[WIP] Get SRO Source Code - by re-writing it

Page 1 of 23

12/24/2018 00:52 florian0#1

Hello beloved, greedy, dead, click-baited community,

i've been playing with this for a while now and I think its ready for you to play with it. This simple task required only 10000 lines of code and roughly 5 years of my life. Hopefully @[Only registered and activated users can see links. Click Here To Register...] won't find it as "[Only registered and activated users can see links. Click Here To Register...]" as my other releases.

Impressions

What is it?

SRO_DevKit is a recreation of the source code of Silkroad Online. It aims to be binary compatible, meaning all code being written can be directly hooked into the game. It's far from being complete, but it already allows a lot of modifications.

Main features are:

Create new windows
Create new controls
Create icons in the notification-panel on the right
Send packets

The code also contains the full source code of the chat.

Other features are:

Contains the Interface Analysis tool shown in some of my screenshots
Contains my QuickStart release
Contains my NavMesh Explorer
Contains my Entity Explorer
Comes with a lot of addresses for free (import them into your x32dbg, Ghidra, IDA, etc)
Offers many ways to crash the game

Help wanted!

This project is explicit marked as "work in progress". It's not finished. It requires a lot of work. But you can help. By contributing your time. Your precious time you would usually spend on trying to convince people (including me) to do your stuff instead of learning how to do it yourself. Your precious time you would otherwise spend on making excuses on how you don't have time to learn and do things yourself. Stop complaining! Start doing!

You don't have to contribute great code or awesome features. You can also write guides on how to get started with certain features. Describe how to solve a certain issue. Help others getting started with the project.

The source code fairly clean. No scary assembly shit. No dirty hooks. Every method has a comment describing where to find it in the binary using a debugger. You can debug the code in Visual Studio.

I'm sorry to tell you that I'm still using Visual Studio 2005 for compiling. You can use newer Visual Studio Versions to edit the code, but using 2005 is a hard dependency and I wont help you if you're using a different compiler.

Lets be honest: None of you is going to contribute anyways.

Where is the download, bro?

Before diving right in: READ THE DOCUMENTATION!

Documentation: [Only registered and activated users can see links. Click Here To Register...]

Source Code: [Only registered and activated users can see links. Click Here To Register...]

Don't be a dick

I finally found a license that fits this community just perfectly.

Code:

DON'T BE A DICK PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

1. Do whatever you like with the original work, just don't be a dick.

   Being a dick includes - but is not limited to - the following instances:

 1a. Outright copyright infringement - Don't just copy this and change the name.
 1b. Selling the unmodified original with no work done what-so-ever, that's REALLY being a dick.
 1c. Modifying the original work to contain hidden harmful content. That would make you a PROPER dick.

2. If you become rich through modifications, related works/services, or supporting the original work,
share the love. Only a dick would make loads off this work and not buy the original work's
creator(s) a pint.

3. Code is provided with no warranty. Using somebody else's code and bitching when it goes wrong makes
you a DONKEY dick. Fix the problem yourself. A non-dick would submit the fix back.

That being said: Merry christmas <3

Frequently asked questions

12/24/2018 01:50 Sector1337*#2

LOL, you did released your history dude :kappa: anyway it’s looks cool maybe it’ll help to the developers for who wants to do stuff like that, as the flo said don’t use it completely guys xD just keep it as example base hehe let’s contribute dyed community xDD

12/24/2018 06:01 B1Q#3

wow, that is simply amazing.

No scary assembly shit. No dirty hooks.
I wonder who does that :D

12/24/2018 11:08 dipointed#4

Quote:

Originally Posted by FutureLogic

LOL, you did released your history dude :kappa: anyway it�s looks cool maybe it�ll help to the developers for who wants to do stuff like that, as the flo said don�t use it completely guys xD just keep it as example base hehe let�s contribute dyed community xDD

Did you have a stroke?

-- well done, Flo!

12/24/2018 11:18 $WeGs#5

Well done boy, and Merry Christmas

12/24/2018 12:42 #HB#6

You got [Only registered and activated users can see links. Click Here To Register...] back already.

Quote:

Originally Posted by florian0

click-baited community,

TRUE AF

12/24/2018 17:37 SubZero**#7

good work :awesome:

12/25/2018 04:58 sarkoplata#8

holy shit, why you got so triggered by a random guy's message? :D

12/26/2018 02:12 Otakanikaru#9

O wow, didnt expect someone going that far, well done mate.

p.s. havent been on scene for years

12/26/2018 11:00 InPanic Kev#10

Respekt ;)

12/27/2018 02:16 Syloxx#11

wow dude, that's impressive

I am glad i just started using c++ in league script development ;) might be helpful here as well.

12/27/2018 12:34 Stratti#12

Dude, this is really great work, mad respect!

I know this can be a pain in the ass. Usually you reverse huge C++ executables like Silkroad to get a basic understanding of certain parts of a program, not to rebuild the entire source.

Some time ago I literally had the same idea but with the GameServer's code.
I spent several year's reversing the binary just to get an understanding of how Silkroad works in depth. How it does communicate with other modules, how the network processing works, etc.

That being said, I did get an understanding of it. I learned how the internal process and thread management works, how it makes use of Microsoft's IOCP and how it does implement it.
The idea was to rebuild parts of the C++ code and then use this knowledge and the C++ pseudo code to build an almost perfect working emulator.
An emulator with which I would climb the "legend of silkroad" again, starting with legend 1. I always thought such a project could revive the community.

Some examples of what I've converted to pseudo code. Its not complete, not much and not all I have. I just started to create some pseudo code, my IDA database would allow much more though!

Spoiler

Code:

int CSockStream::PostReceive()
{
	if (m_recvContext.size == m_recvContext.offset) {
		// fully parsed, reset context
		m_recvContext.size = 0;
	} else {
		// pending, unhandled data in context, copy it over to the start of the buffer
		// and fix its size
		int pendingSize = m_recvContext.size - m_recvContext.offset;
		memcpy(m_recvContext.pBuffer, &m_recvContext.pBuffer[m_recvContext.offset], pendingSize);
		m_recvContext.size = pendingSize;
	}
	m_recvContext.offset = 0
	m_recvContext->CalcWsaBuffer();
	
	DWORD dwBytesReceived, dwFlags;
	if (WSARecv(m_hSocket, &m_recvContext.dataBuf, m_recvContext.bufCount,
			&dwBytesReceived, &dwFlags, reinterpret_cast<LPOVERLAPPED>(&m_recvContext), NULL) != -1) {
		return 0;
	}
	
	DWORD dwLastError = WSAGetLastError();
	if (dwLastError == WSA_IO_PENDING) return 0;
	if (dwLastError == WSAEWOULDBLOCK || dwLastError == WSA_NOT_ENOUGH_MEMORY || dwLastError == WSAENOBUFS) return 0x*8005‬;
	return 0x*8002;
}

int CSockStream::OnReceive(CIocpContext* context, DWORD bytesTransferred)
{
	m_TicksLastActive = GetTicks();
	if (m_pAssocTask == NULL) {
		return 0x8007;
	}
	
	if (bytesTransferred > 0) {
		m_recvContext->Update(bytesTransferred);
	}
	
	char* pMsgBuffer;
	int ctxOffset, ctxSize;
	int copySize;
	int pendingBytes;
	
	while (TRUE) {
		CMsg* recvMsg = m_recvMsg;
		if (recvMsg != NULL) {
			int calcDataSize;
			if (((m_field16C & SECURITY_MODE_BLOWFISH) == SECURITY_MODE_BLOWFISH) && recvMsg->m_pDataSize & 0x8000 != 0) {
				calcDataSize = 2 - m_curMsgOffset + GetPaddingLength(((*recvMsg->m_pDataSize & 0x7FFF) + 6) - 2);
			} else {
				calcDataSize = ((*recvMsg->m_pDataSize & 0x7FFF) + 6) - m_curMsgOffset;
			}
			
			if (calcDataSize > (recvMsg->m_curBufferSize - recvMsg->m_size)) {
				recvMsg->m_position = recvMsg->m_size;
				g_pNetEngine->ReleaseMsg(m_recvMsg);
				m_recvMsg = 0;
				m_curMsgOffset = 0;
				return 32781;
			}
			
			if (m_curMsgOffset >= recvMsg->m_curBufferSize) BSCrash();
			
			pMsgBuffer = recvMsg->pCurBuffer[m_curMsgOffset];
			copySize = calcDataSize;
			
			if (calcDataSize > 0) {
				ctxSize = m_recvContext.size;
				ctxOffset = m_recvContext.offset;
				if (ctxSize == ctxOffset) {
					copySize = 0;
				} else {
					pendingBytes = ctxSize - ctxOffset;
					if (calcDataSize > pendingBytes) copySize = pendingBytes;
					memcpy(pMsgBuffer, &m_recvContext.pBuffer[ctxOffset], copySize);
					m_recvContext.offset += copySize;
				}
			}
			
			m_curMsgOffset += copySize;
			if (copySize != calcDataSize) {
				return PostReceive();
			}
			
			// TODO: finish code here (either handle directly (before handshake) or post to owner task msg queue)
		}
		
		if (m_recvContext.size - m_recvContext.offset < 6) {
			// oops, not enough data to allocate a message (pendingData < headerSize), start another recv and
			// wait for more data
				return PostReceive();
		}
			
		recvMsg = g_pNetEngine->GetMsg(FALSE);
		m_recvMsg = recvMsg;
		if (recvMsg->m_curBufferSize <= 0) BSCrash();
		
		ctxSize = m_recvContext.size;
		ctxOffset = m_recvContext.offset;
		pMsgBuffer = recvMsg->pCurBuffer;
		copySize = 6;
		
		// copy the message header from context buffer to msg buffer
		if (ctxSize == ctxOffset) {
			copySize = 0;
		} else {
			pendingBytes = ctxSize - ctxOffset;
			if (pendingBytes < 6) copySize = pendingBytes;
			
			memcpy(pMsgBuffer, m_recvContext.pBuffer[ctxOffset], copySize);
			m_recvContext.offset += copySize;
		}
		
		// check if we need to allocate a secondary buffer
		m_curMsgOffset = copySize;
		int totalMsgSize = *m_recvMsg->pDataSize & 0x7FFF) + 6 > 4096;
		if (totalMsgSize > 4096) {
			if (totalMsgSize > 0x7FFF) {
				// TODO: msg too big
			}
			m_recvMsg->AllocSecondaryBuffer(totalMsgSize);
		}
	}
}

Spoiler

Code:

bool InterpretCertifyData(std::list<TContentType*>* lstContentType, std::list<TContent*>* lstContent, std::list<TServerFarm*>* lstServerFarm, std::list<TCertUnk*>* lstCertUnk,
	std::list<TShard*>* lstShard, std::list<TMachine*>* lstMachine, std::list<TServerBody*>* lstServerBody, std::list<TServerCord*>* lstServerCord)
{
	if (lstServerBody == NULL || lstServerBody->empty() || g_ServerBodiesMapId.empty()) {
		BSCrash();
	}
	
	g_contentTypeList = lstContentType;
	g_machineList = lstMachine;
	g_contentList = lstContent;
	g_serverFarmList = lstServerFarm;
	g_certUnkList = lstCertUnk;
	g_shardList = lstShard;
	
	// Set pointer to TContentUnk in each TCertUnk
	for (std::list<TCertUnk*>::iterator itr = lstCertUnk->begin(); itr != lstCertUnk->end(); ++itr) {
		TCertUnk* certUnk = (*itr);
		
		for (std::list<TServerFarm*>::iterator itr2 = lstServerFarm->begin(); itr2 != lstServerFarm->end(); ++itr2) {
			TServerFarm* serverFarm = (*itr2);
			if (certUnk->serverFarmId == serverFarm->id) {
				certUnk->pServerFarm = serverFarm;
				break;
			}
		}	
	}
	
	// Set pointer to TContentUnk in each TShard
	for (std::list<TShard*>::iterator itr = lstShard->begin(); itr != lstShard->end(); ++itr) {
		TShard* shard = (*itr);
	
		for (std::list<TServerFarm*>::iterator itr2 = lstServerFarm->begin(); itr2 != lstServerFarm->end(); ++itr2) {
			TServerFarm* serverFarm = (*itr2);
			if (shard->serverFarmId == serverFarm->id) {
				shard->pServerFarm = serverFarm;
				break;
			}
		}	
	}
	
	g_serverBodyList = lstServerBody;
	g_serverCordList = lstServerCord;
	g_pServerBodyOfMySelf = lstServerBody->front();
	
	// loop through machines
	for (std::list<TMachine*>::iterator itr = lstMachine->begin(); itr != lstMachine->end(); ++itr) {
		TMachine* machine = (*itr);
		g_mapMachinesById.insert(std::pair<int, TMachine*>(machine->id, machine));
	}
	
	// loop through server bodies
	for (std::list<TServerBody*>::iterator itr = lstServerBody->begin(); itr != lstServerBody->end(); ++itr) {
		TServerBody* body = (*itr);
		
		body->pModuleType = GetModuleTypeById(body->moduleType);
		body->pMachine = GetMachineById(body->machineId);
		
		// set pointer to content
		body->pContent = NULL;
		for (std::list<TContent*>::iterator itr2 = lstContent->begin(); itr != lstContent->end(); ++itr2) {
			TContent* content = (*itr2);
			
			if (body->contentId	== content->id) {
				body->pContent = content;
				break;
			}
		}
	
		// set pointer to contentUnk
		body->pServerFarm = NULL;
		for (std::list<TServerFarm*>::iterator itr2 = lstServerFarm->begin(); itr2 != lstServerFarm->end(); ++itr2) {
			TServerFarm* farm = (*itr2);
			if (body->serverFarmId == farm->id) {
				body->pServerFarm = farm;
				break;
			}
		}	
		
		// set pointer to shard if body has an assoc shard id
		body->pShard = NULL;
		for (std::list<TShard*>::iterator itr2 = lstShard->begin(); itr != lstShard->end(); ++itr2) {
			TShard* shard = (*itr2);
			
			if (body->shardId == shard->id) {
				body->pShard= shard;
				break;
			}
		}
		
		if (body->contentId && !body->serverFarmId && !body->shardId && body->pModuleType == GetModuleTypeByName("GlobalManager")) {
			body->pContent->globalManagerId = body->id;
		}
		if (body->pModuleType == GetModuleTypeByName("MachineManager")) {
			body->pMachine->machineMgrNodeId = body->id;
		}
		
		g_mapServerBodiesById.insert(std::pair<unsigned __int16, TServerBody*>(body->id, body));
	}
	
	// add server cords to a map
	for (std::list<TServerCord*>::iterator itr = lstServerCord->begin(); itr != lstServerCord->end(); ++itr) {
		TServerCord* cord = (*itr);
		
		cord->sessionId = 0;
		g_mapServerCordsById.insert(std::pair<int, TServerCord*>(cord->id, cord));
	}
	
	// TODO: call sub_449700(), some strange std::list calls, bored of stl container reversing, gonna take a look at it later
	
	// add shards to a map
	for (std::list<TShard*>::iterator itr = lstShard->begin(); itr != lstShard->end(); ++itr) {
		TShard* shard = (*itr);
		
		g_mapShardsById.insert(std::pair<unsigned __int16, TShard*>(shard->id, shard));
	}
	
	if (g_handle11EA0E8) {
		PostMessageA(g_handle11EA0E8, 0x7E8, 0, 0);
	}
	
	std::list<TServerCord*> linkedCords;
	GetLinkedCordsOfBody(g_pServerBodyOfMySelf->id, &linkedCords);
	for (std::list<TServerCord*>::iterator itr = linkedCords.begin(); itr != linkedCords.end(); ++itr) {
		TServerCord* cord = (*itr);
		
		TServerBody* otherBody = GetOtherBodyOfCord(g_pServerBodyOfMySelf, cord);
		if (otherBody != NULL) {
			char moduleType = otherBody->pModuleType->id;
			if (moduleType == 2 || moduleType == 3 || moduleType == 4 || moduleType == 5) {
				if (moduleType == g_pServerBodyOfMySelf->pModuleType->id) {
					BSCrash();
				}
				
				if (otherBody->pShard) {
					BSMessageBox("kek!!! why did you assign shard to common manager server? -_-+ plz check out server license table !!!");
					PrintMessage(0x2000000, "kek!!! why did you assign shard to common manager server? -_-+ plz check out server license table !!!");
					return false;
				}
			
			}
		
			if (g_pServerBodyOfMySelf->pShard == NULL || otherBody->pShard == NULL) {
				std::set<unsigned __int16>::iterator fnd = g_ServerNotifyTargets.find(otherBody->id);
				if (fnd == g_ServerNotifyTargets.end()) {
					PrintMessage(0, "Add ServerNotify : (%d) - %s", otherBody->id, otherBody->pModuleType->name);
					g_ServerNotifyTargets.insert(otherBody->id);
				}
				
			}
		}
	}
	
	if (g_ServerNotifyTargets.empty()) {
		BSMessageBox("There is no server notify target!!! (check whether Farm has assigned shard or not...)");
		PrintMessage(0x2000000, "There is no server notify target!!! (check whether Farm has assigned shard or not...)");
		return false;
	}
	return true;
}

Sadly, due to my real life job and the sheer endless task of rebuilding even just parts of the executable, this project was set to fail before it even started.
Finally I gave up on it and pretty much left silkroad. It was a fun experience though and it definitely boosted my assembly skills.

Nowadays I think the emulator was a stupid idea, the community wouldn't appreciate such a project and it's definitely dead!

Also great to see that I'm not alone with such crazy ideas :D

01/08/2019 16:38 paradise1992#13

Not exactly, I guess.
CPSCharacterSelect.cpp , .h missing.

01/12/2019 13:14 paradise1992#14

Quote:

Originally Posted by paradise1992

Not exactly, I guess.
CPSCharacterSelect.cpp , .h missing.

DC
[Only registered and activated users can see links. Click Here To Register...]

01/12/2019 15:28 florian0#15

Quote:

Originally Posted by paradise1992

DC
[Only registered and activated users can see links. Click Here To Register...]

0046EEDD is inside std::wstring:: operator=. It looks like you're not using VC80 / Visual Studio 2005 to compile.

Page 1 of 23

Last »