[Guide] Adding New Commonserver COMMANDS in 99.62 GS

View previous topic View next topic Go down

[Guide] Adding New Commonserver COMMANDS in 99.62 GS

Post by  on Sun Dec 23, 2007 1:01 pm

DIFFICULT : MEDIUM
TOOLS : OLLYDBG , IDA PRO , NOTEPAD , WINDOWS CALCULATOR , BRAIN

So : let's go , load GAMESERVER.EXE on OLLYDBG , also load .pdb symbol of GAMESERVER
on your IDA PRO , now you must think : " what i want to add in commonserver " i will show example :
i remember my first interesting command what i found on IDA , and
interesting value what i found in assam code of that function , it was
function what was able you
to get 2.000.000.000 ZEN on character , when you get more , you got
money on - and you cant buy ANYTHING so i wanted to change limit of
that money
on player using commonserver command , so i started searching on IDA something about ZEN ;

/// USING IDA PRO ///

maximalize your IDA , push ALT + T and write ZEN to find function :
gObjCheckMaxZen , double click on it and you will see that function in
pure assam code ,
scroll down and you will see part of code :

.text:004F38C5 cmp [ebp+var_C], 77359400h

HM INTERESTING , change now 77359400 from HEX to DEC IN WINDOWS CALCULATOR
(HEX) 77359400 = 2000000000 (DEC) ( WOW its 2000000000 , like max money on player in game so : WE FOUND A POINT OF THAT !! )

now maximalize OLLYDBG and go to that offset : 004F38C5 , you will see :
ImageShack - Hosting :: 12gg.jpg ( offsets are that same like IDA got )

/// CODING NEW COMMAND ///

offsets from :
00660000 to - 00680FFE are used on MEMORY , maybe 20% of that offsets are used , so search free space to code your command like :

ADD BYTE PTR DS:[EAX],AL
ADD BYTE PTR DS:[EAX],AL
ADD BYTE PTR DS:[EAX],AL
ADD BYTE PTR DS:[EAX],AL
ADD BYTE PTR DS:[EAX],AL
ADD BYTE PTR DS:[EAX],AL


ImageShack - Hosting :: 28bx1.jpg

now righ click of mouse on :
ADD BYTE PTR DS:[EAX],AL ( offset : 0067FDD1 FREE space )
and use option : FOLLOW IN DUMP > SELECTION
ImageShack - Hosting :: 36jp.jpg

Now look your dump window , and first 2 bits on dump window :
ImageShack - Hosting :: 49ya.jpg

so : if you click on 2 first bits it will change color to black GREY, now push SPACE on your keyboard and you will see :
ImageShack - Hosting :: x2ev.jpg

in place unicode write first letter of your commonserver command name ,
when you done accept , click on another 2 bits , push space
and write second letter ,and next 2 bits , write third letter of your command - like me : i will code CZFMaxZenOnPlayer :
ImageShack - Hosting :: xx0bq.jpg

when you code command , much assambler lines appears you dont need to know what they means only you need to look on :
INC EBP ( start of your command in assambler [ first line ] ) now copy
offset of INC EBP for me ( 0067FDFF ) , write in notepad and dont touch
it will help you soon
Now save your work , and reopen saved GAMESERVER with new command on OLLYDBG

/// CODING COMMONSERVER FUNCTION ///

In that part we will code in GAMESERVER functions to read your new command from commonserver , so lets start :
go to offset 00510B5F

and you will see something what we want to remove from here :

PUSH EAX
PUSH 0
PUSH 66F824 // xMasEvent


ImageShack - Hosting :: xxx7uz.jpg
so mark that 3 lines like me , right click of mouse BINARY > Fill With NOP's
and after that it should looks that :
ImageShack - Hosting :: xxx9bl.jpg

look now under NOP's :
00510B67 |. 68 24E56600 PUSH CLEAN_99.0066E524 ; |Section = "GameServerInfo"

remember offset 00510B67 !!! write somewhere in notepad .... soon you will need it

Now scroll down GAMESERVER until you will see empty space like :

00 DB 00
00 DB 00
00 DB 00
00 DB 00
00 DB 00

ImageShack - Hosting :: xxx0jx.jpg

now open next OLLYDBG and load GAMESERVER too and start coding on empty space :

CALL 0040332D
PUSH EAX
PUSH 0

PUSH 67FDFF ( why 67FDFF ? , you need write here offset with start of your command , for me it was : 0067FDFF INC EBP, thats
why i told : write somewhere that offset in notepad , or remember it )
PUSH 66E524
CALL DWORD PTR DS:[6D97CD4]

MOV DWORD PTR DS:[680854],EAX ( why 680854 ? , its FREE memory offset , so what i told you open 2 x OLLYDBG with GAMESERVER
also i told that MEMORY offsets are from : 00660000 to - 00680FFE so you can get any you want , i will take free :
00680854 0000 ADD BYTE PTR DS:[EAX],AL
REMEMBER MEMORY OFFSET !!!!! 680854 !!!!!!

PUSH 66E548
MOV ECX,61D4FC0
CALL 0040332D
PUSH EAX
PUSH 0
PUSH 66F824

JMP 00510B67 ( i told you to remember 510B67 Wink

REMEMBER : IF YOU WANT ADD MORE COMMONSERVER FUNCTIONS , DELETE THAT :
CALL 0040332D
PUSH EAX
PUSH 0
PUSH 66F824
JMP 00510B67


BUT END CODING WITH THAT CODE !!!!
////////////////
CALL 0040332D
PUSH EAX
PUSH 0
PUSH 66F824
JMP 00510B67

////////////////

After that it should look like that :
ImageShack - Hosting :: xxx7iw.jpg

You think we DONE ? , hahah no xD

Ok , now we are going to our ASM FUNCTION of MAX ZEN

CTRL + G on OLLYDBG and paste : 004F38C5

now we see :
CMP DWORD PTR SS:[EBP-C],77359400

double click on it mark option " Fill with NOP's " , and write NOP when you done it will look like that :
ImageShack - Hosting :: xx2jd.jpg

Now mark first NOP , double click on it and code JMP to free space INT3 , we need 4 empty lines INT3 like :
ImageShack - Hosting :: xxx3zb.jpg
as you see on screen i told i will use offset : 004F3830

so double click on first NOP and write :
JMP 4F3830 , when you done it will look :
ImageShack - Hosting :: xxx9nf.jpg

ok now we see that our JMP is leading to free space INT3 what we will use to code our part of function MaxZen , so
click on JMP 4F3830 , push ENTER and you will be on INT3 space
now start coding :

XOR EAX,EAX
MOV EAX,DWORD PTR DS:[680854] ( why 680854 ? , i told you REMEMBER MEMORY OFFSET what you used !!!! )
CMP DWORD PTR SS:[EBP-C],EAX
JMP 004F38CC ( why 004F38CC , because its offset with first jump under our NOPs )

when you end it will look :
ImageShack - Hosting :: xxxx8oc.jpg

save your work on OLLYDBG , right click of mouse > COPY TO EXECUTABLE > SAVE ALL MODIFICATIONS > COPY ALL , next window
will appear , right click of mouse on it > SAVE FILE

Ok when you done , open your commonserver.cfg , and write YOUR command of max zen on player in game
my was CZFMaxZenOnPlayer = xxxx ,you can put 1 ZEN , or 9999999999 ZEN and it will work ^^

it was example , you can do ~ 100 commands , of exp BC , DS , CC , rewards , time , % of stones , % of mixes etc , i code
in public GS 16 commands in one hour it was :

CZFmaxZenOnUser
CZFblessPrice
CZFchaosPrice
CZFjolPrice
CZFcreationPrice
CZFsoulPrice
CZFappleRegeneration
CZFsmallPotionOfRegeneration
CZFmediumPotionOfRegeneration
CZFlargePotionOfRegeneration
CZFbudgeDragonTransformRing
CZFgiantTransformRing
CZFskeletonTransformRing
CZFpoisonBullTransformRing
CZFthunderLichTransformRing
CZFdeathCowTransformRing

and configuration of that works 100% from commonserver , so you can try too ; ) GOOD LUCK


Favourite Game : MuOnline
Registration date : 1969-12-31

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum