kPT Server 2477

[oracl3]

using this server have bug when using the drop portion of hair on the floor.

how to fix?


All of this happens in the server executable.

That's the comparison of the object type with the hair potion (A, B, C) type (080B):


Code:
0057020E |. C743 7C 00000 MOV DWORD PTR DS:[EBX+7C],0
00570215 |> 8B4B 4C MOV ECX,DWORD PTR DS:[EBX+4C]
00570218 |. 81E1 0000FFFF AND ECX,FFFF0000
0057021E |. 81F9 00000B08 CMP ECX,080B0000
00570224 75 41 JNE SHORT 00570267





You need to add the premium item type (080C) to the procedure to include hair pots D and after. This will prevent potions and some of the premium items from appearing on the floor after use.


It can be done like this (my extra code is located at 08B65200):
- Replacing CMP with a JMP to our new code:


Code:
0057021E E9 DD4F5F08 JMP 08B60072
00570223 90 NOP





- The new code:

Code:
08B60072 81F9 00000B08 CMP ECX,080B0000
08B60074 ^ 0F84 1AB0A0F7 JE 00570226
08B60076 81F9 00000C08 CMP ECX,080C0000
08B60078 ^ E9 0DB0A0F7 JMP 00570224





I'm not detailling the extra code, it should be pretty easy to understand.

 

[Tolrok]

Always possible. It's only when new features are added edits are needed. Unless they change the protocol again, but KPT haven't done that since circa 2006. XD

Yes, but you can check here:

You must be registered to see links

or will be I understand wrong? hugs tt1:

 

[oracl3]

fix friendly crystal


To make crystal monsters friendly, we need to do 2 things:
- Add a flag to know its crystal monster (at ESI+47AC)
- Add comparison case to make the crystals friendly

When you click on a crystal, it's added to the monster stack. Here's the piece of code we're interested in :

OllyDbg - Server side

0055E52E |> \837C24 1C 09 CMP DWORD PTR SS:[LOCAL.204],9
0055E533 |. 75 0C JNE SHORT 0055E541
0055E535 |. 8B95 48010000 MOV EDX,DWORD PTR SS:[EBP+148]
0055E53B |. 8996 30390000 MOV DWORD PTR DS:[ESI+3930],EDX
0055E541 |> 33C0 XOR EAX,EAX

Apparently there's a special case for if a value is equal to 9. Don't really know what it is I haven't tested.
It's where we are going to add the flag (as usual, too lazy to comment the code).
There's not enough space to put the new code, so we're going to jump. In my example, the new code will be at the offset 08B60000 (it's in the GFantasy section) :

OllyDbg - Server side

0055E52E |> \837C24 1C 09 CMP DWORD PTR SS:[LOCAL.204],9
0055E533 \. E9 C81A6208 JMP 08B60000
0055E538 90 NOP
0055E539 90 NOP
0055E53A 90 NOP
0055E53B 90 NOP
0055E53C 90 NOP
0055E53D 90 NOP
0055E53E 90 NOP
0055E53F 90 NOP
0055E540 /. 90 NOP
0055E541 |> 33C0 XOR EAX,EAX

And the new code :

08B60000 75 0E JNZ SHORT server24.08B60010
08B60002 8B95 48010000 MOV EDX,DWORD PTR SS:[EBP+148]
08B60008 8996 30390000 MOV DWORD PTR DS:[ESI+3930],EDX
08B6000E EB 0A JMP SHORT server24.08B6001A
08B60010 C786 AC470000 01>MOV DWORD PTR DS:[ESI+47AC],1
08B6001A -E9 22E59FF7 JMP server24.0055E541















Now that our flag is set, we need to use it.
Here's the piece of code we're interested in (it's in a procedure computing which monster attacks which one) :

OllyDbg - Server side

005615D7 |. 33D2 XOR EDX,EDX
005615D9 |> 85C9 TEST ECX,ECX
005615DB |. 74 24 JE SHORT 00561601
005615DD |. 8B85 CC470000 MOV EAX,DWORD PTR SS:[EBP+47CC]
005615E3 |. 85C0 TEST EAX,EAX
005615E5 |. 75 18 JNE SHORT 005615FF
005615E7 |. 8B85 F8460000 MOV EAX,DWORD PTR SS:[EBP+46F8]
005615ED |. 85C0 TEST EAX,EAX
005615EF |. 74 10 JE SHORT 00561601
005615F1 |. 8B8E E4460000 MOV ECX,DWORD PTR DS:[ESI+46E4]
005615F7 |. 3B81 706C0000 CMP EAX,DWORD PTR DS:[ECX+6C70]
005615FD |. 74 02 JE SHORT 00561601
005615FF |> 33D2 XOR EDX,EDX
00561601 |> 3BB5 00470000 CMP ESI,DWORD PTR SS:[EBP+4700]
00561607 |. 0F84 9A000000 JE 005616A7


Two things here :

- Clearing EDX at offset 005615FF makes the monsters not attack each other’s
- With crystal monsters ECX is always empty and the first JE is always taken, skipping offset 005615FF.
We're going to add our test before TEST ECX,ECX.

As usual, no space. We're going to jump to offset 08B60025 :

005615D7 . 33D2 XOR EDX,EDX
005615D9 >-E9 47EA5F08 JMP server24.08B60025
005615DE 90 NOP
005615DF 90 NOP
005615E0 90 NOP
005615E1 90 NOP
005615E2 90 NOP
005615E3 90 NOP
005615E4 90 NOP
005615E5 90 NOP
005615E6 90 NOP
005615E7 90 NOP
005615E8 90 NOP
005615E9 90 NOP
005615EA 90 NOP
005615EB 90 NOP
005615EC 90 NOP
005615ED 90 NOP
005615EE 90 NOP
005615EF 90 NOP
005615F0 90 NOP
005615F1 90 NOP
005615F2 90 NOP
005615F3 90 NOP
005615F4 90 NOP
005615F5 90 NOP
005615F6 90 NOP
005615F7 90 NOP
005615F8 90 NOP
005615F9 90 NOP
005615FA 90 NOP
005615FB 90 NOP
005615FC 90 NOP
005615FD 90 NOP
005615FE 90 NOP
005615FF 90 NOP
00561600 90 NOP
00561601 90 NOP
00561602 90 NOP
00561603 90 NOP
00561604 90 NOP
00561605 90 NOP
00561606 90 NOP
00561607 . 0F84 9A000000 JE server24.005616A7

And the new code :

OllyDbg - Server side

08B60025 8B86 AC470000 MOV EAX,DWORD PTR DS:[ESI+47AC]
08B6002B 85C0 TEST EAX,EAX
08B6002D 74 32 JE SHORT server24.08B60061
08B6002F 8B85 AC470000 MOV EAX,DWORD PTR SS:[EBP+47AC]
08B60035 85C0 TEST EAX,EAX
08B60037 75 26 JNZ SHORT server24.08B6005F
08B60039 85C9 TEST ECX,ECX
08B6003B 74 24 JE SHORT server24.08B60061
08B6003D 8B85 CC470000 MOV EAX,DWORD PTR SS:[EBP+47CC]
08B60043 85C0 TEST EAX,EAX
08B60045 75 18 JNZ SHORT server24.08B6005F
08B60047 8B85 F8460000 MOV EAX,DWORD PTR SS:[EBP+46F8]
08B6004D 85C0 TEST EAX,EAX
08B6004F 74 10 JE SHORT server24.08B60061
08B60051 8B8E E4460000 MOV ECX,DWORD PTR DS:[ESI+46E4]
08B60057 3B81 706C0000 CMP EAX,DWORD PTR DS:[ECX+6C70]
08B6005D 74 02 JE SHORT server24.08B60061
08B6005F 33D2 XOR EDX,EDX
08B60061 3BB5 00470000 CMP ESI,DWORD PTR SS:[EBP+4700]
08B60067 -E9 9B15A0F7 JMP server24.00561607

Your monster crystals are now friendly .
They don't attack each other’s, but they still attack pets and normal monsters.

Server2477.

I will launch a new version in brief,thank you all.

AGING FAILURE

+11 = 20%
+12 = 25%
+13 = 30%
+14 = 35%
+15 = 40%
+16 = 45%
+17 = 50%
+18 = 55%
+19 = 60%
+20 = 65%

to +10 not has failure!

I need help to change aging success values.

based on information gregoo

Hexadecimal - Server side

002DA980 00 00 00 00 0A 00 00 00 14 00 00 00 28 00 00 00 ............(...
002DA990 32 00 00 00 3C 00 00 00 46 00 00 00 50 00 00 00 2...<...F...P...
002DA9A0 5A 00 00 00 5A 00 00 00 5A 00 00 00 5A 00 00 00 Z...Z...Z...Z...
002DA9B0 5A 00 00 00 5A 00 00 00 5A 00 00 00 5A 00 00 00 Z...Z...Z...Z...
002DA9C0 5A 00 00 00 5A 00 00 00 Z...Z...

made the necessary changes so that no breakage occurs above +16 item, it stays even after changes have occurred to break the item above +16

AGING FAILURE

+11 = 20% = 14
+12 = 25% = 19
+13 = 30% = 1E
+14 = 35% = 23
+15 = 40% = 28
+16 = 45% = 2D
+17 = 50% = 32
+18 = 55% = 37
+19 = 60% = 3C
+20 = 65% = 41

I can not find this combination in hex

14000000190000001E00000023000000280000002D00000032000000370000003C

how to fix?

To change level limit change here:



and here:



Change 6E for what you want. Ex: 8c (140), 0A0 (160), 0F0 (240)


tt1:

I can not do is change in

005719FB 83BB C8000000 6E CMP DWORD PTR DS:[EBX+C8],6E

how to fix?





I can make the change to level 120 and level 127 and that after making the move to level 127 in game only works up to level 121

XPHex.txt have to apply within the executable from the server?

I use Xpx creator?

which offset use?

found the following related offset level

I'll try to make the change to XP hex level 150 and then try to change the parameter for the level 150

005719FB 83BB C8000000 6E CMP DWORD PTR DS:[EBX+C8],96


XPHex lvl 150

0000000000000000
00000000000003E8
00000000000009C4
0000000000001388
000000000000251C
00000000000042CC
00000000000074E5
000000000000C90F
00000000000155CC
00000000000222E1
0000000000033F41
000000000004AD02
0000000000065BEE
0000000000083408
00000000000A410A
00000000000CB70D
00000000000FA3B6
0000000000131487
000000000017200D
00000000001BD7BE
0000000000214CC7
0000000000278F70
00000000002EAE60
000000000036CDBE
00000000004002BD
00000000004A6164
000000000055FBD9
000000000062E1A0
0000000000711EC9
000000000080D80F
0000000000921BEC
0000000000A51A6F
0000000000BA1245
0000000000D124EB
0000000000EAA8E9
000000000106D1A9
000000000126182E
000000000148CC2F
00000000016F4454
000000000199DEB0
0000000001C90142
0000000001FD1A7D
000000000236A1D5
0000000002761850
0000000002BB67C9
000000000308570B
00000000035DBCC7
0000000003BC874E
000000000425BF26
00000000049A89EF
00000000051D5B4B
0000000005AEB1F8
0000000006502A97
0000000007038F93
0000000007CADE3B
0000000008A94BBE
0000000009A0863D
000000000AB3519F
000000000BE4C0BD
000000000D383E2A
000000000EB3472D
000000001058C3E2
00000000122D7578
000000001436A571
00000000167A34E7
0000000019018E0E
000000001BD1BAD5
000000001EF2ECA7
00000000226E40E0
00000000264DDB60
000000002AA1EB35
000000002F73310C
0000000034CFD302
000000003AC7907B
00000000416BF06D
0000000048D8D48C
00000000511D78F5
000000005A525A87
000000006492BDA2
000000006FFCFEEF
000000007D6D467C
000000008C7A636C
000000009D55DFFF
00000000B0373850
00000000C55C90FE
00000000DD0B83AC
00000000F792041D
00000001154760C4
00000001368D6223
0000000174A9A8F7
00000001BF31FDF5
0000000218A263F3
0000000283F6118A
0000000304C0E1D9
000000039F4DDBD2
0000000458C3D496
0000000537516580
000000064261AD01
0000000782DB9C67
00000009036DEEE2
0000000AD0EA51DC
0000000CFAB2C8A2
0000000F933CF0C3
00000012B0AF8750
000000166D9F6F2D
0000001AE9F2856A
000000204BEFD34C
00000026C18630C1
0000002E81D43A82
00000037CEFEAC9C
00000042F864CF21
000000505D45C55B
000000606FED533A
00000073B98330AC
0000008ADE9D6D9C
000000A6A4BCE9EE
000000C7F8E2B251
000000EFF7766F94
0000011FF5C152B2
000001598D4E633C
0000018D62808BB8
000001C8FE13D3E0
0000020D8A96CD41
0000025C5F609F3D
000002B70748B71F
0000031F48606C30
000003972CD54937
000004210D287A98
000004BF9BEE8CFB
0000055DA367298C
000006103615DA77
000006D9FFAD2CA0
000007BE04C12081
000008BFAE551D0C
000009E2D6EA6B10
00000B2BD941366B
00000C9FA10491F8
00000E43BDA15306
0000101E778FE57F
000011E460DFB99E
000013DC38547EAC
0000160B7BF763A5
00001878447B8FE2
00001B295641794F
00001E26343950E4
0000217734D93882
000025259961C148
0000293BA7B1A0C8
00002DC4C6F0AFE8
000032CD9F6233E5
FFFFFFFFFFFFFFFF

 

[Tolrok]

To resolve the error Disconect after level 110 is simple.
You must set the codes:

00506D81      90            NOP
00506D82      3D 96000000   CMP EAX,96 // Fix level 150
00506D87    ^ 0F8F 96CCF3FF JG 00443A23
00506D8D    ^ E9 5DCCF3FF   JMP 004439EF
00506D92      90            NOP
00506D93      90            NOP
00506D94      81FE 96000000 CMP ESI,96 // Fix level 150
00506D9A    ^ 0F8D 9034F4FF JGE 0044A230
00506DA0    ^ E9 0E34F4FF   JMP 0044A1B3
00506DA5      90            NOP
00506DA6      3D 96000000   CMP EAX,96 // Fix level 150
00506DAB    ^ 0F8C 8FCCF3FF JL 00443A40
00506DB1    ^ E9 B8CCF3FF   JMP 00443A6E
00506DB6      90            NOP
00506DB7      81BB C8000000>CMP DWORD PTR DS:[EBX+C8],96 // Fix level 150
00506DC1      0F8C 7CAC0600 JL 00571A43
00506DC7      E9 38AC0600   JMP 00571A04
00506DCC      90            NOP
00506DCD      90            NOP
00506DCE      90            NOP
00506DCF      90            NOP

96 = 150 // Level Maximum of server
Making comparisons with shagpub server tt1:

Return jumps:

004439E8     /E9 95330C00   JMP 00506D82
0044A1AE     /E9 E1CB0B00   JMP 00506D94
00443A69     /E9 38330C00   JMP 00506DA6
005719FB    ^\E9 B753F9FF   JMP 00506DB7

 

[bobsobol]

Tolrok said there isn't space, and there's nothing you can do to "make space" so you have to break out of the main stream of execution to a "code cave" and place the altered routine there. tt1:

(sorry Tolrok, I'm tired of the incessant question bumps too )

 

[oracl3]

This server does not have bug-off at level 110


You did not test the server developed by yourself.
what happened is that it is not possible to make the change in offset 005719FB

005719FB 83BB C8000000 6E CMP DWORD PTR DS:[EBX+C8],6E

to

005719FB 83BB C8000000 6E CMP DWORD PTR DS:[EBX+C8],96


I can only up

005719FB 83BB C8000000 6E CMP DWORD PTR DS:[EBX+C8],7F

I can not make the change to

005719FB 83BB C8000000 6E CMP DWORD PTR DS:[EBX+C8],96

level equivalent to 127 while in the game only goes up to the 121 level, above level 121 char returns to level 0

 

[bobsobol]

Yes, that's what I said

You must be registered to see links

, and what Tolrok told you how to get around in his last post. I thought that solution was obvious having determined the problem.

Tolrok gave you the code anyway, but I didn't think the code explained what it was doing. (for someone who didn't automatically know that if an instruction overruns it's predecessors byte allocation then it requires a code cave break-out) So I provided the words which explain what his code is attempting to do. (and, to my eye, should achieve)

He (or she, actually) isn't disagreeing with you, and I'm not disagreeing with either of you. He's answering, and I'm qualifying. (seems even with all of that, you aren't quite understanding the information we gave?)

 

[xiangsho]

To resolve the error Disconect after level 110 is simple.
You must set the codes:

00506D81      90            NOP
00506D82      3D 96000000   CMP EAX,96 // Fix level 150
00506D87    ^ 0F8F 96CCF3FF JG 00443A23
00506D8D    ^ E9 5DCCF3FF   JMP 004439EF
00506D92      90            NOP
00506D93      90            NOP
00506D94      81FE 96000000 CMP ESI,96 // Fix level 150
00506D9A    ^ 0F8D 9034F4FF JGE 0044A230
00506DA0    ^ E9 0E34F4FF   JMP 0044A1B3
00506DA5      90            NOP
00506DA6      3D 96000000   CMP EAX,96 // Fix level 150
00506DAB    ^ 0F8C 8FCCF3FF JL 00443A40
00506DB1    ^ E9 B8CCF3FF   JMP 00443A6E
00506DB6      90            NOP
00506DB7      81BB C8000000>CMP DWORD PTR DS:[EBX+C8],96 // Fix level 150
00506DC1      0F8C 7CAC0600 JL 00571A43
00506DC7      E9 38AC0600   JMP 00571A04
00506DCC      90            NOP
00506DCD      90            NOP
00506DCE      90            NOP
00506DCF      90            NOP

96 = 150 // Level Maximum of server
Making comparisons with shagpub server tt1:

Return jumps:

004439E8     /E9 95330C00   JMP 00506D82
0044A1AE     /E9 E1CB0B00   JMP 00506D94
00443A69     /E9 38330C00   JMP 00506DA6
005719FB    ^\E9 B753F9FF   JMP 00506DB7

Hello! When I insert 00506DB7 81BB C8000000>CMP DWORD PTR DS:[EBX+C8],96 it says, unknown identifier.. what seems to be the problem? Please help.. thanks

 

[Vormav]

Hello! When I insert 00506DB7 81BB C8000000>CMP DWORD PTR DS:[EBX+C8],96 it says, unknown identifier.. what seems to be the problem? Please help.. thanks

Assemble it like that:

CMP DWORD PTR DS:[EBX+0C8],96

 

[jeroenen9]

can the lvl 100 bug be repaired with the exp editor? So yes what is the adress of the game.exe and the server? i only know those of kpt 1997...

 

[bobsobol]

Too bored of this question which has been answered many times.

Please try attached patch on Tolroks' original.
View attachment KPT2477LevelPatch.zip

[highlight]NOTE:[/highlight] This server always crashes during startup with my dataset, so I cannot test this patch! (because it crashed before, and still crashes after I apply the directions above)

 

[jeroenen9]

that doesn't work i am afraid. Is there a thread on how to change level cap +120 or +100?

 

[bobsobol]

Yes... this one you are posting in now!!!

Read it and follow the instructions as I did. If that doesn't work, tell me why... Thought, TBH, I can't do much debugging on this particular executable for the reasons stated above.

There are 2 or three solutions posted by different people in this thread though. I could apply those, but still won't be able to test any of them.

What really annoys me is that people keep coming here asking how to fix it, and nobody says why the existing solutions listed above don't work or what, if any, effect they do have.

Communication needs to be a two way process. If someone offers a solution which doesn't work, you won't know it doesn't work till you try it. Once you have tried it, you could at least say what has changed, if anything. Just turning up and saying "I read the first post and it sounded great but there is a bug which I haven't bothered to read the rest of the thread to find out if it's even been reported before" is just down right rude!

[highlight]I'm tempted to close this thread[/highlight] just to avoid all the poopie it kicks up. Pointing no fingers at anybody, people here need to grow up, read the thread and contribute something back before holding out the begging hand!

Seriously... I don't mind "I don't get blah" I don't mind "I tried this and it didn't seem to do what I expected" even if you expected more from it than it was intended to achieve... at least you tried something and told us the thread wasn't clear enough for you to understand what you where following. I do mind "I can't be bothered to look... do I have a booger hanging from my nose, and if so will you wipe it for me because I'm too pathetic" and I know I'm not the only one here who feels this way. (In fact, I'm usually one of the more patient regulars )

[highlight]In case there is anyone still reading who has followed one of these solutions with success[/highlight] if you could share a replacement exe / patch (like mine a couple of posts back) for those who are still struggling with Olly, that would be very much appreciated. :

 

[hednyl]

please post the server files full to this client.

 

[bobsobol]

Any KPT server release will connect to this client without issue when correctly set up. The data will always be your own, and certain features in the official client have no equivalent in any release. (mostly premium items, especially timed ones)

 

[peihsendoyle]

I have a problem with the full client KPT.
I use the latest version of full client KPT 2555 that someone shared on this forum.
I downloaded the server ice mine map ( included server files and client)
I copy the client from client files to my full client KPT, but something happened. When It was going to login box (i hear the sounds), it crashed.
I tried again with the ET3 server and clients, copy the client of ET3 to my full client KPT, it crashed too.
And I awared that no client can work with full client KPT 2555? right? or my computer has something wrong?

 

[Tolrok]

I have a problem with the full client KPT.
I use the latest version of full client KPT 2555 that someone shared on this forum.
I downloaded the server ice mine map ( included server files and client)
I copy the client from client files to my full client KPT, but something happened. When It was going to login box (i hear the sounds), it crashed.
I tried again with the ET3 server and clients, copy the client of ET3 to my full client KPT, it crashed too.
And I awared that no client can work with full client KPT 2555? right? or my computer has something wrong?

If you use the current folder and char field of kpt, your server will fall even folders and replace the char field a full client-Pirate

 

[liladark]

Hello, I'm having problems with some items at the time of crialo them with the command / @ get, some items are normally created and others not, also an inconvenience when I use the folder of the original kpt latest version, for when soon the game does not appear to me the items in inventory, someone could get me some questions please.
my facebook:

You must be registered to see links

sorry for my english! I am a quick learner who can help me I would be very grateful! = DD

 

[insania]

delete