[Release]TWSRO 1.258 Craft System Packet Structures ASM Fix + Bug Fixes

[MeGaMaX]

Hello,

What sup everyone, today im releasing something different not for vsro188, but for the released twsro 1.258 server files. Im trying to encourge the community to move over vsro188 to use something new, by contributing to fix the twsro files which does contains a new features like item linking, new party leader, new guild system, some extra gori features, etc. Pretty much no one want to move on, in my opinion sro community is the only community i noticed they dont want new server files, all other games communites are looking for new server files for their beloved games, yet not this one LOL. Anyway Lets begin, maybe there are still few people are interested and would contribute.

First of all lets make sure of some things that need to be done correctly to be able to use this files the right way.

You can find the server files and client released by @Isoline*


Client Configuration:-

 Spoiler

Type.txt

 Spoiler

Language = "Taiwan"
Country = "Taiwan"

ContentID

 Spoiler

11

Note: I will attach the right language columns text files below.

Server Configuration:-

 Spoiler

Server.cfg
Note: Dont forget to change the config for AccountDBConfig in Gateway section

 Spoiler

/*/////////////////////////////////////////////////////////////////////////////////////
Server Configuration

// message box여부
DEBUG_OPTION_ASSERT_DONOT_SHOW_MESSAGEBOX // advance(진행) 않함 무조건 cancel상태
DEBUG_OPTION_ASSERT_SHOW_MESSAGEBOX_OKCANCEL // okcancel버튼을 보여준다
DEBUG_OPTION_ASSERT_SHOW_MESSAGEBOX_OK // ok를 누르면 무조건 프로그램 종료

// callstack보여주기
DEBUG_OPTION_ASSERT_SHOW_CALLSTACK // callstack을 보여줌 (pdb가 필요)
DEBUG_OPTION_ASSERT_WRITE_MINIDUMP // minidump화일을 만든다

// 진행 또는 종료 방법
DEBUG_OPTION_ASSERT_ADVANCE_BREAK // debugger가 있을때만 가능
DEBUG_OPTION_ASSERT_ADVANCE_NORMAL // assert를 그냥 무시한다

DEBUG_OPTION_ASSERT_CANCEL_EXIT // exit process호출

DEBUG_OPTION_ASSERT_CALL_CALLBACK // assert직전에 callback함수를 호출함

///////////////////////////////////////////////////////////////////////////////////////*/

Common {
debug_option_debugger_present {
DEBUG_OPTION_ASSERT_SHOW_MESSAGEBOX_OKCANCEL,
DEBUG_OPTION_ASSERT_ADVANCE_BREAK,
DEBUG_OPTION_ASSERT_CANCEL_EXIT
/*
DEBUG_OPTION_ASSERT_SHOW_MESSAGEBOX_OK,

*/
}

debug_option_stand_alone {
/*
DEBUG_OPTION_ASSERT_SHOW_MESSAGEBOX_OK,
DEBUG_OPTION_ASSERT_SHOW_CALLSTACK,
DEBUG_OPTION_ASSERT_CANCEL_EXIT
*/

// 외부로 서버가 나갈을때
DEBUG_OPTION_ASSERT_DONOT_SHOW_MESSAGEBOX ,


}

netengine_debug_option_debugger_present {
DEBUG_OPTION_ASSERT_DONOT_SHOW_MESSAGEBOX ,

/*
DEBUG_OPTION_ASSERT_SHOW_MESSAGEBOX_OKCANCEL,
DEBUG_OPTION_ASSERT_ADVANCE_BREAK,
DEBUG_OPTION_ASSERT_CANCEL_EXIT
*/
}

netengine_debug_option_stand_alone {
DEBUG_OPTION_ASSERT_DONOT_SHOW_MESSAGEBOX ,

/*
DEBUG_OPTION_ASSERT_SHOW_MESSAGEBOX_OK,
DEBUG_OPTION_ASSERT_SHOW_CALLSTACK,
DEBUG_OPTION_ASSERT_CANCEL_EXIT
*/
}

}

////////////////////////////////////////////////////////////////////////////////////////////
GlobalManager
{
Certification "127.0.0.1", 32000
LoginFailureTolerance 3 // Maximum Login Password Error!
IBUVFailureTolerance 3 // Maximum Image Validation Error!
LoginFailureBlockTimeMin 10 // Block Time(Min) - Login Password Error
IBUVFailureBlockTimeMin 10 // Block Time(Min) - Image Validation Error
AutomatedPunisher "AutomatedPunisher" // Blocker Name

LoginPunishmentGuide "You are enter the wrong password three times. And 10 minutes blocked."
LoginPunishmentDescription "You are enter the wrong password three times. And 10 minutes blocked."
IBUVPunishmentGuide "You are enter the wrong image validation three times. And 10 minutes blocked."
IBUVPunishmentDescription "You are enter the wrong image validation three times. And 10 minutes blocked."
}

MachineManager
{
Certification "127.0.0.1", 15880
}

FarmManager
{
Certification "127.0.0.1", 15880
}

DownloadServer {
Certification "127.0.0.1", 15880
}

GatewayServer {
LastFullVersion_SR_Client 215
Certification "127.0.0.1", 15880
IBUVQueueReserveCount 20000
IBUVQueuePrepareRatio 0.05
IBUVFailureIPTolerance 0

// Adition option!!!!
//////////////////////////////////////////////////////////
IBUVStringSize 1
IBUVCharacterSet "ABCDEFGHLMNQRTabdehimn2345678"
//////////////////////////////////////////////////////////

AccountDBConfig "DRIVER={SQL Server};SERVER=IPHERE;DSN=sro_tw_accountdb;UID=USE RNAMEHERE;PWD=PASSHERE;DATABASE=sro_tw_accountdb"


}

AgentServer {
Certification "127.0.0.1", 15882
MaxSendQueDepth 500
GameGuardMode 0
GameGuardTimerCycle 5 //WAS 5
traffic_filter_activity service_on
traffic_filter_packet_count 500 /was 500
traffic_filter_check_perid 60000 /was 60000
}


SR_ShardManager {
Certification "127.0.0.1", 15882
CREST_FTP_URL "ftp://guild_up:[email protected]/SRO"
LOCALE LOCALE_TAIWAN
FlagEvent 1
//ChristmasEvent2007 0
//ExtraExpRatio 3.0
ExpRatioParty 3000
ExpRatio 3000
OsTimeChangeState 1
BattleArenaRandom 1
BattleArenaParty 1
BattleArenaGuild 1
BattleArenaJob 1
ArenaMatchOccupy 1
ArenaMatchPoint 1
ArenaMatchFlag 1
EnableScheduleJobLogFatal 1
//CONSIGNMENT_TRADE_PATH //Remove the double slashes // at the beginning if you want to use CONSIGNMENT_TRADE_PATH_WHERE
//CONSIGNMENT_TRADE_PATH_WHERE
//CONSIGNMENT_TRADE_LIMIT_COUNT 100 //Trades count limit
//CONSIGNMENT_TRADE_MONSTER_MOVE_WAITTIME 1000*60*10 //Consignment Trade Monster Movement Wait Time (default is 10 minutes)
}

SR_GameServer {
Certification "127.0.0.1", 15882
LOCALE LOCALE_TAIWAN
DropGoldAmountCoef 1500
DropItemRatio 1500
//GiantMonster_SpawnRatio 14 //14% spawn ratio
//PCSpeedRatio 1.5 //Character movement speed works only if above 1.0f
//ShowGameServerDisplay 1 //Display the gameserver console box with the objects, etc
//ShowFormulaDetail 1 //Show the damage formula attack values to the client // or in the gameserver it self i dont remember
//HwanGainFactor 1.0 //the zerk rate, limited to 10.0f
//MONSTER_AGGRO_LINK_DECREASE_RATIO 0.5 //Monster aggressive %

//THANKS_GIVING_EVENT EVENT_ON
//YAHOO_CHRISTMAS_EVENT EVENT_ON
//EUBUSINESS_EVENT EVENT_ON

Certification:

 Spoiler

Dont forget to change the operation id to 11 same as Content ID

Craft System Packet Structure ASM Fix [Pay Attention]

 Spoiler

Client Side:

Change

Code:

0088235E    81EC 48010000   sub     esp, 0x148

to

0088235E    81EC 48020000   sub     esp, 0x248

Change

Code:

0088236B    898424 44010000 mov     dword ptr [esp+0x144], eax

to

0088236B    898424 44020000 mov     dword ptr [esp+0x244], eax

Change

Code:

0088237D    8D8424 58010000 lea     eax, dword ptr [esp+0x158]

to

0088237D    8D8424 58020000 lea     eax, dword ptr [esp+0x258]

Change

Code:

0088238A    8BB424 68010000 mov     esi, dword ptr [esp+0x168]

to

0088238A    8BB424 68020000 mov     esi, dword ptr [esp+0x268]

Change

Code:

008823AC    899C24 68010000 mov     dword ptr [esp+0x168], ebx

to

008823AC    899C24 68020000 mov     dword ptr [esp+0x268], ebx

Change

Code:

00882422    C68424 60010000>mov     byte ptr [esp+0x160], 0x1

to

00882422    C68424 60020000>mov     byte ptr [esp+0x260], 0x1

Change

Code:

00882440    889C24 64010000 mov     byte ptr [esp+0x164], bl

to

00882440    889C24 64020000 mov     byte ptr [esp+0x264], bl

Change

Code:

00882462    C68424 64010000>mov     byte ptr [esp+0x164], 0x2

to

00882462    C68424 64020000>mov     byte ptr [esp+0x264], 0x2

Change

Code:

008824A0    68 80000000     push    0x80

to

008824A0    68 00010000     push    0x100

Change

Code:

008824C6    889C24 60010000 mov     byte ptr [esp+0x160], bl

to

008824C6    889C24 60020000 mov     byte ptr [esp+0x260], bl

Change

Code:

0088254B    8B8C24 58010000 mov     ecx, dword ptr [esp+0x158]

to

0088254B    8B8C24 58020000 mov     ecx, dword ptr [esp+0x258]

Change

Code:

0088255D    8B8C24 44010000 mov     ecx, dword ptr [esp+0x144]

to

0088255D    8B8C24 44020000 mov     ecx, dword ptr [esp+0x244]

Change

Code:

0088256B    81C4 54010000   add     esp, 0x154

to

0088256B    81C4 54020000   add     esp, 0x254

Server Side:
SR_GameSever.exe
Nop these

Code:

0072A094    83BD 24FDFFFF 0>cmp     dword ptr [ebp-0x2DC], 0x4
0072A09B    74 0F           je      short 0072A0AC

Change

Code:

Press CTRL + G and go to 0072A09 then change it

to

0072A09    jmp     00F90C51

Press CTRL + G and go to

Code:

00F90C51

Paste this binary code at 00F90C51

Code:

83 BD 24 FD FF FF 01 74 18 83 BD 24 FD FF FF 04 0F 84 45 94 79 FF E9 60 95 79 FF 00 00 00 00 00
00 6A 03 8B 8D 2C FD FF FF 8B 11 8B 8D 2C FD FF FF 8B 82 B0 03 00 00 FF D0 E9 3D 95 79 FF

Result Preview:

Enable Mercenary

 Spoiler

Client Side:

NOP that code in sroclient to enable mercenary

Code:

0065E447    8BCB            mov     ecx, ebx
0065E449    E8 02DA2300     call    0089BE50
0065E44E    8BC8            mov     ecx, eax
0065E450    E8 CBE4FEFF     call    0064C920
0065E455    85C0            test    eax, eax
0065E457    74 2C           je      short 0065E485
0065E459    8BCB            mov     ecx, ebx
0065E45B    E8 F0D92300     call    0089BE50
0065E460    8078 03 01      cmp     byte ptr [eax+0x3], 0x1
0065E464    75 1F           jnz     short 0065E485
0065E466    8B0D 1C291401   mov     ecx, dword ptr [0x114291C]
0065E46C    6A 01           push    0x1
0065E46E    56              push    esi
0065E46F    68 9BC9DBFF     push    0xFFDBC99B
0065E474    68 EA180000     push    0x18EA
0065E479    6A 01           push    0x1
0065E47B    E8 20DC0F00     call    0075C0A0
0065E480  ^ E9 F6FEFFFF     jmp     0065E37B

and run this query on shard.

Code:

UPDATE _RefObjCommon SET ReqLevelType1 = -1 WHERE CodeName128 LIKE '%ITEM_ETC_GUILD_CH_SOLDIER%'
UPDATE _RefObjCommon SET ReqLevelType1 = -1 WHERE CodeName128 LIKE '%ITEM_ETC_GUILD_EU_SOLDIER%'

Fix Friend Group Name

 Spoiler

Edit _AddNewChar

Code:

INSERT _FriendGroup Values (@NewCharID, 0, '痡暐袛')

to

INSERT _FriendGroup VALUES (@CharID, 0, 'Unclassified')

run this on shard for created characters, before the above fix.

Code:

TRUNCATE TABLE _FriendGroup
TRUNCATE TABLE _Friend

DECLARE @tempTable TABLE(ID INT)
INSERT INTO @tempTable SELECT CharID FROM _Char WHERE CharID > 0

DECLARE @CharID INT = 0;
WHILE (EXISTS(SELECT * FROM @tempTable))
BEGIN
    SELECT TOP 1 @CharID = ID FROM @tempTable

    IF (@CharID > 0)
    BEGIN

        INSERT INTO _FriendGroup VALUES (@CharID, 0, 'Unclassified')

    END

    DELETE FROM @tempTable WHERE ID = @CharID
    SET @CharID = 0;
END

Cracking Values: Credits goes to @Isoline*

 Spoiler

[code]Eroad Modules research:
//sro_client Mastery Showup
00691283 BE 4A010000 MOV ESI,14A
00691288 > 8B0D 1C291401 MOV ECX,DWORD PTR DS:[114291C]
0069128E . E8 5DD00E00 CALL sro_clie.0077E2F0
00691293 . 8BC8 MOV ECX,EAX

//GameServer Mastery
00898352 3D 68010000 CMP EAX,168
00898357 |. 7E 0B JLE SHORT SR_GameS.00898364
00898359 |. 66:C745 F4 053>MOV WORD PTR SS:[EBP-C],3805
0089835F |. E9 2D030000 JMP SR_GameS.00898691
00898364 |> E9 AA000000 JMP SR_GameS.00898413
00898369 |> 8B8D 7CFDFFFF MOV ECX,DWORD PTR SS:[EBP-284]

//GameServer cap level
007241D7 |> 8B8D 74FEFFFF MOV ECX,DWORD PTR SS:[EBP-18C]
007241DD |. 8B51 34 MOV EDX,DWORD PTR DS:[ECX+34]
007241E0 |. 0FB642 65 MOVZX EAX,BYTE PTR DS:[EDX+65]
007241E4 83F8 6E CMP EAX,6E
007241E7 |. 0F85 EE010000 JNZ SR_GameS.007243DB
007241ED |. 8B8D 74FEFFFF MOV ECX,DWORD PTR SS:[EBP-18C]
007241F3 |. 8B51 34 MOV EDX,DWORD PTR DS:[ECX+34]

Gori Fix: Credits goes to @silkroadbotter

 Spoiler

Code:

This can be fixed by "Server Folder\Script\Taiwan" quest scripts in relation to "GACHA_OPERATOR".

0x7007 and 0xB007 New Structure: Credits goes to @#HB

 Spoiler

Code:

[C -> S][7007] | AGENT_CHARACTER_SELECTION_ACTION | Used at job selecting, request current job status
09                                                ................ // flag

[S -> C][B007] | AGENT_CHARACTER_SELECTION_ACTION | Received from job selecting, request current job status
09                                                ................ // flag
01                                                ................ // static
3F                                                ?............... // hunter percent
25                                                %............... // theif percent

[C -> S][7007] | AGENT_CHARACTER_SELECTION_ACTION | Used at job selecting, confirm job button
10                                                ................ // flag
05 00                                             ................ // charname length
33 32 31 33 31                                    32131........... // charname
02                                                ................ // job type (1 = hunter, 2 = theif)

[S -> C][B007] | AGENT_CHARACTER_SELECTION_ACTION | Received from job selecting, confirm job button
10                                                ................ // flag
01

Fix the captcha failed & total tries are flipped: Credits goes to @#HB for the address and Credits goes to @florian0 for the asm fix

 Spoiler

Change

Code:

00854867 | 52                        | push edx                                |
00854868 | 51                        | push ecx                                |

to

00854867 | 51                        | push ecx                                |
00854868 | 52                        | push edx                                |

Supported Cracked SBOT:

 Spoiler

-My cracked sbot works for this server files, you can try it and report any bugs.
-You can find it

Preview:

#April 15 2019

Quote:

Originally Posted by b0ykoe

All current Fixes (beside the rates, didn't got that to work - also I'm unsure if the dll loads correctly)
Account is admin:admin the sec_primary and sec_content needs to be put on 1
also the db is a bit cleaned up

#April 15 2019 #2 the above B0ykoe archive doesnt contain anything starts from below this line.

Modifying 0x3013 Packet opcode:

 Spoiler

okey lets do some serious modification to the packets here, so we can be sure that the bots are going to work right as much as possible

Modifying 0x3013 Packet opcode to remove the garbage bytes that was added in this file so it can stop bots.

Fire up ollydebug and open SRO_Client.exe
Step 1:

Code:

//NOP the whole assembly instructions
009C824F    6A 01           push    0x1
009C8251    8D9424 84000000 lea     edx, dword ptr [esp+0x84]
009C8258    52              push    edx
009C8259    8BCF            mov     ecx, edi
009C825B    E8 F09BAEFF     call    004B1E50

Step 2:

Code:

//NOP the whole assembly instructions
009C828A    6A 01           push    0x1
009C828C    8D9424 84000000 lea     edx, dword ptr [esp+0x84]
009C8293    52              push    edx
009C8294    8BCF            mov     ecx, edi
009C8296    E8 B59BAEFF     call    004B1E50

Fire up ollydebug and open SR_GameServer.exe
Step 1:

Code:

//NOP the whole assembly instructions
007223A7    E8 CDFE7200     call    00E52279
007223AC    99              cdq
007223AD    B9 FF000000     mov     ecx, 0xFF
007223B2    F7F9            idiv    ecx
007223B4    8855 FB         mov     byte ptr [ebp-0x5], dl
007223B7    8A55 FB         mov     dl, byte ptr [ebp-0x5]
007223BA    52              push    edx
007223BB    B9 606A1901     mov     ecx, 01196A60
007223C0    E8 BB163600     call    00A83A80

Step 2:

Code:

//NOP the whole assembly instructions
0072242B    E8 49FE7200     call    00E52279
00722430    99              cdq
00722431    B9 FF000000     mov     ecx, 0xFF
00722436    F7F9            idiv    ecx
00722438    8855 EB         mov     byte ptr [ebp-0x15], dl
0072243B    8A55 EB         mov     dl, byte ptr [ebp-0x15]
0072243E    52              push    edx
0072243F    B9 606A1901     mov     ecx, 01196A60
00722444    E8 37163600     call    00A83A80

#April 16 2019:

Cracking All Rates:

 Spoiler

SR_ShardManager.exe

Code:

//NOP THE WHOLE CODE
//ExpRatio
00480416    33D2            xor     edx, edx
00480418    74 3E           je      short 00480458
0048041A    68 9D030000     push    0x39D
0048041F    68 B889A600     push    00A689B8                         ; ASCII "D:\WORK2005\Source\SilkroadOnline\Server\SR_ShardManager\MainProcess.cpp"
00480424    83EC 08         sub     esp, 0x8
00480427    DD05 B089A600   fld     qword ptr [0xA689B0]
0048042D    DD1C24          fstp    qword ptr [esp]
00480430    83EC 08         sub     esp, 0x8
00480433    D9E8            fld1
00480435    DD1C24          fstp    qword ptr [esp]
00480438    68 F068A800     push    00A868F0                         ; ASCII "CLAMP() ==> min(%.3f) exceeded max(%.3f) value), File: %s, Line: %d"
0048043D    68 01000002     push    0x2000001
00480442    E8 A943FCFF     call    004447F0
00480447    83C4 20         add     esp, 0x20
0048044A    8B85 E4F6FFFF   mov     eax, dword ptr [ebp-0x91C]
00480450    D9E8            fld1
00480452    D998 04230400   fstp    dword ptr [eax+0x42304]
00480458    8B8D E4F6FFFF   mov     ecx, dword ptr [ebp-0x91C]
0048045E    D981 04230400   fld     dword ptr [ecx+0x42304]
00480464    DC1D 7085A800   fcomp   qword ptr [0xA88570]
0048046A    DFE0            fstsw   ax
0048046C    F6C4 05         test    ah, 0x5
0048046F    7A 0A           jpe     short 0048047B
00480471    D9E8            fld1
00480473    D99D DCF6FFFF   fstp    dword ptr [ebp-0x924]
00480479    EB 45           jmp     short 004804C0
0048047B    8B95 E4F6FFFF   mov     edx, dword ptr [ebp-0x91C]
00480481    D982 04230400   fld     dword ptr [edx+0x42304]
00480487    DC1D B089A600   fcomp   qword ptr [0xA689B0]
0048048D    DFE0            fstsw   ax
0048048F    F6C4 05         test    ah, 0x5
00480492    7A 14           jpe     short 004804A8
00480494    8B85 E4F6FFFF   mov     eax, dword ptr [ebp-0x91C]
0048049A    D980 04230400   fld     dword ptr [eax+0x42304]
004804A0    D99D D8F6FFFF   fstp    dword ptr [ebp-0x928]
004804A6    EB 0C           jmp     short 004804B4
004804A8    D905 A889A600   fld     dword ptr [0xA689A8]
004804AE    D99D D8F6FFFF   fstp    dword ptr [ebp-0x928]
004804B4    D985 D8F6FFFF   fld     dword ptr [ebp-0x928]
004804BA    D99D DCF6FFFF   fstp    dword ptr [ebp-0x924]
004804C0    8B8D E4F6FFFF   mov     ecx, dword ptr [ebp-0x91C]
004804C6    D985 DCF6FFFF   fld     dword ptr [ebp-0x924]
004804CC    D999 04230400   fstp    dword ptr [ecx+0x42304]

Code:

//NOP THE WHOLE CODE
//ExpRatioParty
0048056B    33C0            xor     eax, eax
0048056D    74 3E           je      short 004805AD
0048056F    68 AC030000     push    0x3AC
00480574    68 B889A600     push    00A689B8                         ; ASCII "D:\WORK2005\Source\SilkroadOnline\Server\SR_ShardManager\MainProcess.cpp"
00480579    83EC 08         sub     esp, 0x8
0048057C    DD05 B089A600   fld     qword ptr [0xA689B0]
00480582    DD1C24          fstp    qword ptr [esp]
00480585    83EC 08         sub     esp, 0x8
00480588    D9E8            fld1
0048058A    DD1C24          fstp    qword ptr [esp]
0048058D    68 F068A800     push    00A868F0                         ; ASCII "CLAMP() ==> min(%.3f) exceeded max(%.3f) value), File: %s, Line: %d"
00480592    68 01000002     push    0x2000001
00480597    E8 5442FCFF     call    004447F0
0048059C    83C4 20         add     esp, 0x20
0048059F    8B8D E4F6FFFF   mov     ecx, dword ptr [ebp-0x91C]
004805A5    D9E8            fld1
004805A7    D999 08230400   fstp    dword ptr [ecx+0x42308]
004805AD    8B95 E4F6FFFF   mov     edx, dword ptr [ebp-0x91C]
004805B3    D982 08230400   fld     dword ptr [edx+0x42308]
004805B9    DC1D 7085A800   fcomp   qword ptr [0xA88570]
004805BF    DFE0            fstsw   ax
004805C1    F6C4 05         test    ah, 0x5
004805C4    7A 0A           jpe     short 004805D0
004805C6    D9E8            fld1
004805C8    D99D D0F6FFFF   fstp    dword ptr [ebp-0x930]
004805CE    EB 45           jmp     short 00480615
004805D0    8B85 E4F6FFFF   mov     eax, dword ptr [ebp-0x91C]
004805D6    D980 08230400   fld     dword ptr [eax+0x42308]
004805DC    DC1D B089A600   fcomp   qword ptr [0xA689B0]
004805E2    DFE0            fstsw   ax
004805E4    F6C4 05         test    ah, 0x5
004805E7    7A 14           jpe     short 004805FD
004805E9    8B8D E4F6FFFF   mov     ecx, dword ptr [ebp-0x91C]
004805EF    D981 08230400   fld     dword ptr [ecx+0x42308]
004805F5    D99D CCF6FFFF   fstp    dword ptr [ebp-0x934]
004805FB    EB 0C           jmp     short 00480609
004805FD    D905 A889A600   fld     dword ptr [0xA689A8]
00480603    D99D CCF6FFFF   fstp    dword ptr [ebp-0x934]
00480609    D985 CCF6FFFF   fld     dword ptr [ebp-0x934]
0048060F    D99D D0F6FFFF   fstp    dword ptr [ebp-0x930]
00480615    8B95 E4F6FFFF   mov     edx, dword ptr [ebp-0x91C]
0048061B    D985 D0F6FFFF   fld     dword ptr [ebp-0x930]
00480621    D99A 08230400   fstp    dword ptr [edx+0x42308]

Code:

//NOP THE WHOLE CODE
//ExtraExpRatio
004806B2    33C9            xor     ecx, ecx
004806B4    74 3A           je      short 004806F0
004806B6    68 ED030000     push    0x3ED
004806BB    68 B889A600     push    00A689B8                         ; ASCII "D:\WORK2005\Source\SilkroadOnline\Server\SR_ShardManager\MainProcess.cpp"
004806C0    83EC 08         sub     esp, 0x8
004806C3    D9E8            fld1
004806C5    DD1C24          fstp    qword ptr [esp]
004806C8    83EC 08         sub     esp, 0x8
004806CB    D9EE            fldz
004806CD    DD1C24          fstp    qword ptr [esp]
004806D0    68 F068A800     push    00A868F0                         ; ASCII "CLAMP() ==> min(%.3f) exceeded max(%.3f) value), File: %s, Line: %d"
004806D5    68 01000002     push    0x2000001
004806DA    E8 1141FCFF     call    004447F0
004806DF    83C4 20         add     esp, 0x20
004806E2    8B95 E4F6FFFF   mov     edx, dword ptr [ebp-0x91C]
004806E8    D9EE            fldz
004806EA    D99A 0C230400   fstp    dword ptr [edx+0x4230C]
004806F0    8B85 E4F6FFFF   mov     eax, dword ptr [ebp-0x91C]
004806F6    D980 0C230400   fld     dword ptr [eax+0x4230C]
004806FC    DC1D 8885A800   fcomp   qword ptr [0xA88588]
00480702    DFE0            fstsw   ax
00480704    F6C4 05         test    ah, 0x5
00480707    7A 0A           jpe     short 00480713
00480709    D9EE            fldz
0048070B    D99D C8F6FFFF   fstp    dword ptr [ebp-0x938]
00480711    EB 41           jmp     short 00480754
00480713    8B8D E4F6FFFF   mov     ecx, dword ptr [ebp-0x91C]
00480719    D981 0C230400   fld     dword ptr [ecx+0x4230C]
0048071F    DC1D 7085A800   fcomp   qword ptr [0xA88570]
00480725    DFE0            fstsw   ax
00480727    F6C4 05         test    ah, 0x5
0048072A    7A 14           jpe     short 00480740
0048072C    8B95 E4F6FFFF   mov     edx, dword ptr [ebp-0x91C]
00480732    D982 0C230400   fld     dword ptr [edx+0x4230C]
00480738    D99D C4F6FFFF   fstp    dword ptr [ebp-0x93C]
0048073E    EB 08           jmp     short 00480748
00480740    D9E8            fld1
00480742    D99D C4F6FFFF   fstp    dword ptr [ebp-0x93C]
00480748    D985 C4F6FFFF   fld     dword ptr [ebp-0x93C]
0048074E    D99D C8F6FFFF   fstp    dword ptr [ebp-0x938]
00480754    8B85 E4F6FFFF   mov     eax, dword ptr [ebp-0x91C]
0048075A    D985 C8F6FFFF   fld     dword ptr [ebp-0x938]
00480760    D998 0C230400   fstp    dword ptr [eax+0x4230C]

SR_GameServer.exe

Code:

//NOP THE WHOLE CODE
//DropItemRatio
005C54ED    33C0            xor     eax, eax
005C54EF    74 38           je      short 005C5529
005C54F1    68 07010000     push    0x107
005C54F6    68 7849F900     push    00F94978                         ; ASCII "D:\WORK2005\Source\SilkroadOnline\Server\ServerCommon\GameConfig.cpp"
005C54FB    83EC 08         sub     esp, 0x8
005C54FE    DD05 509A0001   fld     qword ptr [0x1009A50]
005C5504    DD1C24          fstp    qword ptr [esp]
005C5507    83EC 08         sub     esp, 0x8
005C550A    D9E8            fld1
005C550C    DD1C24          fstp    qword ptr [esp]
005C550F    68 B878FD00     push    00FD78B8                         ; ASCII "CLAMP() ==> min(%.3f) exceeded max(%.3f) value), File: %s, Line: %d"
005C5514    68 01000002     push    0x2000001
005C5519    E8 D2E9EBFF     call    00483EF0
005C551E    83C4 20         add     esp, 0x20
005C5521    D9E8            fld1
005C5523    D91D F86B1801   fstp    dword ptr [0x1186BF8]
005C5529    D905 F86B1801   fld     dword ptr [0x1186BF8]
005C552F    DC1D A0990001   fcomp   qword ptr [0x10099A0]
005C5535    DFE0            fstsw   ax
005C5537    F6C4 05         test    ah, 0x5
005C553A    7A 0A           jpe     short 005C5546
005C553C    D9E8            fld1
005C553E    D99D 34FBFFFF   fstp    dword ptr [ebp-0x4CC]
005C5544    EB 39           jmp     short 005C557F
005C5546    D905 F86B1801   fld     dword ptr [0x1186BF8]
005C554C    DC1D 509A0001   fcomp   qword ptr [0x1009A50]
005C5552    DFE0            fstsw   ax
005C5554    F6C4 05         test    ah, 0x5
005C5557    7A 0E           jpe     short 005C5567
005C5559    D905 F86B1801   fld     dword ptr [0x1186BF8]
005C555F    D99D 30FBFFFF   fstp    dword ptr [ebp-0x4D0]
005C5565    EB 0C           jmp     short 005C5573
005C5567    D905 249A0001   fld     dword ptr [0x1009A24]
005C556D    D99D 30FBFFFF   fstp    dword ptr [ebp-0x4D0]
005C5573    D985 30FBFFFF   fld     dword ptr [ebp-0x4D0]
005C5579    D99D 34FBFFFF   fstp    dword ptr [ebp-0x4CC]
005C557F    D985 34FBFFFF   fld     dword ptr [ebp-0x4CC]
005C5585    D91D F86B1801   fstp    dword ptr [0x1186BF8]

Code:

//NOP THE WHOLE CODE
//DropGoldAmountCoef
005C5612    33D2            xor     edx, edx
005C5614    74 38           je      short 005C564E
005C5616    68 11010000     push    0x111
005C561B    68 7849F900     push    00F94978                         ; ASCII "D:\WORK2005\Source\SilkroadOnline\Server\ServerCommon\GameConfig.cpp"
005C5620    83EC 08         sub     esp, 0x8
005C5623    DD05 782FF900   fld     qword ptr [0xF92F78]
005C5629    DD1C24          fstp    qword ptr [esp]
005C562C    83EC 08         sub     esp, 0x8
005C562F    D9E8            fld1
005C5631    DD1C24          fstp    qword ptr [esp]
005C5634    68 B878FD00     push    00FD78B8                         ; ASCII "CLAMP() ==> min(%.3f) exceeded max(%.3f) value), File: %s, Line: %d"
005C5639    68 01000002     push    0x2000001
005C563E    E8 ADE8EBFF     call    00483EF0
005C5643    83C4 20         add     esp, 0x20
005C5646    D9E8            fld1
005C5648    D91D FC6B1801   fstp    dword ptr [0x1186BFC]
005C564E    D905 FC6B1801   fld     dword ptr [0x1186BFC]
005C5654    DC1D A0990001   fcomp   qword ptr [0x10099A0]
005C565A    DFE0            fstsw   ax
005C565C    F6C4 05         test    ah, 0x5
005C565F    7A 0A           jpe     short 005C566B
005C5661    D9E8            fld1
005C5663    D99D 28FBFFFF   fstp    dword ptr [ebp-0x4D8]
005C5669    EB 39           jmp     short 005C56A4
005C566B    D905 FC6B1801   fld     dword ptr [0x1186BFC]
005C5671    DC1D 782FF900   fcomp   qword ptr [0xF92F78]
005C5677    DFE0            fstsw   ax
005C5679    F6C4 05         test    ah, 0x5
005C567C    7A 0E           jpe     short 005C568C
005C567E    D905 FC6B1801   fld     dword ptr [0x1186BFC]
005C5684    D99D 24FBFFFF   fstp    dword ptr [ebp-0x4DC]
005C568A    EB 0C           jmp     short 005C5698
005C568C    D905 389A0001   fld     dword ptr [0x1009A38]
005C5692    D99D 24FBFFFF   fstp    dword ptr [ebp-0x4DC]
005C5698    D985 24FBFFFF   fld     dword ptr [ebp-0x4DC]
005C569E    D99D 28FBFFFF   fstp    dword ptr [ebp-0x4D8]
005C56A4    D985 28FBFFFF   fld     dword ptr [ebp-0x4D8]
005C56AA    D91D FC6B1801   fstp    dword ptr [0x1186BFC]

SR_GameServer.exe and SR_ShardManager.exe full server.cfg for this files

 Spoiler

Code:

SR_ShardManager {
	Certification "127.0.0.1", 15882
	CREST_FTP_URL	"ftp://guild_up:[email protected]/SRO"
	LOCALE LOCALE_TAIWAN
	FlagEvent	1
	//ChristmasEvent2007	0
	//ExtraExpRatio   3.0
	ExpRatioParty	3000
	ExpRatio	3000
	OsTimeChangeState	1
	BattleArenaRandom	1
	BattleArenaParty	1
	BattleArenaGuild	1
	BattleArenaJob	1
	ArenaMatchOccupy	1
	ArenaMatchPoint	1
	ArenaMatchFlag	1
	EnableScheduleJobLogFatal	1
	//CONSIGNMENT_TRADE_PATH //Remove the double slashes // at the beginning if you want to use CONSIGNMENT_TRADE_PATH_WHERE
	//CONSIGNMENT_TRADE_PATH_WHERE
	//CONSIGNMENT_TRADE_LIMIT_COUNT 100 //Trades count limit
	//CONSIGNMENT_TRADE_MONSTER_MOVE_WAITTIME 1000*60*10 //Consignment Trade Monster Movement Wait Time (default is 10 minutes)
}

SR_GameServer {
	Certification "127.0.0.1", 15882
	LOCALE LOCALE_TAIWAN
	DropGoldAmountCoef	1500
	DropItemRatio	1500
	//GiantMonster_SpawnRatio 14 //14% spawn ratio
	//PCSpeedRatio 1.5 //Character movement speed works only if above 1.0f
	//ShowGameServerDisplay	1 //Display the gameserver console box with the objects, etc
	//ShowFormulaDetail	1 //Show the damage formula attack values to the client // or in the gameserver it self i dont remember
	//HwanGainFactor 1.0 //the zerk rate, limited to 10.0f
	//MONSTER_AGGRO_LINK_DECREASE_RATIO 0.5 //Monster aggressive %

	//THANKS_GIVING_EVENT	EVENT_ON
	//YAHOO_CHRISTMAS_EVENT	EVENT_ON
	//EUBUSINESS_EVENT	EVENT_ON

When you get dced, after you press confirm the client doesnt terminate fix: Credits goes to @#HB

 Spoiler

x64dbg patch is

#April 17 2019

Remove GM Privilege IP:

 Spoiler

Code:

//Gateway.exe
//NOP the whole code
0040D74E    8B47 20         mov     eax, dword ptr [edi+0x20]
0040D751    B1 03           mov     cl, 0x3
0040D753    3848 41         cmp     byte ptr [eax+0x41], cl
0040D756    75 09           jnz     short 0040D761
0040D758    3848 40         cmp     byte ptr [eax+0x40], cl
0040D75B    0F84 10010000   je      0040D871
0040D761    8B90 58020000   mov     edx, dword ptr [eax+0x258]
0040D767    52              push    edx
0040D768    E8 93290000     call    00410100
0040D76D    85C0            test    eax, eax
0040D76F    0F85 FC000000   jnz     0040D871
0040D775    C74424 2C 0F000>mov     dword ptr [esp+0x2C], 0xF
0040D77D    894424 28       mov     dword ptr [esp+0x28], eax
0040D781    884424 18       mov     byte ptr [esp+0x18], al
0040D785    894424 3C       mov     dword ptr [esp+0x3C], eax
0040D789    8B47 20         mov     eax, dword ptr [edi+0x20]
0040D78C    8B88 58020000   mov     ecx, dword ptr [eax+0x258]
0040D792    51              push    ecx
0040D793    8D7424 18       lea     esi, dword ptr [esp+0x18]
0040D797    E8 04250000     call    0040FCA0
0040D79C    8B4C24 1C       mov     ecx, dword ptr [esp+0x1C]
0040D7A0    83C4 04         add     esp, 0x4
0040D7A3    837C24 2C 10    cmp     dword ptr [esp+0x2C], 0x10
0040D7A8    73 04           jnb     short 0040D7AE
0040D7AA    8D4C24 18       lea     ecx, dword ptr [esp+0x18]
0040D7AE    8B47 20         mov     eax, dword ptr [edi+0x20]
0040D7B1    83C0 08         add     eax, 0x8
0040D7B4    8378 18 10      cmp     dword ptr [eax+0x18], 0x10
0040D7B8    72 05           jb      short 0040D7BF
0040D7BA    8B40 04         mov     eax, dword ptr [eax+0x4]
0040D7BD    EB 03           jmp     short 0040D7C2
0040D7BF    83C0 04         add     eax, 0x4
0040D7C2    51              push    ecx
0040D7C3    50              push    eax
0040D7C4    68 B8AA4D00     push    004DAAB8                         ; ASCII "[%s] login refused (GM cannot login from the PC that has not privileged ip) - %s"
0040D7C9    68 00000002     push    0x2000000
0040D7CE    E8 2D010100     call    0041D900
0040D7D3    83C4 10         add     esp, 0x10
0040D7D6    C64424 11 0D    mov     byte ptr [esp+0x11], 0xD
0040D7DB    C74424 3C FFFFF>mov     dword ptr [esp+0x3C], -0x1
0040D7E3    8D4C24 14       lea     ecx, dword ptr [esp+0x14]
0040D7E7    E8 0457FFFF     call    00402EF0

Code:

//First do the above code^
//Then Change

0040D74E nop

to

jmp      0040D871

#April 18 2019

ASM Fix For Weapon/Shield Sparkling Effects:

 Spoiler

SRO_Client.exe

Code:

Patch 0082E945

to

jmp     00DB6F42

Code:

Go to 00DB6F42

Paste this binary code: 
68 E8 C4 E0 00 B9 80 C7 13 01 E8 DF 3D CD FF B9 80 C7 13 01 68 71 6F DB 00 B9 80 C7 13 01 E8 CB
3D CD FF B9 80 C7 13 01 E9 EA 79 A7 FF 00 00 72 65 73 69 6E 66 6F 5C 69 74 65 6D 6F 70 74 69 6F
6E 65 66 70 2E 74 78 74 00

//Dont forget to take this file from any vsro188 client resinfo\itemoptionefp.txt and import it to TWSRO client.

Preview:

#April 30 2019

wFilter by @$WeGs support tw258

 Spoiler

wFilter

I will keep updating this thread with any contributed fixes. It took alot of debugging figuring out what da hell is wrong with the craft system, anyway i think all other bugs we are aware of are minor. I hope this is a good start for some people to keep working on it.

Greetings,
MeGaMaX.

[#HB]

Nice! This is a thread collecting all the progress done on these files since its release including a new interesting fix.

I can help, if somebody is interested though...

[SubZero**]

amazing thread

[lolixxx]

gona work on thees files!

[janicka]

Nice, its shame i cant do asm, can somebody share with me fixed files?

[MeGaMaX]

Quote:

Originally Posted by #HB

Nice! This is a thread collecting all the progress done on these files since its release including a new interesting fix.

I can help, if somebody is interested though...

i will help too

Quote:

Originally Posted by lolixxx

gona work on thees files!

amazing news

#Thread updated
-My cracked sbot works for this server files, you can try it and report any bugs.
-You can find it

Preview:

[Isoline*]

Awesome,
I honestly think they are better than vSRO 1.88, and they deserve the attention.
If everyone would contribute, they wouldnt be just useable, they would be epic, definitely giving a new chance for sro.

//edit:
There are still a few bugs here and there, if i remember right, there is something messed up with the skills animation while doing some skills viewed by a 3rd person.

[b0ykoe]

Shouldn't we just setup a Gitlab project that we can track bugs?

Nice thread tho

[silkroadbotter]

im very excited to see this as it will bring new life into these files as they are being supported by some of the big guys in the scene. i will continue to help where i can along the way. cracked sbot is a big thing because now people cannot complain about no bot

we still need to test stability on high player count and i have not tested vsro exploits on these yet..

@edit

also what does everyone think of creating a open source community supported filter and client dll for features?

[lolixxx]

Hmm Cant Find this @ SR_Gameserver -->

0072A09 //address
to
0072A09 jmp 00F90C51

[therock2007e]

Mr.MegaMax new EFP files working in this client ??

[MeGaMaX]

Quote:

Originally Posted by silkroadbotter

im very excited to see this as it will bring new life into these files as they are being supported by some of the big guys in the scene. i will continue to help where i can along the way. cracked sbot is a big thing because now people cannot complain about no bot

we still need to test stability on high player count and i have not tested vsro exploits on these yet..

@edit

also what does everyone think of creating a open source community supported filter and client dll for features?

The packets is not even that much changed, only very few changed structures and few new opcodes, any public filter src like supermike, or kryfilter etc can be used fine for protection. What will be left is finding the address for the client hook dll incase someone wants to use hwid or w/e but thats the least we can even think about now at this stage.

Quote:

Originally Posted by lolixxx

Hmm Cant Find this @ SR_Gameserver -->

0072A09 //address
to
0072A09 jmp 00F90C51

Press CTRL + G and go to 0072A09 then change it to

Code:

0072A09    jmp     00F90C51

Quote:

Originally Posted by therock2007e

Mr.MegaMax new EFP files working in this client ??

i dont know buddy sorry, You can test your self ?

[b0ykoe]

So I've setup a testserver on my dedicated server. Also I'll apply all fixed today evening. Also everyone is welcome to test the files, test exploits, try stuff. But keep in mind that I'm only willed to give RDP access to those who are trusted. (no Homepage setup just yet)

Also I've setup a . I'm trying to keep the updated files (with all fixes applied to them) there. Proper credits to the fixes are given ofc.

[therock2007e]

Quote:

Originally Posted by MeGaMaX.

i dont know buddy sorry, You can test your self ?

not work new EFP files in client ERoad

[SubZero**]

is there a difference on the packet struct between twsro and vsro?
i will work on a packet filter on this files