How to remove gender lock

[wauwie1]

Hi all,

I'm working on a V83 HeavenMS server with resinate's custom client. And I want to remove all the gender locks from equips. I looked through the character en string wz's but could not find anything that had to do with gender.
Is it possible to remove this lock? Perhaps through wz's, client code or server code?

Help is appreciated :laugh:

 

[Kimberly]

Gender of items are hardcoded in the client by their item ID iirc

 

[wauwie1]

Gender of items are hardcoded in the client by their item ID iirc

Do you know the ID range?

 

[Eric]

Do you know the ID range?

I explained how gender was calculated in the client here: http://forum.ragezone.com/f921/v62-v83-wz-edits-hair-1125064/

While my fix was only intended to fix a gender comparison issue in older clients (primarily v62 servers), the function is used across all versions the same way. Instead of fixing the comparison in the function, you can just make it so that all items (including equipment) return genderless. The function you're looking for is get_gender_by_id. In v83, the function address is 00460ADC.

Here's the pseudo of that function:

signed int __cdecl get_gender_from_id(signed int nItemID)
{
  signed int result; // eax@2
  int nItemGender; // edx@3

  if ( nItemID / 1000000 != 1 )
    return 2;
  nItemGender = nItemID / 1000 % 10;
  if ( nItemGender )
  {
    if ( nItemGender != 1 )
      return 2;
    result = 1;
  }
  else
  {
    result = 0;
  }
  return result;
}

We want to change it to this:

signed int __cdecl get_gender_from_id(signed int nItemID)
{
  return 2;
}

Seems easy enough, right? Here's what our assembly looks like:

00460ADC                 mov     eax, [esp+4] ; nItemID => eax
00460AE0                 cdq
00460AE1                 mov     ecx, 1000000 
00460AE6                 idiv    ecx ; nItemID / 1000000 => eax
00460AE8                 push    1
00460AEA                 pop     ecx ; pop 1 => ecx
00460AEB                 cmp     eax, ecx ; if (eax == ecx)
[b]00460AED                 jz      short 00460AF3[/b] ; if (nItemID / 1000000 == 1) => jump
00460AEF                 push    2
00460AF1                 pop     eax ; pop 2 => eax => return 2
00460AF2                 retn

See the part I've bolded? Simply use OllyDbg, jump to that address, and change that instruction to NOP. This modifies the 74 04 (jz) instruction to 90 90, and just forces the function to return 2 always. Voila, removal of gender lock as requested!

I'm not sure if public sources like HeavenMS are anything like my source when it comes to checks or not, but I make sure the gender matches. If your source has gender checks as well, those will additionally need to be removed.

EDIT: I actually completely forgot about this. The legend himself, shavit had released this for v83 already. However, he uses DLL hooks. You can check out his release here if you're interested: http://forum.ragezone.com/f921/v83-unisex-items-1166058/

 

[wauwie1]

I explained how gender was calculated in the client here: http://forum.ragezone.com/f921/v62-v83-wz-edits-hair-1125064/
....OllyDbg, jump to that address, and change that instruction to NOP. This modifies the 74 04 (jz) instruction to 90 90, and just forces the function to return 2 always. Voila, removal of gender lock as requested!

I'm not sure if public sources like HeavenMS are anything like my source when it comes to checks or not, but I make sure the gender matches. If your source has gender checks as well, those will additionally need to be removed.

EDIT: I actually completely forgot about this. The legend himself, shavit had released this for v83 already. However, he uses DLL hooks. You can check out his release here if you're interested: http://forum.ragezone.com/f921/v83-unisex-items-1166058/

Thanks! It seems to work for most of the cash items, a few random ones are still gendered tho, which may be server-sided. How exactly do DLL Hooks work? Which one do I need to edit?

 

[durak]

this makes me crash randomly before i can get into character seelect