Old Item Mall / Old Mainpop

Quote:

Originally Posted by modyuasty3 This System i can't find file or how make it in my system ! i hope helps ! [Only registered and activated users can see links. Click Here To Register...]

this->m_btnSkill->ShowGWnd(false);
this->m_btnAction->ShowGWnd(false);
this->m_btnParty->ShowGWnd(false);
this->m_btnCharacter->ShowGWnd(false);
this->m_btnQuest->ShowGWnd(false);
this->m_btnApprentice->ShowGWnd(false);

Quote:

Originally Posted by florian0 The buttons are still there. They are just hidden in CIFMainFrame::OnCreate Code: this->m_btnSkill->ShowGWnd(false); this->m_btnAction->ShowGWnd(false); this->m_btnParty->ShowGWnd(false); this->m_btnCharacter->ShowGWnd(false); this->m_btnQuest->ShowGWnd(false); this->m_btnApprentice->ShowGWnd(false); The part starts at 006a28ff and ends at 006a295f. You need to either JMP that part, or fill it with NOPs entirely.

Quote:

Originally Posted by sarkoplata @[Only registered and activated users can see links. Click Here To Register...] if you share the proper pk2 files for the Item Mall, I'll share the asm fixes, if I can fix them.

Quote:

Originally Posted by sarkoplata @[Only registered and activated users can see links. Click Here To Register...] if you share the proper pk2 files for the Item Mall, I'll share the asm fixes, if I can fix them.

Quote:

Originally Posted by modyuasty3 i think you know how make it to working but i am not know what do to is work done :) Explain more that I am learning from you to increase my experience in this field ! i hope you help me to add this system :)

Quote:

Originally Posted by florian0 This is one call to ShowGWnd. It's a [Only registered and activated users can see links. Click Here To Register...]. The function address is stored in EAX and read from the virtual function table at offset 0x5c. [Only registered and activated users can see links. Click Here To Register...] A function call in general consists of PUSH and CALL (and maybe ADD ESP, x). Each PUSH is likely to be that argument of a function call. ShowGWnd has only one argument. You can see that because there is only one PUSH. PUSH EBX will pass a 0 to the function (because EBX was set no 0 waaaaayyyyyyy earilier in that function). So ShowGWnd(false). But we don't know what to modify with ShowGWnd(false). The object to modify is stored in ECX. It's also called the [Only registered and activated users can see links. Click Here To Register...] (Ghidra named it 'this' automatically). 'This' comes from the result of [ESI + 0x7dc], which is m_btnInventory. I know it's m_btnInventory because I have seen 0x7dc before. Right here: [Only registered and activated users can see links. Click Here To Register...] This part retrives a control with the ID 0xC (12). And 12 is our Inventory Button. I got the ID from ifmainpopup.txt So in order to make the stuff show instead of hide, you could just skip calling ShowGWnd. That means you replace the PUSH and the CALL with a NOP. Since you now learned something, you can go and test it out. My proposed change does show the buttons, but not the background. But have no fear. The call for hiding the background is a little below the region I proposed. You only need to recognize the virtual call and the parameter. Replace it with NOP, done.

Quote:

Originally Posted by ZαKuRα thanks for sharing all your knowledge always without selfishness :handsdown: only need to fix the quest that does not come out :D

Quote:

Originally Posted by florian0 This is one call to ShowGWnd. It's a [Only registered and activated users can see links. Click Here To Register...]. The function address is stored in EAX and read from the virtual function table at offset 0x5c. [Only registered and activated users can see links. Click Here To Register...] A function call in general consists of PUSH and CALL (and maybe ADD ESP, x). Each PUSH is likely to be that argument of a function call. ShowGWnd has only one argument. You can see that because there is only one PUSH. PUSH EBX will pass a 0 to the function (because EBX was set no 0 waaaaayyyyyyy earilier in that function). So ShowGWnd(false). But we don't know what to modify with ShowGWnd(false). The object to modify is stored in ECX. It's also called the [Only registered and activated users can see links. Click Here To Register...] (Ghidra named it 'this' automatically). 'This' comes from the result of [ESI + 0x7dc], which is m_btnInventory. I know it's m_btnInventory because I have seen 0x7dc before. Right here: [Only registered and activated users can see links. Click Here To Register...] This part retrives a control with the ID 0xC (12). And 12 is our Inventory Button. I got the ID from ifmainpopup.txt So in order to make the stuff show instead of hide, you could just skip calling ShowGWnd. That means you replace the PUSH and the CALL with a NOP. Since you now learned something, you can go and test it out. My proposed change does show the buttons, but not the background. But have no fear. The call for hiding the background is a little below the region I proposed. You only need to recognize the virtual call and the parameter. Replace it with NOP, done.

Quote:

Originally Posted by fanyaodd I still don't understand. Can you elaborate？

Quote:

Originally Posted by florian0 The buttons are still there. They are just hidden in CIFMainFrame::OnCreate Code: this->m_btnSkill->ShowGWnd(false); this->m_btnAction->ShowGWnd(false); this->m_btnParty->ShowGWnd(false); this->m_btnCharacter->ShowGWnd(false); this->m_btnQuest->ShowGWnd(false); this->m_btnApprentice->ShowGWnd(false); The part starts at 006a28ff and ends at 006a295f. You need to either JMP that part, or fill it with NOPs entirely.

Quote:

Originally Posted by bilalctn [Only registered and activated users can see links. Click Here To Register...] Pls Help ?

Quote:

Now you are done. You have successfully patched the client. The icons are now visible. What's left is the background image. Use your acquired knowledge to analyze the code right below of what to patched to find another CALL thats using [edx+5C]. Thats the background. Replace it with NOP and the visuals are fine.

Quote:

Originally Posted by Emerald Garden SRO florian0 said above: If someone would post a sro_client.exe with the working old item mall would be great.

Quote:

Originally Posted by Emerald Garden SRO florian0 said above: If someone would post a sro_client.exe with the working old item mall would be great.

Quote:

Originally Posted by florian0 Okay. Lets go. Load up your favourite disassembler. I'm using x32dbg. [Only registered and activated users can see links. Click Here To Register...] I gave away the addresses to look at. Explaining how I got there is part of another story. Press Ctrl+G, enter the address you want to go to: [Only registered and activated users can see links. Click Here To Register...] Now we got the location where the ShowGWnd(false) is called. From my post before we know PUSH and CALL are the important parts of a function call. Select the PUSH instruction. Press Space to open the assembler. It will show the current instruction. [Only registered and activated users can see links. Click Here To Register...] Enter "NOP" to replace it with a No-Operation. Make sure to tick the "Fill with NOP" Box. Replace the PUSH and the CALL with NOPs. When you are done, it should look like this: [Only registered and activated users can see links. Click Here To Register...] Repeat this step until you replaced all ShowGWnd(false) calls: [Only registered and activated users can see links. Click Here To Register...] After that, press Ctrl+P to open the Patches-Window. Press "Patch File" to export a patched binary. You can not use the file you opened (e.g. sro_client.exe), so choose a different name. [Only registered and activated users can see links. Click Here To Register...] sro_client_ruined.exe sounds like a good choice to me: [Only registered and activated users can see links. Click Here To Register...] Now you are done. You have successfully patched the client. The icons are now visible. What's left is the background image. Use your acquired knowledge to analyze the code right below of what to patched to find another CALL thats using [edx+5C]. Thats the background. Replace it with NOP and the visuals are fine.