You last visited: Today at 01:08
Advertisement
[Release]TWSRO 1.258 Craft System Packet Structures ASM Fix + Bug Fixes
Discussion on [Release]TWSRO 1.258 Craft System Packet Structures ASM Fix + Bug Fixes within the SRO PServer Guides & Releases forum part of the SRO Private Server category.
04/15/2019, 20:39
#16
elite*gold: 0
Join Date: May 2010
Posts: 361
Received Thanks: 174
Thnx !
04/15/2019, 22:00
#17
elite*gold: 1537
Join Date: Sep 2006
Posts: 1,085
Received Thanks: 2,346
Quote:
Originally Posted by
Zoro.Sro
is there a difference on the packet struct between twsro and vsro?
i will work on a packet filter on this files
alittle
Chat packet need an extra byte at the end
Guild packet changed for location etc,
0x7007 and 0xb007 changed some flags around for jobs,
also the 0x3013 it does have 2 extra bytes, i will parse it soon
04/15/2019, 22:20
#18
elite*gold: 72
Join Date: Sep 2011
Posts: 760
Received Thanks: 221
All current Fixes (beside the rates, didn't got that to work - also I'm unsure if the dll loads correctly)
Account is admin:admin the sec_primary and sec_content needs to be put on 1
also the db is a bit cleaned up
04/15/2019, 22:45
#19
elite*gold: 1537
Join Date: Sep 2006
Posts: 1,085
Received Thanks: 2,346
#thread updated
i will look into the rates fix
04/16/2019, 03:29
#20
elite*gold: 1537
Join Date: Sep 2006
Posts: 1,085
Received Thanks: 2,346
What sup,
It's about to get LIT!!
okey lets do some serious modification to the packets here, so we can be sure that the bots are going to work right as much as possible
Modifying 0x3013 Packet opcode to remove the garbage bytes that was added in this file so it can stop bots:
Fire up ollydebug and open SRO_Client.exe
Step 1:
Code:
//NOP the whole assembly instructions
009C824F 6A 01 push 0x1
009C8251 8D9424 84000000 lea edx, dword ptr [esp+0x84]
009C8258 52 push edx
009C8259 8BCF mov ecx, edi
009C825B E8 F09BAEFF call 004B1E50
Step 2:
Code:
//NOP the whole assembly instructions
009C828A 6A 01 push 0x1
009C828C 8D9424 84000000 lea edx, dword ptr [esp+0x84]
009C8293 52 push edx
009C8294 8BCF mov ecx, edi
009C8296 E8 B59BAEFF call 004B1E50
Fire up ollydebug and open SR_GameServer.exe
Step 1:
Code:
//NOP the whole assembly instructions
007223A7 E8 CDFE7200 call 00E52279
007223AC 99 cdq
007223AD B9 FF000000 mov ecx, 0xFF
007223B2 F7F9 idiv ecx
007223B4 8855 FB mov byte ptr [ebp-0x5], dl
007223B7 8A55 FB mov dl, byte ptr [ebp-0x5]
007223BA 52 push edx
007223BB B9 606A1901 mov ecx, 01196A60
007223C0 E8 BB163600 call 00A83A80
Step 2:
Code:
//NOP the whole assembly instructions
0072242B E8 49FE7200 call 00E52279
00722430 99 cdq
00722431 B9 FF000000 mov ecx, 0xFF
00722436 F7F9 idiv ecx
00722438 8855 EB mov byte ptr [ebp-0x15], dl
0072243B 8A55 EB mov dl, byte ptr [ebp-0x15]
0072243E 52 push edx
0072243F B9 606A1901 mov ecx, 01196A60
00722444 E8 37163600 call 00A83A80
Cracking All Rates:
SR_ShardManager.exe
Code:
//NOPE THE WHOLE CODE
//ExpRatio
00480416 33D2 xor edx, edx
00480418 74 3E je short 00480458
0048041A 68 9D030000 push 0x39D
0048041F 68 B889A600 push 00A689B8 ; ASCII "D:\WORK2005\Source\SilkroadOnline\Server\SR_ShardManager\MainProcess.cpp"
00480424 83EC 08 sub esp, 0x8
00480427 DD05 B089A600 fld qword ptr [0xA689B0]
0048042D DD1C24 fstp qword ptr [esp]
00480430 83EC 08 sub esp, 0x8
00480433 D9E8 fld1
00480435 DD1C24 fstp qword ptr [esp]
00480438 68 F068A800 push 00A868F0 ; ASCII "CLAMP() ==> min(%.3f) exceeded max(%.3f) value), File: %s, Line: %d"
0048043D 68 01000002 push 0x2000001
00480442 E8 A943FCFF call 004447F0
00480447 83C4 20 add esp, 0x20
0048044A 8B85 E4F6FFFF mov eax, dword ptr [ebp-0x91C]
00480450 D9E8 fld1
00480452 D998 04230400 fstp dword ptr [eax+0x42304]
00480458 8B8D E4F6FFFF mov ecx, dword ptr [ebp-0x91C]
0048045E D981 04230400 fld dword ptr [ecx+0x42304]
00480464 DC1D 7085A800 fcomp qword ptr [0xA88570]
0048046A DFE0 fstsw ax
0048046C F6C4 05 test ah, 0x5
0048046F 7A 0A jpe short 0048047B
00480471 D9E8 fld1
00480473 D99D DCF6FFFF fstp dword ptr [ebp-0x924]
00480479 EB 45 jmp short 004804C0
0048047B 8B95 E4F6FFFF mov edx, dword ptr [ebp-0x91C]
00480481 D982 04230400 fld dword ptr [edx+0x42304]
00480487 DC1D B089A600 fcomp qword ptr [0xA689B0]
0048048D DFE0 fstsw ax
0048048F F6C4 05 test ah, 0x5
00480492 7A 14 jpe short 004804A8
00480494 8B85 E4F6FFFF mov eax, dword ptr [ebp-0x91C]
0048049A D980 04230400 fld dword ptr [eax+0x42304]
004804A0 D99D D8F6FFFF fstp dword ptr [ebp-0x928]
004804A6 EB 0C jmp short 004804B4
004804A8 D905 A889A600 fld dword ptr [0xA689A8]
004804AE D99D D8F6FFFF fstp dword ptr [ebp-0x928]
004804B4 D985 D8F6FFFF fld dword ptr [ebp-0x928]
004804BA D99D DCF6FFFF fstp dword ptr [ebp-0x924]
004804C0 8B8D E4F6FFFF mov ecx, dword ptr [ebp-0x91C]
004804C6 D985 DCF6FFFF fld dword ptr [ebp-0x924]
004804CC D999 04230400 fstp dword ptr [ecx+0x42304]
Code:
//NOP THE WHOLE CODE
//ExpRatioParty
0048056B 33C0 xor eax, eax
0048056D 74 3E je short 004805AD
0048056F 68 AC030000 push 0x3AC
00480574 68 B889A600 push 00A689B8 ; ASCII "D:\WORK2005\Source\SilkroadOnline\Server\SR_ShardManager\MainProcess.cpp"
00480579 83EC 08 sub esp, 0x8
0048057C DD05 B089A600 fld qword ptr [0xA689B0]
00480582 DD1C24 fstp qword ptr [esp]
00480585 83EC 08 sub esp, 0x8
00480588 D9E8 fld1
0048058A DD1C24 fstp qword ptr [esp]
0048058D 68 F068A800 push 00A868F0 ; ASCII "CLAMP() ==> min(%.3f) exceeded max(%.3f) value), File: %s, Line: %d"
00480592 68 01000002 push 0x2000001
00480597 E8 5442FCFF call 004447F0
0048059C 83C4 20 add esp, 0x20
0048059F 8B8D E4F6FFFF mov ecx, dword ptr [ebp-0x91C]
004805A5 D9E8 fld1
004805A7 D999 08230400 fstp dword ptr [ecx+0x42308]
004805AD 8B95 E4F6FFFF mov edx, dword ptr [ebp-0x91C]
004805B3 D982 08230400 fld dword ptr [edx+0x42308]
004805B9 DC1D 7085A800 fcomp qword ptr [0xA88570]
004805BF DFE0 fstsw ax
004805C1 F6C4 05 test ah, 0x5
004805C4 7A 0A jpe short 004805D0
004805C6 D9E8 fld1
004805C8 D99D D0F6FFFF fstp dword ptr [ebp-0x930]
004805CE EB 45 jmp short 00480615
004805D0 8B85 E4F6FFFF mov eax, dword ptr [ebp-0x91C]
004805D6 D980 08230400 fld dword ptr [eax+0x42308]
004805DC DC1D B089A600 fcomp qword ptr [0xA689B0]
004805E2 DFE0 fstsw ax
004805E4 F6C4 05 test ah, 0x5
004805E7 7A 14 jpe short 004805FD
004805E9 8B8D E4F6FFFF mov ecx, dword ptr [ebp-0x91C]
004805EF D981 08230400 fld dword ptr [ecx+0x42308]
004805F5 D99D CCF6FFFF fstp dword ptr [ebp-0x934]
004805FB EB 0C jmp short 00480609
004805FD D905 A889A600 fld dword ptr [0xA689A8]
00480603 D99D CCF6FFFF fstp dword ptr [ebp-0x934]
00480609 D985 CCF6FFFF fld dword ptr [ebp-0x934]
0048060F D99D D0F6FFFF fstp dword ptr [ebp-0x930]
00480615 8B95 E4F6FFFF mov edx, dword ptr [ebp-0x91C]
0048061B D985 D0F6FFFF fld dword ptr [ebp-0x930]
00480621 D99A 08230400 fstp dword ptr [edx+0x42308]
Code:
//NOP THE WHOLE CODE
//ExtraExpRatio
004806B2 33C9 xor ecx, ecx
004806B4 74 3A je short 004806F0
004806B6 68 ED030000 push 0x3ED
004806BB 68 B889A600 push 00A689B8 ; ASCII "D:\WORK2005\Source\SilkroadOnline\Server\SR_ShardManager\MainProcess.cpp"
004806C0 83EC 08 sub esp, 0x8
004806C3 D9E8 fld1
004806C5 DD1C24 fstp qword ptr [esp]
004806C8 83EC 08 sub esp, 0x8
004806CB D9EE fldz
004806CD DD1C24 fstp qword ptr [esp]
004806D0 68 F068A800 push 00A868F0 ; ASCII "CLAMP() ==> min(%.3f) exceeded max(%.3f) value), File: %s, Line: %d"
004806D5 68 01000002 push 0x2000001
004806DA E8 1141FCFF call 004447F0
004806DF 83C4 20 add esp, 0x20
004806E2 8B95 E4F6FFFF mov edx, dword ptr [ebp-0x91C]
004806E8 D9EE fldz
004806EA D99A 0C230400 fstp dword ptr [edx+0x4230C]
004806F0 8B85 E4F6FFFF mov eax, dword ptr [ebp-0x91C]
004806F6 D980 0C230400 fld dword ptr [eax+0x4230C]
004806FC DC1D 8885A800 fcomp qword ptr [0xA88588]
00480702 DFE0 fstsw ax
00480704 F6C4 05 test ah, 0x5
00480707 7A 0A jpe short 00480713
00480709 D9EE fldz
0048070B D99D C8F6FFFF fstp dword ptr [ebp-0x938]
00480711 EB 41 jmp short 00480754
00480713 8B8D E4F6FFFF mov ecx, dword ptr [ebp-0x91C]
00480719 D981 0C230400 fld dword ptr [ecx+0x4230C]
0048071F DC1D 7085A800 fcomp qword ptr [0xA88570]
00480725 DFE0 fstsw ax
00480727 F6C4 05 test ah, 0x5
0048072A 7A 14 jpe short 00480740
0048072C 8B95 E4F6FFFF mov edx, dword ptr [ebp-0x91C]
00480732 D982 0C230400 fld dword ptr [edx+0x4230C]
00480738 D99D C4F6FFFF fstp dword ptr [ebp-0x93C]
0048073E EB 08 jmp short 00480748
00480740 D9E8 fld1
00480742 D99D C4F6FFFF fstp dword ptr [ebp-0x93C]
00480748 D985 C4F6FFFF fld dword ptr [ebp-0x93C]
0048074E D99D C8F6FFFF fstp dword ptr [ebp-0x938]
00480754 8B85 E4F6FFFF mov eax, dword ptr [ebp-0x91C]
0048075A D985 C8F6FFFF fld dword ptr [ebp-0x938]
00480760 D998 0C230400 fstp dword ptr [eax+0x4230C]
SR_GameServer.exe
Code:
//NOP THE WHOLE CODE
//DropItemRatio
005C54ED 33C0 xor eax, eax
005C54EF 74 38 je short 005C5529
005C54F1 68 07010000 push 0x107
005C54F6 68 7849F900 push 00F94978 ; ASCII "D:\WORK2005\Source\SilkroadOnline\Server\ServerCommon\GameConfig.cpp"
005C54FB 83EC 08 sub esp, 0x8
005C54FE DD05 509A0001 fld qword ptr [0x1009A50]
005C5504 DD1C24 fstp qword ptr [esp]
005C5507 83EC 08 sub esp, 0x8
005C550A D9E8 fld1
005C550C DD1C24 fstp qword ptr [esp]
005C550F 68 B878FD00 push 00FD78B8 ; ASCII "CLAMP() ==> min(%.3f) exceeded max(%.3f) value), File: %s, Line: %d"
005C5514 68 01000002 push 0x2000001
005C5519 E8 D2E9EBFF call 00483EF0
005C551E 83C4 20 add esp, 0x20
005C5521 D9E8 fld1
005C5523 D91D F86B1801 fstp dword ptr [0x1186BF8]
005C5529 D905 F86B1801 fld dword ptr [0x1186BF8]
005C552F DC1D A0990001 fcomp qword ptr [0x10099A0]
005C5535 DFE0 fstsw ax
005C5537 F6C4 05 test ah, 0x5
005C553A 7A 0A jpe short 005C5546
005C553C D9E8 fld1
005C553E D99D 34FBFFFF fstp dword ptr [ebp-0x4CC]
005C5544 EB 39 jmp short 005C557F
005C5546 D905 F86B1801 fld dword ptr [0x1186BF8]
005C554C DC1D 509A0001 fcomp qword ptr [0x1009A50]
005C5552 DFE0 fstsw ax
005C5554 F6C4 05 test ah, 0x5
005C5557 7A 0E jpe short 005C5567
005C5559 D905 F86B1801 fld dword ptr [0x1186BF8]
005C555F D99D 30FBFFFF fstp dword ptr [ebp-0x4D0]
005C5565 EB 0C jmp short 005C5573
005C5567 D905 249A0001 fld dword ptr [0x1009A24]
005C556D D99D 30FBFFFF fstp dword ptr [ebp-0x4D0]
005C5573 D985 30FBFFFF fld dword ptr [ebp-0x4D0]
005C5579 D99D 34FBFFFF fstp dword ptr [ebp-0x4CC]
005C557F D985 34FBFFFF fld dword ptr [ebp-0x4CC]
005C5585 D91D F86B1801 fstp dword ptr [0x1186BF8]
Code:
//NOP THE WHOLE CODE
//DropGoldAmountCoef
005C5612 33D2 xor edx, edx
005C5614 74 38 je short 005C564E
005C5616 68 11010000 push 0x111
005C561B 68 7849F900 push 00F94978 ; ASCII "D:\WORK2005\Source\SilkroadOnline\Server\ServerCommon\GameConfig.cpp"
005C5620 83EC 08 sub esp, 0x8
005C5623 DD05 782FF900 fld qword ptr [0xF92F78]
005C5629 DD1C24 fstp qword ptr [esp]
005C562C 83EC 08 sub esp, 0x8
005C562F D9E8 fld1
005C5631 DD1C24 fstp qword ptr [esp]
005C5634 68 B878FD00 push 00FD78B8 ; ASCII "CLAMP() ==> min(%.3f) exceeded max(%.3f) value), File: %s, Line: %d"
005C5639 68 01000002 push 0x2000001
005C563E E8 ADE8EBFF call 00483EF0
005C5643 83C4 20 add esp, 0x20
005C5646 D9E8 fld1
005C5648 D91D FC6B1801 fstp dword ptr [0x1186BFC]
005C564E D905 FC6B1801 fld dword ptr [0x1186BFC]
005C5654 DC1D A0990001 fcomp qword ptr [0x10099A0]
005C565A DFE0 fstsw ax
005C565C F6C4 05 test ah, 0x5
005C565F 7A 0A jpe short 005C566B
005C5661 D9E8 fld1
005C5663 D99D 28FBFFFF fstp dword ptr [ebp-0x4D8]
005C5669 EB 39 jmp short 005C56A4
005C566B D905 FC6B1801 fld dword ptr [0x1186BFC]
005C5671 DC1D 782FF900 fcomp qword ptr [0xF92F78]
005C5677 DFE0 fstsw ax
005C5679 F6C4 05 test ah, 0x5
005C567C 7A 0E jpe short 005C568C
005C567E D905 FC6B1801 fld dword ptr [0x1186BFC]
005C5684 D99D 24FBFFFF fstp dword ptr [ebp-0x4DC]
005C568A EB 0C jmp short 005C5698
005C568C D905 389A0001 fld dword ptr [0x1009A38]
005C5692 D99D 24FBFFFF fstp dword ptr [ebp-0x4DC]
005C5698 D985 24FBFFFF fld dword ptr [ebp-0x4DC]
005C569E D99D 28FBFFFF fstp dword ptr [ebp-0x4D8]
005C56A4 D985 28FBFFFF fld dword ptr [ebp-0x4D8]
005C56AA D91D FC6B1801 fstp dword ptr [0x1186BFC]
SR_GameServer.exe and SR_ShardManager.exe full server.cfg for this files
Code:
SR_ShardManager {
Certification "127.0.0.1", 15882
CREST_FTP_URL "ftp://guild_up:[email protected] /SRO"
LOCALE LOCALE_TAIWAN
FlagEvent 1
//ChristmasEvent2007 0
//ExtraExpRatio 3.0
ExpRatioParty 3000
ExpRatio 3000
OsTimeChangeState 1
BattleArenaRandom 1
BattleArenaParty 1
BattleArenaGuild 1
BattleArenaJob 1
ArenaMatchOccupy 1
ArenaMatchPoint 1
ArenaMatchFlag 1
EnableScheduleJobLogFatal 1
//CONSIGNMENT_TRADE_PATH //Remove the double slashes // at the beginning if you want to use CONSIGNMENT_TRADE_PATH_WHERE
//CONSIGNMENT_TRADE_PATH_WHERE
//CONSIGNMENT_TRADE_LIMIT_COUNT 100 //Trades count limit
//CONSIGNMENT_TRADE_MONSTER_MOVE_WAITTIME 1000*60*10 //Consignment Trade Monster Movement Wait Time (default is 10 minutes)
}
SR_GameServer {
Certification "127.0.0.1", 15882
LOCALE LOCALE_TAIWAN
DropGoldAmountCoef 1500
DropItemRatio 1500
//GiantMonster_SpawnRatio 14 //14% spawn ratio
//PCSpeedRatio 1.5 //Character movement speed works only if above 1.0f
//ShowGameServerDisplay 1 //Display the gameserver console box with the objects, etc
//ShowFormulaDetail 1 //Show the damage formula attack values to the client // or in the gameserver it self i dont remember
//HwanGainFactor 1.0 //the zerk rate, limited to 10.0f
//MONSTER_AGGRO_LINK_DECREASE_RATIO 0.5 //Monster aggressive %
//THANKS_GIVING_EVENT EVENT_ON
//YAHOO_CHRISTMAS_EVENT EVENT_ON
//EUBUSINESS_EVENT EVENT_ON
Thats it,
Greetings MeGaMaX
04/16/2019, 14:32
#21
elite*gold: 72
Join Date: Sep 2011
Posts: 760
Received Thanks: 221
Quote:
Originally Posted by
MeGaMaX.
What sup,
It's about to get LIT!!
okey lets do some serious modification to the packets here, so we can be sure that the bots are going to work right as much as possible
Modifying 0x3013 Packet opcode to remove the garbage bytes that was added in this file so it can stop bots:
Fire up ollydebug and open SRO_Client.exe
Step 1:
Code:
//NOP the whole assembly instructions
009C824F 6A 01 push 0x1
009C8251 8D9424 84000000 lea edx, dword ptr [esp+0x84]
009C8258 52 push edx
009C8259 8BCF mov ecx, edi
009C825B E8 F09BAEFF call 004B1E50
Step 2:
Code:
//NOP the whole assembly instructions
009C828A 6A 01 push 0x1
009C828C 8D9424 84000000 lea edx, dword ptr [esp+0x84]
009C8293 52 push edx
009C8294 8BCF mov ecx, edi
009C8296 E8 B59BAEFF call 004B1E50
Fire up ollydebug and open SR_GameServer.exe
Step 1:
Code:
//NOP the whole assembly instructions
007223A7 E8 CDFE7200 call 00E52279
007223AC 99 cdq
007223AD B9 FF000000 mov ecx, 0xFF
007223B2 F7F9 idiv ecx
007223B4 8855 FB mov byte ptr [ebp-0x5], dl
007223B7 8A55 FB mov dl, byte ptr [ebp-0x5]
007223BA 52 push edx
007223BB B9 606A1901 mov ecx, 01196A60
007223C0 E8 BB163600 call 00A83A80
Step 2:
Code:
//NOP the whole assembly instructions
0072242B E8 49FE7200 call 00E52279
00722430 99 cdq
00722431 B9 FF000000 mov ecx, 0xFF
00722436 F7F9 idiv ecx
00722438 8855 EB mov byte ptr [ebp-0x15], dl
0072243B 8A55 EB mov dl, byte ptr [ebp-0x15]
0072243E 52 push edx
0072243F B9 606A1901 mov ecx, 01196A60
00722444 E8 37163600 call 00A83A80
Cracking All Rates:
SR_ShardManager.exe
Code:
//NOPE THE WHOLE CODE
//ExpRatio
00480416 33D2 xor edx, edx
00480418 74 3E je short 00480458
0048041A 68 9D030000 push 0x39D
0048041F 68 B889A600 push 00A689B8 ; ASCII "D:\WORK2005\Source\SilkroadOnline\Server\SR_ShardManager\MainProcess.cpp"
00480424 83EC 08 sub esp, 0x8
00480427 DD05 B089A600 fld qword ptr [0xA689B0]
0048042D DD1C24 fstp qword ptr [esp]
00480430 83EC 08 sub esp, 0x8
00480433 D9E8 fld1
00480435 DD1C24 fstp qword ptr [esp]
00480438 68 F068A800 push 00A868F0 ; ASCII "CLAMP() ==> min(%.3f) exceeded max(%.3f) value), File: %s, Line: %d"
0048043D 68 01000002 push 0x2000001
00480442 E8 A943FCFF call 004447F0
00480447 83C4 20 add esp, 0x20
0048044A 8B85 E4F6FFFF mov eax, dword ptr [ebp-0x91C]
00480450 D9E8 fld1
00480452 D998 04230400 fstp dword ptr [eax+0x42304]
00480458 8B8D E4F6FFFF mov ecx, dword ptr [ebp-0x91C]
0048045E D981 04230400 fld dword ptr [ecx+0x42304]
00480464 DC1D 7085A800 fcomp qword ptr [0xA88570]
0048046A DFE0 fstsw ax
0048046C F6C4 05 test ah, 0x5
0048046F 7A 0A jpe short 0048047B
00480471 D9E8 fld1
00480473 D99D DCF6FFFF fstp dword ptr [ebp-0x924]
00480479 EB 45 jmp short 004804C0
0048047B 8B95 E4F6FFFF mov edx, dword ptr [ebp-0x91C]
00480481 D982 04230400 fld dword ptr [edx+0x42304]
00480487 DC1D B089A600 fcomp qword ptr [0xA689B0]
0048048D DFE0 fstsw ax
0048048F F6C4 05 test ah, 0x5
00480492 7A 14 jpe short 004804A8
00480494 8B85 E4F6FFFF mov eax, dword ptr [ebp-0x91C]
0048049A D980 04230400 fld dword ptr [eax+0x42304]
004804A0 D99D D8F6FFFF fstp dword ptr [ebp-0x928]
004804A6 EB 0C jmp short 004804B4
004804A8 D905 A889A600 fld dword ptr [0xA689A8]
004804AE D99D D8F6FFFF fstp dword ptr [ebp-0x928]
004804B4 D985 D8F6FFFF fld dword ptr [ebp-0x928]
004804BA D99D DCF6FFFF fstp dword ptr [ebp-0x924]
004804C0 8B8D E4F6FFFF mov ecx, dword ptr [ebp-0x91C]
004804C6 D985 DCF6FFFF fld dword ptr [ebp-0x924]
004804CC D999 04230400 fstp dword ptr [ecx+0x42304]
Code:
//NOP THE WHOLE CODE
//ExpRatioParty
0048056B 33C0 xor eax, eax
0048056D 74 3E je short 004805AD
0048056F 68 AC030000 push 0x3AC
00480574 68 B889A600 push 00A689B8 ; ASCII "D:\WORK2005\Source\SilkroadOnline\Server\SR_ShardManager\MainProcess.cpp"
00480579 83EC 08 sub esp, 0x8
0048057C DD05 B089A600 fld qword ptr [0xA689B0]
00480582 DD1C24 fstp qword ptr [esp]
00480585 83EC 08 sub esp, 0x8
00480588 D9E8 fld1
0048058A DD1C24 fstp qword ptr [esp]
0048058D 68 F068A800 push 00A868F0 ; ASCII "CLAMP() ==> min(%.3f) exceeded max(%.3f) value), File: %s, Line: %d"
00480592 68 01000002 push 0x2000001
00480597 E8 5442FCFF call 004447F0
0048059C 83C4 20 add esp, 0x20
0048059F 8B8D E4F6FFFF mov ecx, dword ptr [ebp-0x91C]
004805A5 D9E8 fld1
004805A7 D999 08230400 fstp dword ptr [ecx+0x42308]
004805AD 8B95 E4F6FFFF mov edx, dword ptr [ebp-0x91C]
004805B3 D982 08230400 fld dword ptr [edx+0x42308]
004805B9 DC1D 7085A800 fcomp qword ptr [0xA88570]
004805BF DFE0 fstsw ax
004805C1 F6C4 05 test ah, 0x5
004805C4 7A 0A jpe short 004805D0
004805C6 D9E8 fld1
004805C8 D99D D0F6FFFF fstp dword ptr [ebp-0x930]
004805CE EB 45 jmp short 00480615
004805D0 8B85 E4F6FFFF mov eax, dword ptr [ebp-0x91C]
004805D6 D980 08230400 fld dword ptr [eax+0x42308]
004805DC DC1D B089A600 fcomp qword ptr [0xA689B0]
004805E2 DFE0 fstsw ax
004805E4 F6C4 05 test ah, 0x5
004805E7 7A 14 jpe short 004805FD
004805E9 8B8D E4F6FFFF mov ecx, dword ptr [ebp-0x91C]
004805EF D981 08230400 fld dword ptr [ecx+0x42308]
004805F5 D99D CCF6FFFF fstp dword ptr [ebp-0x934]
004805FB EB 0C jmp short 00480609
004805FD D905 A889A600 fld dword ptr [0xA689A8]
00480603 D99D CCF6FFFF fstp dword ptr [ebp-0x934]
00480609 D985 CCF6FFFF fld dword ptr [ebp-0x934]
0048060F D99D D0F6FFFF fstp dword ptr [ebp-0x930]
00480615 8B95 E4F6FFFF mov edx, dword ptr [ebp-0x91C]
0048061B D985 D0F6FFFF fld dword ptr [ebp-0x930]
00480621 D99A 08230400 fstp dword ptr [edx+0x42308]
Code:
//NOP THE WHOLE CODE
//ExtraExpRatio
004806B2 33C9 xor ecx, ecx
004806B4 74 3A je short 004806F0
004806B6 68 ED030000 push 0x3ED
004806BB 68 B889A600 push 00A689B8 ; ASCII "D:\WORK2005\Source\SilkroadOnline\Server\SR_ShardManager\MainProcess.cpp"
004806C0 83EC 08 sub esp, 0x8
004806C3 D9E8 fld1
004806C5 DD1C24 fstp qword ptr [esp]
004806C8 83EC 08 sub esp, 0x8
004806CB D9EE fldz
004806CD DD1C24 fstp qword ptr [esp]
004806D0 68 F068A800 push 00A868F0 ; ASCII "CLAMP() ==> min(%.3f) exceeded max(%.3f) value), File: %s, Line: %d"
004806D5 68 01000002 push 0x2000001
004806DA E8 1141FCFF call 004447F0
004806DF 83C4 20 add esp, 0x20
004806E2 8B95 E4F6FFFF mov edx, dword ptr [ebp-0x91C]
004806E8 D9EE fldz
004806EA D99A 0C230400 fstp dword ptr [edx+0x4230C]
004806F0 8B85 E4F6FFFF mov eax, dword ptr [ebp-0x91C]
004806F6 D980 0C230400 fld dword ptr [eax+0x4230C]
004806FC DC1D 8885A800 fcomp qword ptr [0xA88588]
00480702 DFE0 fstsw ax
00480704 F6C4 05 test ah, 0x5
00480707 7A 0A jpe short 00480713
00480709 D9EE fldz
0048070B D99D C8F6FFFF fstp dword ptr [ebp-0x938]
00480711 EB 41 jmp short 00480754
00480713 8B8D E4F6FFFF mov ecx, dword ptr [ebp-0x91C]
00480719 D981 0C230400 fld dword ptr [ecx+0x4230C]
0048071F DC1D 7085A800 fcomp qword ptr [0xA88570]
00480725 DFE0 fstsw ax
00480727 F6C4 05 test ah, 0x5
0048072A 7A 14 jpe short 00480740
0048072C 8B95 E4F6FFFF mov edx, dword ptr [ebp-0x91C]
00480732 D982 0C230400 fld dword ptr [edx+0x4230C]
00480738 D99D C4F6FFFF fstp dword ptr [ebp-0x93C]
0048073E EB 08 jmp short 00480748
00480740 D9E8 fld1
00480742 D99D C4F6FFFF fstp dword ptr [ebp-0x93C]
00480748 D985 C4F6FFFF fld dword ptr [ebp-0x93C]
0048074E D99D C8F6FFFF fstp dword ptr [ebp-0x938]
00480754 8B85 E4F6FFFF mov eax, dword ptr [ebp-0x91C]
0048075A D985 C8F6FFFF fld dword ptr [ebp-0x938]
00480760 D998 0C230400 fstp dword ptr [eax+0x4230C]
SR_GameServer.exe
Code:
//NOP THE WHOLE CODE
//DropItemRatio
005C54ED 33C0 xor eax, eax
005C54EF 74 38 je short 005C5529
005C54F1 68 07010000 push 0x107
005C54F6 68 7849F900 push 00F94978 ; ASCII "D:\WORK2005\Source\SilkroadOnline\Server\ServerCommon\GameConfig.cpp"
005C54FB 83EC 08 sub esp, 0x8
005C54FE DD05 509A0001 fld qword ptr [0x1009A50]
005C5504 DD1C24 fstp qword ptr [esp]
005C5507 83EC 08 sub esp, 0x8
005C550A D9E8 fld1
005C550C DD1C24 fstp qword ptr [esp]
005C550F 68 B878FD00 push 00FD78B8 ; ASCII "CLAMP() ==> min(%.3f) exceeded max(%.3f) value), File: %s, Line: %d"
005C5514 68 01000002 push 0x2000001
005C5519 E8 D2E9EBFF call 00483EF0
005C551E 83C4 20 add esp, 0x20
005C5521 D9E8 fld1
005C5523 D91D F86B1801 fstp dword ptr [0x1186BF8]
005C5529 D905 F86B1801 fld dword ptr [0x1186BF8]
005C552F DC1D A0990001 fcomp qword ptr [0x10099A0]
005C5535 DFE0 fstsw ax
005C5537 F6C4 05 test ah, 0x5
005C553A 7A 0A jpe short 005C5546
005C553C D9E8 fld1
005C553E D99D 34FBFFFF fstp dword ptr [ebp-0x4CC]
005C5544 EB 39 jmp short 005C557F
005C5546 D905 F86B1801 fld dword ptr [0x1186BF8]
005C554C DC1D 509A0001 fcomp qword ptr [0x1009A50]
005C5552 DFE0 fstsw ax
005C5554 F6C4 05 test ah, 0x5
005C5557 7A 0E jpe short 005C5567
005C5559 D905 F86B1801 fld dword ptr [0x1186BF8]
005C555F D99D 30FBFFFF fstp dword ptr [ebp-0x4D0]
005C5565 EB 0C jmp short 005C5573
005C5567 D905 249A0001 fld dword ptr [0x1009A24]
005C556D D99D 30FBFFFF fstp dword ptr [ebp-0x4D0]
005C5573 D985 30FBFFFF fld dword ptr [ebp-0x4D0]
005C5579 D99D 34FBFFFF fstp dword ptr [ebp-0x4CC]
005C557F D985 34FBFFFF fld dword ptr [ebp-0x4CC]
005C5585 D91D F86B1801 fstp dword ptr [0x1186BF8]
Code:
//NOP THE WHOLE CODE
//DropGoldAmountCoef
005C5612 33D2 xor edx, edx
005C5614 74 38 je short 005C564E
005C5616 68 11010000 push 0x111
005C561B 68 7849F900 push 00F94978 ; ASCII "D:\WORK2005\Source\SilkroadOnline\Server\ServerCommon\GameConfig.cpp"
005C5620 83EC 08 sub esp, 0x8
005C5623 DD05 782FF900 fld qword ptr [0xF92F78]
005C5629 DD1C24 fstp qword ptr [esp]
005C562C 83EC 08 sub esp, 0x8
005C562F D9E8 fld1
005C5631 DD1C24 fstp qword ptr [esp]
005C5634 68 B878FD00 push 00FD78B8 ; ASCII "CLAMP() ==> min(%.3f) exceeded max(%.3f) value), File: %s, Line: %d"
005C5639 68 01000002 push 0x2000001
005C563E E8 ADE8EBFF call 00483EF0
005C5643 83C4 20 add esp, 0x20
005C5646 D9E8 fld1
005C5648 D91D FC6B1801 fstp dword ptr [0x1186BFC]
005C564E D905 FC6B1801 fld dword ptr [0x1186BFC]
005C5654 DC1D A0990001 fcomp qword ptr [0x10099A0]
005C565A DFE0 fstsw ax
005C565C F6C4 05 test ah, 0x5
005C565F 7A 0A jpe short 005C566B
005C5661 D9E8 fld1
005C5663 D99D 28FBFFFF fstp dword ptr [ebp-0x4D8]
005C5669 EB 39 jmp short 005C56A4
005C566B D905 FC6B1801 fld dword ptr [0x1186BFC]
005C5671 DC1D 782FF900 fcomp qword ptr [0xF92F78]
005C5677 DFE0 fstsw ax
005C5679 F6C4 05 test ah, 0x5
005C567C 7A 0E jpe short 005C568C
005C567E D905 FC6B1801 fld dword ptr [0x1186BFC]
005C5684 D99D 24FBFFFF fstp dword ptr [ebp-0x4DC]
005C568A EB 0C jmp short 005C5698
005C568C D905 389A0001 fld dword ptr [0x1009A38]
005C5692 D99D 24FBFFFF fstp dword ptr [ebp-0x4DC]
005C5698 D985 24FBFFFF fld dword ptr [ebp-0x4DC]
005C569E D99D 28FBFFFF fstp dword ptr [ebp-0x4D8]
005C56A4 D985 28FBFFFF fld dword ptr [ebp-0x4D8]
005C56AA D91D FC6B1801 fstp dword ptr [0x1186BFC]
SR_GameServer.exe and SR_ShardManager.exe full server.cfg for this files
Code:
SR_ShardManager {
Certification "127.0.0.1", 15882
CREST_FTP_URL "ftp://guild_up:[email protected] /SRO"
LOCALE LOCALE_TAIWAN
FlagEvent 1
//ChristmasEvent2007 0
//ExtraExpRatio 3.0
ExpRatioParty 3000
ExpRatio 3000
OsTimeChangeState 1
BattleArenaRandom 1
BattleArenaParty 1
BattleArenaGuild 1
BattleArenaJob 1
ArenaMatchOccupy 1
ArenaMatchPoint 1
ArenaMatchFlag 1
EnableScheduleJobLogFatal 1
//CONSIGNMENT_TRADE_PATH //Remove the double slashes // at the beginning if you want to use CONSIGNMENT_TRADE_PATH_WHERE
//CONSIGNMENT_TRADE_PATH_WHERE
//CONSIGNMENT_TRADE_LIMIT_COUNT 100 //Trades count limit
//CONSIGNMENT_TRADE_MONSTER_MOVE_WAITTIME 1000*60*10 //Consignment Trade Monster Movement Wait Time (default is 10 minutes)
}
SR_GameServer {
Certification "127.0.0.1", 15882
LOCALE LOCALE_TAIWAN
DropGoldAmountCoef 1500
DropItemRatio 1500
//GiantMonster_SpawnRatio 14 //14% spawn ratio
//PCSpeedRatio 1.5 //Character movement speed works only if above 1.0f
//ShowGameServerDisplay 1 //Display the gameserver console box with the objects, etc
//ShowFormulaDetail 1 //Show the damage formula attack values to the client // or in the gameserver it self i dont remember
//HwanGainFactor 1.0 //the zerk rate, limited to 10.0f
//MONSTER_AGGRO_LINK_DECREASE_RATIO 0.5 //Monster aggressive %
//THANKS_GIVING_EVENT EVENT_ON
//YAHOO_CHRISTMAS_EVENT EVENT_ON
//EUBUSINESS_EVENT EVENT_ON
Thats it,
Greetings MeGaMaX
I've added all current fixes to the patch. But I'm still unsure if the client loads #HB's dll. Would be nice if someone tests that.
Also like I said the DB is cleaned a bit.
There is one predefined account with admin:admin but the sec_primary and secondary has to be changed to 1.
Also everyone who wants to work, find bugs, share fixes and so on is welcome on our
Make sure that you've downloaded the original files, this is just a patch and DOES NOT contain all files. Also the Virus is a false positive because I've included the IPInput in there.
04/16/2019, 16:16
#22
elite*gold: 0
Join Date: Dec 2016
Posts: 98
Received Thanks: 14
are there other bugs ?
04/16/2019, 16:35
#23
elite*gold: 72
Join Date: Sep 2011
Posts: 760
Received Thanks: 221
Quote:
Originally Posted by
GMKING1050
are there other bugs ?
If you would've read both threads carefully then you would know that we're just trying to find out all the major and less major bugs and expecially this thread was started to have a collection of all fixes.
04/16/2019, 18:34
#24
elite*gold: 1537
Join Date: Sep 2006
Posts: 1,085
Received Thanks: 2,346
Quote:
Originally Posted by
b0ykoe
I've added all current fixes to the patch. But I'm still unsure if the client loads #HB's dll. Would be nice if someone tests that.
Also like I said the DB is cleaned a bit.
There is one predefined account with admin:admin but the sec_primary and secondary has to be changed to 1.
Also everyone who wants to work, find bugs, share fixes and so on is welcome on our
Make sure that you've downloaded the original files, this is just a patch and DOES NOT contain all files. Also the Virus is a false positive because I've included the IPInput in there.
You dont need the #HB dll, he already posted later the asm fix and i posted it here at the first page under
When you get dced, after you press confirm the client doesnt terminate fix: Credits goes to @#HB
so dont even use that.
And at the V to hide objects or L can be changed from the GUI option.
04/16/2019, 20:27
#25
elite*gold: 72
Join Date: Sep 2011
Posts: 760
Received Thanks: 221
Quote:
Originally Posted by
#HB
Nice! This is a thread collecting all the progress done on these files since its release including a new interesting fix.
I can help, if somebody is interested though...
Sup. I tried your asm fix but the sro_client seems to keep crashing for me. Want to help out? ^-^
04/16/2019, 20:31
#26
elite*gold: 100
Join Date: Sep 2017
Posts: 1,097
Received Thanks: 889
Some people reported that my disconnect button fix asm don't work. I just re-tested it and it seems to work fine. Anyways, there's x64dbg patch file.
Attached Files
tw_dcbtn_fix.rar
(305 Bytes, 131 views)
04/16/2019, 23:00
#27
elite*gold: 0
Join Date: Apr 2015
Posts: 103
Received Thanks: 12
Keep working guys.
04/17/2019, 22:05
#28
elite*gold: 1537
Join Date: Sep 2006
Posts: 1,085
Received Thanks: 2,346
Any bugs or requests ?
04/18/2019, 01:15
#29
elite*gold: 0
Join Date: May 2018
Posts: 244
Received Thanks: 119
Quote:
Originally Posted by
MeGaMaX.
Any bugs or requests ?
can we remove GM PRIV IP? from GatewayServer
04/18/2019, 02:54
#30
elite*gold: 1537
Join Date: Sep 2006
Posts: 1,085
Received Thanks: 2,346
Quote:
Originally Posted by
Hercules*
can we remove GM PRIV IP? from GatewayServer
Sure thing, here you go,
Remove GM Privilege IP:
Code:
//Gateway.exe
//NOP the whole code
0040D74E 8B47 20 mov eax, dword ptr [edi+0x20]
0040D751 B1 03 mov cl, 0x3
0040D753 3848 41 cmp byte ptr [eax+0x41], cl
0040D756 75 09 jnz short 0040D761
0040D758 3848 40 cmp byte ptr [eax+0x40], cl
0040D75B 0F84 10010000 je 0040D871
0040D761 8B90 58020000 mov edx, dword ptr [eax+0x258]
0040D767 52 push edx
0040D768 E8 93290000 call 00410100
0040D76D 85C0 test eax, eax
0040D76F 0F85 FC000000 jnz 0040D871
0040D775 C74424 2C 0F000>mov dword ptr [esp+0x2C], 0xF
0040D77D 894424 28 mov dword ptr [esp+0x28], eax
0040D781 884424 18 mov byte ptr [esp+0x18], al
0040D785 894424 3C mov dword ptr [esp+0x3C], eax
0040D789 8B47 20 mov eax, dword ptr [edi+0x20]
0040D78C 8B88 58020000 mov ecx, dword ptr [eax+0x258]
0040D792 51 push ecx
0040D793 8D7424 18 lea esi, dword ptr [esp+0x18]
0040D797 E8 04250000 call 0040FCA0
0040D79C 8B4C24 1C mov ecx, dword ptr [esp+0x1C]
0040D7A0 83C4 04 add esp, 0x4
0040D7A3 837C24 2C 10 cmp dword ptr [esp+0x2C], 0x10
0040D7A8 73 04 jnb short 0040D7AE
0040D7AA 8D4C24 18 lea ecx, dword ptr [esp+0x18]
0040D7AE 8B47 20 mov eax, dword ptr [edi+0x20]
0040D7B1 83C0 08 add eax, 0x8
0040D7B4 8378 18 10 cmp dword ptr [eax+0x18], 0x10
0040D7B8 72 05 jb short 0040D7BF
0040D7BA 8B40 04 mov eax, dword ptr [eax+0x4]
0040D7BD EB 03 jmp short 0040D7C2
0040D7BF 83C0 04 add eax, 0x4
0040D7C2 51 push ecx
0040D7C3 50 push eax
0040D7C4 68 B8AA4D00 push 004DAAB8 ; ASCII "[%s] login refused (GM cannot login from the PC that has not privileged ip) - %s"
0040D7C9 68 00000002 push 0x2000000
0040D7CE E8 2D010100 call 0041D900
0040D7D3 83C4 10 add esp, 0x10
0040D7D6 C64424 11 0D mov byte ptr [esp+0x11], 0xD
0040D7DB C74424 3C FFFFF>mov dword ptr [esp+0x3C], -0x1
0040D7E3 8D4C24 14 lea ecx, dword ptr [esp+0x14]
0040D7E7 E8 0457FFFF call 00402EF0
Code:
//First do the above code^
//Then Change
0040D74E nop
to
jmp 0040D871
Similar Threads
[04.09.13] GigaByte v2.6 [FIX, FIX, FIX, FIX AND FIX]
09/11/2013 - WarRock Hacks, Bots, Cheats & Exploits - 79 Replies
http://www.elitepvpers.com/forum/warrock-hacks-bot s-cheats-exploits/2843300-11-09-gigabyte-public-v2 -7-a.html
WarRock Direct3D [16.05.2012] ( ASM Bullets, ASM, OPK / SVP , ASM UNL AMMO )
05/17/2012 - WarRock Hacks, Bots, Cheats & Exploits - 8 Replies
Direct3D Hook
85% Credits to BlackLegend - helping me alot.
Viva la Revolución
http://www.abload.de/img/wr31lmaex.png
http://www.abload.de/img/wr3253bzf.png
Virustotal ( Packed / Compressed )
Click
All times are GMT +2. The time now is 01:08 .