-
Content Count
713 -
Joined
-
Last visited
-
Days Won
37
Content Type
Profiles
Forums
Downloads
Staff Applications
Calendar
Everything posted by Neo-Mind
-
2013-12-23c kRO Client, Merry Christmas <3
Neo-Mind replied to Yommy's topic in Client-Side Releases
Custom Jobs fix is in progress - i have already added a fixed patch to repo but not tested yet. I have actually updated the lua files needed for that one - with slight variations (need to make a proper guide *notes*). Custom Shields had bugs? Disable Multiple Windows - there is an old bug still lurking around (process still remaining after closing client...i havent gotten around to check that yet...busy IRL too wat to do ) -
2013-12-23c kRO Client, Merry Christmas <3
Neo-Mind replied to Yommy's topic in Client-Side Releases
I didnt see any errors while selecting the patch. did you update NEMO to latest? if i apply the patch to the exe, the exe just gives a bling message, but doesnt appear. if i dont applay the patch, the client starts without problems. bling bling!! ok ill check that. Well i tested running the client with all the recommended diffs + Use ragnarok icon & Skip License Screen . So perhaps one of the others are crashing. Ill check the others listed. -
latest data.grf should have the sprites already... oktoberfest costume is supported in the new client.
-
2013-12-23c kRO Client, Merry Christmas <3
Neo-Mind replied to Yommy's topic in Client-Side Releases
Updated Patch keys and Extend boxes patches. Looks like the new client only uses two unique keys (The first one is reused as the second one - actually second and third are same but we are using reverse order in hercules from what i see ) . I didnt see any errors while selecting the patch. did you update NEMO to latest? -
2013-12-23c kRO Client, Merry Christmas <3
Neo-Mind replied to Yommy's topic in Client-Side Releases
Hi guys i have fixed the bugs in Disable HShield and Restore Login Window (i believe). Anyways the client had some extra baggage inside (looks like Gravity is giving garbage bytes for christmas). I have cleaned it up and uploaded the new client => https://www.mediafire.com/?cc4vfdrdd4r15hb This should fix most of the other patches. Im looking into the remaining. Please update NEMO to the latest revision (i hope you are using the subversion link). -
2013-12-23c kRO Client, Merry Christmas <3
Neo-Mind replied to Yommy's topic in Client-Side Releases
OMG!! now thats what i call a surprise . Awesome Yommy does it again Can anyone put up a list of patches that are broken (i saw Restore Login Window isnt working but other than that) -
Now Before we delve into the details, lets consider a few things - this is meant for newbies. If you have made patches before skip ahead. Introduction to patching When we say we patch a client what it means is we change few bytes with a different set of bytes. (essentially we change a few opcodes or assembly instructions for e.g. a JNE to JMP so that the client behaves differently) Now these codes will be different for each client date and/or their location will change. So how do we make it generic? For this you need a sort of flow-chart to follow to get to the locations where modification needs to be made and for getting the replace logic. If you know how the original bytes were found , try to make note of the procedure you followed and you can usually make a patch following same logic. For e.g. like find a string -> find where its pushed -> 8 bytes later there is a JNE -> change to JMP Another step that helps out is finding a common pattern in a set of clients around where your modification is to be done. For e.g. Lets say i find '75 C0 E8 09 22 04 00 68 44 65 97 00' in 20130612 and '75 C0 E8 10 23 04 00 68 54 44 98 00' in 20130626 common pattern => '75 C0 E8 ?? ?? ?? 00 68 ?? ?? ?? 00' where ?? can be anything so you can use this common pattern instead of the individual ones. Not sure whether I made it clearer or confused you with that Intro. To summarize - making a patch is a combination of finding byte patterns, finding referenced addresses, changing instructions, finding vacant spaces and adding new codes, updating calls etc. If you know assembly language then it should be easy for you. If you don't know already try to read up on it at-least a little before going forward Now then back to topic Patches in NEMO The patches for NEMO are written in QtScript which follows ECMAScript format guidelines same as ... Javascript Therefore almost all of the functions & behaviors offered by Javascript you will find is also there in QtScript (well except for the actual web development part ) So I am not going to concentrate on the language itself. But rather I would be focussing on What all aspects are there specific to NEMO. NEMO Patch Instructions For NEMO to recognize a patch it needs to be registered. This is done in _patchlist.qs file in the patches folder. FORMAT for registering patch : registerPatch(patch id, functionName, patch Name, category, group id, author, description, recommended [true/false] ); patch id - a unique number used for referring to the patch internally in NEMO. functionName - the name of the function which will be called when a patch is enabled in NEMO. This function will contain your logic for making modifications into the client. patch Name - Name of the patch (displayed in the table) category - Category of the patch (like UI , Data, etc. displayed in the table) group id - id of the registered group to which this patch will belong. (details below) author - Patch Maker's Name (displayed in the table) description - Description of what the patch does (displayed in the table) recommended - boolean value showing whether this belongs to the recommended list of patches. Each Patch will belong to a Patch Group (if its not supposed to be part of any specific group use group id 0). All Patch Groups must be registered before they are used (except for 0 which is the Generic Patch Group registered by default) FORMAT for registering group : registerGroup(group id, group Name, mutualexclude [true/false]); group id - a unique number used internally in NEMO as well as when registering a patch. group Name - Name of the group (displayed in the table for all member Patches) mutualexclude - boolean value determining whether member patches are mutually exclusive i.e. Only 1 can be selected at a time or not. Once a patch is registered you need to make the function (name specified while registering). You can make it in any .qs file and save it in patches folder. It will be read automatically. Now to facilitate writing patches there are some ready-made variables & functions available to you. Now to facilitate writing patches there are some ready-made variables & functions available to you. 1) Reserved Keywords (well in a sense) i) Section Types - The following four can be used for referring to a section instead of using the section name itself as an alternative. CODE = 0, DATA = 1, IMPORT = 2, DIFF = 3 ii) User Input Types - These are the available input types in NEMO that you need to specify while getting an input value from user with the getUserInput() Function. Based on the types a different prompt appears for the user to select the value. You will understand more once you see function later on. XTYPE_NONE = 0, XTYPE_BYTE = 1, XTYPE_WORD = 2, XTYPE_DWORD = 3, XTYPE_STRING = 4, XTYPE_COLOR = 5, XTYPE_HEXSTRING = 6, XTYPE_FONT = 7, XTYPE_FILE = 8 iii) Pattern Types - You can specify a string in two forms : PTYPE_STRING => 0) Regular C Style string with Null termination - i.e. anything after '0' or "x00" will be ignored. E.g. "Ragnarok" PTYPE_HEX => 1) Hex String with spacing - You specify each byte with a space prefixed before it. E.g. " 68 90 00 95 00" As you might have guessed already if you have a null byte in your hex string always use PTYPE_HEX. iv) Address Types - Currently it is only used in findString() function to specify the type of value you want returned RAW = 0, RVA = 1 i.e. RAW/real address or Relative Virtual Address 2) Global Variables APP_PATH = path where NEMO is run from. CLIENT_FILE = path of the currently loaded client exe. Whenever your client exe gets loaded the object gets updated to refer to the loaded client. To access the bytes inside the exe we make use of the various methods of this object (Client Access functions detailed below). 3) Client Access Functions 3.1) - Fetching data i) exe.fetchByte(offset) - Extract 1 Byte and return it as a signed number. ii) exe.fetchWord(offset) - Extract 2 Bytes and return it as a signed number (little endian) iii)exe.fetchDWord(offset) - Extract 4 Bytes and return it as a signed number (little endian) iv) exe.fetchQWord(offset) - Extract 8 Bytes and return it as a signed number (little endian) v) exe.fetch(offset, num) - Extract <num> Bytes and return it as a string ( PTYPE_STRING ). vi) exe.fetchHex(offset, num) - Extract <num> Bytes and return it as a hex string ( PTYPE_HEX ). Do note that the returned hex string will already have space prefixed. 3.2) - Searching for data i) exe.find(pattern, type, useWildCard = false, wildCard = "xAB", start = -1, finish = -1) This is the core searching function available in NEMO. All the others are just extended versions of this function. This function searches for the <pattern> you provide in the client between the <start> and <finish> offsets. You need to specify the pattern <type> (PTYPE_STRING or PTYPE_HEX) for the client to use it accordingly. if start is -1 then it will automatically shift to beginning of the file i.e. 0, similarly if finish is kept at -1 it automatically shifts to the end of the file. Sometimes you wish to search for a pattern like " 68 ?? ?? ?? 00 74 ?? 83" where ?? actually means you dont care what is there in those areas. So how to search in those scenarios? First replace the ?? with a byte you dont have in your original pattern. For e.g. " 68 AA AA AA 00 74 AA 83" and call exe.find() with useWildCard as true and wildCard as "xAA" like shown below. var offset = exe.find(" 68 AA AA AA 00 74 AA 83", PTYPE_HEX, true, "xAA") - i didnt set the start and finish since i want the full client searched. If a match is not found then this function returns -1. ii) exe.findAll(pattern, type, useWildCard = false, wildCard = "xAB", start = -1, finish = -1) Same functionality as exe.find except that exe.find() stops at the first matched location but this one returns array of all matched locations. If no matches are found returned array is empty. iii)exe.findCode( pattern, type = PTYPE_HEX, useWildCard = false, wildCard = "xAB") - Extended version of exe.find() function with searching limited to CODE section iv) exe.findCodes(pattern, type = PTYPE_HEX, useWildCard = false, wildCard = "xAB") Extended version of exe.findAll() function with searching limited to CODE section v) exe.findString(pattern, rtype = RVA, prefixZero = true) - Extended version of find function with searching limited to DATA section. pattern can only be a PTYPE_STRING. rtype argument here refers to what type of address should be returned when found (RAW or RVA). If you want to search for isolated strings (i.e. NULL on both sides) set prefixZero to true vi) exe.findFunction(pattern, type = PTYPE_STRING, isString = true) - Extended version of find function for getting the address of an imported function. You can either specify the function's original name or the address of the function name in IMPORT section. vii)exe.findZeros(zsize) - Extended version of find function used for locating empty space in DIFF section for inserting new code. The function always looks for zsize+2 null bytes to make sure each inserted code is seperated by atleast 1 null byte. 3.3) - Modifying data i) exe.replace(offset, code, type = PTYPE_STRING) The core function used for replacing bytes in the client file. code is the pattern which will replace the original - don't forget to mention the pattern type. There is no return value for replace functions. You can also provide the variable name you used in exe.getUserInput() function earlier as the code (NEMO will pick up the value inside). ii) exe.replaceWord(offset, code) - Extended version of exe.replace(). Here code is expected to be a 16 bit signed number. iii)exe.replaceDWord(offset, code) - Extended version of exe.replace(). Here code is expected to be a 32 bit signed number. iv) exe.insert(offset, allocSize, code, type = PTYPE_STRING) - Extended version of exe.replace() used for Inserting code into Null areas. offset should be the value you got from exe.findZeros(allocSize). 3.4) - User Interaction i) exe.getUserInput(varname, valtype, title, prompt, value, min=0, max=2147483647) - Prompts the user for a value. Based on the valtype you get different windows for value entry and the value selected by the user is also returned by the function. varname used should be unique across patches and can be used in replace & insert functions to refer to the user entered value. title is the text displayed on the input window title bar prompt is the text displayed as prompt next to the input box. in case there is no input box. for e.g. like in XTYPE_COLOR , the prompt is suffixed to the title bar itself. value is the initial value to use for the input. If the variable was set previously or reloaded from a profile/from a previous applied patch, this value is ignored. 3.5) Section information All the four functions mentioned below gets 1 information of a section specified by key. key can be either the section name or section type (mentioned at top) i) exe.getROffset(key) - Real Offset ii) exe.getRSize(key) - Real Size iii)exe.getVOffset(key) - Virtual Offset iv) exe.getVSize(key) - Virtual Size 3.6) Miscellaneous i) exe.getClientDate() - Need i say more? ii) exe.isThemida() - return true if its a 2013 unpacked client. iii)exe.Raw2Rva(rawaddr) - Converts a RAW/real address to Relative Virtual Address. iv) exe.Rva2Raw(rvaaddr) - inverse of above. In case you are still wondering: RAW address is the physical offset of a code (bytes) from beginning of the client which you see in a Hex Editor such as HxD. Relative Virtual Address or RVA is the address you see for the same code when you open the client in a debugger such as Ollydbg. RVA is relative to a value called imagebase hence the name Relative Virtual Address. RVA - imagebase = VA. 4) Utility Functions There are a few utility functions written in QtScript (you will find them in the core folder) to facilitate some commonly done routines. i) "string".replaceAt(i, newstring) - by default strings have a replace command but no command to replace at a specific offset this one does that. For e.g. "abracadabra".replaceAt(4,"k") will return "abrakadabra" ii) "string".repeat(i) - returns new string with the "string" repeated i times e.g. "na".repeat(4) will return "nananana" .... ... batman? iii)"hexstring".hexlength() - returns the number of bytes in the hex string (PTYPE_HEX). For e.g. " 90 49 54".hexlength() returns 3 iv) "string".toHex() - converts string to hex string (from PTYPE_STRING to PTYPE_HEX) e.g. "AM".toHex() returns " v) "string".toHexUC() - converts string to hex string (similar to above but extra null byte padding is provided - like ASCII in Unicode) vi) "hexstring".toAscii() - reverse of iv) vii) (Number).packToHex(size) - packs a number to its little endian hex string with the size number of bytes used up size can be maximum 4. the number or expression needs to be in a bracket or a variable. e.g. (123456).packToHex(4) => " 40 E2 01 00" viii) getInputFile(f, varname, title, prompt, fpath) - repeatedly loops until a valid file is specified as input or the form is cancelled => patch should be disabled. 5) TextFile class Since I found no suitable types in QtScript for accessing files. I have added a new class called TextFile for accessing textfiles.To use the class first we need to make an object of the class (yes i mean in the patch file itself) var fp = new TextFile(); Methods i) fp.open(<absolute file path>, <mode>) - once fp is assigned we need to use the open method to use it to access a file. mode can be "r" or "w" ii) fp.readline() - currently only reading full line is available, since i needed full lines at a time. iii)fp.write(data) - writes the specified data onto file. iv) fp.writeline(data) - same as above but also adds a carriage return + form feed (goes to new line) v) fp.eof() - true when end of the file has been reached. vi) fp.close() - closes the file opened by fp.open() You can check the TranslateClient.qs file in patches folder for an example of its use. --------------------------------------------------------------------------------------------------------------------------------------------------------- Hmm what else .... so now that you have gone through this guide, hopefully you can better understand what is written in the patches already there. and maybe bring in your own ideas? Let me know if any part of this guide didn't make sense, needs elaborations, clarifications etc. FYI: I know it doesn't look pretty right now. But this was done in a hurry since I will be gone for a week . I will clean things up later on.
- 3 replies
-
- NEMO
- diff patcher
-
(and 4 more)
Tagged with:
-
odd that tag hid the first service select screen for me. :/
- 23 replies
-
- select service
- duplicated
-
(and 1 more)
Tagged with:
-
add this to your clientinfo.xml after the servertype tag <hideaccountlist></hideaccountlist>
- 23 replies
-
- select service
- duplicated
-
(and 1 more)
Tagged with:
-
hmm folder is correct. it only crashes when you do left click? looks like you are missing the drop sprite. Check if the drop sprites are proper.
-
Folder: /data/sprite/인간족/어세신/ Sprite name : 어세신_<gendersuffix>_<itemid>.spr
-
umm i was told there is some black screen animation that comes up - not sure what he meant. Enabling the patch removes that effect.
-
http://herc.ws/wiki/Custom_Items#Weapon_Sprite_Solution_.28Renewal_Clients_.3C.3D_2012-04-10a_.26_Main_Clients_.3C.3D_2012-07-10a.29
-
oops yea found the bug ill fix it an checkin today. Thanks for the info Lelouch
-
Update (Well actually this has been in the repository for sometime now) : 1) Included Patches => Enable /showname Fix Tetra Vortex (credits to sanosan33) Resize Font (credits to the awesome Yommy!!) 2) Updated Patches => Load ItemInfo is now Load Custom Lua File before ItemInfo.lub => i.e. you can set the filename you want instead of sticking to ItemInfo.lua Upcoming update: 1) Changes to the lua files used in Custom Job Patch (as suggested by Rytech - currently it uses Non Aegis Names plus the halter thing might be confusing for people so I am restructuring few items, but it wont affect your additions ; in case if you face anything do let me know once it is added) Patches under inspection: 1) Enable Aura Over Lvl 99 & 150 - The code has changed for this drastically ... needs some time to work on it. 2) Charname & Itemname color - Well i know where the color for the name is getting assigned. need to work on how to pick it up from packets. Feistz have you tried using it ? only issue you can get is maybe some patches not finding patterns. Try it out and tell me if any patches are breaking. Isnt it already disabled? or maybe im understanding it wrong Hi Samuel, I think that is happening only for some conditions. I also faced it recently. Need to check it out.
-
the suffixes refer to the version of the compiler not the date. Read this http://en.wikipedia.org/wiki/Microsoft_Visual_Studio#History
-
R> Hex Code To Disable Shift+Rightclick Autofollow
Neo-Mind replied to Angelmelody's question in Client-Side Requests
ok guess ill add it to nemo -
R> Hex Code To Disable Shift+Rightclick Autofollow
Neo-Mind replied to Angelmelody's question in Client-Side Requests
try this offset 3EC147 => change A3 F0 63 C9 00 to 90 90 90 90 90 -
isnt that already there? or is it not working ?
-
1 & 3 -> I'll need to see if its possible. 2 -> this one is not possible (well to be exact its a pain to even think about it. so I am not going to pursue it ) Hmm i think its high time that i publish how to make patches in script. In the meantime you can expect two other patches (1 of them courtesy of Yommy) coming in today
-
why are we discussing about patchers in hercules development discussion section. any mod move this to client side support please.
-
Update 1) Added save & load profile buttons - saves the selected patches & inputs (similar to xDiffPatcher). 2) Updated Enable Multiple GRFs patch to support custom INI file name. 3) Added new Patch "Enable Muliple GRFs - Embedded" - patch reads the ini file and client is hardcoded to read the grfs directly. No data.ini file required in client folder.
-
Update: NEMO saves your inputs as well now. So you don't need to retype everything you used all over again and when you apply patches the inputs also get saved in a inputlist.db file along with patchlist.log and of-course as usual, Please get the latest from Repository its faster this way (simple svn update command ). guild tip ? are you sure its not something from msgstringtable.txt? screenshot would be nice I'll check it out
-
interesting ... awaits release