Register for your free account! | Forgot your password?

Go Back   elitepvpers > Popular Games > Silkroad Online
You last visited: Today at 01:41

  • Please register to post and access all features, it's quick, easy and FREE!


Old Item Mall / Old Mainpop

Discussion on Old Item Mall / Old Mainpop within the Silkroad Online forum part of the Popular Games category.

Reply
 
Old   #1
 
elite*gold: 0
Join Date: Aug 2017
Posts: 107
Received Thanks: 8
Thumbs up Old Item Mall / Old Mainpop

Hello guy's today i make this system in server with media.pk but is have something wrong where i can fix this I THINK This want some C++ Code to fix?







here when press button to buy item from Item mall get Crash ..




This System i can't find file or how make it in my system ! i hope helps !




modyuasty3 is offline  
Old 03/04/2020, 19:58   #2
 
elite*gold: 100
Join Date: Apr 2008
Posts: 785
Received Thanks: 1,150
Quote:
Originally Posted by modyuasty3 View Post
This System i can't find file or how make it in my system ! i hope helps !

The buttons are still there. They are just hidden in CIFMainFrame::OnCreate
Code:
this->m_btnSkill->ShowGWnd(false);
this->m_btnAction->ShowGWnd(false);
this->m_btnParty->ShowGWnd(false);
this->m_btnCharacter->ShowGWnd(false);
this->m_btnQuest->ShowGWnd(false);
this->m_btnApprentice->ShowGWnd(false);
The part starts at 006a28ff and ends at 006a295f. You need to either JMP that part, or fill it with NOPs entirely.


florian0 is offline  
Thanks
6 Users
Old 03/04/2020, 22:52   #3
 
elite*gold: 0
Join Date: Aug 2017
Posts: 107
Received Thanks: 8
Quote:
Originally Posted by florian0 View Post
The buttons are still there. They are just hidden in CIFMainFrame::OnCreate
Code:
this->m_btnSkill->ShowGWnd(false);
this->m_btnAction->ShowGWnd(false);
this->m_btnParty->ShowGWnd(false);
this->m_btnCharacter->ShowGWnd(false);
this->m_btnQuest->ShowGWnd(false);
this->m_btnApprentice->ShowGWnd(false);
The part starts at 006a28ff and ends at 006a295f. You need to either JMP that part, or fill it with NOPs entirely.

i think you know how make it to working but i am not know what do to is work done Explain more that I am learning from you to increase my experience in this field ! i hope you help me to add this system
modyuasty3 is offline  
Old 03/06/2020, 02:54   #4
 
elite*gold: 0
Join Date: Apr 2009
Posts: 2,275
Received Thanks: 2,470
@ if you share the proper pk2 files for the Item Mall, I'll share the asm fixes, if I can fix them.


sarkoplata is offline  
Old 03/11/2020, 16:59   #5
 
elite*gold: 0
Join Date: Jan 2011
Posts: 144
Received Thanks: 70
Quote:
Originally Posted by sarkoplata View Post
@ if you share the proper pk2 files for the Item Mall, I'll share the asm fixes, if I can fix them.

paradise1992 is offline  
Old 03/13/2020, 17:28   #6
 
elite*gold: 0
Join Date: Apr 2019
Posts: 48
Received Thanks: 37
Quote:
Originally Posted by sarkoplata View Post
@ if you share the proper pk2 files for the Item Mall, I'll share the asm fixes, if I can fix them.

qq909047432 is offline  
Old 03/14/2020, 18:31   #7
 
elite*gold: 100
Join Date: Apr 2008
Posts: 785
Received Thanks: 1,150
Quote:
Originally Posted by modyuasty3 View Post
i think you know how make it to working but i am not know what do to is work done Explain more that I am learning from you to increase my experience in this field ! i hope you help me to add this system
This is one call to ShowGWnd. It's a . The function address is stored in EAX and read from the virtual function table at offset 0x5c.


A function call in general consists of PUSH and CALL (and maybe ADD ESP, x). Each PUSH is likely to be that argument of a function call. ShowGWnd has only one argument. You can see that because there is only one PUSH. PUSH EBX will pass a 0 to the function (because EBX was set no 0 waaaaayyyyyyy earilier in that function). So ShowGWnd(false). But we don't know what to modify with ShowGWnd(false). The object to modify is stored in ECX. It's also called the (Ghidra named it 'this' automatically). 'This' comes from the result of [ESI + 0x7dc], which is m_btnInventory.

I know it's m_btnInventory because I have seen 0x7dc before. Right here:



This part retrives a control with the ID 0xC (12). And 12 is our Inventory Button. I got the ID from ifmainpopup.txt

So in order to make the stuff show instead of hide, you could just skip calling ShowGWnd. That means you replace the PUSH and the CALL with a NOP.

Since you now learned something, you can go and test it out. My proposed change does show the buttons, but not the background. But have no fear. The call for hiding the background is a little below the region I proposed. You only need to recognize the virtual call and the parameter. Replace it with NOP, done.
florian0 is offline  
Thanks
2 Users
Old 03/14/2020, 19:46   #8

 
elite*gold: 113
Join Date: Feb 2011
Posts: 475
Received Thanks: 206
Quote:
Originally Posted by florian0 View Post
This is one call to ShowGWnd. It's a . The function address is stored in EAX and read from the virtual function table at offset 0x5c.


A function call in general consists of PUSH and CALL (and maybe ADD ESP, x). Each PUSH is likely to be that argument of a function call. ShowGWnd has only one argument. You can see that because there is only one PUSH. PUSH EBX will pass a 0 to the function (because EBX was set no 0 waaaaayyyyyyy earilier in that function). So ShowGWnd(false). But we don't know what to modify with ShowGWnd(false). The object to modify is stored in ECX. It's also called the (Ghidra named it 'this' automatically). 'This' comes from the result of [ESI + 0x7dc], which is m_btnInventory.

I know it's m_btnInventory because I have seen 0x7dc before. Right here:



This part retrives a control with the ID 0xC (12). And 12 is our Inventory Button. I got the ID from ifmainpopup.txt

So in order to make the stuff show instead of hide, you could just skip calling ShowGWnd. That means you replace the PUSH and the CALL with a NOP.

Since you now learned something, you can go and test it out. My proposed change does show the buttons, but not the background. But have no fear. The call for hiding the background is a little below the region I proposed. You only need to recognize the virtual call and the parameter. Replace it with NOP, done.

thanks for sharing all your knowledge always without selfishness

only need to fix the quest that does not come out
ZαKuRα is offline  
Old 03/14/2020, 19:53   #9
 
elite*gold: 0
Join Date: Apr 2009
Posts: 2,275
Received Thanks: 2,470
Quote:
Originally Posted by ZαKuRα View Post
thanks for sharing all your knowledge always without selfishness

only need to fix the quest that does not come out
You can use the new quest window.

PHP Code:
void CGInterface::SwitchQuestWindow()
{
    return 
reinterpret_cast<void(__thiscall*)(CGInterface*)>(0x007990E0)(this);

sarkoplata is offline  
Thanks
2 Users
Old 03/18/2020, 14:43   #10
 
elite*gold: 0
Join Date: Nov 2013
Posts: 16
Received Thanks: 0
Quote:
Originally Posted by florian0 View Post
This is one call to ShowGWnd. It's a . The function address is stored in EAX and read from the virtual function table at offset 0x5c.


A function call in general consists of PUSH and CALL (and maybe ADD ESP, x). Each PUSH is likely to be that argument of a function call. ShowGWnd has only one argument. You can see that because there is only one PUSH. PUSH EBX will pass a 0 to the function (because EBX was set no 0 waaaaayyyyyyy earilier in that function). So ShowGWnd(false). But we don't know what to modify with ShowGWnd(false). The object to modify is stored in ECX. It's also called the (Ghidra named it 'this' automatically). 'This' comes from the result of [ESI + 0x7dc], which is m_btnInventory.

I know it's m_btnInventory because I have seen 0x7dc before. Right here:



This part retrives a control with the ID 0xC (12). And 12 is our Inventory Button. I got the ID from ifmainpopup.txt

So in order to make the stuff show instead of hide, you could just skip calling ShowGWnd. That means you replace the PUSH and the CALL with a NOP.

Since you now learned something, you can go and test it out. My proposed change does show the buttons, but not the background. But have no fear. The call for hiding the background is a little below the region I proposed. You only need to recognize the virtual call and the parameter. Replace it with NOP, done.
I still don't understand. Can you elaborate?
fanyaodd is offline  
Old 03/18/2020, 16:46   #11
 
elite*gold: 100
Join Date: Apr 2008
Posts: 785
Received Thanks: 1,150
Quote:
Originally Posted by fanyaodd View Post
I still don't understand. Can you elaborate?
Okay. Lets go.

Load up your favourite disassembler. I'm using x32dbg.



I gave away the addresses to look at. Explaining how I got there is part of another story.

Press Ctrl+G, enter the address you want to go to:



Now we got the location where the ShowGWnd(false) is called. From my post before we know PUSH and CALL are the important parts of a function call.

Select the PUSH instruction. Press Space to open the assembler. It will show the current instruction.



Enter "NOP" to replace it with a No-Operation. Make sure to tick the "Fill with NOP" Box.

Replace the PUSH and the CALL with NOPs. When you are done, it should look like this:



Repeat this step until you replaced all ShowGWnd(false) calls:



After that, press Ctrl+P to open the Patches-Window. Press "Patch File" to export a patched binary. You can not use the file you opened (e.g. sro_client.exe), so choose a different name.




sro_client_ruined.exe sounds like a good choice to me:



Now you are done. You have successfully patched the client. The icons are now visible. What's left is the background image. Use your acquired knowledge to analyze the code right below of what to patched to find another CALL thats using [edx+5C]. Thats the background. Replace it with NOP and the visuals are fine.
florian0 is offline  
Thanks
3 Users
Old 03/19/2020, 09:13   #12
 
elite*gold: 0
Join Date: Nov 2013
Posts: 16
Received Thanks: 0
Smile Old ItemMall

Quote:
Originally Posted by florian0 View Post
The buttons are still there. They are just hidden in CIFMainFrame::OnCreate
Code:
this->m_btnSkill->ShowGWnd(false);
this->m_btnAction->ShowGWnd(false);
this->m_btnParty->ShowGWnd(false);
this->m_btnCharacter->ShowGWnd(false);
this->m_btnQuest->ShowGWnd(false);
this->m_btnApprentice->ShowGWnd(false);
The part starts at 006a28ff and ends at 006a295f. You need to either JMP that part, or fill it with NOPs entirely.
Can you share the restored Old ItemMall?
fanyaodd is offline  
Old 03/19/2020, 15:17   #13
 
elite*gold: 0
Join Date: Nov 2019
Posts: 71
Received Thanks: 7
Good
mr.jungle is online now  
Old 05/02/2020, 20:53   #14

 
elite*gold: 45
Join Date: Apr 2013
Posts: 22
Received Thanks: 1
good


herocrazy is offline  
Reply



« silkroad login | Best server (isro) »

Similar Threads Similar Threads
vSRO Old MainPop
01/25/2020 - SRO Coding Corner - 20 Replies
https://www.youtube.com/watch?v=NE7N0NDg3ac Quest UI part of the current question. @florian0
Metin2 United! <3 Join Today! Mall/Non-Mall Server.
10/30/2013 - Metin2 PServer Advertising - 8 Replies
Join Metin2United today! There are 3 Servers, Mall Server - Weak Mall Server - Non-Mall server! And plus we have our own launcher! Visit our site http://metin2.gamezunited.com. We currenlty have 7 Different private servers! Be sure to check it out at http://gamezunited.com :) We supports all kinds of languages, so you have the option to change English to Spanish in client and lots of more. See you ingame :o
[Mall] Item Mall Problem
02/01/2013 - SRO Private Server - 0 Replies
when buying items in ITEM MALL = dc but have item in inv after log in again we want fix it
How do I add item item Mall
10/06/2011 - SRO Private Server - 3 Replies
Vsro How do I add the Item mall new item?



All times are GMT +2. The time now is 01:41.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

BTC: 33E6kMtxYa7dApCFzrS3Jb7U3NrVvo8nsK
ETH: 0xc6ec801B7563A4376751F33b0573308aDa611E05

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2020 elitepvpers All Rights Reserved.