what do we do with this file?Quote:
Here's an episode 3 client working with episode 1 servers. 'Working' might be a bit ambitious though, things are messed up due to differences in packets but at least you can get into game:
[Only registered and activated users can see links. Click Here To Register...]
Actual serverfiles fixes and problems
04/28/2017 17:45
trollwalker#46
04/28/2017 18:50
osiy1996#47
What do you mean? Regular ep3 clients won't run with ep1 servers, I modified this one a bit so it will run. That's all there's to it.
04/29/2017 00:34
al3css#48
Tested the exe and the ep3 ini folder on episode 1 client and i saw same problem with textures of mobs and npc.
04/29/2017 07:08
osiy1996#49
There are no problems with the alefclient.exe or inis or textures.. I'm using the same client with a different server and all works fine. I could fix those packets like I fixed the server selection part but this is your project so you should try and do it.
04/29/2017 11:49
raduelvis1#50
Thank you sir by atleast posting the the fix for the ep3 client,and by your statement that the client can be fixed for shure,that brought some ideas :DQuote:
--also you rlly let some clues there on the picture,ida pro advanced and wireshark :D
04/29/2017 12:28
CharlyBrown001#51
this looks like the arisen vm
he wants to say you can do it if you really want it just get some ida skills + use wireshark to get futher progress ;)
he wants to say you can do it if you really want it just get some ida skills + use wireshark to get futher progress ;)
05/01/2017 06:56
raduelvis1#52
Does the same modifications can be aplied to the ep 2 season of siege client exe? I dont wana have a client with extra in it if i wont use it.My goal is just to make a damn good ep2 with all the features that cm hadQuote:
05/01/2017 08:16
osiy1996#53
Sure, why not.
05/01/2017 10:12
CharlyBrown001#54
if im using just the dll from osy on the cm ep2 client the alefclient.exe need ah process point that is missing so im using ollydebug to edit the alefclient.exe working since last day no progress there...
if im using dll and alefclient.exe from osy on the cm ep2 client it works but same problem with no npc mobs and that because its the ep3 client alefclient.exe not the ep2 one im getting HEADACHE here!!! maybe i should get some sleep :rolleyes:
if im using dll and alefclient.exe from osy on the cm ep2 client it works but same problem with no npc mobs and that because its the ep3 client alefclient.exe not the ep2 one im getting HEADACHE here!!! maybe i should get some sleep :rolleyes:
05/01/2017 12:37
osiy1996#55
You'll have the same problem with episode 2. I haven't tried it with ep1 server but seeing that it works with ep3 server it probably doesn't work with ep1:
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
05/01/2017 13:02
Synestraa#56
After DLL_MAIN does some initialization stuff (haven't reversed this part) it ends up going to the following:Quote:
if im using dll and alefclient.exe from osy on the cm ep2 client it works but same problem with no npc mobs and that because its the ep3 client alefclient.exe not the ep2 one im getting HEADACHE here!!! maybe i should get some sleep :rolleyes:
The routine at 0x10001a40 starts off by doing doing 2 hooks at hardcoded addresses. This seems to be the main initialization routine.
It hooks 0x5C3260 -> 0x10001660.
The hook checks for a byte coming right after the packet flags, which is at + 11.
if this byte is greater or equal to 2, it gets incremented. You figure out why. Of course it ends up jumping back to the original function.
It hooks 0x4DE5F0 -> 0x10001830.
This hook checks if the packet type is 13. If it is, again it gets the byte coming right after the flags at +11.
If it's >= 3, it gets decremented.
Edit: I forgot to mention, all of the things below this happen only if there is a file called "show_debug_console". Which therefore is more or less useless information as it does not help you people with your server making quest. (Or does it?)
After the hooks, it creates a debug console at 0x10001370.
After that, it calls 0x100013f0. tl;dr this function finds printf and OutputDebugStringA.
It creates a context struct, in which at +0 the old 6 bytes are stored. At +6 the new 6 bytes are stored.
(0xc3, 0x90, 0x90, 0x90, 0x90, 0x90).
It then calls the 0x10001aa0 procedure with each of these structs for different functions.
For OutputDebugStringA it has 0x10001350.
For printf it has 0x10001070.
This means that these two functions are blocked with an immediate ret. (Please correct me if im wrong, I have no idea why you would pass an address of another function if you would just return anyway, so it's kind of confusingg you knowwwww).
Also, notably, the displacement is stored at +7 (DWORD).
After this mumbo jumbo console stuff is done, it proceeds to call a function which dumps the parse_list to a "parse_list.h" file.
With a hardcoded address of 0x8AD1D4 (I think this is a relative address, at 100036c8 it might be the base address of alefclient.)
It took only a couple of minutes to gather all this data. I have not even done any dynamic analysis.
P.S. Olly is very outdated, check out X64DBG for 32bit executables, or you know, get IDA?
Edit: All of this is done from the DLL (since we're talking about dll_main it should be obvious enough.)
Edit: I realize that this might not make sense. It should serve as a tutorial on what you should do in order to make this edit usable through any codemasters client.
05/01/2017 16:08
al3css#57
I started to work with alefclient.exe seems @[Only registered and activated users can see links. Click Here To Register...] its right about packets in textures problem about monsters and npc.I have been worked few days at this and I found a way to get it only the npc but seems I need to rework some packets sometimes npc disappear and appear after few seconds,isnt ok because server gives a delay on actions in game seems I missed something,now im stuck at mobs textures ..if I resolve something I will post the progress.
Peace and have a nice day.
Peace and have a nice day.
05/01/2017 19:26
CharlyBrown001#58
means the problem isnt the alefclient.exe from ep3?Quote:
[Only registered and activated users can see links. Click Here To Register...]
so the problem seems the difference in packets from server and client allright thanks osiy!
Quote:
The routine at 0x10001a40 starts off by doing doing 2 hooks at hardcoded addresses. This seems to be the main initialization routine.
It hooks 0x5C3260 -> 0x10001660.
The hook checks for a byte coming right after the packet flags, which is at + 11.
if this byte is greater or equal to 2, it gets incremented. You figure out why. Of course it ends up jumping back to the original function.
It hooks 0x4DE5F0 -> 0x10001830.
This hook checks if the packet type is 13. If it is, again it gets the byte coming right after the flags at +11.
If it's >= 3, it gets decremented.
Edit: I forgot to mention, all of the things below this happen only if there is a file called "show_debug_console". Which therefore is more or less useless information as it does not help you people with your server making quest. (Or does it?)
After the hooks, it creates a debug console at 0x10001370.
After that, it calls 0x100013f0. tl;dr this function finds printf and OutputDebugStringA.
It creates a context struct, in which at +0 the old 6 bytes are stored. At +6 the new 6 bytes are stored.
(0xc3, 0x90, 0x90, 0x90, 0x90, 0x90).
It then calls the 0x10001aa0 procedure with each of these structs for different functions.
For OutputDebugStringA it has 0x10001350.
For printf it has 0x10001070.
This means that these two functions are blocked with an immediate ret. (Please correct me if im wrong, I have no idea why you would pass an address of another function if you would just return anyway, so it's kind of confusingg you knowwwww).
Also, notably, the displacement is stored at +7 (DWORD).
After this mumbo jumbo console stuff is done, it proceeds to call a function which dumps the parse_list to a "parse_list.h" file.
With a hardcoded address of 0x8AD1D4 (I think this is a relative address, at 100036c8 it might be the base address of alefclient.)
It took only a couple of minutes to gather all this data. I have not even done any dynamic analysis.
P.S. Olly is very outdated, check out X64DBG for 32bit executables, or you know, get IDA?
Edit: All of this is done from the DLL (since we're talking about dll_main it should be obvious enough.)
Edit: I realize that this might not make sense. It should serve as a tutorial on what you should do in order to make this edit usable through any codemasters client.
thanks for the tut! yes it is very confusing not only the reading part (Austrian) also the coding stuff. i was thinking ollydebug for start its simpler for me due to the fact i watched some tuts in german. i have ida but ida is way ahad for me for now and second not many german tuts for ida at least on youtube xD
i really do preciade your help there really!!! but im older and learning new things is really hard for me but i will keep doing it not only for myself... osiy is knowing what i mean ;)
just want to be honest no offense to you Synestra!
05/01/2017 22:44
al3css#59
The alefclient episode 3 as osy said has different packets and not only the mobs and npc are not showing,the trash from inventory doesnt work to...and there are much things that doesnt work...to make them work we need to work alot on packets... before to start to do more progress on this tomorrow I will try to release a repack of serverfiles,I reordered the files as a new folder called Cfg where we got db configs,obs files including objecttemplate.ini,ipblock and others important configs.Obs files are now loaded from 1 file named OBS0000(objecttemplate.ini is latest from episode 3 including all informations for obs files).I cleaned the main folder and remaked chinese older consoles.Shout system has same problem about packets that alefclient doesnt recognize them.
05/02/2017 06:10
CharlyBrown001#60
Sure waiting for your repack :)Quote:
are there all updates in it you postet erlier on this thread?