☆ Customize Look

[Vormav]

Customize Look

Customize Look is a MOD that visualize gloves, boots, armlets, armours and robes changes… nuff said. If you planning to check it right away that do only points 0, 1 and eventually 7, 8.

Customize Look by Vormav is licensed under a

You must be registered to see links

.

You are free:

to Share — to copy, distribute and transmit the work
to Remix — to adapt the work
to make commercial use of the work

Trailer:

You must be registered to see links

All:

You must be registered to see links

Tempskron:

You must be registered to see links

Morion:

You must be registered to see links

0) Download:
- Customize Look MOD Source (customizeLook_source.rar)
- Customize Look MOD Files (

You must be registered to see links

) [ ONLINE ]*
- Customize Look MOD kPT client (

You must be registered to see links

) [ ONLINE ]*

*for google drive press File > Download (Ctrl + S)

- CFF Explorer

You must be registered to see links

- OllyDbg

You must be registered to see links

- Code::Blocks

You must be registered to see links

( ...mingw-setup.exe! )

1) Extract char.rar in main folder, where your game.exe is.
- *.tga, *.bmp ,*.ASE files will go to char/tmABCD folder (nothing should be replaced, tell me if it was!)
- Extract game_and_dll.rar in main PT folder, customizeLook.dll, game_noxt_mw_cl.exe (noxt = no Xtrap, mw = maximized window, cl = customize look) and unmodified_game.exe will go to main folder
- if you planning to use/check this MOD on my .exe than start it right away (its recommended to use test Korean Priston Tale client folder for that). You need to do server part (edit just one function) to see customized look in player select screen and from first/faraway look in game. However if you planning to port it to your client than go string to point 2!

2) Open game.exe with CFF Explorer and create two new sections:
- .text_cl (size: 1000, characteristics: 60000020)
- .data_cl (size: 1000, characteristics: C0000040)

3) In CFF Explorer go to import adder, check Create New Section and press Add. Select customizeLook.dll and press Open. Select two functions:
- composeLook
- getItems
and press Import By Name, press Rebuild Import Table. Save your changes.

4) Open game.exe with OllyDbg/IDA and check address of your new sections .data_cl and .text_cl, write them down and open customizeLook.cbp (Code::Blocks). In customizeLook.h you will find those definitions:

[COLOR=Silver]//----- These addresses change with each version of Priston Tale[/COLOR]
[COLOR=SeaGreen]#define item_SWITCH_ADDRESS         0x0452B000      [COLOR=silver]// size: 0x4[/COLOR]
#define item_ID_ADDRESS             0x0452B004      [COLOR=silver]// size: 0x4[/COLOR]
#define my_items_ADDRESS            0x0452B008      [COLOR=silver]// size: 0x4[/COLOR]
#define player_items_ADDRESS        0x0452B00C      [COLOR=silver]// size: 0x4[/COLOR]
#define ME_PLAYER_NPC_MOB_ADDRESS   0x0452B010      [COLOR=silver]// size: 0x4[/COLOR]
#define model_string_ADDRESS        0x0452B014      [COLOR=silver]// size: 0x4[/COLOR][/COLOR]

change all 0x addresses to your .data_cl addresses, first one is .data_cl address, another one is .data_cl address + 0x4, third one is second one + 0x4 and so on… you increasing next address by 0x4 all the time.
If build target is not set to Release than change it. Rebuild (ctrl + F11) your .dll and copy it (bin\Release) to PristonTale main folder.

5) Open game.exe with Hex Editor and find your items table. We need to change:
- Gloves (from dg101 to last dg???)

Text:

....Leather Gloves..................DG101...........,...,...Defense......................................................... ...dg101................................................................

Hex:

000103024C65617468657220476C6F766573000000000000000000000000000000000000444731303100000000000000000000002C0000002C000000446566656E73650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000064673130310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000[COLOR=red]00[/COLOR]0000000B

Change 00 to 08 for all gloves!


- Boots (from db101 to last db???)

Text:

....Leather Boots...................DB101...........,...,...Defense.............................................................db101................................................................

Hex:

000102024C65617468657220426F6F747300000000000000000000000000000000000000444231303100000000000000000000002C0000002C000000446566656E73650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000064623130310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000[COLOR=red]00[/COLOR]0000000A

Change 00 to 08 for all boots including Mokova Boots and Speed Boots!


- Armlets (from oa201 to last oa???)

Text:

....Leather Armlets.................OA201...........,.......Accessory...........................................................oa201................................................................

Hex:

000102034C6561746865722041726D6C65747300000000000000000000000000000000004F4132303100000000000000000000002C000000160000004163636573736F727900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800006F613230310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000[COLOR=red]00[/COLOR]0000000E

Change 00 to 08 for all armlets including Super Armlets!

08 in that place in item telling code that putting item on/off will change your look (before only amours had it). You can use find and replace but be sure that you changing only items you would like to! If your server have different (than TKPT) items table than you will have to do some changes to code and .ASE files.
Save your changes and close Hex Editor.

6) Open game.exe with OllyDbg .

- Pay attention to colors, when I say sequence of commands, you are looking for sequence in that color. When I say change code you changing code in that color. When I say sequence of commands I talking about both colors.
- Pay attention to notes, when I write // JMP to .text_cl you jumping to free space in your .text_cl section. When I write //item_SWITCH_ADDRESS you using address from your .data_cl. When I write // JMP back (to JE SHORT 004443CC) you jumping back to address in your .exe, to command that look similar in this case JE SHORT XXXXXXXX.

- Find sequence of commands:

[COLOR=Sienna]MOV ESI,DWORD PTR SS:[ESP+10]
TEST ESI,ESI
MOV ECX,DWORD PTR DS:[EAX+46E0]
MOV EBX,DWORD PTR DS:[ECX]
MOV EDI,DWORD PTR DS:[EAX+2A8][/COLOR]
0044438E  |. 0F84 99000000  JE game_nox.0044442D
[COLOR=Red]00444394  |. 8B4424 18      MOV EAX,DWORD PTR SS:[ESP+18]
00444398  |. 85C0           TEST EAX,EAX[/COLOR]

- Change code to:

0044438E  |. 0F84 99000000  JE game_nox.0044442D
[COLOR=red]00444394    -E9 675C0E04    JMP game_nox.0452A000 [COLOR=Black]// JMP to .text_cl[/COLOR]
00444399     90             NOP[/COLOR]

- in .text_cl section assemble:

[COLOR=red]0452A000   8B4424 18        MOV EAX,DWORD PTR SS:[ESP+18]
0452A004   A3 00B05204      MOV DWORD PTR DS:[[COLOR=SeaGreen]452B000[/COLOR]],EAX [COLOR=Black]//item_SWITCH_ADDRESS[/COLOR]
0452A009   8935 04B05204    MOV DWORD PTR DS:[[COLOR=SeaGreen]452B004[/COLOR]],ESI [COLOR=black]//item_ID_ADDRESS[/COLOR]
0452A00F   E8 C471956C      CALL customiz.getItems [COLOR=black]//CALL getItems[/COLOR]
0452A014   8B4424 18        MOV EAX,DWORD PTR SS:[ESP+18]
0452A018   85C0             TEST EAX,EAX
0452A01A  -E9 7BA3F1FB      JMP game_nox.0044439A [COLOR=black]// JMP back (to JE SHORT 004443CC)[/COLOR]
0452A01F   90               NOP
0452A020   90               NOP
0452A021   90               NOP
0452A022   90               NOP[/COLOR]

- Find sequence of commands:

[COLOR=Sienna]LEA ECX,DWORD PTR DS:[EAX+38EC][/COLOR]
[COLOR=Red]PUSH ECX
LEA EDX,DWORD PTR SS:[ESP+C][/COLOR]
[COLOR=Sienna]PUSH EDX
PUSH EAX[/COLOR]

- Change code to:

0044388C  |. 8D88 EC380000  LEA ECX,DWORD PTR DS:[EAX+38EC]
[COLOR=red]00443892    -E9 8C670E04    JMP game_nox.0452A023[/COLOR] [COLOR=black]// JMP to .text_cl[/COLOR]
00443897  |. 52             PUSH EDX
00443898  |. 50             PUSH EAX

- in .text_cl section assemble:

[COLOR=red]0452A023   8B15 08B05204    MOV EDX,DWORD PTR DS:[[COLOR=SeaGreen]452B008[/COLOR]] [COLOR=black]// my_items_ADDRESS[/COLOR]
0452A029   8951 FB          MOV DWORD PTR DS:[ECX-5],EDX
0452A02C   51               PUSH ECX
0452A02D   8D5424 0C        LEA EDX,DWORD PTR SS:[ESP+C]
0452A031  -E9 6198F1FB      JMP game_nox.00443897 [COLOR=black]// JMP back (to PUSH EDX)[/COLOR]
0452A036   90               NOP
0452A037   90               NOP
0452A038   90               NOP
0452A039   90               NOP[/COLOR]

- Find sequence of commands (there are two function that has it, we are looking at first function!):

[COLOR=Sienna]MOV EAX,DWORD PTR DS:[ECX+387C]
MOV EDX,DWORD PTR DS:[ECX+1D0]
LEA EAX,DWORD PTR DS:[EAX+EAX*8]
MOV DWORD PTR DS:[ECX+EAX*4+1494],EDX
MOV EDX,DWORD PTR DS:[ECX+1D4]
MOV DWORD PTR DS:[ECX+EAX*4+1498],EDX[/COLOR]
[COLOR=Red]MOV EAX,DWORD PTR DS:[ECX+387C]
RETN[/COLOR]

- Change code to:

004184C3  |> 8B81 7C380000  MOV EAX,DWORD PTR DS:[ECX+387C]
004184C9  |. 8B91 D0010000  MOV EDX,DWORD PTR DS:[ECX+1D0]
004184CF  |. 8D04C0         LEA EAX,DWORD PTR DS:[EAX+EAX*8]
004184D2  |. 899481 9414000>MOV DWORD PTR DS:[ECX+EAX*4+1494],EDX
004184D9  |. 8B91 D4010000  MOV EDX,DWORD PTR DS:[ECX+1D4]
004184DF  |. 899481 9814000>MOV DWORD PTR DS:[ECX+EAX*4+1498],EDX
[COLOR=red]004184E6    -E9 4F1B1104    JMP game_nox.0452A03A [COLOR=black]// JMP to .text_cl[/COLOR]
004184EB     90             NOP
004184EC     90             NOP[/COLOR]

- in .text_cl section assemble:

[COLOR=red]0452A03A   8B15 08B05204    MOV EDX,DWORD PTR DS:[[COLOR=SeaGreen]452B008[/COLOR]] [COLOR=black]// my_items_ADDRESS[/COLOR]
0452A040   899481 0C140000  MOV DWORD PTR DS:[ECX+EAX*4+140C],EDX
0452A047   8B81 7C380000    MOV EAX,DWORD PTR DS:[ECX+387C]
0452A04D   C3               RETN
0452A04E   90               NOP
0452A04F   90               NOP
0452A050   90               NOP
0452A051   90               NOP[/COLOR]

- Find sequence of commands:

[COLOR=Sienna]MOV AX,WORD PTR DS:[EBX+18]
CMP AX,WORD PTR DS:[ESI+1D0][/COLOR]

- Change it to:

[COLOR=Red]00432052    -E9 FB7F0F04    JMP game_nox.0452A052 [COLOR=black]// JMP to .text_cl[/COLOR]
00432057     90             NOP
00432058     90             NOP
00432059     90             NOP
0043205A     90             NOP
0043205B     90             NOP
0043205C     90             NOP[/COLOR]

- in .text_cl section assemble:

[COLOR=red]0452A052   8B43 20          MOV EAX,DWORD PTR DS:[EBX+20]
0452A055   A3 0CB05204      MOV DWORD PTR DS:[[COLOR=SeaGreen]452B00C[/COLOR]],EAX [COLOR=black]// player_items_ADDRESS[/COLOR]
0452A05A   B8 00000000      MOV EAX,0
0452A05F   66:8B43 18       MOV AX,WORD PTR DS:[EBX+18]
0452A063   66:3B86 D0010000 CMP AX,WORD PTR DS:[ESI+1D0]
0452A06A  -E9 EE7FF0FB      JMP game_nox.0043205D [COLOR=black]// JMP back (to JE SHORT 00432077)[/COLOR]
0452A06F   90               NOP
0452A070   90               NOP
0452A071   90               NOP
0452A072   90               NOP[/COLOR]

- Find sequence of commands:

[COLOR=Sienna]MOV AX,WORD PTR DS:[EDI+1C]
CMP AX,WORD PTR DS:[ESI+1D0][/COLOR]

- Change it to:

[COLOR=Red]00420E96    -E9 D8911004    JMP game_nox.0452A073 [COLOR=black]// JMP to .text_cl[/COLOR]
00420E9B     90             NOP
00420E9C     90             NOP
00420E9D     90             NOP
00420E9E     90             NOP
00420E9F     90             NOP
00420EA0     90             NOP[/COLOR]

- in .text_cl section assemble:

[COLOR=red]0452A073   8B47 24          MOV EAX,DWORD PTR DS:[EDI+24]
0452A076   A3 0CB05204      MOV DWORD PTR DS:[[COLOR=SeaGreen]452B00C[/COLOR]],EAX [COLOR=black]// player_items_ADDRESS[/COLOR]
0452A07B   B8 00000000      MOV EAX,0
0452A080   66:8B47 1C       MOV AX,WORD PTR DS:[EDI+1C]
0452A084   66:3B86 D0010000 CMP AX,WORD PTR DS:[ESI+1D0]
0452A08B  -E9 116EEFFB      JMP game_nox.00420EA1 [COLOR=black]// JMP back (to JE SHORT 00420EBB)[/COLOR]
0452A090   90               NOP
0452A091   90               NOP
0452A092   90               NOP
0452A093   90               NOP[/COLOR]

- Find sequence of commands:

[COLOR=Red]00429617  |. C780 74010000 >MOV DWORD PTR DS:[EAX+174],1
00429621  |. 8B86 C4FD7600  MOV EAX,DWORD PTR DS:[ESI+76FDC4][/COLOR]
[COLOR=Sienna]MOV ECX,DWORD PTR DS:[EAX+28]
MOV EDX,DWORD PTR DS:[EAX+2C][/COLOR]

- Change code to:

[COLOR=red]00429617    -E9 780A1004    JMP game_nox.0452A094 [COLOR=black]// JMP to .text_cl[/COLOR]
0042961C     90             NOP
0042961D     90             NOP
0042961E     90             NOP
0042961F     90             NOP
00429620     90             NOP[/COLOR]

- in .text_cl section assemble:

[COLOR=red]0452A094   C780 74010000 01>MOV DWORD PTR DS:[EAX+174],1
0452A09E   05 74010000      ADD EAX,174
0452A0A3   A3 10B05204      MOV DWORD PTR DS:[[COLOR=SeaGreen]452B010[/COLOR]],EAX [COLOR=black]// ME_PLAYER_NPC_MOB_ADDRESS[/COLOR]
0452A0A8   2D 74010000      SUB EAX,174
0452A0AD  -E9 6FF5EFFB      JMP game_nox.00429621 [COLOR=black]// JMP back (to MOV EAX,DWORD PTR DS:[ESI+76FDC4])[/COLOR]
0452A0B2   90               NOP
0452A0B3   90               NOP
0452A0B4   90               NOP
0452A0B5   90               NOP[/COLOR]

- Find sequence of commands:

[COLOR=Sienna]MOV ECX,1E
LEA ESI,DWORD PTR SS:[ESP+100C4]
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI]
LEA EDI,DWORD PTR DS:[EBX+100E4]
MOV ECX,64
LEA ESI,DWORD PTR SS:[ESP+1013C][/COLOR]
0043C7CE  |. 8993 8CF10000     |MOV DWORD PTR DS:[EBX+F18C],EDX
0043C7D4  |. F3:A5             |REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI]
[COLOR=Red]0043C7D6  |. E9 D0000000       |JMP game_nox.0043C8AB[/COLOR]

- Save yourself address of this JMP and change it to:

[COLOR=red]0043C7D6    -E9 DBD80E04       JMP game_nox.0452A0B6[/COLOR]

- in .text_cl section assemble:

[COLOR=red]0452A0B6   891D 14B05204    MOV DWORD PTR DS:[[COLOR=SeaGreen]452B014[/COLOR]],EBX [COLOR=black]// model_string_ADDRESS[/COLOR]
0452A0BC   E8 4F72956C      CALL customiz.composeLook [COLOR=black]// CALL composeLook[/COLOR]
0452A0C1  -E9 E527F1FB      JMP game_nox.0043C8AB [COLOR=black]// JMP back to address I told you to save (MOV EAX,DWORD PTR SS:[ESP+C])[/COLOR]
0452A0C6   90               NOP
0452A0C7   90               NOP
0452A0C8   90               NOP
0452A0C9   90               NOP[/COLOR]

- Find sequence of commands:

[COLOR=Sienna]PUSH EBX
MOV EBX,ECX
PUSH EDI
XOR EDI,EDI[/COLOR]
[COLOR=Red]00523916  |. 8D83 C0020000  LEA EAX,DWORD PTR DS:[EBX+2C0][/COLOR]

- Change code to:

[COLOR=red]00523916    -E9 AF670004    JMP game_nox.0452A0CA [COLOR=black]// JMP to .text_cl[/COLOR]
0052391B     90             NOP[/COLOR]

- in .text_cl section assemble:

[COLOR=red]0452A0CA   8B42 3B          MOV EAX,DWORD PTR DS:[EDX+3B]
0452A0CD   A3 08B05204      MOV DWORD PTR DS:[[COLOR=SeaGreen]452B008[/COLOR]],EAX [COLOR=black]// my_items_ADDRESS[/COLOR]
0452A0D2   8D83 C0020000    LEA EAX,DWORD PTR DS:[EBX+2C0]
0452A0D8  -E9 3F98FFFB      JMP game_nox.0052391C [COLOR=black]// JMP back (to LEA ESP,DWORD PTR SS:[ESP])[/COLOR]
0452A0DD   90               NOP
0452A0DE   90               NOP
0452A0DF   90               NOP
0452A0E0   90               NOP[/COLOR]

- Find sequence of commands:

[COLOR=Red]00492C23   . B9 74000000    MOV ECX,74[/COLOR]
00492C28   . BF C8401303    MOV EDI,game_nox.031340C8 
[COLOR=Sienna]REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI]
POP EDI
POP ESI
MOV EAX,1
POP EBP
ADD ESP,154
RETN 4[/COLOR]

- Change code to:

[COLOR=red]00492C23    -E9 B9740904      JMP game_nox.0452A0E1 [COLOR=black]// JMP to .text_cl[/COLOR][/COLOR]

- in .text_cl section assemble:

[COLOR=red]0452A0E1   8B3D 08B05204    MOV EDI,DWORD PTR DS:[[COLOR=SeaGreen]452B008[/COLOR]] [COLOR=black]// my_items_ADDRESS[/COLOR]
0452A0E7   897E 5B          MOV DWORD PTR DS:[ESI+5B],EDI
0452A0EA   B9 74000000      MOV ECX,74
0452A0EF  -E9 348BF6FB      JMP game_nox.00492C28 [COLOR=black]// JMP back (to MOV EDI,31340C8)[/COLOR]
0452A0F4   90               NOP
0452A0F5   90               NOP
0452A0F6   90               NOP
0452A0F7   90               NOP[/COLOR]

- Find sequence of commands:

[COLOR=red]
00572610   . 8B35 B8C39400  MOV ESI,DWORD PTR DS:[94C3B8] [COLOR=black]// save this address (your client)[/COLOR]
ADD ESI,388C[/COLOR]
[COLOR=Sienna]MOV ECX,74
MOV EDI,EAX
REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI]
MOV ESI,DWORD PTR SS:[ESP+18]
MOV EDI,DWORD PTR SS:[ESP+C]
MOV EAX,DWORD PTR DS:[EDI+4][/COLOR]

- Change code to:

[COLOR=red]00572610    -E9 E37AFB03    JMP game_nox.0452A0F8 [COLOR=black]// JMP to .text_cl[/COLOR]
00572615     90             NOP
00572616     90             NOP
00572617     90             NOP
00572618     90             NOP
00572619     90             NOP
0057261A     90             NOP
0057261B     90             NOP[/COLOR]

- in .text_cl section assemble:

[COLOR=red]0452A0F8   8B0D 08B05204    MOV ECX,DWORD PTR DS:[[COLOR=SeaGreen]452B008[/COLOR]] [COLOR=black]// my_items_ADDRESS[/COLOR]
0452A0FE   8B35 B8C39400    MOV ESI,DWORD PTR DS:[94C3B8] [COLOR=black]// address from your client[/COLOR]
0452A104   81C6 8C380000    ADD ESI,388C
0452A10A   894E 5B          MOV DWORD PTR DS:[ESI+5B],ECX
0452A10D  -E9 0A8504FC      JMP game_nox.0057261C [COLOR=black]// JMP back (to MOV ECX,74)[/COLOR]
0452A112   90               NOP
0452A113   90               NOP
0452A114   90               NOP
0452A115   90               NOP[/COLOR]

- Find sequence of commands:

[COLOR=red]LEA EAX,DWORD PTR DS:[EBX+38EC][/COLOR]
[COLOR=Sienna]PUSH EAX
LEA ECX,DWORD PTR DS:[EBX+38AC]
PUSH ECX
PUSH EBX[/COLOR]

- Change code to:

[COLOR=red]0042CA0D    -E9 04D70F04       JMP game_nox.0452A116 [COLOR=black]// JMP to .text_cl[/COLOR]
0042CA12     90                NOP[/COLOR]

- in .text_cl section assemble:

0452A116   8D83 EC380000    LEA EAX,DWORD PTR DS:[EBX+38EC]
0452A11C   83E8 05          SUB EAX,5
0452A11F   8B00             MOV EAX,DWORD PTR DS:[EAX]
0452A121   A3 0CB05204      MOV DWORD PTR DS:[[COLOR=SeaGreen]452B00C[/COLOR]],EAX [COLOR=black]// player_items_ADDRESS[/COLOR]
0452A126   8D83 EC380000    LEA EAX,DWORD PTR DS:[EBX+38EC]
0452A12C  -E9 E228F0FB      JMP game_nox.0042CA13 [COLOR=black]// JMP back (to PUSH EAX)[/COLOR]
0452A131   90               NOP
0452A132   90               NOP
0452A133   90               NOP
0452A134   90               NOP

- Find sequence of commands:

[COLOR=Red]0051D12F  |. 8D5406 4C          |LEA EDX,DWORD PTR DS:[ESI+EAX+4C][/COLOR]
[COLOR=Sienna]PUSH EDX
LEA EAX,DWORD PTR DS:[EDI-308][/COLOR]
[COLOR=red]0051D133  |. 52                 |PUSH EDX
0051D134  |. 8D87 F8FCFFFF      |LEA EAX,DWORD PTR DS:[EDI-308]
0051D13A  |. 68 E0615D00        |PUSH game_nox.005D61E0                       ;  ASCII "%s" [COLOR=black]// save this address (your client)[/COLOR]
0051D13F  |. 50                 |PUSH EAX
0051D140  |. 890F               |MOV DWORD PTR DS:[EDI],ECX
0051D142  |. FFD3               |CALL EBX[/COLOR]

- Change code to:

[COLOR=red]0051D12F    -E9 01D00004        JMP game_nox.0452A135 [COLOR=black]// JMP to .text_cl[/COLOR]
0051D134     90                 NOP
0051D135     90                 NOP
0051D136     90                 NOP
0051D137     90                 NOP
0051D138     90                 NOP
0051D139     90                 NOP
0051D13A     90                 NOP
0051D13B     90                 NOP
0051D13C     90                 NOP
0051D13D     90                 NOP
0051D13E     90                 NOP
0051D13F     90                 NOP
0051D140     90                 NOP
0051D141     90                 NOP
0051D142     90                 NOP
0051D143     90                 NOP[/COLOR]

- in .text_cl section assemble:

[COLOR=red]0452A135   890F             MOV DWORD PTR DS:[EDI],ECX
0452A137   8D9430 87000000  LEA EDX,DWORD PTR DS:[EAX+ESI+87]
0452A13E   8D8F 33FDFFFF    LEA ECX,DWORD PTR DS:[EDI-2CD]
0452A144   8B12             MOV EDX,DWORD PTR DS:[EDX]
0452A146   8911             MOV DWORD PTR DS:[ECX],EDX
0452A148   8D5430 4C        LEA EDX,DWORD PTR DS:[EAX+ESI+4C]
0452A14C   52               PUSH EDX
0452A14D   8D87 F8FCFFFF    LEA EAX,DWORD PTR DS:[EDI-308]
0452A153   68 E0615D00      PUSH game_nox.005D61E0                   ; ASCII "%s" [COLOR=black]// address from your client[/COLOR]
0452A158   50               PUSH EAX
0452A159   FFD3             CALL EBX
0452A15B  -E9 E42FFFFB      JMP game_nox.0051D144 [COLOR=black]// JMP back (to MOV ECX,DWORD PTR DS:[33A4F80])[/COLOR]
0452A160   90               NOP
0452A161   90               NOP
0452A162   90               NOP
0452A163   90               NOP
[/COLOR]

- Find sequence of commands:

[COLOR=Red]MOV WORD PTR DS:[EAX+1D0],0FFFE[/COLOR]
[COLOR=Sienna]ADD ESP,4
CMP EBX,120[/COLOR]

- Change code to:

[COLOR=red]004443D8     66:8988 D00100>MOV WORD PTR DS:[EAX+1D0],CX
004443DF     90             NOP
004443E0     90             NOP[/COLOR]

- Find sequence of commands:

[COLOR=Sienna]SUB ESP,100
PUSH ESI
MOV ESI,DWORD PTR SS:[ESP+108]
CMP EAX,ESI[/COLOR]
[COLOR=Red]004437D5   . 74 19          JE SHORT game_nox.004437F0[/COLOR]

- Change code to:

[COLOR=red]004437D5     90             NOP
004437D6     90             NOP[/COLOR]

- Find sequence of commands:

[COLOR=Red]0041731E  |. 0F8D BC010000  JGE game_nox.004174E0[/COLOR]
[COLOR=Sienna]LEA EAX,DWORD PTR SS:[ESP+94]
PUSH EAX
PUSH EDI[/COLOR]

- Change code to:

[COLOR=red]0041731E     90             NOP
0041731F     90             NOP
00417320     90             NOP
00417321     90             NOP
00417322     90             NOP
00417323     90             NOP[/COLOR]

You can also NOP function to what JGE was taking you (0041731E |. 0F8D BC010000 JGE game_nox.004174E0)

Change:

[COLOR=red]004174E0     6BC0 5C             IMUL EAX,EAX,5C
004174E3     8B4C30 50           MOV ECX,DWORD PTR DS:[EAX+ESI+50]
004174E7     03C6                ADD EAX,ESI
004174E9     5F                  POP EDI
004174EA     5E                  POP ESI
004174EB     41                  INC ECX
004174EC     5D                  POP EBP
004174ED     8948 50             MOV DWORD PTR DS:[EAX+50],ECX
004174F0     83C0 04             ADD EAX,4
004174F3     5B                  POP EBX
004174F4     81C4 90060100       ADD ESP,10690
004174FA     C2 0400             RETN 4[/COLOR]

To:

[COLOR=red]004174E0     90                  NOP
004174E1     90                  NOP
004174E2     90                  NOP
004174E3     90                  NOP
004174E4     90                  NOP
004174E5     90                  NOP
004174E6     90                  NOP
004174E7     90                  NOP
004174E8     90                  NOP
004174E9     90                  NOP
004174EA     90                  NOP
004174EB     90                  NOP
004174EC     90                  NOP
004174ED     90                  NOP
004174EE     90                  NOP
004174EF     90                  NOP
004174F0     90                  NOP
004174F1     90                  NOP
004174F2     90                  NOP
004174F3     90                  NOP
004174F4     90                  NOP
004174F5     90                  NOP
004174F6     90                  NOP
004174F7     90                  NOP
004174F8     90                  NOP
004174F9     90                  NOP
004174FA     90                  NOP
004174FB     90                  NOP
004174FC     90                  NOP[/COLOR]

7) Open server.exe with CFF Explorer and create new section:
- .text_cl (size: 1000, characteristics: 60000020)


8) Open server.exe with OllyDbg .

- Go to 0044D2F3 or find sequence of commands (if you moved this function somewhere else):

[COLOR=Sienna]LEA ECX,DWORD PTR DS:[EBX+30]
ADD ESI,-50
PUSH ECX
LEA EDX,DWORD PTR DS:[ESI-40]
PUSH EDX
CALL EDI[/COLOR]

- Change it to:

[COLOR=Red]0044D2F3   .-E9 086D7108    JMP server40.08B64000 [COLOR=black]// JMP to .text_cl  [/COLOR]
0044D2F8     90             NOP
0044D2F9     90             NOP
0044D2FA     90             NOP
0044D2FB     90             NOP
0044D2FC     90             NOP
0044D2FD     90             NOP
0044D2FE     90             NOP
0044D2FF     90             NOP[/COLOR]

- in .text_cl section assemble:

[COLOR=red]08B64000   8D4B 6B          LEA ECX,DWORD PTR DS:[EBX+6B]
08B64003   8D56 AB          LEA EDX,DWORD PTR DS:[ESI-55]
08B64006   8B09             MOV ECX,DWORD PTR DS:[ECX]
08B64008   890A             MOV DWORD PTR DS:[EDX],ECX
08B6400A   8D4B 30          LEA ECX,DWORD PTR DS:[EBX+30]
08B6400D   83C6 B0          ADD ESI,-50
08B64010   51               PUSH ECX
08B64011   8D56 C0          LEA EDX,DWORD PTR DS:[ESI-40]
08B64014   52               PUSH EDX
08B64015   FFD7             CALL EDI
08B64017  -E9 E4928EF7      JMP server40.0044D300 [COLOR=black]// JMP back (to LEA EAX,DWORD PTR DS:[EBX+70])[/COLOR]
08B6401C   90               NOP
08B6401D   90               NOP
08B6401E   90               NOP
08B6401F   90               NOP
08B64020   90               NOP
08B64021   90               NOP[/COLOR]

Congratulations you added CL MOD to your client and server!

___________________________________________________________________________________

Some things that you should know but you are afraid to ask:

- Server is saving player select screen and first/faraway encounter items configuration in .dat files not by default but by modifications we made.

Text:

B.....GHRC 1.50.mA..............................char\tmABCD\mA023.ini...........................................char\tmABCD\Mmh-A08a.inf

Hex:

4214000081004748524320312E3530006D41000000000000000000000000000000000000000000000000000000000000636861725C746D414243445C6D413032332E696E690000000000000000000000000000000000000000000000000000000000000000000000000000[COLOR=Red]16182E12[/COLOR]00636861725C746D414243445C4D6D682D413038612E696E66

16182E12 is your 4 items configuration. When you first time login with this MOD to account that already have players with items you will see them naked because they will have 00000000 in .dat file, all you have to do is to login to game and quit. This will save your char items on server and next time you will go to player select screen you will see yourself customized.

- Player information is send to server in this packet:

74 00 00 00 13 00 47 48 64 6F 00 00 00 00 00 00 01 00 00 00 40 00 00 00 17 02 17 02 00 00 00 00 02 00 03 00 00 26 00 00 64 F0 00 01 00 00 00 00 75 1C 08 00 B9 E5 00 00 57 C1 C8 FF F0 76 02 00 00 00 5D 16 00 00 24 00 A1 01 FF FF BC 00 00 00 [COLOR=red]16 18 2E 12[/COLOR] 20 00 00 00 E0 8A 47 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Than server sending it to anyone who is asking for it. There is no security for it yet but there is no security for skin hack too so it’s not big deal.

- Naming and standards look like this:

*.tga, *.bmp files with _00c in name are official textures fixed for MOD
_01c and above are textures for custom items.

So if you planning to make your custom textures and use my standard for naming than use _99c and go down or name it _01c_name_of_your_server so my updates will not write on your files.

- All models are in 8 *.ASE files:
mfbb00_p.ASE (ATA)
mfbc00_p.ASE (PRS)
mmba00_p.ASE (KS)
mmbd00_p.ASE (MGS)
tfbd00_p.ASE (AS)
tmba00_p.ASE (MS)
tmbb00_p.ASE (FS)
tmbc00_p.ASE (PS)

There is limit 128 models (*GEOMOBJECT, bones are not counted) per file and I’m taking around 105 per class, so you can add 23 models (5 sets of gloves, boots, armlets and armour). I don’t plan to investigate this limit for now but if you pass it with adding your custom armours you can delete some of items that are grouped (fix code for that, see how 7 and 30 days boots are done) but not deleted from .ASE (see Excel table for that) or make items special like cash shop robes/armours, they change whole look.

Names inside are self-explainable, for example:
"MBHB01" = morion | body (armour) | High quality (medium and low quality was removed) | B - ATA | 01 – number of item ID in item table, 00010102 Nude

So here is universal key:
M – morion, T – tempskron
B – body (armor), A – arms (gloves), L – legs (boots), S – shoulder pads (armlets)
H – high quality, M – medium quality, L – low quality
When T at the beginning A – MS, B – FS, C – PS, D – AS
When M at the beginning A – KS, B – ATA, C – PRS, D – MGS
01 - FF item ID in items table (number before name)

I’m treating all armours/robes that have ID 2F and above as special armours so if your custom armour have ID e.g. 4B than it will be treated as special armour (you might wish that if fixing your custom armour for this MOD is too hard for you or armour will not look good with rest of items), you will have to add some code but it easy. Cash shop armlets and boots are working normally.

- To add items use ScreamingFox guide (http://forum.ragezone.com/f562/notes-armors-armors-101-a-789886/) and my naming.
e.g. you planning to add armlets for Fighter (FS), you doing as guide told you and you naming armlets TSHBXX (where XX is ID of existing item in table). You copy that mesh (*GEOMOBJECT { […] }) to tmbb00_p.ASE (FS) after last armlet, you changing *MATERIAL_REF to next available and adding material of your mesh to *MATERIAL_LIST { […] }. If you adding something more complex like gloves or armour than compare my vertexes XYZ and Physique with yours to avoid holes. I fixed many problems with PT items so they should look better then original (no holes, no strange physique, no texture bugs etc.).
If you have two or more meshes with the same name than both/all meshes will show up.

- Items.xlsx (MS Excel file) showing current % of completion and also giving you information about what items have original (O) meshes (edited/fixed for MOD but have original look), new (N) items meshes (edited original meshes/textures) and items that don’t exist (X) (e.g. MS don’t have naked armlet but archer does).
If you see O and empty space below it mean that this item (mesh) is a copy of O item with changed name and will be changed to N in the future.

- You can use this system/code and build heads/hats/earrings/tattoos/masks system, same way armours/robes/gloves/boots/armlets where done. Hardest part would be doing slot for those items. Customize Look giving you possibilities, you can add your MODs to this MOD, you can build anti lag system that will work on the fly (loading models without textures, changing all models to low quality), you can customize NPC or MOB, possibilities are endless, I have few in mind that I will add in the future. For now there is not switch off yet, but do we really need that? Anyway updates will come if this mode become popular.



Special thanks for bobsobol for help with my C questions, ScreamingFox for doing guide and uploading original PT skeletons and everyone else who contributed to this release.


HAVE FUN WITH IT!!

 

[bobsobol]

Re: █ Customize Look

In customizeLook.h you will find those definitions:

//----- These addresses change with each version of Priston Tale
#define item_SWITCH_ADDRESS 0x0452B000 // size: 0x4
#define item_ID_ADDRESS 0x0452B004 // size: 0x4
#define my_items_ADDRESS 0x0452B008 // size: 0x4
#define player_items_ADDRESS 0x0452B00C // size: 0x4
#define ME_PLAYER_NPC_MOB_ADDRESS 0x0452B010 // size: 0x4
#define model_string_ADDRESS 0x0452B014 // size: 0x4

change all 0x addresses to your .data_cl addresses, first one is .data_cl address, another one is .data_cl address + 0x4, third one is second one + 0x4 and so on… you increasing next address by 0x4 all the time.

1st mini-observation.

[COLOR=DarkGreen]//----- These addresses change with each version of Priston Tale[/COLOR]
[COLOR=Blue]#define[/COLOR] item_SWITCH_ADDRESS         0x0452B000 [COLOR=DarkGreen]     // size: 0x4[/COLOR]
[COLOR=Blue]#define[/COLOR] item_ID_ADDRESS             (item_SWITCH_ADDRESS + 0x04) [COLOR=DarkGreen]     // size: 0x4[/COLOR]
[COLOR=Blue]#define[/COLOR] my_items_ADDRESS            (item_ID_ADDRESS + 0x04)      [COLOR=DarkGreen]// size: 0x4[/COLOR]
[COLOR=Blue]#define[/COLOR] player_items_ADDRESS        (my_items_ADDRESS + 0x04) [COLOR=DarkGreen]     // size: 0x4[/COLOR]
[COLOR=Blue]#define[/COLOR] ME_PLAYER_NPC_MOB_ADDRESS   (player_items_ADDRESS + 0x04) [COLOR=DarkGreen]     // size: 0x4[/COLOR]
[COLOR=Blue]#define[/COLOR] model_string_ADDRESS        (ME_PLAYER_NPC_MOB_ADDRESS + 0x04) [COLOR=DarkGreen]     // size: 0x4[/COLOR]

Written like this, only one source change is needed. The pre-compiler works out the rest. Could also base all addresses on the first. (+ 0x04, + 0x08, +0x0C etc.)

Just a thought. :

Fantastic work, and beautiful documentation. Thank you so much for all your effort Vormav.

 

[ScreamingFox]

Re: █ Customize Look

2 things:

This is the most relevant mod i have ever seen =D
The most awaited mod EVER =D


Since i was so crazily eager to check it out (and that code stuff still give me the headaches just to look at XD, but i am slowly working on it..), i thought "oh what about just running that executable".. huhu, and it worked

Oh I'm so happyy thanks a lot =DDD


But (it probably is because i did not edited the executables) the scythes are being hold as bows (but this is most probably my mistake)

 

[Vormav]

Re: █ Customize Look

OK, I added some more colors, now comments ( // ...) in BB code are no longer red, they are black, addresses from header are green, some more text formatting fixes and anoying brick "█" was replaced with star... I know how it got there in first place... it was late... dame you copy from word to chrome... Now guide should be more clear and nicer to read.

1st mini-observation[...]

You will find more for sure, I still keep this code simple so it's easy to check things... you will find 2 big if/else statements that are repeated This will be changed in the feature but for now I'm OK with it... it help me with testing.


Anyway that's a nice trick to do but I will not change it for now. It might confuse others in code like this:

[COLOR="Red"]0452A004   A3 00B05204      MOV DWORD PTR DS:[[COLOR="SeaGreen"]452B000[/COLOR]],EAX [COLOR="Black"]//item_SWITCH_ADDRESS[/COLOR][/COLOR]

But yes definitely great tip!

[...]i thought "oh what about just running that executable".. huhu, and it worked

That's a relief, if its working for more than one person that its a good sign
Thanks again for info about those bones, I modified my .ASE files. ASE you uploaded have bones before meshes, I don't see any changes but who knows maybe they affect some physique, after all when there is no mesh bones taking it place.

But (it probably is because i did not edited the executables) the scythes are being hold as bows (but this is most probably my mistake)

that's a strange bug you got there but nope I can't reproduce it, maybe your server/client item list is not compatible?

PS. O and I love SS I wish I will see more of them

 

[SheenBR]

if it is possible, I'd like to know what those codes inside the dll are for... I'd like to understand what they're doing :

if you can explain that to us.

 

[Vormav]

What codes? I'm sure that I had brick "█" only on RZ
But I can explain how it works bit more so ask me anything if that's what you asking for?

First function getItems gather info about you, when you put on or off items, when you login all items are putted on you.

Second is patching memory (composing your look from data that getItems function got) when it detect that you putted something on/off or other player showed up. It's just a big "if"/"case" table.

O and BTW dll is a pure C, there is no C++ in it... but its compiled with GCC that's why it look different than typical VC++ dll.

 

[ScreamingFox]

Re: █ Customize Look

PS. O and I love SS I wish I will see more of them

eace:​

 

[bocadecao]

How many codes u.U
the year's most anticipated project

because the armor are without thorns?
and can cause server crash?

 

[Vormav]

How many codes u.U [...]

All the time you just search assemble, search assemble, it should take 30 minute max

because the armor are without thorns?
and can cause server crash?

Some items have thorns removed to give more unique items, PT providing 1/3 of meshes compared to items number.

You can look at items.xlsx file, new meshes are marked as N and I will be adding more in the future.

 

[trungtheboy]

I can't "copy to executable" to save file :?address of section .text_cl)

 

[bobsobol]

Sometimes I get the file offset and the RVA confused in CFF Explorer. The reason I mention this is because the usual reason for "copy to executable" not showing, is because the memory you have written code (or data) into, is an address not mapped to and offset in the PE file.

To be sure, double click the .text_d section in Ollys' memory map. It should open a new disassembly at the correct "in-memory" (RVA) address. (I'm using Olly 2.0 so I hope it still applies)

 

[rxaicy]

thank you Vormav, that is the great works...but i have some questions to ask you..do the new ase those you made decide the look? how i can make it to support new more items which i added? thank you again..i cannot understand your standards well...i am sorry..i just know the codes you write..but to ase...i don't know ...you mean the left space only can contains 128 models? i just can added 5 sets of gloves, boots, armlets and armour?:laugh:

 

[Vormav]

I can't "copy to executable" to save file :?address of section .text_cl)

As bobsobol said, you probably assembling code not in new section but somewhere else. I can see that from your SS.

To find your .text_cl section, press "M" in OllyDbg, find .text_cl, right click it, copy to clipboard > address, than you just ctrl + g, ctrl + v and you press OK... now you are in correct section.

thank you Vormav, that is the great works...but i have some questions to ask you..do the new ase those you made decide the look? how i can make it to support new more items which i added? thank you again..i cannot understand your standards well...i am sorry..i just know the codes you write..but to ase...i don't know ...you mean the left space only can contains 128 models? i just can added 5 sets of gloves, boots, armlets and armour?:laugh:

.SMD format have 128 *GEOMOBJECT limit, 1 item (mesh) = 1 *GEOMOBJECT, I already added 105 meshes. So simple calculation:
128 - 105 = 23, 23/4 (4 items types) ~= 5, that's 5 more sets of items.

I will explain how to add items (mesh) on mechanic.
First you need item in item table, lets make armlets:
OA266

look how other armlets look like:

in HEX editor:
00 01 02 03 Leather Armlets

01 - is item ID

02 03 - is item type, in this case armlets

This item ID/type is used by C code.
And it linked to name in .ASE file.

In this case for MS:

*GEOMOBJECT {
	*NODE_NAME "TSHA[COLOR="Red"]01[/COLOR]"
	*NODE_TM {
		*NODE_NAME "TSHA[COLOR="red"]01[/COLOR]"
[...]

To add OA266, you need to add them to items table and give them working ID, we will use 00 42 02 03

now you need to create new mesh and add it (rmb about texture) to
tmba00_p.ASE (for MS) name it:

*GEOMOBJECT {
	*NODE_NAME "TSHA[COLOR="red"]42[/COLOR]"
	*NODE_TM {
		*NODE_NAME "TSHA[COLOR="red"]42[/COLOR]"
[...]

Usually PT doing ID this way: OA266 -> HEX -> 42, but newest armors are not holding that rule so don't get confuse by it.

 

[rxaicy]

thank you..i am clear..

 

[bocadecao]

I understand ...
You add all the physique armor with 3d max?
That took the shares for. Ase in Notepad

 

[bocadecao]

do not quite understand the part "text_cl"
Screaming that you could help me in Portuguese? >. <

 

[Vormav]

do not quite understand the part "text_cl"
Screaming that you could help me in Portuguese? >. <

English:

You can write your problem in Portuguese and add google translation below, I think it will be easier to understand.

So what's the problem? You have hard time adding new section?


Portuguese:

Você pode escrever o seu problema em Português e adicione tradução google abaixo, eu acho que vai ser mais fácil de entender.

Então, qual é o problema? Você tem dificuldade de adicionar nova seção?

 

[TAAS69]

Very good work, fascinated me very tt:
but I have a small problem,
Phoenix files (ID16) cause crash (error) in game...
Do you know where this error may be related?
Very very thanks!
Sorry my ingles

 

[Vormav]

[...]
Phoenix files (ID16) cause crash (error) in game...
Do you know where this error may be related?
[...]

You mean boots, gauntlets, bracelets?

Try deleting your:

mfbb00_p.SMD
mfbc00_p.SMD
mmba00_p.SMD
mmbd00_p.SMD
tfbd00_p.SMD
tmba00_p.SMD
tmbb00_p.SMD
tmbc00_p.SMD


If it will not help than I will need some more details:

On what character (class) it is happening?
What's exact error? You putting item on and game crash?
Can you upload your game.exe or items table?

 

[trungtheboy]

error when i select character

:?::?: