1 Attachment(s)
Monsters variable pointers
I was fixing server a bit when I got to this part:
http://forum.ragezone.com/attachment...1&d=1279740720
The variable of monsters wave effects. They are pointing to each other and other functions are referring to them.
But it all make no sense to me, when I tried to copy same thing from game.exe to server.exe this code got messed (offsets). How those parts know offset to monster name and its wave string? Monsters will have no sounds if this is not set correctly. In ollydbg it make not sense to me... in hex editor they look like this:
Code:
-.......8H^.....
,H^.....(H^. ...
H^.0....H^.@...
.H^.P....H^.`...
łG^.p...¶G^.Ç...
ýG^.É...őG^.á...
ĎG^.¦...đG^.+...
+G^.+...+G^.đ...
¦G^.....żG^.....
ńG^. ...˙G^.0...
So if anyone know how to fix it (one example is good) I would appreciate it :)
And one more question, why server need those effects? Is it possible to disable this "check" on server and let client decide what it can and can't play? Does this affect packets, are they getting larger because useless information are send?
Re: Monsters variable pointers
Useless information is sent in packets all the time. They use a fixed size buffer which is not cleared (at least client side) before the next packet is sent... not all information is written over, and therefore some information is re-transmitted which is never used.
Try setting the XOR encryption on all routines to 0 and run a packet trace.
Type "Can I call this game our hobies." in game, and then type "Id realy like to see Ur b"
You should see a packet with a string "Id realy like to see Ur b/0obies./0" in the second packet. o.O
I'm not sure that the sound in the server does have anything to do with the sound in the game.
f.e. server4096.exe has no mention of sounds for Witches or Chaos Cara... but they look and sound okay in the game if I spawn them.
The only server side requirement is that they have a monster .inf file which tells the game which .ase too look for. The game then seems to work out what .wav goes with that .ase
Re: Monsters variable pointers
Quote:
Originally Posted by
bobsobol
The only server side requirement is that they have a monster .inf file which tells the game which .ase too look for. The game then seems to work out what .wav goes with that .ase
Are you talking about this:
\GameServer\Monster
Quote:
//구분 ( CYCLOPS / HOBGOBLIN / IMP / MINIG / PLANT / SKELETON / ZOMBI / OBIT )
*효과음 Shadow
Because 'Shadow' is a name of effects and sound set for monster and they need to be coded in server and game.exe, otherwise they will not work.
I don't know why server and client have this correlation but they even sending NPC movements information. This have sense for monsters, players and moving NPCs like WH but for rest it have no sense.
But lets back to the point... so you don't know how to change offset in this "thing" too? This is bugging me for a while now :} Maybe its some address-number=offset coded into ,H^.....(H^. .... blah I don't get it XD
PS. you have old NPC, Monsters etc. .ini's (not those in \GameServer\Monster but those next to .smb and .smd that tell in game converter what animation is on what 'time' when .ASE get converted)?
Re: Monsters variable pointers
I did not know, no... I've never experienced it, even with modern client (much newer than server is patched for) and modern monster files (newer than the server knows about) I still saw, and heard the monster correctly. Hmm. That's odd.
The ini in the client which get converted to inx, yes I knew they are connected to the monster animations, what part of animation they should play according to what action they are performing.
Interestingly, old clients often had several SMB files (which seem to contain all the Bips from the ASE, where the SMD holds all the base mesh) and the ini file would point to a different SMB (via it's ASE name).
Anyway... let's assume you are looking at ET2.2 The strings you are looking at are placed @ 08B64B3Ch onward, there is a big label above it, which says "--- Variables for Effect ---".
It's pointed to, as you can see if you do a binary search for 08 B6 4B 3C, by a table of offsets which clearly starts @ 08B66840h. It has a big ASCII label over it which says "--- New Variable Pointers ---". :D:
Does that help you? -.-
I'm not being funny, I honestly didn't know and really haven't encountered this problem. It's cool though, because I suspect that the new Smelting and Manufacturing codes are in a table like this somewhere, so we both learned something today. ^_^
Re: Monsters variable pointers
Effect sound on client, and server don't have it.
Re: Monsters variable pointers
Quote:
Originally Posted by
zaharavn
Effect sound on client, and server don't have it.
That seems to say what I though, but I'm man enough to admit that there must be some reason why Global Fantasy went to the effort of updating these, and it would seem some people have issues.
Maybe some game.exe files are patched so that they don't care what the server says, and work independently, while others are not?
Re: Monsters variable pointers
Monster Pointer to name monster. In file .inf have sound for name monster. ANd client use name monster to effect sound ^^"
Re: Monsters variable pointers
Quote:
Originally Posted by
zaharavn
Effect sound on client, and server don't have it.
Thats depend... as bobsobol said this code is there for a reason, for me (kPT 2.42.8) this code is a must, if I remove it (from server ofc) I get not sound even if client have it. I don't know how its working in ePT or bPT. I did not try to disable it but I believe it its there for some client check (like you can detect fly hack by player position on map if its not on ground or 'safe' spot than it might be a hack).
@bobsobol
Thank you, I think my brain was not connected to eyes when I was looking at code lol. I have clear offset there but I am asking stupid questions, sorry >=P
About .ini's...
ji_woo.ini is only thing I have:
Code:
// 캐릭터 주인공 설정값
*모양파일 ji_woo.ASE
*정밀모양 "ji_woo"
//*보통모양 "ji_woo"
*동작파일 ji_woo.ASE
*동작모음 "ji_woo.ASE"
*걷는동작 10 52 반복
*서있기동작 70 340 반복
*끝
Lets translate what interest me the most:
* Walking Behavior 10 52 Repeat
* Standing behavior 70 340 Repeat
Those numbers are times in 3d studio animation from X frame to Y frame. This might be useful to determinate attack, skills, monsters animations etc. ji_woo (low lvl quest lady) have two 'commands' only but there are some time 'gaps', so she might have battle animation in .smb, this need to be tested when I get more time.
There should be more in server but lately I am doing too many things at same time so 1st I will fix server :)
Re: Monsters variable pointers
Example... old Bargon (Bagon-B) animation control .ini with English Transtaion
Code:
// Hero Character Settings
// 캐릭터 주인공 설정값
//Model Files
*모양파일 Monbagon-B.ASE
// High precision shape
*정밀모양 "bagonB-h"
// Low precision shape
*보통모양 "bagonB-l"
// Model Sensitive?
*모델구분
// Behaviour file (animation... basically)
*동작파일 mbagon.ase
// Animation File
*동작모음 "Monbagon-B.ASE"
// Animation File
*동작모음 "Monbagon-walk.ASE"
// Walking Action
*걷는동작 1 41 5 24 반복
// Animation File
*동작모음 "Monbagon-stop.ASE"
// Standing (Idle) Action
*서있기동작 1 51 반복
// Animation File
*동작모음 "Monbagon-potion.ASE"
// Potting (drinking) Action
*물약먹기동작1 1 41 14
// Animation File
*동작모음 "Monbagon-attack.ASE"
// Attacking Action
*공격동작1 1 51 20 30
// Animation File
*동작모음 "Monbagon-damage.ASE"
// Struk Action
*타격동작1 1 17
// Secondary Action File
*보조동작파일 Monbagon-Die-B.ini
// END
*끝
From which you can see that, if she does not already have those actions in the spare frames (and my experience suggests these are either "tween" frames from one action to another, or just empty motionless frames) then you can always link to a separate new animation .ASE. ^_^
Re: Monsters variable pointers
Useless information is sent inside packets because most packets are formed on the thread stack and is not zero-ed before (some) variables inside the packet are set.
Also, on topic, the monster setting such as HOBGOBLIN on a monster file is only read once when the server loads up and reads each monster.
This HOBGOBLIN string belongs to a specific id (I don't know which exactly at the moment), for example 0x1380 (80 13 00 00 ), this is the 'EffectID' of the monster, and this ID is also sent to the client when a monster spawns, so the client from then on knows which particles & sounds it has to use.
Then there is ofcourse the table which hooks a wav sound paths to the specific EffectID. This is only needed at the client side, not server side, and it's in the GFantasySection for new monsters because the original creator probably didn't understand that it is actually not needed, and did it for convenience.
Re: Monsters variable pointers
@bobsobol
Thx, more files to study.
Quote:
Originally Posted by
UserNameHere2
GFantasySection for new monsters because the original creator probably didn't understand that it is actually not needed, and did it for convenience.
Than explain me just one simple thing... why I need them? :)
Because if I don't add them than monsters sounds will not work. I could for example delete any monster from this table and it will play no sounds for me... O.o
Re: Monsters variable pointers
My guess is that the "convenience" has lead to a "reliance".
As I say, I've used the original 4096, and heard sound for high level monsters it only knew about because I had .inf files for them and copied the field folder from a much newer client.
Remember that the server (all of the ones I've looked at) still contains the client... it can still be run in *MODE FULL or *MODE WINDOW (on any OS from 5.x down, it now crashes under Vista and Se7en... for me at least) and you can play from it as if it where a normal game.exe.
In *MODE SERVER, it uses the basic networking and table lookups of the client... enough to fake a player that GMs can PM / Whisper to authenticate up, but other than that it uses an entirely different set of routines.
What is confusing, when editing the server, is all the code needed to run as a game client is there also... so how do you know that it is ever used in server mode? How do you know if it needs to be updated or not?
Sometimes, the "convenience" is just to synchronise lists with what is in the client, while you're at it and "just in case". However, having done that, you can create a situation where the server does now need that list to be correct because you have updated it to need it, where previously it was ignoring it.
Re: Monsters variable pointers
Quote:
Originally Posted by
bobsobol
What is confusing, when editing the server, is all the code needed to run as a game client is there also... so how do you know that it is ever used in server mode? How do you know if it needs to be updated or not?
My guess is that in *MODE SERVER same functions doing different things.
I just messed this table by mistake and my Revived Knight is shooting arrows and doing phoenix shoots, Babel is using Sadnesst attacks etc... LOL
Its like client.exe have nothing to say O.o
Everything is correct on Client but Server control effects and sounds b4 client. Even Hopy can do babel attacks and sound while babel acting like Hopy :)
I have a little off topic question:
Whats better NOP's or 00's as fill in between functions?
Does functions that are left alone (nothing is referring to them, like: jmp, push, call etc.) can still work?
--EDIT--
This working like a charm, few wav's are not working but I need to fix same table but for wavs ;}
For some reason effect function is 'turned off' in client (but its still there), I don't know reason why kPT made this move (server controlling effects and sound) but I am sure they had good reason.
Monster have numbers in this table, crystal towers (bc) have numbers too but bit higher. For some reason some numbers are skipped. ARMA and ARMADIL (whatever it is O.o) have same numbers (10C0h). But its interesting way of controlling client :)
Re: Monsters variable pointers
Quote:
Originally Posted by
Vormav
I have a little off topic question:
Whats better NOP's or 00's as fill in between functions?
Does functions that are left alone (nothing is referring to them, like: jmp, push, call etc.) can still work?
Always NOP between functions (or int3 or some other equivalent. Mov AL,AL is a common one I think.) 00 between data. Remember, data in the code section (jump tables and case match tables)
If "nothing" is referring to a routine, then it can never be called... but if Olly has processed it, something does.
Remember, many routines are CALLed by "call [ECX*4+JmpTableInRData]" type statements, and for some reason Olly often doesn't find those "references". PE Explorer usually does. Sometimes routines are CALLed by "POP EDX : CALL EDX" or "POP EDX : CALL [EDX]" when the routine which called those commands PUSHed the address, or a pointer to it, of the routine in question. Olly doesn't see that as a reference either... and PE Explorer struggles.
You will know better than I how IDA Pro see them. I'm still struggling to understand the disassembly IDA produces.
Quote:
Originally Posted by
Vormav
I don't know reason why kPT made this move (server controlling effects and sound) but I am sure they had good reason.
Monster have numbers in this table, crystal towers (bc) have numbers too but bit higher. For some reason some numbers are skipped. ARMA and ARMADIL (whatever it is O.o) have same numbers (10C0h). But its interesting way of controlling client :)
Arama, is MOUSE... was originally a Mouse / Rat but has had it's skin changed to be an Armadillo. XD
Maybe people made Babel attack like a Hopy in their client, and that meant he didn't do much DMG? IDK.
1 Attachment(s)
Re: Monsters variable pointers
I think I understand why its controlled by server, effect have "range" so when my babel had hopi effect he was not able to use long range, it might be possible to make range hack not from weapon size but from effect. I did not tested this on client but if kPT disable this on client than like Myth Busters would say its "Plausible" :)
You should use IDA for analize bobsobol, olly its superior in assembling but nothing can beat IDA+hex rays in gathering informations (and you can put pseudocode in lines with one click), when I was building this effect table IDA helped me a lot (I sow on the fly what offset is showing), you can rename functions on the fly. IDA will show you "connected functions" if there is JMP (or something that lead you to another function) and part after this jump is in other place than IDA will show them together. Debugger is good too.
In IDA you will see functions that are not working (nothing is referring to them) in red color.
I will upload you patcher for IDA .dif files (File>Produce file>Create DIF File), with source code in case you would like to play with it.
