[LF help] with "fixing" gs (v155 e_v156 t_v128)

[343]

One of the few things I never figured out (despite trying)! How does one "fix" gs so that it reads ptemplate, and so that "create monster" works!? !? !? !?

I am working on this for server v155 ~ elements_v156 / tasks_v128

 

[HyperSin]

Re: [LF help] with "fixing" gs (v151 e_v156 t_v128)

I believe for 151 there was a gs that was patched so create monster works but for 155 idk

 

[343]

Okay, I guess VBulletin search feature may be lacking (or my brain is)! Because I swear I searched, but just had someone refer me to this thread! ~ http://forum.ragezone.com/f754/monster-generator-1167854/

So, as of now, and thanks to that thread, I have "fixed" the "monster spawner"! Now, onto ptemplate!!!

Spoiler

Of course just having a "working 'product'" isn't good enough for me, I actually wanted to know the HOW and or the WHY (does this work)! HOW/WHY does changing a 75 to EB work!?

So, just in case you're like me and it's just not good enough to get something done but to actually want to know the HOW or WHY - this page may be of some help ~

You must be registered to see links

So, and I could be massively wrong here BUT, this is my current "understanding" of all this! (please feel free to correct me if I'm wrong!)

it's all based on the machine opcodes - so, 75 is pretty much telling "it" to perform a CHECK, it's CHECKING some condition for "Jump short if not zero/not equal (ZF=0)" -or- in "assembly" a "JNZ" or "JNE"

and changing that to EB, EB is for "Jump" or "JMP" (in assembly)

So, if I am correct, it's "jumping" a/the "check"! And that's good enough for/to me - no need to dig deeper at this point to see WHAT exactly it was checking or WHY...! I can accept this as an "answer"!

 

[HyperSin]

Re: [LF help] with "fixing" gs (v151 e_v156 t_v128)

Id love to get create monster to work for 1.5.5 idc about ptemplete

 

[343]

Id love to get create monster to work for 1.5.5 idc about ptemplete

I have the monster fix for 155 now, I will be sharing the "fix" once I figure out ptemplate too...

 

[lkb007lkb]

Re: [LF help] with "fixing" gs (v151 e_v156 t_v128)

I have the monster fix for 155 now, I will be sharing the "fix" once I figure out ptemplate too...

what do you mean about "ptemplate"?

 

[343]

what do you mean about "ptemplate"?

so that the gs reads the following values from ptemplate:

• exp_bonus = x
• drop_bonus = x
• money_bonus = x
• sp_bonus = x

Like from ~ http://forum.ragezone.com/f751/perfect-world-server-patch-files-944006/#post7687819 -or- http://forum.ragezone.com/f751/1-4-5-v69-patched-900937/#post7396340

 

[lkb007lkb]

Re: [LF help] with "fixing" gs (v151 e_v156 t_v128)

so that the gs reads the following values from ptemplate:

• exp_bonus = x
• drop_bonus = x
• money_bonus = x
• sp_bonus = x

Like from ~ http://forum.ragezone.com/f751/perfect-world-server-patch-files-944006/#post7687819 -or- http://forum.ragezone.com/f751/1-4-5-v69-patched-900937/#post7396340

exp_bonus ,drop_bonus,,sp_bonus, money_bonus ,those are read in the file playertemplate.cpp,and only money_bonus is used, how do you fix monster spawner,why do you need it? because there are no monsters when you travel in the pw world,am i right?

 

[343]

Re: [LF help] with gs (v155 e_v156 t_v128)

exp_bonus ,drop_bonus,,sp_bonus, money_bonus ,those are read in the file playertemplate.cpp,and only money_bonus is used, how do you fix monster spawner,why do you need it? because there are no monsters when you travel in the pw world,am i right?

Older versions there is a "fix" so that ptemplate will read all four of those fields!

"Monster Spawner" is in the GM (CTRL + G) menu, "create creature" - so that you can spawn any "monster" any-where any-time... as GM only of course. And that part ("monster spawner") I already have fixed... I am trying to figure out how people have "fixed" ptemplate (in the past) to "properly" read all four fields from the ptemplate.conf



I'm using a v80 to help my try to learn how to fix that since I have a "broken" v80, and I have a "fixed" v80... I have however, "hit a wall"...

I know that whatever method people used before requires two parts... The first part, NO problem! Simply change which function is called (from _ZN15playertemplate17AdjustGlobalExpSpERiS0 ; player_template::AdjustGlobalExpSp(int &,int &) => _ZN4ONET4Conf4dumpEP8_IO_FILE ; ONET::Conf::dump(_IO_FILE *))

However, when I look at "_ZN4ONET4Conf4dumpEP8_IO_FILE ; ONET::Conf::dump(_IO_FILE *)" between "broken" and "fixed" ~ I am utterly confused! They look MAJORLY different (like the whole function was completely re-written)...

In case you misunderstood that's what I meant for "monster spawner", but also, again, I already fixed that!

Now I only need "fix" for ptemplate (so that it reads all four "bonus" values)



First part is REAL EASY (like I said), it is literally only changing a CALL Function:

Then is where I am stuck, because the same function looks too different between "fixed" and "broke" for me to fully understand what must be done next:

BROKEN:

FIXED:

It looks to me like the whole function has to be re-written, and I have not been able to figure out how to do this in either IDA(free) or GHIDRA :

 

[Bola]

hey 343

so since new versions come out, a easier method to fix exp was found on the server files.

on any server game from wanmei ( 32 bits ), you will find the following piece of hex code.

E5 83 7D 08 03 76 07

and you can replace it with

E5 90 90 90 90 90 90

this will disable this validation down bellow.

const punitive_param & GetParam(size_t level)
{
	if(level >= MAX_WALLOW_LEVEL)
	{
		level = MAX_WALLOW_LEVEL - 1;
	}
	return list[level];
}

to

const punitive_param & GetParam(size_t level)
{
	level = MAX_WALLOW_LEVEL - 1;
	return list[level];
}

after doing this change, you can change all the rates from server, including tasks rates like exp from task, money and soul points, through gs.conf file, looking at "[wallowheavy]" tag.

[WallowHeavy]
exp = 4
sp = 4
item = 3
money = 2
task_exp = 3
task_sp = 3
task_money = 3


is easy to do, compatible with rate multiplier, and less changes to gs that could lead to a segment fault.

 

[343]

Re: [LF help] with "fixing" gs (v155 e_v156 t_v128)

Bola Thank you for that!

I do [still] want to learn the old fix though [still] (knowledge is power) !!!



It will still serve good to help me learn IDA and Ghidra !!!



By the way, will your "new fix" work for ALL versions (like even really old versions like 126, 131, 136 etc) ???

 

[lkb007lkb]

Re: [LF help] with "fixing" gs (v155 e_v156 t_v128)

@Bola Thank you for that!

I do [still] want to learn the old fix though [still] (knowledge is power) !!!



It will still serve good to help me learn IDA and Ghidra !!!



By the way, will your "new fix" work for ALL versions (like even really old versions like 126, 131, 136 etc) ???

have to say that you have some skills,but i don't know why you fix the problems through modifying hex,you can compile the source code，maybe you just want to learn IDA and Ghidra,if then,i want to learn IDA and Ghidra from you,:

 

[343]

Re: [LF help] with "fixing" gs (v155 e_v156 t_v128)

have to say that you have some skills,but i don't know why you fix the problems through modifying hex,you can compile the source code，maybe you just want to learn IDA and Ghidra,if then,i want to learn IDA and Ghidra from you,:

Obviously I'm not that good if I cannot figure it out >.>

I think I grasp WHAT needs to be done, I'm just not sure on the HOW =\

Still crackin' at it though!

 

[lkb007lkb]

Re: [LF help] with "fixing" gs (v155 e_v156 t_v128)

Obviously I'm not that good if I cannot figure it out >.>

I think I grasp WHAT needs to be done, I'm just not sure on the HOW =\

Still crackin' at it though!

bola is good at pw.i am sorry that i can't tell you how to fix the problem through modifying hex,yesterday i test my server,so many questions need to be done ,example, travel in the world,and can't see the monsters,sometimes i can see.if you want to modify source code,we can discuss.

 

[343]

Re: [LF help] with "fixing" gs (v155 e_v156 t_v128)

It's not directly accomplished via editing hex BTW, the only way you discover what to "hex edit" is via IDA pro... So, in short, my actual "problem" at hand (if you break it down) isn't ptemplate, it's not even PW... Breaking things down, I have two gs files from v80, so, I know what the "broken" one looks like and I also know what the "fixed" one looks like... Therefore, at least in theory, it should be very easy for me to replicate a "fix" for any other version! However, the 'new' problem is that it would appear I need to completely re-write a function/subroutine in IDA...

If I cannot fully replicate this behavior (by manually "fixing" the "broken" gs - to which I already have the "fixed" gs) then I will never be able to produce any other variants (versions)...

In short, I should be able to reproduce the "fixed" file (*exactly*) from the broken file; and I'll know I succeeded because I have also the "fixed" file...

Once I can learn this, I can apply to v155 (which was/is the ultimate goal)...

As bola pointed out, there may be a better fix for the BASE "problem" (ptemplate/rates) at hand; but I still want to learn how this WAS accomplished in IDA (previously, by other people)!

The more you know...



Knowledge is power !!!



So far the closest I have come is manually assembling line by line, which fails at 082ea375 ~ with error "Ivalid Mnemonic" >.<

 

[lkb007lkb]

Re: [LF help] with &amp;quot;fixing&amp;quot; gs (v155 e_v156 t_v128)

ok,i see,sorry ,can't help you ,and i find that IDA Pro is powerful,maybe i can use this tool on gs.

 

[343]

Re: [LF help] with &amp;amp;quot;fixing&amp;amp;quot; gs (v155 e_v156 t_v128)

ok,i see,sorry ,can't help you ,and i find that IDA Pro is powerful,maybe i can use this tool on gs.

That's the thing, I was trying to learn how the ptempalte "fix" was performed 100% in IDA... I have still failed to do so...

However, it is still possible to achieve, just not without 'history'... That is, I mean, I can "perform" the "fix" based off of the old fix, by just plugging in the same exact hex bytes, and then changing the 3 sets of bytes for addressing, and it works... But that wouldn't be possible without the previous "fix"... So I was trying to figure out/learn how (whoever made the first "fix") did it! So, learning how it was done; I *failed* at... But, getting the actual "fix" "done" ~ mission success... ... ...

And either way, yes, IDA is pretty powerful software! Even the FREE version! The only thing I know of for sure that the "free" version is lacking is the Decompiler (F5 shortcut) to decompile and show "pseudo code"!!!

You must be registered to see links

Which, technically speaking, is not that important... But if it's a "must have" for you, you can easily find the "PRO" version in a torrent somewhere



Also (add): It would appear, in all of my messing around with all of this, that the "ptemplate" "fix" is (and has been) necessary throughout ALL versions of PW server ~ gs, going all the way back to 126/131/136/etc! Which it's really easy to "search" for - to see if this "fix" has been applied to any gs binary... You simply search for 163 bytes of NOP's (hex "90" 163x times) in a row.!

However, it would appear the "monster spawner" "fix" has not (still kind of a work in progress at the moment)... It would appear to me "monster spawner" didn't need a "fix" up to somewhere around v145... So far, what I "know" is that v146 DID require the "monster spawner" "fix", and v145 did NOT! So that either means it was applied in a different way/manner, or the (original) developers of the game actually changed this over time!