[DEV] Defining New Type Of Expendables | Live Gold Obtaining Scroll

#HB · 06/17/2019, 02:48

Hey there,

Personally, I've been interested into this topic, since long time ago.

Introduction Video

Expendables, what are expendables? Expendables are the items which are expendable

(like hp, mp, global, scrolls, return scrolls...etc)

My main purpose was creating/defining a new type of them, not just a basic gold scroll..

How can we achieve that... One of the easiest things is following the packet sent after using your expendable item, 0x704C | 0xB04C | AGENT_INVENTORY_ITEM_USE.

Following them is an easy thing to do, just a constant search, and some breakpoints and you'd end up there, at the function that handles item usage, 0x00510980.

The function is a part of a well-known class, CGObjPC. It has a single argument, which is the client item usage message/packet | 0x704C.

So, the function should be parsing the packet and doing instructions, so we should find out the structure of the item usage packets.

Here's a correct structure for both client/server packets:

Code:

//Success Example
[C -> S][704C]
18                                                ................ //Inventory Slot
EC 08                                             ................ //TID

[S -> C][B04C]
01                                                ................ //Result (1 = Success | 2 = Fail)
18                                                ................ //Inventory Slot
0F 27                                             ................ //Quantity
EC 08                                             ................ //TID

//Fail Example
[C -> S][704C]
19                                                ................ //Inventory Slot
ED 4E                                             ................ //TID
//(if TID == skin changer scroll's TID)
77 07 00 00                                       ................ //New skin's ObjID
22                                                ................ //New skin's scale


[S -> C][B04C]
02                                                ................ //Result (1 = Success | 2 = Fail)
92 18                                             ................ //ErrorCode

What is TID? TID is a number generated by CashItem & TypeIDs, as the other Muhab

before too.

How about error code? Error code is a number which indicates if an error is occurred or not. If error code is 1, then everything is alright and your item will be consumed as an expendable, otherwise then its not ok and your item won't be consumed. Error code is also used indicate the error type and showing a proper message for it. (for example, an error code of skin changer scroll, the code with value 6290 indicates this message "UIIT_MSG_CHAR_SKIN_ERR_ARMOR")

Code:

TID = CashItem + (TypeID1 * 4) + (TypeID2 * 32) + (TypeID3 * 128) + (TypeID4 * 2048)

Usually all expendables have the same packet structure, but the expendables that have extra data like skin changer scroll, it contains the new obj id & scale.

So, now we know the packet structures, we followed the game server parse too. I guess, let's create our fancy scroll before we get deeper,

RefObjCommon:

Code:

1	41798	ITEM_MALL_GOLD_SCROLL	?????	xxx	SN_ITEM_MALL_GOLD_SCROLL	SN_ITEM_MALL_GOLD_SCROLL_TT_DESC	1	0	3	3	13	24	180000	3	0	1	1	1	255	0	1	0	0	1	0	0	0	0	0	0	0	-1	0	-1	0	-1	0	-1	0	-1	0	0	0	0	0	0	0	100	0	0	0	xxx	item\etc\drop_mall_scroll.bsr	item\etc\e090930_super_scroll.ddj	xxx	xxx	21333

RefObjItem:

Code:

21333	1	2	0	0	1	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	666	9000	-1	xxx                                                                                                                              	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	0	0	0

I followed the change skin scroll TypeID1, TypeID2, TypeID3 and changed TypeID4 to a new custom one.

If you try to use the scroll, also with a packet debugging, the scroll won't be affected if you right click on it, but if you look at your packets log, you'll find something like:

Code:

[C -> S][704C]
0D                                                ................ //Inventory Slot
ED C6                                             ................ //TID

[S -> C][B04C]
02                                                ................ //Result
02                                                ................ //ErrorCode

That's better than I expected TBH, at least the client sends the packet, but the game server refuses it due to the unrecognized TID.

After an hour of following game server's, I found the function that returns the error code and rejects our new expendable! (I am not sure if they're divided as groups by first 2 item type ids or not, but I am good bruh :v)

So, after doing a proper hook with our new item TID exception, finally everything seems to work fine!

Let's do a little last touch, we need to create settings for our fancy scroll!

So, how about customizing a new param too?

If you re-look at RefObjItem line above, I created a new custom param with ID "666", which refers to a "gold reward", and Desc1 contains the amount of gold. Had to parse GS's object data too and check if Param1 contains the gold reward param ID (666) or not.

You can do the check for the whole 20 params if you'd like too. I did it as for the first one only. Sorry, I am lazy.

Client Side: (all files below are a part of this path: Media\server_dep\silkroad\textdata\)

item_grouping.txt:

Code:

보호석	3	3	13	24	SN_ITEM_TOOLTIP_GROUPING_127

textdata_object.txt:

Code:

1	SN_ITEM_TOOLTIP_GROUPING_127	???? (??)	0	0	0	0	0	Gold Scroll	Gold Scroll	0	0	0	0	0	0
1	SN_ITEM_MALL_GOLD_SCROLL								Gold Obtain Scroll
1	SN_ITEM_MALL_GOLD_SCROLL_TT_DESC								This scroll will give you a specific amount of gold.

itemdata_%:

Code:

1	41798	ITEM_MALL_GOLD_SCROLL	?????	xxx	SN_ITEM_MALL_GOLD_SCROLL	SN_ITEM_MALL_GOLD_SCROLL_TT_DESC	1	0	3	3	13	24	180000	3	0	1	1	1	255	0	1	0	0	1	0	0	0	0	0	0	0	-1	0	-1	0	-1	0	-1	0	-1	0	0	0	0	0	0	0	100	0	0	0	xxx	item\etc\drop_mall_scroll.bsr	item\etc\e090930_super_scroll.ddj	xxx	xxx	1	2	0	0	1	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	666	9000	-1	xxx                                                                                                                              	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	-1	xxx	0	0

An extra thing which some people may need/wonder about,
All that research above is to use a very very basic expendable item, like hp or mp... How about something like skin changer scroll, which you click on it, it opens a window to customize your new skin settings and it gets consumed.

At this situation, we'll need to do a client part too. We're basically gonna hook the place where item usage function is called, handle it well like with a new window too, customizing our new data then sending the item usage packet with the main data, slot and TID and your extra ones. (Remember that item usage packet should be encrypted!)
Also handling the packet extra data from the server side. Server side is required in both situations...

Conclusion: This maybe was one of the most interesting things I've worked on. So, hope you guys make a good use of it

Download: Attached below. You may not need the sro_client part, unless you want to add extra data to the usual item usage packet structure.

Note: Any addresses given above were found on VSRO 1.88 game server and sro_client, so they are most likely different on any other version.
Note: Structures found in the files are for VC80 libs, back when strings were 28 bytes.
Note: Always compile on Release!

Special thanks to: florian0

Mc-Diesel · 06/17/2019, 03:30

Respect

hoangphan7 · 06/17/2019, 04:49

What the hell

Gj.
But can you make live update Stats Point / Level?

GMKING1050 · 06/17/2019, 10:25

thx
but you have All Packets of TW Files

sonzenbi · 06/17/2019, 10:33

I really need this

Thanks very much

chipno0p · 06/17/2019, 15:22

amazing!

arg3n7s · 06/18/2019, 01:09

Great

~~modyuasty3~~ · 06/25/2019, 06:17

I want packet have wimdow save title name for $ or helping anything thanks!!

#HB · 02/07/2020, 15:13

Been a while, but I actually finally needed to use my project in a live actual server.

So, apparently my code wasn't efficient enough which was causing game server to crash randomly on using scrolls. I have re-written game server project code in a better way, it works pretty well right now.

-Edited source in main post.

JoleChow* · 02/07/2020, 15:45

So clever of you, Thanks for sharing

elmagico321 · 02/07/2020, 18:37

Respect for that kinda of work
Well done mate

Dracula Untold · 02/07/2020, 22:52

nice nice

VORTEX* · 02/12/2020, 06:49

@#HB where's the monthly release ?

VORTEX* · 02/15/2020, 06:37

it would be so pretty , thanks for your attention

gigola123 · 03/02/2020, 00:55

Hello everyone,

For some people who want to add some other type of scroll, you can use those offsets:
SkillPoint (0x004E4C60)(this, amount, notify)

PHP Code:


			
void CGObjPC::UpdateSkillPoints(long long amount, int notify)

{

    reinterpret_cast<void(__thiscall*)(CGObjPC*, long long, int)>(0x004E4C60)(this, amount, notify);

}

You can do the same with :
AddExpPoints

PHP Code:


			
AddExpPoints (0x004E5250)(CGObjPC*, long, long, int, long long)

(this, amountExp, amountSp, a1, a2)

In this part amountSp != of Skill point, it's the Skill point Experience