Hello There, Guest! Login Register


Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[Guide] Modifying The Client
#1
Exclamation 
Will basicly be a guide on how to add your own CFG options etc.


Essentials:
A Brain.
Ollydbg.
HxD.

~Warning: Reading Assembly can cause headaches~

--- OllyDbg v2.00 and You ---
Basics of ASM
Basics such as Jumps, Mov, Calls etc.


We are going to be using OllyDbg in this, yours may have a slightly different layout to mine but in the end it will be v2.00 OllyDbg
Download is: http://www.ollydbg.de/odbg200.zip

I think I might be running one of the v2.0 beta's not 100% sure.

First off lets run it, if your on vista/win7 then run it as admin. When it is open we will want some extra information so click on the blue icon with an "E" as well as the yellow one with a "B". This will open the Executable Modules and the Breakpoints.

Get the layout of how you want it, mine looks like this:
http://img823.imageshack.us/img823/9967/pic1x.png

-------------------------------------------
This is a lot of useless knowledge.
-------------------------------------------
Okay I'm going to open up a random executable and try explain the basics of ASM.

http://img227.imageshack.us/img227/9246/pic2e.png

Okay first thing first make sure your in the correct module, which is always the exe name, you can see at the top of the CPU window that it says swgkadoo module, if you ever need to change module then in the Executable Modules window just double click and it will change to that.

In assembly you have registers which hold the data, EAX, ECX, EDX, EBX, ESP, EBP, ESI, EDI, EPI as well as AL and a few others.
Push in ASM just means push value onto the stack and pop means pop off the stack.

Essential commands is really Mov, Call and RET (RETN).
Mov EAX, EBP - Move Value EBP into EAX.
Call - Call Address, Will go to a new address and run the code/asm there until it hits a RET/RETN which means RETURN which will go back to the original place the call was made.

There are SUB, MUL, IMUL, INC, DEC, ADD, CMP etc.
Most you can guess what they mean, Sub = Subtract, Mul = Multiply, IMul = Integer Multiply, Inc = Increment, Dec = Decrement, Add = Add, Cmp = Compare.
How they are layed out is for example Mul EAX, EBX
Multiply the value in EAX and EBX and store it in EAX. This applies to all of them but INC and DEC which only requires one address.

JMPs - There are loads of Jumps there are JMP, JE, JGE, JLE, Jmp is Jump to address. JE is Jump to Address when Empty. JGE Jumps if it is greater than or equal to and JLE Jumps if it is less than or equal to. There are lot more different ways for Jumps but these are the common most seen ones.

There are also logic gates such as OR, AND, XOR etc and few commands you might see often are SHR and LEA and there are a lot more if you want to know what they do go do some extra reading.



--- Space Management ---
Spare Space in Executables, there is not much free space in executables just because of they want to make the executables small so you got to either find redundant code which isn't ever called/used and find free space or you can create your own.

Creating your own involves editing the header in a executable to say there is more space in X Part of the executable, if you want you can do this I will be finding and using free space where possible in this tutorial I will not explain anymore of expanding an executable. The free space will be mentioned in the demonstration part.



--- SWG Client Layout in ASM And Essential Calls ---
Information how things need to be structured.
How calls should be structured.
What important calls (To this topic) do what (List of about 8 of them)

CALL 00A9CEF0 - Pushes a default value on however if a .cfg option is found it will place that into AL register (Bool)
CALL 00A9CEA0 - Pushes a default value on however if a .cfg option is found it will place that into EAX register (Int)
CALL 00A9CF90 - Read a string from a .cfg save it in swg machine options .iff file.
CALL 00B8DA10 - Reads .cfg and places value into pointer given and saves to swg machine options .iff file (Bool)
CALL 00B8DA30 - Reads .cfg and places value into pointer given and saves to swg machine options .iff file (Float)
CALL 00B8DA50 - Reads .cfg and places value into pointer given and saves to swg machine options .iff file (Int)
CALL 00A89530 - This is for debug flags - Not needed in the modifications.

These are the calls we will be using in the example, will give an example of the first one which is:

00A9CEF0 (Bool)
So here is how it will be in the code:
1. Boolean (0 Or 1)
2. Whatever=
3. [Whatever]
4. CALL 00A9CEF0
5.MOV BYTE PTR DS:[Whatever],AL

line 1, the default value for if the boolean is not in the .cfg
line 2, in the CFG will be like AllowMultipleInstances=
line 3, in the CFG will be like [ClientGame]
line 4, call check and then place value into AL
line 5, Move the value in AL into the Address Whatever, the Address will be read by the game to do whatever, the address in the example will be the FPS Address.

Full Example:
PUSH 0 -- Default Value False
PUSH 1875078 -- Push value from this address
PUSH 1866C3C -- Push value from this address (ClientGame)
CALL 00A9CEF0 -- Call the function
MOV BYTE PTR DS:[19111C0],AL -- Move the value into Address

A different example of a call will be given later in "Adding New Config Options" which will be using CALL 00B8DA30. Push value from this address will be made clearer in the actual example.



--- Identifying what does what ---
Here is how I got the frame rate.
When SWGEmu.exe (Or SWGANH.exe) was opened in Ollydbg and I was on the correct Module (Executable name) I right clicked in the CPU Window, Search For, All Referenced Strings

Once its finished searching I did ctrl + f and searched for limitFrameRate and found (You can see in the screenshot)

http://img844.imageshack.us/img844/9887/pic3n.png

Text strings referenced in SWGEmu, item 39990
Address = 00AA4F6E
Command = PUSH OFFSET SWGEmu.018ADE2C
Comments = ASCII "Clock::limitFrameRate QPC failed"

Somewhere in the highlighted area (Inbetween the two jumps):
http://img692.imageshack.us/img692/1769/pic4z.png

Contained the address for the FPS Cap, now there are only two possible addresses it can be:
19446D4 or 19446D0

Its 19446D0, last address to be used, to check to make sure it is get a memory editor (T-Search, L'Spiro MHS, Cheat Engine etc) add that address and change the value and check in game to see what difference it has made.

Now you have the address you can make external programs to edit the address (C++ Code Example is in this section somewhere) and you can now exploit ASM to add an extra .cfg option to allow you to create your own CFG option which you can set the cap.

--- Adding New Config Options ---
Example adding the setframespersecond config option.
Step by step, slowly adding in the new config option.
[Image: 2156b479.gif]
 
Reply
#2
Hi mate do you know how to extract the mesh files? I've been to lazy to look. But I had a guildy back in the days that modded SWG buildings and vehicles with 3Dmax. He used to load the screenies on our forum. It was indeed amazing to see his projects. So I know its possible :p
 
Reply
#3
(2010-09-14, 10:36 PM)Lubbe Wrote: Hi mate do you know how to extract the mesh files? I've been to lazy to look. But I had a guildy back in the days that modded SWG buildings and vehicles with 3Dmax. He used to load the screenies on our forum. It was indeed amazing to see his projects. So I know its possible :p

Extracting the models is just a matter of loading a TRE in TRE Explorer which can be found in our tools section.

At this time getting models back into the game is the hard part because the current conversion tool for doing that sort of work isn't publicly available, its still a big question mark whether or not it'l be made public anytime soon or at all.
 
Reply
#4
Planning on writing this sometime over the next 5 days.

Edit:
I lied, guide is on hold indefinitely until something is sorted.
I will write the guide but it will not be posted until that something is sorted.

Edit2:
The stupid reason:
http://www.swgemu.com/forums/showthread.php?t=72607

Stupid reason or not I have believes which I'm happy to stand by.
[Image: 2156b479.gif]
 
Reply
#5
Updated, 1 section left to do.
Will take some time to do the last section as it will be very detailed.
I think I might retire from modding SWG once this guide is finished.
[Image: 2156b479.gif]
 
Reply
#6
Prompt, can help with adding a client's choice of language Russian to later client to use the folder string/ru ???
(Help for the full implementation of Russian client
auto change options.cfg -> defaultLocale=ru)

Example-> http://img169.imageshack.us/img169/4892/langswg.jpg
 
Reply
#7
(2010-11-01, 06:43 PM)geralex Wrote: Prompt, can help with adding a client's choice of language Russian to later client to use the folder string/ru ???
(Help for the full implementation of Russian client
auto change options.cfg -> defaultLocale=ru)

Example-> http://img169.imageshack.us/img169/4892/langswg.jpg


http://www.mediafire.com/?ntfpbn5qx602wcn
[Image: 2156b479.gif]
 
Reply
#8
Thanks, but it does not change the configuration.
[SharedGame]
defaultLocale=en -> ru
fontLocale=en
 
Reply
#9
(2010-11-01, 07:16 PM)geralex Wrote: Thanks, but it does not change the configuration.
[SharedGame]
defaultLocale=en -> ru
fontLocale=en

It edits Emu_Opt.cfg with the ru language.

---
Ignore:
If your using the SWGANH Client upload there Setup.exe and I will modify that.
---

here try this, will edit Options.cfg instead:
http://www.mediafire.com/?ahi4plw98oer6o7

[Image: 2156b479.gif]
 
Reply
#10
(2010-11-01, 08:09 PM)Uli Wrote:
(2010-11-01, 07:16 PM)geralex Wrote: Thanks, but it does not change the configuration.
[SharedGame]
defaultLocale=en -> ru
fontLocale=en

It edits Emu_Opt.cfg with the ru language.

---
Ignore:
If your using the SWGANH Client upload there Setup.exe and I will modify that.
---

here try this, will edit Options.cfg instead:
http://www.mediafire.com/?ahi4plw98oer6o7

Big thanks!
 
Reply
  



Forum Jump:


Browsing: 1 Guest(s)