I don't know
GUIDE]Adding New Commonserver COMMANDS in 99.62 GS - 07-06-2006
--------------------------------------------------------------------------------
CREDITS : Lolqus[CZF]
DIFFICULT : MEDIUM
TOOLS : OLLYDBG , IDA PRO , NOTEPAD , WINDOWS CALCULATOR , BRAIN
So : let's go , load GAMESERVER.EXE on OLLYDBG , also load .pdb symbol of GAMESERVER
on your IDA PRO , now you must think : " what i want to add in commonserver " i will show example :
i remember my first interesting command what i found on IDA , and interesting value what i found in assam code of that function , it was function what was able you
to get 2.000.000.000 ZEN on character , when you get more , you got money on - and you cant buy ANYTHING so i wanted to change limit of that money
on player using commonserver command , so i started searching on IDA something about ZEN ;
/// USING IDA PRO ///
maximalize your IDA , push ALT + T and write ZEN to find function : gObjCheckMaxZen , double click on it and you will see that function in pure assam code ,
scroll down and you will see part of code :
.text:004F38C5 cmp [ebp+var_C], 77359400h
HM INTERESTING , change now 77359400 from HEX to DEC IN WINDOWS CALCULATOR
(HEX) 77359400 = 2000000000 (DEC) ( WOW its 2000000000 , like max money on player in game so : WE FOUND A POINT OF THAT !! )
now maximalize OLLYDBG and go to that offset : 004F38C5 , you will see :
ImageShack - Hosting :: 12gg.jpg ( offsets are that same like IDA got )
/// CODING NEW COMMAND ///
offsets from :
00660000 to - 00680FFE are used on MEMORY , maybe 20% of that offsets are used , so search free space to code your command like :
ADD BYTE PTR DS:[EAX],AL
ADD BYTE PTR DS:[EAX],AL
ADD BYTE PTR DS:[EAX],AL
ADD BYTE PTR DS:[EAX],AL
ADD BYTE PTR DS:[EAX],AL
ADD BYTE PTR DS:[EAX],AL
ImageShack - Hosting :: 28bx1.jpg
now righ click of mouse on :
ADD BYTE PTR DS:[EAX],AL ( offset : 0067FDD1 FREE space )
and use option : FOLLOW IN DUMP > SELECTION
ImageShack - Hosting :: 36jp.jpg
Now look your dump window , and first 2 bits on dump window :
ImageShack - Hosting :: 49ya.jpg
so : if you click on 2 first bits it will change color to black GREY, now push SPACE on your keyboard and you will see :
ImageShack - Hosting :: x2ev.jpg
in place unicode write first letter of your commonserver command name , when you done accept , click on another 2 bits , push space
and write second letter ,and next 2 bits , write third letter of your command - like me : i will code CZFMaxZenOnPlayer :
ImageShack - Hosting :: xx0bq.jpg
when you code command , much assambler lines appears you dont need to know what they means only you need to look on :
INC EBP ( start of your command in assambler [ first line ] ) now copy offset of INC EBP for me ( 0067FDFF ) , write in notepad and dont touch
it will help you soon
Now save your work , and reopen saved GAMESERVER with new command on OLLYDBG
/// CODING COMMONSERVER FUNCTION ///
In that part we will code in GAMESERVER functions to read your new command from commonserver , so lets start :
go to offset 00510B5F
and you will see something what we want to remove from here :
PUSH EAX
PUSH 0
PUSH 66F824 // xMasEvent
ImageShack - Hosting :: xxx7uz.jpg
so mark that 3 lines like me , right click of mouse BINARY > Fill With NOP's
and after that it should looks that :
ImageShack - Hosting :: xxx9bl.jpg
look now under NOP's :
00510B67 |. 68 24E56600 PUSH CLEAN_99.0066E524 ; |Section = "GameServerInfo"
remember offset 00510B67 !!! write somewhere in notepad .... soon you will need it
Now scroll down GAMESERVER until you will see empty space like :
00 DB 00
00 DB 00
00 DB 00
00 DB 00
00 DB 00
ImageShack - Hosting :: xxx0jx.jpg
now open next OLLYDBG and load GAMESERVER too and start coding on empty space :
CALL 0040332D
PUSH EAX
PUSH 0
PUSH 67FDFF ( why 67FDFF ? , you need write here offset with start of your command , for me it was : 0067FDFF INC EBP, thats
why i told : write somewhere that offset in notepad , or remember it )
PUSH 66E524
CALL DWORD PTR DS:[6D97CD4]
MOV DWORD PTR DS:[680854],EAX ( why 680854 ? , its FREE memory offset , so what i told you open 2 x OLLYDBG with GAMESERVER
also i told that MEMORY offsets are from : 00660000 to - 00680FFE so you can get any you want , i will take free :
00680854 0000 ADD BYTE PTR DS:[EAX],AL
REMEMBER MEMORY OFFSET !!!!! 680854 !!!!!!
PUSH 66E548
MOV ECX,61D4FC0
CALL 0040332D
PUSH EAX
PUSH 0
PUSH 66F824
JMP 00510B67 ( i told you to remember 510B67 ;)
REMEMBER : IF YOU WANT ADD MORE COMMONSERVER FUNCTIONS , DELETE THAT :
CALL 0040332D
PUSH EAX
PUSH 0
PUSH 66F824
JMP 00510B67
BUT END CODING WITH THAT CODE !!!!
////////////////
CALL 0040332D
PUSH EAX
PUSH 0
PUSH 66F824
JMP 00510B67
////////////////
After that it should look like that :
ImageShack - Hosting :: xxx7iw.jpg
You think we DONE ? , hahah no xD
Ok , now we are going to our ASM FUNCTION of MAX ZEN
CTRL + G on OLLYDBG and paste : 004F38C5
now we see :
CMP DWORD PTR SS:[EBP-C],77359400
double click on it mark option " Fill with NOP's " , and write NOP when you done it will look like that :
ImageShack - Hosting :: xx2jd.jpg
Now mark first NOP , double click on it and code JMP to free space INT3 , we need 4 empty lines INT3 like :
ImageShack - Hosting :: xxx3zb.jpg
as you see on screen i told i will use offset : 004F3830
so double click on first NOP and write :
JMP 4F3830 , when you done it will look :
ImageShack - Hosting :: xxx9nf.jpg
ok now we see that our JMP is leading to free space INT3 what we will use to code our part of function MaxZen , so
click on JMP 4F3830 , push ENTER and you will be on INT3 space
now start coding :
XOR EAX,EAX
MOV EAX,DWORD PTR DS:[680854] ( why 680854 ? , i told you REMEMBER MEMORY OFFSET what you used !!!! )
CMP DWORD PTR SS:[EBP-C],EAX
JMP 004F38CC ( why 004F38CC , because its offset with first jump under our NOPs )
when you end it will look :
ImageShack - Hosting :: xxxx8oc.jpg
save your work on OLLYDBG , right click of mouse > COPY TO EXECUTABLE > SAVE ALL MODIFICATIONS > COPY ALL , next window
will appear , right click of mouse on it > SAVE FILE
Ok when you done , open your commonserver.cfg , and write YOUR command of max zen on player in game
my was CZFMaxZenOnPlayer = xxxx ,you can put 1 ZEN , or 9999999999 ZEN and it will work ^^
it was example , you can do ~ 100 commands , of exp BC , DS , CC , rewards , time , % of stones , % of mixes etc , i code
in public GS 16 commands in one hour it was :
CZFmaxZenOnUser
CZFblessPrice
CZFchaosPrice
CZFjolPrice
CZFcreationPrice
CZFsoulPrice
CZFappleRegeneration
CZFsmallPotionOfRegeneration
CZFmediumPotionOfRegeneration
CZFlargePotionOfRegeneration
CZFbudgeDragonTransformRing
CZFgiantTransformRing
CZFskeletonTransformRing
CZFpoisonBullTransformRing
CZFthunderLichTransformRing
CZFdeathCowTransformRing
and configuration of that works 100% from commonserver , so you can try too ; ) GOOD LUCK
PS. sorry for my english xD