Printable View
Hi all, i need help to change my game.exe port por server.exe (game use 10009 and server 10013).
i try using ollydbg but only found one line to change port but i test and contine with port 10009.
I think need change code in more Offsets but dont know it.
A very useful question, and one I thought I'd at least partially written a guide on... but I can't find it now.
I've had more success on servers, because they all share the same base code.
The traditional answer is to use a Hex editor to scan for all occurrences of a DWord 10013 and replace with 10009... but that is potentially very dangerous. It will make the change desired, but may also make several undesired changes leading to unpredictable bugs in the server.
Theoretically, the port is set with the bind() API. There is only one reference to this, but if you locate it you will find that when the call is made it is passed the binding port via EDI. This indicates that socket operations are internally wrapped to custom functions within the program.
The main socket setup (or initialisation) wrapping routine for the server is at 00452410, and if you reference the calls to it you will see that there is only one reference to it.
Tracing the code back from that Call you will see another setup routine is called before it.In my case 2717 is port 10007, and the result of that earlier Call is also 2717.Code:00574720 |. call 0056BA90
00574725 |. mov eax,[84A434]
0057472A |. test eax,eax
0057472C |. je BadSock: ;short 00574731
0057472E |. push eax
0057472F |. jmp SockOK: ;short 00574736
BadSock:
00574731 |> push 2717
SockOK:
00574736 |> call SockInit ; \server4096.SockInit
You can analyse that by the fact that EAX is loaded with the value stored at location 84A424, and if you search for references to it you will see it is loaded into EAX twice, and from EAX twice.
The first time it is loaded, it is loaded with a constant in a routine starting at 00435CE7.The second time, the value varies.Code:00435CE7:
mov eax,2717
mov [84A458],eax
mov [84A434],eax
mov [84A47C],eax
mov [84A4A0],eax
I have not tested this greatly, but I suspect this is the allocation of a unique local port for each client which connects.Code:0043618B:
mov eax,esi
lea edx,[esp+10]
call 00433430 ; [server4096.00433430
lea ecx,[esp+10]
push ecx
call 005C7D38
add esp,4
mov [84A434],eax
jmp 00436425
Experience suggests that more alterations than those two are needed, but that the Hex method is excessive and dangerous.
Searching for all instances of the constant value 2717 in my server gives me the following listand I would usually go through those and work out which need to be changed and which are coincidental.Code:004012C1 push 2717
00435820 mov dword ptr [edi+84A5D8],2717
0043586B mov dword ptr [edi+84A5DC],2717
004358AE mov dword ptr [esi+84A5E0],2717
00435CE7 mov eax,2717
004D252F mov dword ptr [esi+78E0288],2717
004D2796 mov dword ptr [esi+78E0288],2717
0056449E cmp dword ptr [edi+0C],2717
005644E5 cmp dword ptr [edi+0C],2717
005682EE mov dword ptr [esp+24],2717
0056B460 push 2717
00571B81 mov dword ptr [esp+20],2717
00574731 push 2717
0057E797 mov eax,2717
0057E9F3 push 2717
0057E9FD mov dword ptr [7B084B0],2717
00585DFF push 2717
The two in red we already know are definitely part of the bind operation from our earlier analysis. But the port is also specified for listen(), connect(), recv() and send() APIs, and maybe others from WSOCK32.
Unfortunately, the MSDN documentation all leads you to the newer WS2_32.dll APIs these days. Most of the functionality of WSOCK32 is redirected to WS2_32 anyway, but the way it was used, and the way we where taught to use it was less object oriented than the way MS tell you to utilise WS2_32. :$:
You can look up the APIs individually, but if you ask MSDN to tell you about WinSock operation, they will tell you the current methods, and neglect to even mention that the older implementation is still valid.
Lol bob. I think he would like a simpler approach to resolve the issue.
@cacots, please do look over the tutorials section on this matter, specifically at http://forum.ragezone.com/f562/resea...client-361543/ as the ports thing was addressed back in 2008 lool :).
Ahh. Yes, that's a pretty good post, but of course you'd have to ignore the stuff about clients as they have changed a lot since then. XD
--- EDIT ---
To clarify the difference between the two methods.
The post illustrated by Osirus is too out of date to find a client match, but we can look at the server just fine. It's referring to any server which has already been KPT patched, whether it's running on the KPT port (10009) or not.
The hex stream "83C40C85C0740850685CA48400FFD7B8" disassembles to the following in OllyDbg:-Which you should find just above the second listing I illustrated in my initial response.Code:00435CD8 add esp,0C
00435CDB test eax,eax
00435CDD je short 00435CE7
00435CDF push eax
00435CE0 push offset 0084A45C
00435CE5 call edi
00435CE7 mov eax,2716
You'll see that this listing finishes on the same address mine starts. 00435CE7
That line is the key. But when I take an original jPT server, I have had to alter more locations than that one alone.
thx u Bobsobol :D
@osirus: i see this tuto and i cant find port, this tuto is for old Client/server.exe. But thx u
screenshot plss.........
Screenshots are not relevant. Why would you want screenshots of text that is already in this thread?
Text which, as text, can be copied, pasted and manipulated to fit your purpose as a bitmap which can't? That doesn't make sense.
He could be a BR guy, always wanting screenshots and guides to do everything. Just stop being lazy...
I don't think it's a matter of lazy. Screens would be harder to work from than text. It's like a video guide... you can't copy and past offsets or code fragments to search for from a video or a screen grab, you can from text.
I just don't see why anyone would want the information in a less useful form, and wonder if they are just trying to bump post count so they can spam advertisements. :glare: (that is becoming a problem on RZ)
Are you familiar with "Screenshots or it didn't happen" ? ;)Quote:
Originally Posted by bobsobol
I am... it's stupid.
I've faked screenshots to show something impossible happening, and screenshots from text based programs are "in text", I've provided listings from Olly and from MadEdit which are effectively screenshots.It's a screenshot... but it still didn't happen. :ott1:Code:C:>Del *.* /S
C:\AUTOEXEC.BAT ... Deleted
C:\CONFIG.SYS ... Deleted
C:\IBMBIO.SYS ... Deleted
C:\MSDOS.SYS ... Deleted
C:\DOS\COMMAND.COM ... Deleted
C:\DOS\ERASE.COM ... Deleted
C:\DOS\FORMAT.COM ... Deleted
C:\DOS\XCOPY.COM ... Deleted
@bobsobol
‪Joker Ringtone, Why So Serious!‬‏ - YouTube
?
I am sure he wanted SS because he did not understand what magic can type all this ;)
BTW. I need to try this, for some reason I always patched servers and not clients.
The magic is called "fingers" and "clipboard". XDQuote:
Originally Posted by Vormav
I'm guessing "some reason" would be that it's actually harder in many modern clients to change the port. :wink:Quote:
Originally Posted by Vormav
I change the ports of the latest PTBr/ePT/cPT/kPT the same way I do with the oldest games, just Control+H in hexworkshop and replace all 16bit signed int 10009 ( or whichever are its default port ) to the port I want...
:nono: Shame on you. What a lovely way to introduce nasty bugs.:thumbdown:Quote:
Originally Posted by SheenBR
32-bit is the bare minimum, and in my experience I still end up patching about 3-7 locations which are completely unrelated to the ports.
Then, how do I know what effect that will have on the game? How do I know it won't crash at some unexpected moment? When my client does crash, do I have any idea why?
why bugs? This is the way to change the ports like he wanted to know...
This is the worst explanation of how to change ports that I know of, and the best way to introduce bugs into your client that I know of.
This is a large part of where I suspect most of the bugs in many server releases come from.
I would never perform hex search and replace on any query less than 10 bytes long. EVER
The feature in HexWorkshop is fine for editing a "save game" file or such, but it is way too dangerous to use on an executable as complex as... say... Calc.exe :ott1:
this is the way I learned... I know this isnt the righteous way, but I'm too lazy to BP the winsock functions lmao...
I don't mind if you have unprotected sex... so long as you are aware of the risks. :wink: