOP
0047D732 NOP
0047D733 JMP RylGameS.0047D832
Cause i found these values in this:
0047D5B9 > 8B5424 18 MOV EDX,DWORD PTR SS:[ESP+18]
0047D5BD . 6A 01 PUSH 1
0047D5BF . 83EC 08 SUB ESP,8
0047D5C2 . 8BC4 MOV EAX,ESP ; |
0047D5C4 . 8928 MOV DWORD PTR DS:[EAX],EBP ; |
0047D5C6 . 8BCF MOV ECX,EDI ; |
0047D5C8 . 8956 1C MOV DWORD PTR DS:[ESI+1C],EDX ; |
0047D5CB . 8858 04 MOV BYTE PTR DS:[EAX+4],BL ; |
0047D5CE . E8 1DAEFAFF CALL Map3.004283F0 ; \0047D5D3 . 84C0 TEST AL,AL
0047D5D5 . 0F85 57020000 JNZ Map3.0047D832
0047D5DB . E9 BE840800 JMP Map3.00505A9E
0047D5E0 90 NOP
0047D5E1 90 NOP
0047D5E2 90 NOP
0047D5E3 . E9 4A020000 JMP Map3.0047D832
Check this line:
0047D5D5 . 0F85 57020000 JNZ Map3.0047D832 or this 0047D6E2 ?
0047D6E2 > 8B4424 30 MOV EAX,DWORD PTR SS:[ESP+30] ; Default case of switch 0047D53A
and the other line go to this address:
0047D832 > E9 E4000000 JMP Map1.0047D91B
I made the modificatiosn required, but not sure if is the right place. ^^( i cant test bymyself cause cant make fast the gold bug to try iy = no lag enough to make it.)
0047D709 MOV EDX,DWORD PTR SS:[ESP+18]
0047D70D PUSH 1
0047D70F SUB ESP,8
0047D712 MOV EAX,ESP
0047D714 MOV DWORD PTR DS:[EAX],EBP
0047D716 MOV ECX,EDI
0047D718 MOV DWORD PTR DS:[ESI+1C],EDX
0047D71B MOV BYTE PTR DS:[EAX+4],BL
0047D71E CALL RylGameS.CCharacter::MoveItem????what value here?
0047D723 TEST AL,AL
0047D725 JNZ RylGameS.0047D832
0047D72B JMP RylGameS.005050EE
0047D730 NOP
0047D731 NOP
0047D732 NOP
0047D733 JMP RylGameS.0047D832
Cause i found these values in this:
0047D5B9 > 8B5424 18 MOV EDX,DWORD PTR SS:[ESP+18]
0047D5BD . 6A 01 PUSH 1
0047D5BF . 83EC 08 SUB ESP,8
0047D5C2 . 8BC4 MOV EAX,ESP ; |
0047D5C4 . 8928 MOV DWORD PTR DS:[EAX],EBP ; |
0047D5C6 . 8BCF MOV ECX,EDI ; |
0047D5C8 . 8956 1C MOV DWORD PTR DS:[ESI+1C],EDX ; |
0047D5CB . 8858 04 MOV BYTE PTR DS:[EAX+4],BL ; |
0047D5CE . E8 1DAEFAFF CALL Map3.004283F0 ; \0047D5D3 . 84C0 TEST AL,AL
0047D5D5 . 0F85 57020000 JNZ Map3.0047D832
0047D5DB . E9 BE840800 JMP Map3.00505A9E
0047D5E0 90 NOP
0047D5E1 90 NOP
0047D5E2 90 NOP
0047D5E3 . E9 4A020000 JMP Map3.0047D832
Check this line:
0047D5D5 . 0F85 57020000 JNZ Map3.0047D832 or this 0047D6E2 ?
0047D6E2 > 8B4424 30 MOV EAX,DWORD PTR SS:[ESP+30] ; Default case of switch 0047D53A
and the other line go to this address:
0047D832 > E9 E4000000 JMP Map1.0047D91B
I made the modificatiosn required, but not sure if is the right place. ^^( i cant test bymyself cause cant make fast the gold bug to try iy = no lag enough to make it.)
Last edited:
Initiate Mage
- Joined
- Jun 22, 2012
- Messages
- 3
- Reaction score
- 0
hi,
About above Thing.
I Found The Words Of Call.
But Which One I should Call?
Anyone Please Reply.
Thanks.
About above Thing.
I Found The Words Of Call.
But Which One I should Call?
Anyone Please Reply.
Thanks.
- Joined
- Jan 30, 2010
- Messages
- 26
- Reaction score
- 0
Hey,
I'm sure most of you have seen the video by now that someone found out how to dupe gold on selling items they setup in a store by swapping items around and putting a high value then selling item to vendor for same price as they put in store.
Was looking around a 1750 server in asm and might have a solution to fix this, please keep in mind that i have not tested this at all so can make no guarantees if it will work or not, but the new code that is inserted will only run if you get the server error up so it will still work as intended on normal operation.
As i said i used a 1750 gameserver so offsets will vary if you are using a different version.
Code:0047D709 MOV EDX,DWORD PTR SS:[ESP+18] 0047D70D PUSH 1 0047D70F SUB ESP,8 0047D712 MOV EAX,ESP 0047D714 MOV DWORD PTR DS:[EAX],EBP 0047D716 MOV ECX,EDI 0047D718 MOV DWORD PTR DS:[ESI+1C],EDX 0047D71B MOV BYTE PTR DS:[EAX+4],BL 0047D71E CALL RylGameS.CCharacter::MoveItem 0047D723 TEST AL,AL 0047D725 JNZ RylGameS.0047D832 0047D72B MOV DWORD PTR SS:[ESP+30],1 0047D733 JMP RylGameS.0047D832
The bug here is that the price is always set on the item even if the item fails to register in stall, we're gonna change that.
To do so you'll need to find a place with some empty code space because we're gonna be adding some code and there isn't room here for this. Usually you'll want to go to the end of the file for the needed space, for 1750 i used the area 005050EE->00505101
Alright enough talking, on with the code, change the following:
NOP out, and replace with a far jump to the available codespace.Code:0047D72B MOV DWORD PTR SS:[ESP+30],1
Code:0047D72B JMP RylGameS.005050EE 0047D730 NOP 0047D731 NOP 0047D732 NOP
Go to your free codespace and write the replacement code:
Code:005050EE MOV DWORD PTR SS:[ESP+30],1 ; Set error to Server Error 005050F6 MOV DWORD PTR DS:[ESI+1C],0 ; Stall Price = 0 005050FD JMP RylGameS.0047D832 ; Return to stall code
And we're done, rightclick->copy to executeable->all modifications (select copy on all) rightclick->backup->save data to file (input a new filename for instance gameserver_.exe)
A little explanation about what this mod does, it will set the stall price as usual but in case the item fails to register in stall it will overwrite the price with 0 and send a server error. As i said previously this is untested so i cannot guarantee it will work but I'm fairly sure it will, and please remember these offsets and combination of registers will only work for 1750 server, other versions WILL vary though be somewhat similar.
Enjoy.
Edit: Just got confirmation from someone that tried this that it does in fact fix the problem, so off you go fix your servers
i try copy gold bug stall ingames (Map1) and i see zone12 crash in server.. can explain to me why this happens? help pls... cannot working..
(try server ryl2 v1753)
image 1:
image 2:
image 3:
image 4:
Last edited:
RaGEZONE Sponsor
