Guide: Debug console

Page 1 of 2 1 2
12/11/2008 20:57 plixbugmenot#1
In this guide I wil tell you how to get the debug console to work in 2 ways.

Updated for pw international 1.4.0

First and easy way:
Launch the game with console:1
you can make a batchscript for that

1 create an empty .txt file in the folder where your elementclient.exe is located
2 copy pase the following code in it:
(this also bypasses the launcher)
Code:
elementclient.exe game:cpw console:1
3 rename your file to UltimatehaxxorLauncher.bat
4 run the bat file
5 press Shift+~ to see the console

see console commands at the end of this post
--------------------------------------

Second and harder way
(but more awesome way, only for the more advanced user though)
1 You will need a dissasembler(I used ollydbg)
(if you need some basic ollydbg skills, try this topic: [Only registered and activated users can see links. Click Here To Register...])

2 Search for the string "console:"

3 you will see this code:
Code:
0043BB70      PUSH perfectw.008F3794  ;  UNICODE "console:"
0043BB75      PUSH ESI
0043BB76      CALL EDI
0043BB78      ADD ESP,8
4 Replace that code with this
Code:
0043BB70      XOR EAX,EAX			;sets EAX to 0
0043BB72      INC EAX				;sets EAX to 1
0043BB73      MOV DWORD PTR ES:[94D450],EAX 	;puts EAX into 94D450
0043BB79      JMP SHORT perfectw.0043BB8F 	;jumps to the end of the function
yes, it just checks if 94D450 * is 1 (true) so this patch sets it always to true

5 make the executable (if you need help with this, you shouldn't be doing this)

6 run the game and press Shift+~

*Note: This addres changes from version to version. You get it from the next lines:

Code:
0043BB7F  |.  68 50D49400   PUSH perfectw.0094D450  ; HERE IT IS!!
0043BB84  |.  68 7C378F00   PUSH perfectw.008F377C                   ;  UNICODE "console:%d"
0043BB89  |.  50            PUSH EAX
0043BB8A  |.  FFD3          CALL EBX
---------------------------------

console commands:
Code:
// ========== Debug commands ==========
"d_cameramode"
"d_boundbox"
"d_rtdebug"
"d_npcid"
"d_runspeed"
"d_goto"
"d_fly"
"d_c2scmd"
"d_viewradius"
"d_relogin"
"d_skill"
"d_render_water"
"d_render_grass"
"d_render_forest"
"d_render_shadow"
"d_render_outline"
"d_turnaround"
"d_testdist"
"d_gfx"
"d_showpos"
"d_trnlayer"
"d_a3dstat"
"d_gamestat"
"d_treelod"
"d_fps"
"d_playerradius"
"d_showid"
"d_skipframe"
"d_modelupdate"
"d_minidump"
"d_settimeofday"
"d_getservertime"
"d_task"
"d_mipmapbias"
"d_trncull"
"d_gscmd"
"d_delcmd"
12/11/2008 23:48 SEVENS#2
Hi dude....

Well work fine for mi, but how i can use console commands?
12/12/2008 03:58 GODDNESS#3
Quote:
GM console commands:
gm_kickout_role
gm_kickout_user
gm_list_user
gm_online_num
gm_restart_sev
gm_shutup_role
gm_shutup_user
gm_moveto_player
gm_callin_player
gm_broadcast
gm_showid
gm_forbid_role
gm_trigger_chat
gm_generate
usless to most but heres the GM console commands, nice post, it truely works :D thx
12/12/2008 13:27 plixbugmenot#4
Quote:
Originally Posted by SEVENS View Post
Hi dude....

Well work fine for mi, but how i can use console commands?
you just type them in.
like

d_boundbox

and then enter.

it will show you the boundingboxes

or

d_rtdebug

wich shows some server messages you receive.

just try them out :mofo:
12/12/2008 13:44 santosa99#5
sorry for my newbie question can you tell me it's function, i already tried but nothing happen.
i tried "d_fly, d_task, d_runspeed" may be you can give more information. thanks b4
12/12/2008 16:49 SEVENS#6
Quote:
Originally Posted by plixbugmenot View Post
you just type them in.
like

d_boundbox

and then enter.

it will show you the boundingboxes

or

d_rtdebug

wich shows some server messages you receive.

just try them out :mofo:


Ok...
I tried this form be all right, worked.. but this commands "d_fly, d_task, d_runspeed" dont working, or i puting wrong commands? can u give example for use this commands?

Ty so much..
12/12/2008 19:30 garnoo#7
try to use google -.-

etc. type 'perfect world dev' in google and you will see nice forum with info...

use brain - use google
12/12/2008 21:17 SEVENS#8
Quote:
Originally Posted by garnoo View Post
try to use google -.-

etc. type 'perfect world dev' in google and you will see nice forum with info...

use brain - use google

hey dude im ask any resp to you? if you dont come help dont disturb plz..

cya
12/12/2008 21:44 plixbugmenot#9
"d_fly, d_task, d_runspeed"

haven't got them to work either. probably server side check :mad:

nothing really usefull found yet, but let me know when you do find something :)
12/12/2008 22:17 GODDNESS#10
Here, i've done ALL the work for you, here's the link: [Only registered and activated users can see links. Click Here To Register...]
12/13/2008 00:49 garnoo#11
Quote:
Originally Posted by SEVENS View Post
hey dude im ask any resp to you? if you dont come help dont disturb plz..

cya
you ask a stiupid questions, you are dumb or you cant use search engines, we dont need leechers that cant think here:rolleyes:

and yes, cya
12/21/2008 08:17 ColdFire_#12
I've tried using Olly but don't work, so I need advice (maybe I'm doing it wrong). So to the people who success using Olly, pls. advice/help.
Thanks..

This is what I do:
Search for "console:"
[Only registered and activated users can see links. Click Here To Register...]

Found the lines (original)
[Only registered and activated users can see links. Click Here To Register...]

Then I modified it to
[Only registered and activated users can see links. Click Here To Register...]

Then I make the exe but when I press [Shift] + [~], it don't work. So I think I must be doing it the wrong way :(
12/21/2008 13:58 plixbugmenot#13
You have overwritten one line too much, since you left Test eax,eax in there. you need to overwrite that :)

also make sure your keyboard layout is QWERTY or it wont work (you can change keyboard layout in the windows control panel)

I will just post the whole function :D

ORIGINAL CODE:

Code:
0043B740   /$  53                PUSH EBX
0043B741   |.  56                PUSH ESI
0043B742   |.  57                PUSH EDI                                                   ;  ntdll.7C910208
0043B743   |.  E8 88000000       CALL ecDMCMul.0043B7D0
0043B748   |.  8B7424 10         MOV ESI,DWORD PTR SS:[ESP+10]
0043B74C   |.  8B3D 68F48600     MOV EDI,DWORD PTR DS:[<&MSVCRT.wcsstr>]                    ;  MSVCRT.wcsstr
0043B752   |.  68 68178E00       PUSH ecDMCMul.008E1768                                     ; /wstr2 = "rendersize:"
0043B757   |.  56                PUSH ESI                                                   ; |wstr1 = FFFFFFFF ???
0043B758   |.  FFD7              CALL EDI                                                   ; \wcsstr
0043B75A   |.  8B1D 6CF48600     MOV EBX,DWORD PTR DS:[<&MSVCRT.swscanf>]                   ;  MSVCRT.swscanf
0043B760   |.  83C4 08           ADD ESP,8
0043B763   |.  85C0              TEST EAX,EAX
0043B765   |.  74 15             JE SHORT ecDMCMul.0043B77C
0043B767   |.  68 689D9300       PUSH ecDMCMul.00939D68
0043B76C   |.  68 649D9300       PUSH ecDMCMul.00939D64
0043B771   |.  68 44178E00       PUSH ecDMCMul.008E1744                                     ; |format = "rendersize:%dx%d"
0043B776   |.  50                PUSH EAX                                                   ; |wstr = NULL
0043B777   |.  FFD3              CALL EBX                                                   ; \swscanf
0043B779   |.  83C4 10           ADD ESP,10
0043B77C   |>  68 3C178E00       PUSH ecDMCMul.008E173C                                     ;  UNICODE "ip:"
0043B781   |.  56                PUSH ESI
0043B782   |.  FFD7              CALL EDI                                                   ;  ntdll.7C910208
0043B784   |.  83C4 08           ADD ESP,8
0043B787   |.  85C0              TEST EAX,EAX
0043B789   |.  74 15             JE SHORT ecDMCMul.0043B7A0
0043B78B   |.  68 6C9D9300       PUSH ecDMCMul.00939D6C
0043B790   |.  68 6C9F9300       PUSH ecDMCMul.00939F6C
0043B795   |.  68 28178E00       PUSH ecDMCMul.008E1728                                     ;  UNICODE "ip:%d:%s"
0043B79A   |.  50                PUSH EAX
0043B79B   |.  FFD3              CALL EBX
0043B79D   |.  83C4 10           ADD ESP,10
0043B7A0       68 14178E00       PUSH ecDMCMul.008E1714                                     ;  UNICODE "console:"
0043B7A5       56                PUSH ESI
0043B7A6       FFD7              CALL EDI                                                   ;  ntdll.7C910208
0043B7A8       83C4 08           ADD ESP,8
0043B7AB       85C0              TEST EAX,EAX
0043B7AD       74 10             JE SHORT ecDMCMul.0043B7BF
0043B7AF   |.  68 709F9300       PUSH ecDMCMul.00939F70
0043B7B4   |.  68 FC168E00       PUSH ecDMCMul.008E16FC                                     ;  UNICODE "console:%d"
0043B7B9   |.  50                PUSH EAX
0043B7BA   |.  FFD3              CALL EBX
0043B7BC   |.  83C4 0C           ADD ESP,0C
0043B7BF   |>  5F                POP EDI                                                    ;  kernel32.7C817067
0043B7C0   |.  5E                POP ESI                                                    ;  kernel32.7C817067
0043B7C1   |.  5B                POP EBX                                                    ;  kernel32.7C817067
0043B7C2   \.  C3                RETN
PATCHED:

Code:
0043B740    $  53                PUSH EBX
0043B741    .  56                PUSH ESI
0043B742    .  57                PUSH EDI                                                   ;  ntdll.7C910208
0043B743    .  E8 88000000       CALL ecDMCMul.0043B7D0
0043B748    .  8B7424 10         MOV ESI,DWORD PTR SS:[ESP+10]
0043B74C    .  8B3D 68F48600     MOV EDI,DWORD PTR DS:[<&MSVCRT.wcsstr>]                    ;  MSVCRT.wcsstr
0043B752    .  68 68178E00       PUSH ecDMCMul.008E1768                                     ; /wstr2 = "rendersize:"
0043B757    .  56                PUSH ESI                                                   ; |wstr1 = FFFFFFFF ???
0043B758    .  FFD7              CALL EDI                                                   ; \wcsstr
0043B75A    .  8B1D 6CF48600     MOV EBX,DWORD PTR DS:[<&MSVCRT.swscanf>]                   ;  MSVCRT.swscanf
0043B760    .  83C4 08           ADD ESP,8
0043B763    .  85C0              TEST EAX,EAX
0043B765    .  74 15             JE SHORT ecDMCMul.0043B77C
0043B767    .  68 689D9300       PUSH ecDMCMul.00939D68
0043B76C    .  68 649D9300       PUSH ecDMCMul.00939D64
0043B771    .  68 44178E00       PUSH ecDMCMul.008E1744                                     ; |format = "rendersize:%dx%d"
0043B776    .  50                PUSH EAX                                                   ; |wstr = NULL
0043B777    .  FFD3              CALL EBX                                                   ; \swscanf
0043B779    .  83C4 10           ADD ESP,10
0043B77C    >  68 3C178E00       PUSH ecDMCMul.008E173C                                     ;  UNICODE "ip:"
0043B781    .  56                PUSH ESI
0043B782    .  FFD7              CALL EDI                                                   ;  ntdll.7C910208
0043B784    .  83C4 08           ADD ESP,8
0043B787    .  85C0              TEST EAX,EAX
0043B789    .  74 15             JE SHORT ecDMCMul.0043B7A0
0043B78B    .  68 6C9D9300       PUSH ecDMCMul.00939D6C
0043B790    .  68 6C9F9300       PUSH ecDMCMul.00939F6C
0043B795    .  68 28178E00       PUSH ecDMCMul.008E1728                                     ;  UNICODE "ip:%d:%s"
0043B79A    .  50                PUSH EAX
0043B79B    .  FFD3              CALL EBX
0043B79D    .  83C4 10           ADD ESP,10
0043B7A0    >  26:C705 709F9300 >MOV DWORD PTR ES:[939F70],1
0043B7AB    .  EB 12             JMP SHORT ecDMCMul.0043B7BF
0043B7AD    .  74 10             JE SHORT ecDMCMul.0043B7BF
0043B7AF    .  68 709F9300       PUSH ecDMCMul.00939F70
0043B7B4    .  68 FC168E00       PUSH ecDMCMul.008E16FC                                     ;  UNICODE "console:%d"
0043B7B9    .  50                PUSH EAX
0043B7BA    .  FFD3              CALL EBX
0043B7BC    .  83C4 0C           ADD ESP,0C
0043B7BF    >  5F                POP EDI                                                    ;  kernel32.7C817067
0043B7C0    .  5E                POP ESI                                                    ;  kernel32.7C817067
0043B7C1    .  5B                POP EBX                                                    ;  kernel32.7C817067
0043B7C2    .  C3                RETN
12/21/2008 16:15 ColdFire_#14
Thanks for the reply :) Now I understand ^^
12/27/2008 11:10 ColdFire_#15
I followed your instructions but it won't work (The one using batch file console:1 works). Include with this is my exe. Can you check what is going wrong? This is a MY-EN ver13 1.3.1 client.

The lines I modified (should be correct):
[Only registered and activated users can see links. Click Here To Register...]

My EXE file: [Only registered and activated users can see links. Click Here To Register...]

Pls. guide (I'm interested in learning this.. , thanks :)
Page 1 of 2 1 2