Hi!
Ive been working on the gold limits for exchange/storage/guild storage and got it to work with 4b max. On client side i can at least enter values higher than 500b into the field, but as soon as the value entered is higher than 7FFFFFFF(hex) it uses 4b (that means 4b is put into the exchange or storage etc)
that is because the datatype they used to store this value is integer .. so i would need to change this datatype to long or something like that .. does anyone have any ideas about this?
(ill give the results to everyone thats helping)
example of one check for the value given being higher than 4b:
i also had a look at the function the gameserver uses for Stall/Consignment but to be honest thats a bit too much for my knowledge of assemblerCode:JG SHORT XXXXXXXX ; Value bigger than 4b (result of earlier function call) JL SHORT XXXXXXXX ; Value smaller than 4b (result of earlier function call) CMP ECX,EE6B2800 ; Check if Value is 4b (recheck it maybe?) JNB SHORT XXXXXXXX ; Jump taken if not smaller than 4b MOV DWORD PTR SS:[ESP+10],ECX MOV DWORD PTR SS:[ESP+14],EAX JMP SHORT XXXXXXXX ; Jump over the value reassignment MOV DWORD PTR SS:[ESP+10],EE6B2800 ;Set value = 4b, only if JNB taken MOV DWORD PTR SS:[ESP+14],EDX ; ntdll.KiFastSystemCallRet CMP DWORD PTR SS:[ESP+14],7FFFFFFF ;Check if value is below max integer value LEA EBX,DWORD PTR SS:[EBP+88] JL SHORT XXXXXXXX ; If below max integer JG SHORT XXXXXXXX ; If higher than max integer CMP DWORD PTR SS:[ESP+10],-1 ;some "else" i guess JB SHORT XXXXXXXX ; jump to else instructions CALL XXXXXXXX ; error function (value higher than max integer) CALL XXXXXXXX ; success function
greetzCode:MOV EDX,DWORD PTR DS:[EDI] MOV EAX,DWORD PTR DS:[EDX+C4] MOV ECX,EDI CALL EAX TEST EAX,EAX JE 00471B45 ; 00471B45 MOV EDX,DWORD PTR DS:[EDI] MOV EAX,DWORD PTR DS:[EDX+58] MOV ECX,EDI CALL EAX CMP EAX,1 JE 00471B45 ; 00471B45 MOV EDX,DWORD PTR DS:[EDI] MOV EAX,DWORD PTR DS:[EDX+380] MOV ECX,EDI CALL EAX MOV DWORD PTR SS:[EBP+18],EDI MOV BYTE PTR SS:[EBP+8],BL MOV EBX,DWORD PTR SS:[ESP+1C] MOV DWORD PTR SS:[EBP],EAX LEA EDI,DWORD PTR SS:[EBP+A] MOV EAX,EDI MOV ESI,EBX MOV DWORD PTR SS:[EBP+4],EDX ; ntdll.KiFastSystemCallRet CALL 0048BF40 ; 0048BF40 MOV ECX,DWORD PTR SS:[EBP+18] MOV EDX,DWORD PTR DS:[ECX] ; ntdll.774B6074 MOV EAX,DWORD PTR DS:[EDX+4E8] CALL EAX MOVZX ECX,WORD PTR DS:[EDI] CMP ECX,EAX JNZ SHORT 00471B3C ; 00471B3C MOV EAX,DWORD PTR SS:[EBP+18] CALL 00459D80 ; 00459D80 MOVZX EDX,WORD PTR DS:[EDI] CMP EDX,EAX JG SHORT 00471B3C ; 00471B3C MOV ECX,DWORD PTR SS:[EBP+18] MOV EAX,DWORD PTR DS:[ECX] ; ntdll.774B6074 MOV EDX,DWORD PTR DS:[EAX+4E8] CALL EDX ; ntdll.KiFastSystemCallRet MOVZX ECX,WORD PTR DS:[EDI] CMP ECX,EAX JG SHORT 00471B3C ; 00471B3C LEA ESI,DWORD PTR SS:[EBP+10] MOV EDX,ESI MOV EDI,EBX CALL 0042F7B0 ; 0042F7B0 MOV EAX,DWORD PTR DS:[ESI] MOV ESI,DWORD PTR DS:[ESI+4] TEST ESI,ESI JL SHORT 00471B33 ; 00471B33 JG SHORT 00471B00 ; 00471B00 TEST EAX,EAX JB SHORT 00471B33 ; 00471B33 CMP ESI,74 JG SHORT 00471B33 ; 00471B33 JL SHORT 00471B0E ; 00471B0E CMP EAX,6A528800 JA SHORT 00471B33 ; 00471B33 LEA EDI,DWORD PTR SS:[EBP+1C] MOV EAX,EDI MOV ESI,EBX CALL 00404E50 ; 00404E50 CMP DWORD PTR DS:[EDI],0 JNZ SHORT 00471B28 ; 00471B28 MOV EAX,3C3C XOR ESI,ESI JMP SHORT 00471B4A ; 00471B4A MOV AX,1 POP EDI ; WININET.7735C73D POP ESI ; WININET.7735C73D POP EBP ; WININET.7735C73D POP EBX ; WININET.7735C73D RETN 0C
LemoniscooL
