Adding New Commonserver COMMANDS in 99.62 GS

CREDITS : Lolqus[CZF]
DIFFICULT : MEDIUM
TOOLS : OLLYDBG , IDA PRO , NOTEPAD , WINDOWS CALCULATOR , BRAIN

So : let's go , load GAMESERVER.EXE on OLLYDBG , also load .pdb symbol of GAMESERVER
on your IDA PRO , now you must think : " what i want to add in commonserver " i will show example :
i remember my first interesting command what i found on IDA , and interesting value what i found in assam code of that function , it was function what was able you
to get 2.000.000.000 ZEN on character , when you get more , you got money on - and you cant buy ANYTHING so i wanted to change limit of that money
on player using commonserver command , so i started searching on IDA something about ZEN ;

/// USING IDA PRO ///

maximalize your IDA , push ALT + T and write ZEN to find function : gObjCheckMaxZen , double click on it and you will see that function in pure assam code ,
scroll down and you will see part of code :

.text:004F38C5 cmp [ebp+var_C], 77359400h

HM INTERESTING , change now 77359400 from HEX to DEC IN WINDOWS CALCULATOR
(HEX) 77359400 = 2000000000 (DEC) ( WOW its 2000000000 , like max money on player in game so : WE FOUND A POINT OF THAT !! )

now maximalize OLLYDBG and go to that offset : 004F38C5 , you will see :
ImageShack - Hosting :: 12gg.jpg ( offsets are that same like IDA got )

/// CODING NEW COMMAND ///

offsets from :
00660000 to - 00680FFE are used on MEMORY , maybe 20% of that offsets are used , so search free space to code your command like :

ADD BYTE PTR DS:[EAX],AL
ADD BYTE PTR DS:[EAX],AL
ADD BYTE PTR DS:[EAX],AL
ADD BYTE PTR DS:[EAX],AL
ADD BYTE PTR DS:[EAX],AL
ADD BYTE PTR DS:[EAX],AL

ImageShack - Hosting :: 28bx1.jpg

now righ click of mouse on :
ADD BYTE PTR DS:[EAX],AL ( offset : 0067FDD1 FREE space )
and use option : FOLLOW IN DUMP > SELECTION
ImageShack - Hosting :: 36jp.jpg

Now look your dump window , and first 2 bits on dump window :
ImageShack - Hosting :: 49ya.jpg

so : if you click on 2 first bits it will change color to black GREY, now push SPACE on your keyboard and you will see :
ImageShack - Hosting :: x2ev.jpg

in place unicode write first letter of your commonserver command name , when you done accept , click on another 2 bits , push space
and write second letter ,and next 2 bits , write third letter of your command - like me : i will code CZFMaxZenOnPlayer :
ImageShack - Hosting :: xx0bq.jpg

when you code command , much assambler lines appears you dont need to know what they means only you need to look on :
INC EBP ( start of your command in assambler [ first line ] ) now copy offset of INC EBP for me ( 0067FDFF ) , write in notepad and dont touch
it will help you soon
Now save your work , and reopen saved GAMESERVER with new command on OLLYDBG

/// CODING COMMONSERVER FUNCTION ///

In that part we will code in GAMESERVER functions to read your new command from commonserver , so lets start :
go to offset 00510B5F

and you will see something what we want to remove from here :

PUSH EAX
PUSH 0
PUSH 66F824 // xMasEvent

ImageShack - Hosting :: xxx7uz.jpg
so mark that 3 lines like me , right click of mouse BINARY > Fill With NOP's
and after that it should looks that :
ImageShack - Hosting :: xxx9bl.jpg

look now under NOP's :
00510B67 |. 68 24E56600 PUSH CLEAN_99.0066E524 ; |Section = "GameServerInfo"

remember offset 00510B67 !!! write somewhere in notepad .... soon you will need it

Now scroll down GAMESERVER until you will see empty space like :

00 DB 00
00 DB 00
00 DB 00
00 DB 00
00 DB 00
ImageShack - Hosting :: xxx0jx.jpg

now open next OLLYDBG and load GAMESERVER too and start coding on empty space :

CALL 0040332D
PUSH EAX
PUSH 0
PUSH 67FDFF ( why 67FDFF ? , you need write here offset with start of your command , for me it was : 0067FDFF INC EBP, thats
why i told : write somewhere that offset in notepad , or remember it )
PUSH 66E524
CALL DWORD PTR DS:[6D97CD4]
MOV DWORD PTR DS:[680854],EAX ( why 680854 ? , its FREE memory offset , so what i told you open 2 x OLLYDBG with GAMESERVER
also i told that MEMORY offsets are from : 00660000 to - 00680FFE so you can get any you want , i will take free :
00680854 0000 ADD BYTE PTR DS:[EAX],AL
REMEMBER MEMORY OFFSET !!!!! 680854 !!!!!!

PUSH 66E548
MOV ECX,61D4FC0
CALL 0040332D
PUSH EAX
PUSH 0
PUSH 66F824
JMP 00510B67 ( i told you to remember 510B67 ;)

REMEMBER : IF YOU WANT ADD MORE COMMONSERVER FUNCTIONS , DELETE THAT :
CALL 0040332D
PUSH EAX
PUSH 0
PUSH 66F824
JMP 00510B67

BUT END CODING WITH THAT CODE !!!!
////////////////
CALL 0040332D
PUSH EAX
PUSH 0
PUSH 66F824
JMP 00510B67
////////////////

After that it should look like that :
ImageShack - Hosting :: xxx7iw.jpg

You think we DONE ? , hahah no xD

Ok , now we are going to our ASM FUNCTION of MAX ZEN

CTRL + G on OLLYDBG and paste : 004F38C5

now we see :
CMP DWORD PTR SS:[EBP-C],77359400

double click on it mark option " Fill with NOP's " , and write NOP when you done it will look like that :
ImageShack - Hosting :: xx2jd.jpg

Now mark first NOP , double click on it and code JMP to free space INT3 , we need 4 empty lines INT3 like :
ImageShack - Hosting :: xxx3zb.jpg
as you see on screen i told i will use offset : 004F3830

so double click on first NOP and write :
JMP 4F3830 , when you done it will look :
ImageShack - Hosting :: xxx9nf.jpg

ok now we see that our JMP is leading to free space INT3 what we will use to code our part of function MaxZen , so
click on JMP 4F3830 , push ENTER and you will be on INT3 space
now start coding :

XOR EAX,EAX
MOV EAX,DWORD PTR DS:[680854] ( why 680854 ? , i told you REMEMBER MEMORY OFFSET what you used !!!! )
CMP DWORD PTR SS:[EBP-C],EAX
JMP 004F38CC ( why 004F38CC , because its offset with first jump under our NOPs )

when you end it will look :
ImageShack - Hosting :: xxxx8oc.jpg

save your work on OLLYDBG , right click of mouse > COPY TO EXECUTABLE > SAVE ALL MODIFICATIONS > COPY ALL , next window
will appear , right click of mouse on it > SAVE FILE

Ok when you done , open your commonserver.cfg , and write YOUR command of max zen on player in game
my was CZFMaxZenOnPlayer = xxxx ,you can put 1 ZEN , or 9999999999 ZEN and it will work ^^

it was example , you can do ~ 100 commands , of exp BC , DS , CC , rewards , time , % of stones , % of mixes etc , i code
in public GS 16 commands in one hour it was :

CZFmaxZenOnUser
CZFblessPrice
CZFchaosPrice
CZFjolPrice
CZFcreationPrice
CZFsoulPrice
CZFappleRegeneration
CZFsmallPotionOfRegeneration
CZFmediumPotionOfRegeneration
CZFlargePotionOfRegeneration
CZFbudgeDragonTransformRing
CZFgiantTransformRing
CZFskeletonTransformRing
CZFpoisonBullTransformRing
CZFthunderLichTransformRing
CZFdeathCowTransformRing

and configuration of that works 100% from commonserver , so you can try too ; ) GOOD LUCK

PS. sorry for my english xD

good one ;)

good show

Thank you Very Much !Very Good !

Really nice, but most people here probably wont understand it.

co to napisz po polsku? xD

Lolqus[CZF] great one guide... i will try when i get programs :P... could you put links to download programs we need to do this... thanks again for this guide....

Very good example guide. but so hard for me:poster_st

!!!Good job!!! keep on working.

Lolqus[CZF] great one guide... could you put download links for needed programs?

motha fucking thanks bro!!

COOOOOOL!

9999999999 = 00 00 00 02 54 0B E3 FF -> 8 Bytes ( 8xByte = 4xWORD = 2xDWORD ) guess what this is 64bit integer type

Gameserver use 32bit integer and not 64bit, and it is unsigned integer so max value is:
2147483647 = 7F FF FF FF -> 4 Bytes ( 4xByte = 2xWORD = 1xDWORD ), i suppose you see DWORD in IDA, yeah thats your type.
So what will happen if you use bigger value? Directly from a Visual C++ 6 book:
"When one of these data types is modified to be unsigned, you can think of the range of values it holds as representing the numbers displayed on a car odometer. An automobile odometer starts at 000..., increases to a maximum of 999..., and then recycles back to 000.... It also displays only positive whole numbers. In a similar way, an unsigned data type can hold only positive values in the range of zero to the maximum number that can be represented."

Another thing, in SQL Server and in MUOnline Database you can find the tables that store Money, guess again, its integer there too (... [Money] [int] NULL , ...) . Directly from SQL Manual:
"int
Integer (whole number) data from -2^31 (-2,147,483,648) through 2^31 - 1 (2,147,483,647)."

Now think again why Webzen use 2000000000 as max Zen .

This guide can be used to add item in gs 99.62?
-------
Este guia pode ser usado para adicionar

This guide can be used to add item in gs 99.62?
-------
Este guia pode ser usado para adicionar

Very good guide ;)

Hi
When im doing this step:

Quote:

---

now righ click of mouse on :
ADD BYTE PTR DS:[EAX],AL ( offset : 0067FDD1 FREE space )
and use option : FOLLOW IN DUMP > SELECTION
ImageShack - Hosting :: 36jp.jpg

Now look your dump window , and first 2 bits on dump window :
ImageShack - Hosting :: 49ya.jpg

so : if you click on 2 first bits it will change color to black GREY, now push SPACE on your keyboard and you will see :
ImageShack - Hosting :: x2ev.jpg

in place unicode write first letter of your commonserver command name , when you done accept , click on another 2 bits , push space
and write second letter ,and next 2 bits , write third letter of your command - like me : i will code CZFMaxZenOnPlayer :
ImageShack - Hosting :: xx0bq.jpg

when you code command , much assambler lines appears you dont need to know what they means only you need to look on :
INC EBP ( start of your command in assambler [ first line ] ) now copy offset of INC EBP for me ( 0067FDFF ) , write in notepad and dont touch
it will help you soon
Now save your work , and reopen saved GAMESERVER with new command on OLLYDBG

---

when i copying code to executable it gives my error: "Unable to locate data in executable file"
can anyone help? :/

Anyway to make all newly created character 'hero' character in commonserver setting as my client suck creating new PK character instead of normal character. I am noob pls help.

very nice, thanks

nice one

Quote:

---

Originally Posted by Ron

Really nice, but theres going to be alot of people too stupid to understand this.

---

you are damn right xD

simply amazing, this guide is by far the most easy to understand (atleast for me), thanks for sharing.

Quote:

---

Originally Posted by banzai666

Hi
When im doing this step:



when i copying code to executable it gives my error: "Unable to locate data in executable file"
can anyone help? :/

---

Have same error :renske:

So can i add this commands to other GS example 99.88 or anything else GS??

Sorry my bad English.

And last question... where can i get this 99.62 GS ??? :rofl: sorry for stupid queston all links die...

Quote:

---

Originally Posted by Ron

Really nice, but most people here probably wont understand it.

---

Totaly Agree..Post Rated..Very Helpfull Guide, Thanks!

One question:
Can i add the transformation commands to 88+96 from Goe ?
I tryed with hex but i guess i can`t change 2 digits to 3 or 4 digits... gs can`t read :/ , when i put the ring appear that damn Bull..
Example:
378 = 017A "GameMaster"
14 = 0E "Skeleton"
Max limit of 2 digits is 255 = FF, and i need over.
I can help me with this ?
Thx

This guide seems really nice but I'm using all the necessary tools and in IDA if I double click a function the asm code won't appear... Is there another way of seeing and editing it? Thanks.

Success.. :)

please..i have to know if this procedure do efect in other versions of gameservers - older and newer that this 99.62 GS.

Hi man

I have Some questions

1- I can use this guide to add command /post?
2- Work or maby work in gs 1.00.16?

Please confirm mys questions please or post any guide to add command /str and the other very important to the server 1.0

Thanks

Sorry for my bad english
----------------------------------------------------------------------------
En espa

No you can't
these comands must be coded in gs

I think u can make an adrees to enable or disable post command in commonserver as an option
but u have to get theses comands coded in your gameserver


;D

Ok

But exist any guide to coded the GS?


No... True dont exist guide or yes xD

in spanish

Peor existe alguna guia para poder el commando en el gameserver?
No existe verdad... o si xD

Nice man !

really thanks dude = )

10x nice ;)

dAmn this guide rocks.. why did i never see it before lol

This guide is very usefull,thnx!