v90 Addresses

[Angxl]

I'm trying to find droppable NX in v90, but I can't because v90 is weird.
I used the updating method from v83 into v90 and got these 2 addresses:

Code:

___:008EEA03 sub_8EE83F jnz     loc_8EED74
___:00A5588C sub_A5431D jnz     loc_A55C0B

I then used the same method that I did on v83 to get droppable NX (NOPing both addresses)

However I still couldn't drop NX. Is there something I'm doing wrong?
Are there extra addresses that I need to do things to? So far v90 is looking pretty weird.
For the most part I also got UFJ working but only 1 small thing is missing from it.
It works fine and everything, but when the character is falling back to the ground I can't use FJ again.

I also for the most part got spam teleport working, but I can't go upwards from the ground and directional in the air. Is v90 way different from v83 so I should just throw out the idea of editing v90 when I know absolutely nothing of what I'm doing, other than copy/paste and "jmp" "nop"?

Is simply ctrl F things no-longer an option? Things seemed really easy in v83 but way more complicated in v90 when I know nothing :x

And yes, I will admit I don't know assembly or anything about clients. I just jmp and nop random things after using CE to get a general idea of where things are. I don't do it anymore however since lately I've been getting nonstop blue screens.

If anyone can at least give me advice that would be greatly appreciated :v

[MentaL]

[Chikn]

8EE83F: TabExpedition::OnChildNotify
A5431D: CUser::Update

I pretty sure you cant drop NX item with those addresses XP

[Pipotron]

Mmm. I don't have a v90 at the moment (nor the time to fiddle with one), but, whenever I need to edit some particular client features that I have no clue where to find, or if I'm too lazy to trace all the way from the opcode, there's a few steps I perform:

- Get ingame, perform the action you're interested in modifying, see if any special text messages show up (in the case of NX dropping, "You can't drop this item").

- Search for that string in STREDIT:


- In IDA, search for occurrences of that particular string ID:


- The client picks a string to show on screen by passing the string ID to a function. This is done via a push [stringID] instruction, so, among the results of the previous IDA search, you'll need to check for that. Usually there's only one or two, especially when the string ID is a very specific one (as in, ID 2195 will give you a lot less unrelated results than ID 1000).

- Once you're at this point, it's a matter of finding where the check you want to modify is at. It's gonna be a conditional jump, as that's the most common way in which if or switch constructs are translated, so running tests with OllyDBG, by putting breakpoints on the jumps (only the conditional ones: JMP <address> is always taken, so that won't be of any use to you) right before the string ID push instruction.
Test in different situations (in your case, both with droppable and non droppable items), check where the differences are (OllyDBG tells you whether a conditional jump is being taken or not, during breakpoint analysis), and you can then try to edit to get your desired outcome.


With all this said, someone will probably already have the v90 addresses for you, so you might wanna avoid doing all this work until they show up. c:

[Angxl]

I have done it thank you ٩(◕‿◕｡)۶ the only problem now is whenever I drop an NX item it disappears o.o could there also be a server check for it or would this also be a client thing?

[Pipotron]

If they disappear, they might be either set to be untradeable in the WZ files, or they might be marked as items to disappear upon drop serverside (likely in MapleInventoryManipulator, if you have it, or any similar java source file that handles inventory)

[Eric]

for anyone who needs them since i don't really care anymore:

Code:

/* v90 Client Addys by Eric :) */
/* --------------------------- */

// StringPool Begin: 00D7727C, End: 00D7D6FC
// StringPool Key Size: 00C7F00C
// StringPool Key Count: 00C7F010

// Pre-BB Gr2D DirectX Window Mode Client Startup
00B4F535 -> MOV DWORD PTR DS:[D8E7D0], 1
00B52A18 -> MOV EAX, 0

// No Damage Cap
00C7D6C0 -> db 2147483647.00000

// Client Locale (GMS Locale is 08)
004BB5F1 -> 4F

// Meso Drop Cap, ty justin
00917612 -> db 2000000000

// Enable the graphics Gr2D FPS Toggle
00B52D2C -> NOP (db 90 90)
00B52D2E -> NOP (db 90 90 90 90)

// ADBoard Max Length (default max is db 40)
00A5CBCF -> 7F

// Repeating Chat Text Bypass (default condition is 0x74/JE)
004B2A70 -> JMP (db EB)

// 2s Chat Spam Delay Bypass (default condition is 0x73/JNB)
004B2ABA -> JMP (db EB)

// Infinite Chat Text (default max is db 46)
// -- This can be modified to reach up to 256 characters ;)
009E9385 -> db 127

// Swear Filter (default condition is 0x75/JNZ)
008702FA -> JE (db 74)

// Tubi + Super Tubi
004A76E5 -> NOP (db 90 90) ; !this->m_bExclRequestSent
004A7705 -> NOP (db 90 90) ; bIgnoreDeadState || this->m_pCharacterData.characterStat.nHP > 0
004A7716 -> NOP (db 90 90) ; get_update_time() - this->m_tExclRequestSent >= tTimeInterval

// Droppable NX
00531844 -> NOP (db 90 90 90 90 90 90)
00531856 -> NOP (db 90 90 90 90 90 90)

// SkillEffectChange Bypass
00B8234A -> JMP (db EB)

// AP Check Removal (nAP > 200, "Please use AP")
00B82429 -> JMP (db EB)

// Let GM/Admins Drop Items (default condition is 0x74/JE)
00531515 -> JMP (db EB)

// Let GM/Admins Drop Mesos (default condition is 0x74/JE)
00917505 -> JMP (db EB)

// Let GM/Admins Attack (default condition is 0x74/JE)
00A7B859 -> JMP (db EB)
00A838A8 -> JMP (db EB)
00A882E4 -> JMP (db EB)
00A95DA6 -> JMP (db EB)
00A8C554 -> JMP (db EB)

// Bound Jump Foothold Bypass (Floor Jump)
00AA89AF -> NOP (db 90 90 90 90 90 90)
00AA89BE -> NOP (db 90 90 90 90 90 90)
00AA89F1 -> NOP (db 90 90 90 90 90 90)
00AA8A00 -> NOP (db 90 90 90 90 90 90)
00AA8A22 -> NOP (db 90 90 90 90 90 90)
00AA8B17 -> NOP (db 90 90 90 90 90 90)

// Falldown Foothold Bypass (Infinite Flash Jumps)
00A7B4DB -> NOP (db 90 90)
00A7B4DD -> NOP (db 90 90 90 90 90 90)

[Fenomenoide]

for anyone who needs them since i don't really care anymore:

Code:

/* v90 Client Addys by Eric :) */
/* --------------------------- */

// StringPool Begin: 00D7727C, End: 00D7D6FC
// StringPool Key Size: 00C7F00C
// StringPool Key Count: 00C7F010

// Pre-BB Gr2D DirectX Window Mode Client Startup
00B4F535 -> MOV DWORD PTR DS:[D8E7D0], 1
00B52A18 -> MOV EAX, 0

// No Damage Cap
00C7D6C0 -> db 2147483647.00000

// Client Locale (GMS Locale is 08)
004BB5F1 -> 4F

// Meso Drop Cap, ty justin
00917612 -> db 2000000000

// Enable the graphics Gr2D FPS Toggle
00B52D2C -> NOP (db 90 90)
00B52D2E -> NOP (db 90 90 90 90)

// ADBoard Max Length (default max is db 40)
00A5CBCF -> 7F

// Repeating Chat Text Bypass (default condition is 0x74/JE)
004B2A70 -> JMP (db EB)

// 2s Chat Spam Delay Bypass (default condition is 0x73/JNB)
004B2ABA -> JMP (db EB)

// Infinite Chat Text (default max is db 46)
// -- This can be modified to reach up to 256 characters ;)
009E9385 -> db 127

// Swear Filter (default condition is 0x75/JNZ)
008702FA -> JE (db 74)

// Tubi + Super Tubi
004A76E5 -> NOP (db 90 90) ; !this->m_bExclRequestSent
004A7705 -> NOP (db 90 90) ; bIgnoreDeadState || this->m_pCharacterData.characterStat.nHP > 0
004A7716 -> NOP (db 90 90) ; get_update_time() - this->m_tExclRequestSent >= tTimeInterval

// Droppable NX
00531844 -> NOP (db 90 90 90 90 90 90)
00531856 -> NOP (db 90 90 90 90 90 90)

// SkillEffectChange Bypass
00B8234A -> JMP (db EB)

// AP Check Removal (nAP > 200, "Please use AP")
00B82429 -> JMP (db EB)

// Let GM/Admins Drop Items (default condition is 0x74/JE)
00531515 -> JMP (db EB)

// Let GM/Admins Drop Mesos (default condition is 0x74/JE)
00917505 -> JMP (db EB)

// Let GM/Admins Attack (default condition is 0x74/JE)
00A7B859 -> JMP (db EB)
00A838A8 -> JMP (db EB)
00A882E4 -> JMP (db EB)
00A95DA6 -> JMP (db EB)
00A8C554 -> JMP (db EB)

// Bound Jump Foothold Bypass (Floor Jump)
00AA89AF -> NOP (db 90 90 90 90 90 90)
00AA89BE -> NOP (db 90 90 90 90 90 90)
00AA89F1 -> NOP (db 90 90 90 90 90 90)
00AA8A00 -> NOP (db 90 90 90 90 90 90)
00AA8A22 -> NOP (db 90 90 90 90 90 90)
00AA8B17 -> NOP (db 90 90 90 90 90 90)

// Falldown Foothold Bypass (Infinite Flash Jumps)
00A7B4DB -> NOP (db 90 90)
00A7B4DD -> NOP (db 90 90 90 90 90 90)

Sup with PlayOrion v90?

[Angxl]

@Eric Honestly surprised you just gave out addresses like that, but I am definitely 100% unspeakably grateful, as I'm sure everyone else is in the v90 workings. A thousand thank you's to you!

[SomeoneMs]

for anyone who needs them since i don't really care anymore:

Code:

/* v90 Client Addys by Eric :) */
/* --------------------------- */

// StringPool Begin: 00D7727C, End: 00D7D6FC
// StringPool Key Size: 00C7F00C
// StringPool Key Count: 00C7F010

// Pre-BB Gr2D DirectX Window Mode Client Startup
00B4F535 -> MOV DWORD PTR DS:[D8E7D0], 1
00B52A18 -> MOV EAX, 0

// No Damage Cap
00C7D6C0 -> db 2147483647.00000

// Client Locale (GMS Locale is 08)
004BB5F1 -> 4F

// Meso Drop Cap, ty justin
00917612 -> db 2000000000

// Enable the graphics Gr2D FPS Toggle
00B52D2C -> NOP (db 90 90)
00B52D2E -> NOP (db 90 90 90 90)

// ADBoard Max Length (default max is db 40)
00A5CBCF -> 7F

// Repeating Chat Text Bypass (default condition is 0x74/JE)
004B2A70 -> JMP (db EB)

// 2s Chat Spam Delay Bypass (default condition is 0x73/JNB)
004B2ABA -> JMP (db EB)

// Infinite Chat Text (default max is db 46)
// -- This can be modified to reach up to 256 characters ;)
009E9385 -> db 127

// Swear Filter (default condition is 0x75/JNZ)
008702FA -> JE (db 74)

// Tubi + Super Tubi
004A76E5 -> NOP (db 90 90) ; !this->m_bExclRequestSent
004A7705 -> NOP (db 90 90) ; bIgnoreDeadState || this->m_pCharacterData.characterStat.nHP > 0
004A7716 -> NOP (db 90 90) ; get_update_time() - this->m_tExclRequestSent >= tTimeInterval

// Droppable NX
00531844 -> NOP (db 90 90 90 90 90 90)
00531856 -> NOP (db 90 90 90 90 90 90)

// SkillEffectChange Bypass
00B8234A -> JMP (db EB)

// AP Check Removal (nAP > 200, "Please use AP")
00B82429 -> JMP (db EB)

// Let GM/Admins Drop Items (default condition is 0x74/JE)
00531515 -> JMP (db EB)

// Let GM/Admins Drop Mesos (default condition is 0x74/JE)
00917505 -> JMP (db EB)

// Let GM/Admins Attack (default condition is 0x74/JE)
00A7B859 -> JMP (db EB)
00A838A8 -> JMP (db EB)
00A882E4 -> JMP (db EB)
00A95DA6 -> JMP (db EB)
00A8C554 -> JMP (db EB)

// Bound Jump Foothold Bypass (Floor Jump)
00AA89AF -> NOP (db 90 90 90 90 90 90)
00AA89BE -> NOP (db 90 90 90 90 90 90)
00AA89F1 -> NOP (db 90 90 90 90 90 90)
00AA8A00 -> NOP (db 90 90 90 90 90 90)
00AA8A22 -> NOP (db 90 90 90 90 90 90)
00AA8B17 -> NOP (db 90 90 90 90 90 90)

// Falldown Foothold Bypass (Infinite Flash Jumps)
00A7B4DB -> NOP (db 90 90)
00A7B4DD -> NOP (db 90 90 90 90 90 90)

Sup with PlayOrion v90?