|
|
|
 |
|
|
 |
|
 |
 |
|
 |
 |
|
 |
|
| Development::Development Forum for development topics and for those interested in EQEMu development. (Not a support forum) |
12-21-2008, 05:08 PM
|
|
Developer
|
|
Join Date: Mar 2007
Location: Ohio
Posts: 648
|
|
Quote:
Originally Posted by AndMetal
Quote:
Originally Posted by AndMetal
Looking at the source (different files of course) from the same time, we should be able to find out at least some of the structures, if we don't know them already. However, taking a quick peek myself, I wasn't able to find any clear cut "structures" file, so it's probably all spread out through the source.
|
Found them: showeq/src/everquest.h. Maybe some of the later changes to the structs might provide some insight on what the unknown values may be... |
If we're still looking for newer structs (after 2006), we can peek into the SEQ SVN. Specifically, SoF structs should be in Rev 686 (11/5/2007), Rev 688 (11/21/2007), or Rev 690 (11/27/2007). Since, according to Wikipedia, it was released on 11/13/2007, we'll probably want to look at Rev 688. |
 |
|
 |
 |
|
 |
12-21-2008, 06:33 PM
|
 |
Developer
|
|
Join Date: Aug 2006
Location: USA
Posts: 5,946
|
|
Ya, I have been using all of those to get as far as I have :P They have been very useful.
Even though SoF was released on 11/13/07, it was actually built on 9/7/07 (according to the EQ Debug Logs). So, anything from 9/7/07 to around the beginning of 2008 is probably useful. They may have patched in some of the SoF stuff to live before it actually came out, so the structures and stuff may have already been there for the most part. The main thing that would have changed alot are the opcodes. Unfortunately, most of the opcodes in SEQ weren't updated until after December, so many of them aren't correct.
I am thinking about trying a current version of SEQ and running a trial live account just to see if I can find 100% accurate structures that can be used to help getting SoF to work. I am betting that the current live structs are probably closer to SoF than the Titanium ones are.
If anyone has packet collects from right around the time that SoF was released (preferrably from SEQ if possible), I would love to get a copy of them. I think that would help alot once I knew what I was looking at. But, I am not holding my breath to get them, because I doubt anyone has still them.
I am not really sure what it is for, but a code obfuscater was added to SEQ around the time that SoF came out. From looking at the comments around the code for it, it appears to be used for pulling opcodes directly from the assembly code of the eqgame.exe. I have no idea how it is actually used though, or if I am just misunderstanding what it does. I have seen comments about it on the SEQ forums that seem to say something about opcodes changing from time to time when you zone or log on other characters/servers. I guess it is some kind of simple encryption or something. But, it seems that the new obfuscate can pull an opcode table from the exe file. If that is true, maybe we can use it on Titanium, and then on SoF and compare the 2 tables and compare the conf files for known opcodes and match them up. Here is a link to the obfuscate getting added to SEQ SVN:
http://seq.svn.sourceforge.net/viewv...85&pathrev=686
Last edited by trevius; 12-22-2008 at 03:16 AM..
|
|
|
|
12-23-2008, 04:57 PM
|
|
Developer
|
|
Join Date: Aug 2006
Location: USA
Posts: 5,946
|
|
I moved this to the development section, because it seems more appropriate.
|
|
|
|
12-24-2008, 10:03 PM
|
|
Developer
|
|
Join Date: Aug 2006
Location: USA
Posts: 5,946
|
|
I figured out where it is currently breaking when it is trying to log in. It seems that the opcode OP_SendExpZonein=0x3703 is where the problem is. This is the last opcode that the client receives before it stops responding. I also verified that by removing this opcode from Titanium it will fail at the exact same point according to the EQ Debug Logs.
Code:
DoMainLoop: just before first while(!EverQuest.ReceievedWorldObjects).
Actually, in Titanium, the log entry is slightly different, but it is the same thing just renamed:
Code:
DoMainLoop: just before first while(!ReadyEnterWorld).
My guess is that this opcode now needs to be encoded like many of the other important ones. And since it isn't being encoded, it isn't recognizing it, so it is failing. I am 99% sure that I have the correct opcode set for it.
Looking at the place where it is failing, here is the Assembly code for it:
Code:
.text:004DCC8F push offset aDomainloopJu_1 ; "DoMainLoop: just before first while(!Ev"...
.text:004DCC94 mov dword_907F60, esi
.text:004DCC9A call sub_645680 ; Call Procedure
.text:004DCC9F mov al, byte_9262EC
.text:004DCCA4 add esp, 18h ; Add
.text:004DCCA7 cmp al, bl ; Compare Two Operands
.text:004DCCA9 jnz short loc_4DCCF8 ; Jump if Not Zero (ZF=0)
.text:004DCCAB jmp short loc_4DCCB0 ; Jump
.text:004DCCAB ; ---------------------------------------------------------------------------
.text:004DCCAD align 10h
.text:004DCCB0
.text:004DCCB0 loc_4DCCB0: ; CODE XREF: sub_4DC610+69Bj
.text:004DCCB0 ; sub_4DC610+6E6j
.text:004DCCB0 mov eax, dword_761C6C
.text:004DCCB5 cmp eax, ebx ; Compare Two Operands
.text:004DCCB7 jz short loc_4DCCCA ; Jump if Zero (ZF=1)
.text:004DCCB9 mov ecx, [eax+4Ch]
.text:004DCCBC cmp ecx, ebx ; Compare Two Operands
.text:004DCCBE jz short loc_4DCCCA ; Jump if Zero (ZF=1)
.text:004DCCC0 push 1F4h
.text:004DCCC5 call sub_60DAD0 ; Call Procedure
.text:004DCCCA
.text:004DCCCA loc_4DCCCA: ; CODE XREF: sub_4DC610+6A7j
.text:004DCCCA ; sub_4DC610+6AEj
.text:004DCCCA mov ecx, edi
.text:004DCCCC call sub_4D9FF0 ; Call Procedure
.text:004DCCD1 push 1
.text:004DCCD3 push 4841h
.text:004DCCD8 push offset aCP4Everquest_0 ; "C:\\p4\\EverQuest\\live\\EverQuest\\EverQues"...
.text:004DCCDD mov ecx, edi
.text:004DCCDF call sub_4C1EA0 ; Call Procedure
.text:004DCCE4 test al, al ; Logical Compare
.text:004DCCE6 jnz loc_4DE160 ; Jump if Not Zero (ZF=0)
.text:004DCCEC push 1
.text:004DCCEE call ebp ; Indirect Call Near Procedure
.text:004DCCF0 cmp byte_9262EC, bl ; Compare Two Operands
.text:004DCCF6 jz short loc_4DCCB0 ; Jump if Zero (ZF=1)
.text:004DCCF8
.text:004DCCF8 loc_4DCCF8: ; CODE XREF: sub_4DC610+699j
.text:004DCCF8 push offset aDomainloopComp ; "DoMainLoop: complete after first while("...
.text:004DCCFD call sub_645680 ; Call Procedure
.text:004DCD02 add esp, 4 ; Add
.text:004DCD05 mov ecx, edi
.text:004DCD07 call sub_4E3B70 ; Call Procedure
.text:004DCD0C push 1
.text:004DCD0E mov ecx, edi
.text:004DCD10 mov dword_926EAC, ebx
.text:004DCD16 mov dword_926EA8, ebx
.text:004DCD1C call sub_4C2850 ; Call Procedure
.text:004DCD21 mov dword ptr [edi+38E94h], 1
.text:004DCD2B cmp byte_98452C, bl ; Compare Two Operands
.text:004DCD31 jz loc_4DCDE6 ; Jump if Zero (ZF=1)
.text:004DCD37 mov ecx, dword_907F0C
.text:004DCD3D push ebx
.text:004DCD3E push 3043h
.text:004DCD43 mov byte_98452C, bl
.text:004DCD49 call sub_6138B0 ; Call Procedure
.text:004DCD4E push 1 ; char
.text:004DCD50 push 111h ; int
.text:004DCD55 push eax ; char *
.text:004DCD56 mov ecx, edi
.text:004DCD58 call sub_4C5160 ; Call Procedure
.text:004DCD5D mov eax, dword_907F54
.text:004DCD62 mov edx, [eax+8]
.text:004DCD65 mov ecx, [edx+4]
.text:004DCD68 lea eax, [ecx+eax+8] ; Load Effective Address
.text:004DCD6C lea ecx, [eax+4] ; Load Effective Address
.text:004DCD6F call sub_61DF20 ; Call Procedure
.text:004DCD74 cmp dword ptr [eax+1304h], 0Ah ; Compare Two Operands
.text:004DCD7B jg short loc_4DCD96 ; Jump if Greater (ZF=0 & SF=OF)
.text:004DCD7D mov ecx, dword_907F0C
.text:004DCD83 push ebx
.text:004DCD84 push 213Ah
.text:004DCD89 call sub_6138B0 ; Call Procedure
.text:004DCD8E push eax ; char *
.text:004DCD8F mov ecx, edi
.text:004DCD91 call sub_4C5310 ; Call Procedure
.text:004DCD96
.text:004DCD96 loc_4DCD96: ; CODE XREF: sub_4DC610+76Bj
.text:004DCD96 mov ecx, dword_907F54
.text:004DCD9C add ecx, 0EEF8h ; Add
.text:004DCDA2 xor esi, esi ; Logical Exclusive OR
.text:004DCDA4 call sub_41C4D0 ; Call Procedure
.text:004DCDA9 test al, al ; Logical Compare
.text:004DCDAB jbe short loc_4DCDE6 ; Jump if Below or Equal (CF=1 | ZF=1)
.text:004DCDAD db 8Dh,49h,0 ; <BAD>lea ecx, [ecx+0] ; Load Effective Address
.text:004DCDB0
.text:004DCDB0 loc_4DCDB0: ; CODE XREF: sub_4DC610+7D4j
.text:004DCDB0 mov ecx, dword_907F54
.text:004DCDB6 push esi
.text:004DCDB7 add ecx, 0EEF8h ; Add
.text:004DCDBD call sub_41DA40 ; Call Procedure
.text:004DCDC2 cmp [eax], bl ; Compare Two Operands
.text:004DCDC4 jz short loc_4DCDCD ; Jump if Zero (ZF=1)
.text:004DCDC6 mov byte_925E8C, 1
.text:004DCDCD
.text:004DCDCD loc_4DCDCD: ; CODE XREF: sub_4DC610+7B4j
.text:004DCDCD mov ecx, dword_907F54
.text:004DCDD3 add ecx, 0EEF8h ; Add
.text:004DCDD9 inc esi ; Increment by 1
.text:004DCDDA call sub_41C4D0 ; Call Procedure
.text:004DCDDF movzx edx, al ; Move with Zero-Extend
.text:004DCDE2 cmp esi, edx ; Compare Two Operands
.text:004DCDE4 jl short loc_4DCDB0 ; Jump if Less (SF!=OF)
.text:004DCDE6
.text:004DCDE6 loc_4DCDE6: ; CODE XREF: sub_4DC610+721j
.text:004DCDE6 ; sub_4DC610+79Bj
.text:004DCDE6 push ebx ; int
.text:004DCDE7 push ebx ; int
.text:004DCDE8 push ebx ; int
.text:004DCDE9 push ebx ; int
.text:004DCDEA push ebx ; int
.text:004DCDEB push ebx ; int
.text:004DCDEC push ebx ; int
.text:004DCDED push ebx ; int
.text:004DCDEE push offset byte_925F9C ; int
.text:004DCDF3 lea eax, [esp+104h] ; Load Effective Address
.text:004DCDFA push 3045h ; int
.text:004DCDFF push eax ; char *
.text:004DCE00 call sub_4A3080 ; Call Procedure
.text:004DCE05 add esp, 2Ch ; Add
.text:004DCE08 push 1 ; char
.text:004DCE0A push 111h ; int
.text:004DCE0F lea ecx, [esp+0E8h] ; Load Effective Address
.text:004DCE16 push ecx ; char *
.text:004DCE17 mov ecx, edi
.text:004DCE19 call sub_4C5160 ; Call Procedure
.text:004DCE1E call sub_4EA590 ; Call Procedure
.text:004DCE23 mov ecx, eax
.text:004DCE25 call sub_4EA5C0 ; Call Procedure
.text:004DCE2A cmp dword_926328, 4 ; Compare Two Operands
.text:004DCE31 jnz short loc_4DCE92 ; Jump if Not Zero (ZF=0)
.text:004DCE33 mov eax, dword_907F54
.text:004DCE38 mov edx, [eax+8]
.text:004DCE3B mov ecx, [edx+4]
.text:004DCE3E lea eax, [ecx+eax+8] ; Load Effective Address
.text:004DCE42 lea ecx, [eax+4] ; Load Effective Address
.text:004DCE45 call sub_61DF20 ; Call Procedure
.text:004DCE4A cmp dword ptr [eax+1304h], 6 ; Compare Two Operands
.text:004DCE51 jge short loc_4DCE92 ; Jump if Greater or Equal (SF=OF)
.text:004DCE53 mov eax, dword_907F54
.text:004DCE58 mov edx, [eax+8]
.text:004DCE5B mov ecx, [edx+4]
.text:004DCE5E mov eax, [ecx+eax+108h]
.text:004DCE65 mov ecx, dword_907F34
.text:004DCE6B push eax
.text:004DCE6C call sub_62A060 ; Call Procedure
.text:004DCE71 test al, al ; Logical Compare
.text:004DCE73 jnz short loc_4DCE92 ; Jump if Not Zero (ZF=0)
.text:004DCE75 mov ecx, dword_907F0C
.text:004DCE7B push 1 ; char
.text:004DCE7D push 0Dh ; int
.text:004DCE7F push ebx
.text:004DCE80 push 3046h
.text:004DCE85 call sub_6138B0 ; Call Procedure
.text:004DCE8A push eax ; char *
.text:004DCE8B mov ecx, edi
.text:004DCE8D call sub_4C5160 ; Call Procedure
.text:004DCE92
.text:004DCE92 loc_4DCE92: ; CODE XREF: sub_4DC610+821j
.text:004DCE92 ; sub_4DC610+841j ...
.text:004DCE92 mov al, byte ptr word_92636C
.text:004DCE97 cmp al, 7Eh ; Compare Two Operands
.text:004DCE99 jz short loc_4DCED4 ; Jump if Zero (ZF=1)
.text:004DCE9B cmp al, bl ; Compare Two Operands
.text:004DCE9D jz short loc_4DCED4 ; Jump if Zero (ZF=1)
.text:004DCE9F push ebx ; int
.text:004DCEA0 push ebx ; int
.text:004DCEA1 push ebx ; int
.text:004DCEA2 push ebx ; int
.text:004DCEA3 push ebx ; int
.text:004DCEA4 push ebx ; int
.text:004DCEA5 push ebx ; int
.text:004DCEA6 push ebx ; int
.text:004DCEA7 push offset word_92636C ; int
.text:004DCEAC lea edx, [esp+104h] ; Load Effective Address
.text:004DCEB3 push 3047h ; int
.text:004DCEB8 push edx ; char *
.text:004DCEB9 call sub_4A3080 ; Call Procedure
.text:004DCEBE add esp, 2Ch ; Add
.text:004DCEC1 push 1 ; char
.text:004DCEC3 push 0Fh ; int
.text:004DCEC5 lea eax, [esp+0E8h] ; Load Effective Address
.text:004DCECC push eax ; char *
.text:004DCECD mov ecx, edi
.text:004DCECF call sub_4C5160 ; Call Procedure
.text:004DCED4
.text:004DCED4 loc_4DCED4: ; CODE XREF: sub_4DC610+889j
.text:004DCED4 ; sub_4DC610+88Dj
.text:004DCED4 mov ecx, offset unk_761D50
.text:004DCED9 mov byte ptr word_92636C, 7Eh
.text:004DCEE0 call sub_453C10 ; Call Procedure
.text:004DCEE5 mov ecx, dword_996AB4
.text:004DCEEB cmp ecx, ebx ; Compare Two Operands
.text:004DCEED jz short loc_4DCEF4 ; Jump if Zero (ZF=1)
.text:004DCEEF call sub_5E8870 ; Call Procedure
.text:004DCEF4
.text:004DCEF4 loc_4DCEF4: ; CODE XREF: sub_4DC610+8DDj
.text:004DCEF4 push offset aDomainloopJu_2 ; "DoMainLoop: just before second while(!R"...
.text:004DCEF9 call sub_645680 ; Call Procedure
.text:004DCEFE add esp, 4 ; Add
.text:004DCF01 call sub_4EC1F0 ; Call Procedure
.text:004DCF06 mov esi, eax
.text:004DCF08 cmp [esi+20h], bl ; Compare Two Operands
.text:004DCF0B jnz short loc_4DCF14 ; Jump if Not Zero (ZF=0)
.text:004DCF0D mov ecx, esi
.text:004DCF0F call sub_4EBE60 ; Call Procedure
.text:004DCF14
.text:004DCF14 loc_4DCF14: ; CODE XREF: sub_4DC610+8FBj
.text:004DCF14 mov byte ptr [esi+20h], 1
.text:004DCF18 mov ecx, dword_9A1CB4
.text:004DCF1E push 1
.text:004DCF20 dec ecx ; Decrement by 1
.text:004DCF21 push ebx
.text:004DCF22 mov dword_9A1CB4, ecx
.text:004DCF28 mov ecx, dword_761C68
.text:004DCF2E push 3703h
.text:004DCF33 call sub_637360 ; Call Procedure
.text:004DCF38 push eax
.text:004DCF39 push offset dword_907EF0
.text:004DCF3E push ebx
.text:004DCF3F push ebx ; char
.text:004DCF40 call sub_4BB750 ; Call Procedure
.text:004DCF45 dec dword_907F60 ; Decrement by 1
.text:004DCF4B call sub_4A2CF0 ; Call Procedure
.text:004DCF50 push offset aZoneConnectSen ; "Zone Connect -- Sending out a MSG_READY"...
.text:004DCF55 call sub_645680 ; Call Procedure
.text:004DCF5A mov eax, dword_925C80
.text:004DCF5F add esp, 18h ; Add
.text:004DCF62 cmp eax, ebx ; Compare Two Operands
.text:004DCF64 jnz short loc_4DCFAA ; Jump if Not Zero (ZF=0)
And, from client_packet.cpp, here is the code that handles that opcode:
Code:
void Client::Handle_Connect_OP_SendExpZonein(const EQApplicationPacket *app)
{
//////////////////////////////////////////////////////
// Spawn Appearance Packet
EQApplicationPacket* outapp = new EQApplicationPacket(OP_SpawnAppearance, sizeof(SpawnAppearance_Struct));
SpawnAppearance_Struct* sa = (SpawnAppearance_Struct*)outapp->pBuffer;
sa->type = AT_SpawnID; // Is 0x10 used to set the player id?
sa->parameter = GetID(); // Four bytes for this parameter...
outapp->priority = 6;
QueuePacket(outapp);
safe_delete(outapp);
// Inform the world about the client
outapp = new EQApplicationPacket();
CreateSpawnPacket(outapp);
outapp->priority = 6;
if (!GetHideMe()) entity_list.QueueClients(this, outapp, true);
safe_delete(outapp);
if(GetPVP()) //force a PVP update until we fix the spawn struct
SendAppearancePacket(AT_PVP, GetPVP(), true, false);
//Send AA Exp packet:
if(GetLevel() >= 51)
SendAAStats();
// Send exp packets
outapp = new EQApplicationPacket(OP_ExpUpdate, sizeof(ExpUpdate_Struct));
ExpUpdate_Struct* eu = (ExpUpdate_Struct*)outapp->pBuffer;
int32 tmpxp1 = GetEXPForLevel(GetLevel()+1);
int32 tmpxp2 = GetEXPForLevel(GetLevel());
// Quag: crash bug fix... Divide by zero when tmpxp1 and 2 equalled each other, most likely the error case from GetEXPForLevel() (invalid class, etc)
if (tmpxp1 != tmpxp2 && tmpxp1 != 0xFFFFFFFF && tmpxp2 != 0xFFFFFFFF) {
float tmpxp = (float) ( (float) m_pp.exp-tmpxp2 ) / ( (float) tmpxp1-tmpxp2 );
eu->exp = (uint32)(330.0f * tmpxp);
outapp->priority = 6;
QueuePacket(outapp);
}
safe_delete(outapp);
if(GetLevel() >= 51)
SendAATimers();
outapp = new EQApplicationPacket(OP_SendExpZonein, 0);
QueuePacket(outapp);
safe_delete(outapp);
outapp = new EQApplicationPacket(OP_RaidUpdate, sizeof(ZoneInSendName_Struct));
ZoneInSendName_Struct* zonesendname=(ZoneInSendName_Struct*)outapp->pBuffer;
strcpy(zonesendname->name,m_pp.name);
strcpy(zonesendname->name2,m_pp.name);
zonesendname->unknown0=0x0A;
QueuePacket(outapp);
safe_delete(outapp);
/* this is actually the guild MOTD
outapp = new EQApplicationPacket(OP_ZoneInSendName2, sizeof(ZoneInSendName_Struct2));
ZoneInSendName_Struct2* zonesendname2=(ZoneInSendName_Struct2*)outapp->pBuffer;
strcpy(zonesendname2->name,m_pp.name);
QueuePacket(outapp);
safe_delete(outapp);*/
if(IsInAGuild()) {
SendGuildMembers();
}
//No idea why live sends this if even were not in a guild
SendGuildMOTD();
return;
}
So, either the opcode needs to be encoded, or this handling code needs to be changed. I am guessing the opcode needs to be encoded, because the jump is looking for anything that isn't 0, so I would think that it is just making sure it got something for it. And, if it isn't encoded and is supposed to be, maybe it shows up as 0. But, if it doesn't need to be encoded, I don't know why it would be 0.
I will mess with it and see if I can figure out how to get that opcode encoded, but I don't really know how that will work, since the only opcodes I see currently getting encoded already have structures tied to them, but I don't see one for SendExpZonein. Unless maybe it is named differently.
At least I know where it is failing now, so I should be able to come up with something to move it to the next step. It should be getting pretty close now. I was able to find and verify more of the required opcodes for logging in over the past couple of days as well. Making some progress at least  |
|
|
|
|
|
|
12-28-2008, 06:08 PM
|
|
Developer
|
|
Join Date: Aug 2006
Location: USA
Posts: 5,946
|
|
I am still stuck at this same point, but I am not giving up that easily :P Last night, I started trying to figure out why character creation wasn't working. I have the correct Opcode, but I see that the server is expecting a struct to come in and the client is sending just the opcode with a size of 0. The client just hangs probably waiting for something back that we aren't sending. I am going to try filling in the needed character select stuff on the server side and then have it send the character create opcode back to the client. So, it would be working in reverse of how Titanium does it. If that works, then it means they might have been adjusting the order of server/client communications, maybe to optimize some stuff.
If so, maybe that is the reason that sendexpzonein is failing. It could be waiting for something else that we aren't sending. I will try forcing a few of the packets that normally follow the sendexpzonein and see if that makes any difference. I definitely see it is doing something extra in the assembly code of SoF that wasn't in Titanium, but there is no way to really tell what it is. It could either be waiting for an extra opcode that got added to the sendexpzonein stuff, or it could be waiting for a new structure that we don't have in Titanium. I am hoping it is the former, not the latter.
Other than that, the other big difference I notice is that some of the subs being called in area where the problem is happening have about 1000 set as the variables where Titanium has about 800 set. That makes me think that it is checking the size of a certain packet structure, but I don't know which one. If I am right, I think that one of the structures needed at this point has changed and we need to figure out which one and what it was changed to so it can be adjusted.
My last resort will be to setup the current showeq for Live and setup a trial account to watch the logs from SEQ and see what the current structures really are. I am sure that some of the SEQ structures are correct, but there is alot of info they don't need for SEQ to function so it probably gets ignored. Maybe I can find more details and get them filled in to get it working. Also, it would help to see if anything new is being sent. Unfortunately, I don't have any SEQ logs from when Titanium was running on Live, so I don't have anything to compare with. That will probably make feeding through this stuff considerably harder.
|
|
|
|
12-28-2008, 10:55 PM
|
|
Developer
|
|
Join Date: Aug 2006
Location: USA
Posts: 5,946
|
|
From looking at the MQ2 source, I found a few more item fields that may be needed for SoF to load items properly:
HeroicSvPoison
HeroicSvMagic
HeroicSvFire
HeroicSvDisease
HeroicSvCold
HeroicSvCorruption
MaxPower
Power
I imagine that the Herioc Resists are almost certainly required fields. The Power and MaxPower fields may not be required though, I don't really know much about them.
|
|
|
|
12-29-2008, 04:21 AM
|
|
Developer
|
|
Join Date: Aug 2006
Location: USA
Posts: 5,946
|
|
Maybe the MQ2 source can be useful after-all. After looking at it again, some of the stuff in there is starting to make more sense to me now that I am getting more used to looking at the assembly code from eqgame.exe. I found that MQ2 even has a version for the SoF retail eqgame.exe by looking at the debug from SoF:
Code:
Starting EverQuest (Built Sep 7 2007 09:11:49)
And then at the MQ2 build for that date, it wants this exact version (seen in the MQ2Main\eqgame.h file):
Code:
#define __ClientName "eqgame"
#define __ExpectedVersionDate "Sep 7 2007"
#define __ExpectedVersionTime "09:11:49"
So, that tells me that everything we needed to build EQ for SoF was actually already in place at that time.
This should also mean that SEQ structs and maybe some opcodes from that time might be useful as well. Unfortunately, SEQ wasn't updated between 3/25/2007 and 11/05/2007. It was just not functioning at all for about 6 months in between there. They finally got it working again in November right before the actual retail release of SoF. But, at least this confirms that I should use certain older structures over some that were changed after that. |
|
|
|
|
|
|
12-31-2008, 07:07 PM
|
|
Developer
|
|
Join Date: Aug 2006
Location: USA
Posts: 5,946
|
|
After being stumped on this a while, I finally decided to take a step that would hopefully help me alot. I paid for my old EQ account so it could play on EQLive again. Then, I got the current version of ShowEQ working and put a hub in my network so I can sniff the packets to/from EQ. This is letting me watch the logs directly from EQLive that show pretty much everything I would need to get EQEmu working with EQLive. I am hoping that EQLive runs pretty close to how SoF did, and it should since there haven't been nearly as many changes to Live since SoF as there was from Titanium to SoF.
Already, I have found that the order of packets when logging in is pretty different from Titanium. I think I found the place that is stopping me from logging in all of the way. I just need to work on it some more to get it past that point. From what I can tell so far, it looks like this will be more helpful than anything I have tried. I am hoping to make more progress tonight now that I have this new information.
Here is an example of the logs of zoning in. I cut out a bunch of the actual data and stuff. I also made notes next to some of the packets.
Code:
Dec 31 2008 05:43:05:342 [Raw] [Client->Server] [Size: 12]
[OPCode: 0x0100]
000 | 00 00 00 02 6b 0b ee 8f 00 00 02 00 | ....k.......
Dec 31 2008 05:43:05:442 [Raw] [Server->Client] [Size: 19]
[OPCode: 0x0200]
000 | 6b 0b ee 8f 45 d7 b5 02 02 01 00 00 00 02 00 00 | k...E...........
Dec 31 2008 05:43:05:450 [Raw] [Client->Server] [Size: 38]
[OPCode: 0x0700]
000 | f0 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
Dec 31 2008 05:43:05:562 [Raw] [Server->Client] [Size: 38]
[OPCode: 0x0800]
000 | f0 82 aa d9 db 45 00 00 00 00 00 00 00 02 00 00 | .....E..........
Dec 31 2008 05:43:05:722 [Raw] [Client->Server] [Size: 86]
[OPCode: 0x0300]
000 | 0a 00 09 00 00 94 35 00 00 00 00 4a 00 09 00 01 | ......5....J....
Dec 31 2008 05:43:05:722 [Decoded] [Client->Server] [Size: 4] - Probably OP_AckPacket
[OPCode: 0x3594]
000 | 00 00 00 00 | ....
Dec 31 2008 05:43:05:722 [Decoded] [Client->Server] [Size: 68] - OP_ZoneEntry
[OPCode: 0x5a6b]
[Name: OP_ZoneEntry][Updated: 10/07/08][Type: ClientZoneEntryStruct (68) ==]
Dec 31 2008 05:43:05:882 [Raw] [Server->Client] [Size: 5]
[OPCode: 0x1500]
000 | a5 00 01 4a 4f | ...JO
Dec 31 2008 05:43:05:882 [Raw] [Server->Client] [Size: 406] - Varies in size
[OPCode: 0x0900]
000 | 00 00 00 19 0e f0 1a c1 88 00 00 00 00 00 00 64 | ...............d
Dec 31 2008 05:43:05:882 [Decoded] [Server->Client] [Size: 12]
[OPCode: 0x1af0]
000 | c1 88 00 00 00 00 00 00 64 00 00 00 | ........d...
Dec 31 2008 05:43:05:883 [Decoded] [Server->Client] [Size: 0]
[OPCode: 0x3bef]
Dec 31 2008 05:43:05:883 [Decoded] [Server->Client] [Size: 120] - OP_SendAATable
[OPCode: 0x322f]
000 | 02 00 00 00 01 ff ff ff ff ff ff ff ff 02 00 00 | ................
Dec 31 2008 05:43:06:603 [Raw] [Client->Server] [Size: 5]
[OPCode: 0x1500]
000 | a5 00 23 0b ab | ..#..
Dec 31 2008 05:43:06:696 [Raw] [Server->Client] [Size: 507] - I think these are compressed, combined or encoded packets, or maybe combinations of each
[OPCode: 0x0d00]
000 | 00 26 00 00 5b c2 22 60 fd 19 df 72 00 00 00 00 | .&..[."`...r....
Dec 31 2008 05:43:06:973 [Decoded] [Server->Client] [Size: 23488] - OP_PlayerProfile
[OPCode: 0x6022]
[Name: OP_PlayerProfile][Updated: 01/17/08][Type: charProfileStruct (23488) ==]
Dec 31 2008 05:43:07:150 [Decoded] [Server->Client] [Size: 334] - OP_ZoneEntry
[OPCode: 0x5a6b]
[Name: OP_ZoneEntry][Updated: 10/07/08][Type: uint8_t (1) nc]
Dec 31 2008 05:43:07:163 [Decoded] [Server->Client] [Size: 8] - OP_TimeOfDay
[OPCode: 0x6015]
[Name: OP_TimeOfDay][Updated: 01/17/08][Type: timeOfDayStruct (8) ==]
000 | 16 2b 02 01 69 0c 00 00 | .+..i...
Dec 31 2008 05:43:07:163 [Decoded] [Server->Client] [Size: 48] - Maybe OP_TributeUpdate
[OPCode: 0x399b]
000 | 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff | ................
Dec 31 2008 05:43:07:179 [Decoded] [Client->Server] [Size: 4]
[OPCode: 0x4036]
000 | a9 04 00 00 | ....
Dec 31 2008 05:43:07:179 [Decoded] [Client->Server] [Size: 4] - Probably OP_AckPacket
[OPCode: 0x3594]
000 | 00 00 00 00 | ....
Dec 31 2008 05:43:07:680 [Decoded] [Server->Client] [Size: 205802] - Character Inventory
[OPCode: 0x709d]
000 | 30 00 00 00 01 00 00 00 00 00 00 00 1e 00 00 00 | 0...............
Dec 31 2008 05:43:08:028 [Decoded] [Server->Client] [Size: 4]
[OPCode: 0x5412]
000 | 00 00 00 00 | ....
Dec 31 2008 05:43:08:029 [Decoded] [Server->Client] [Size: 12] - Looks like OP_Weather
[OPCode: 0x2641]
000 | ff 00 00 00 00 00 00 00 01 00 00 00 | ............
Dec 31 2008 05:43:08:029 [Decoded] [Server->Client] [Size: 4] - OP_DeleteSpawn
[OPCode: 0x4292]
[Name: OP_DeleteSpawn][Updated: 10/07/08][Type: deleteSpawnStruct (4) ==]
000 | 4f 48 00 00 | OH..
Dec 31 2008 05:43:08:029 [Decoded] [Server->Client] [Size: 4]
[OPCode: 0x6c26]
000 | 00 00 00 00 | ....
Dec 31 2008 05:43:08:029 [Decoded] [Server->Client] [Size: 24]
[OPCode: 0x2c4c]
000 | 92 cb ce 02 08 08 00 00 0b e0 d9 aa 00 00 00 00 | ................
016 | 10 00 00 00 00 00 00 00 | ........
Dec 31 2008 05:43:08:431 [Decoded] [Client->Server] [Size: 1]
[OPCode: 0x0924]
000 | 30 | 0
Dec 31 2008 05:43:08:431 [Decoded] [Client->Server] [Size: 0]
[OPCode: 0x43ac]
Dec 31 2008 05:43:08:431 [Decoded] [Client->Server] [Size: 0] - Maybe OP_ReqNewZone
[OPCode: 0x466c]
Dec 31 2008 05:43:08:611 [Decoded] [Server->Client] [Size: 20]
[OPCode: 0x116d]
000 | 00 00 00 00 a0 bb 0d 00 20 bf 02 00 05 00 00 00 | ........ .......
016 | 00 00 00 00 | ....
Dec 31 2008 05:43:08:612 [Decoded] [Server->Client] [Size: 932] - OP_NewZone
[OPCode: 0x5ca5]
[Name: OP_NewZone][Updated: 01/17/08][Type: newZoneStruct (932) ==]
Dec 31 2008 05:43:08:676 [Decoded] [Server->Client] [Size: 921] - Custom Titles
[OPCode: 0x1b26]
000 | 22 00 00 00 3c 00 00 00 64 00 00 00 41 70 70 72 | "...<...d...Appr
Dec 31 2008 05:43:12:766 [Decoded] [Client->Server] [Size: 4] - OP_TargetMouse?
[OPCode: 0x7bbb]
[Name: OP_TargetMouse][Updated: 01/17/08][Type: clientTargetStruct (4) ==]
000 | 00 00 00 00 | ....
Dec 31 2008 05:43:14:898 [Decoded] [Client->Server] [Size: 4] - Probably OP_AckPacket
[OPCode: 0x3594]
000 | 00 00 00 00 | ....
Dec 31 2008 05:43:14:898 [Decoded] [Client->Server] [Size: 0] - Request Client Spawn
[OPCode: 0x1436]
Dec 31 2008 05:43:15:015 [Decoded] [Server->Client] [Size: 184] - Spawn Doors
[OPCode: 0x102f]
000 | 41 43 44 4f 4f 52 53 33 31 30 00 00 ff ff 00 00 | ACDOORS310......
Dec 31 2008 05:43:15:027 [Decoded] [Server->Client] [Size: 484]
[OPCode: 0x5821]
000 | 13 00 00 00 00 00 00 00 00 00 87 43 00 00 d9 44 | ...........C...D
Dec 31 2008 05:43:15:028 [Decoded] [Server->Client] [Size: 0] - New World Objects Sent (Replaced sendexpzonein)
[OPCode: 0x69cd]
Dec 31 2008 05:43:15:167 [Decoded] [Client->Server] [Size: 88]
[OPCode: 0x0baa]
000 | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff | ................
Dec 31 2008 05:43:15:168 [Decoded] [Client->Server] [Size: 0] - Send Exp Zone In
[OPCode: 0x7b73]
Dec 31 2008 05:43:15:339 [Decoded] [Server->Client] [Size: 8] - OP_SpawnAppearance
[OPCode: 0x10b7]
[Name: OP_SpawnAppearance][Updated: 01/17/08][Type: spawnAppearanceStruct (8) ==]
000 | 00 00 10 00 53 48 00 00 | ....SH..
Dec 31 2008 05:43:15:339 [Decoded] [Server->Client] [Size: 12] - OP_AAExpUpdate
[OPCode: 0x3088]
[Name: OP_AAExpUpdate][Updated: 01/17/08][Type: altExpUpdateStruct (12) ==]
000 | 06 00 00 00 00 00 00 00 00 00 00 00 | ............
Dec 31 2008 05:43:15:340 [Decoded] [Server->Client] [Size: 8] - OP_ExpUpdate
[OPCode: 0x0e98]
[Name: OP_ExpUpdate][Updated: 01/17/08][Type: expUpdateStruct (8) ==]
000 | 43 00 00 00 00 00 00 00 | C.......
Dec 31 2008 05:43:15:340 [Decoded] [Server->Client] [Size: 12]
[OPCode: 0x50d0]
000 | 00 00 00 00 00 00 00 00 25 59 5b 49 | ........%Y[I
Dec 31 2008 05:43:15:355 [Decoded] [Server->Client] [Size: 0]
[OPCode: 0x7b73]
Dec 31 2008 05:43:15:506 [Decoded] [Client->Server] [Size: 128]
[OPCode: 0x7312]
000 | 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 | ................
Dec 31 2008 05:43:15:621 [Decoded] [Server->Client] [Size: 4704] - List of Rewards available from /claim
[OPCode: 0x4e4e]
000 | cc 0b 00 00 01 00 00 00 01 00 00 00 bc 9f 00 00 | ................
Dec 31 2008 05:43:15:625 [Decoded] [Server->Client] [Size: 12] - OP_SimpleMessage
[OPCode: 0x5448]
[Name: OP_SimpleMessage][Updated: 01/17/08][Type: simpleMessageStruct (12) ==]
000 | 0e 0e 00 00 0f 00 00 00 00 00 00 00 | ............
Dec 31 2008 05:43:15:625 [Decoded] [Server->Client] [Size: 4]
[OPCode: 0x435b]
000 | 00 00 00 00 | ....
Dec 31 2008 05:43:15:625 [Decoded] [Server->Client] [Size: 4]
[OPCode: 0x0296]
000 | 00 00 00 00 | ....
Dec 31 2008 05:43:15:626 [Decoded] [Server->Client] [Size: 326] - OP_ZoneEntry (this time from server to client)
[OPCode: 0x5a6b]
[Name: OP_ZoneEntry][Updated: 10/07/08][Type: uint8_t (1) nc]
Dec 31 2008 05:43:15:626 [Decoded] [Server->Client] [Size: 5] - OP_RemoveSpawn
[OPCode: 0x3164]
[Name: OP_RemoveSpawn][Updated: 04/17/08][Type: removeSpawnStruct (5) nc]
000 | 4f 48 00 00 01 | OH...
Dec 31 2008 05:43:15:626 [Decoded] [Server->Client] [Size: 12]
[OPCode: 0x5ebc]
000 | 00 00 00 00 62 70 cb 32 00 00 00 00 | ....bp.2....
Dec 31 2008 05:43:15:659 [Decoded] [Client->Server] [Size: 8]
[OPCode: 0x2d17]
000 | 62 70 cb 32 4a 17 19 da | bp.2J...
Dec 31 2008 05:43:15:660 [Decoded] [Client->Server] [Size: 0]
[OPCode: 0x6759]
Dec 31 2008 05:43:15:660 [Decoded] [Client->Server] [Size: 8]
[OPCode: 0x7b6e]
000 | 53 48 00 00 40 00 00 00 | SH..@...
Dec 31 2008 05:43:15:660 [Decoded] [Client->Server] [Size: 19] - OP_WearChange
[OPCode: 0x231f]
[Name: OP_WearChange][Updated: 01/17/08][Type: SpawnUpdateStruct (19) ==]
000 | 53 48 50 00 00 00 00 00 00 00 00 00 00 00 00 00 | SHP.............
016 | 00 00 09 | ...
Dec 31 2008 05:43:15:661 [Decoded] [Client->Server] [Size: 20] - OP_BazaarSearch
[OPCode: 0x4675]
[Name: OP_BazaarSearch][Updated: 01/17/08][Type: bazaarSearchQueryStruct (100) nc]
000 | 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
016 | 00 00 00 00 | ....
Dec 31 2008 05:43:15:661 [Decoded] [Client->Server] [Size: 0]
[OPCode: 0x19d2]
Dec 31 2008 05:43:15:661 [Decoded] [Client->Server] [Size: 4]
[OPCode: 0x4b49]
000 | 17 00 00 00 | ....
Dec 31 2008 05:43:15:662 [Decoded] [Client->Server] [Size: 12]
[OPCode: 0x7eac]
000 | 26 02 00 00 fa 02 00 00 00 f7 44 04 | &.........D.
Dec 31 2008 05:43:15:662 [Decoded] [Client->Server] [Size: 4]
[OPCode: 0x365d]
000 | 01 01 01 01 | ....
Dec 31 2008 05:43:15:662 [Decoded] [Client->Server] [Size: 4]
[OPCode: 0x266e]
000 | 01 01 01 01 | ....
Dec 31 2008 05:43:15:662 [Decoded] [Client->Server] [Size: 0]
[OPCode: 0x7eeb]
Dec 31 2008 05:43:15:662 [Decoded] [Client->Server] [Size: 8]
[OPCode: 0x27bf]
000 | 00 00 00 00 ff ff ff ff | ........
Dec 31 2008 05:43:15:663 [Decoded] [Client->Server] [Size: 4]
[OPCode: 0x7e31]
000 | 01 01 01 01 | ....
Dec 31 2008 05:43:15:663 [Decoded] [Client->Server] [Size: 4]
[OPCode: 0x2d37]
000 | 01 01 01 01 | ....
Dec 31 2008 05:43:15:738 [Decoded] [Server->Client] [Size: 140] - Probably OP_GuildMemberList
[OPCode: 0x32c6]
000 | 0a 00 00 00 54 72 65 76 69 75 73 00 00 00 00 00 | ....XXXXXXX..... (name removed)
Dec 31 2008 05:43:15:902 [Decoded] [Server->Client] [Size: 648] - OP_GuildMOTD
[OPCode: 0xd677]
[Name: OP_GuildMOTD][Updated: 01/17/08][Type: guildMOTDStruct (136) nc]
Dec 31 2008 05:43:15:902 [Decoded] [Server->Client] [Size: 8]
[OPCode: 0x35d3]
000 | 92 f4 00 00 00 00 00 00 | ........
Dec 31 2008 05:43:15:903 [Decoded] [Server->Client] [Size: 8]
[OPCode: 0x7b6e]
000 | 53 48 00 00 40 00 00 00 | SH..@...
Dec 31 2008 05:43:15:959 [Decoded] [Client->Server] [Size: 40] - OP_ClientUpdate
[OPCode: 0x7062]
[Name: OP_ClientUpdate][Updated: 01/17/08][Type: playerSelfPosStruct (40) ==]
Dec 31 2008 05:43:16:339 [Decoded] [Server->Client] [Size: 62] - Looks like the EQPlayers update
[OPCode: 0x7eeb]
000 | 68 74 74 70 73 3a 2f 2f 77 77 77 2e 65 71 70 2e | https://www.eqp.
Dec 31 2008 05:43:16:339 [Decoded] [Server->Client] [Size: 10]
[OPCode: 0x538f]
000 | 58 12 00 00 16 1d 00 00 53 48 | X.......SH
Dec 31 2008 05:43:16:340 [Decoded] [Server->Client] [Size: 10]
[OPCode: 0x4b61]
000 | 00 00 00 00 00 00 00 00 53 48 | ........SH
Dec 31 2008 05:43:16:340 [Decoded] [Server->Client] [Size: 10]
[OPCode: 0x02d6]
000 | d9 1b 00 00 d9 1b 00 00 53 48 | ........SH
Last edited by trevius; 01-05-2009 at 06:42 AM..
|
|
|
|
|
|
|
12-31-2008, 08:27 PM
|
|
Administrator
|
|
Join Date: Sep 2006
Posts: 1,348
|
|
SEQ isn't converting network to host byte order on the raw soe opcodes but here:
Code:
Dec 31 2008 05:43:05:342 [Raw] [Client->Server] [Size: 12]
[OPCode: 0x0100]
000 | 00 00 00 02 6b 0b ee 8f 00 00 02 00 | ....k.......
Connect Request
int crc length 0x00000002 = 2
int session id 0x6b0bee8f
max packet size 0x00000200 = 512
Code:
Dec 31 2008 05:43:05:442 [Raw] [Server->Client] [Size: 19]
[OPCode: 0x0200]
000 | 6b 0b ee 8f 45 d7 b5 02 02 01 00 00 00 02 00 00 | k...E...........
Connect Accept Reply
int session id 0x6b0bee8f
int encode key 0x45d7b502
char crc length 0x02
crypt options bitfield 0x0201
max packet size 0x00000200
Code:
Dec 31 2008 05:43:05:450 [Raw] [Client->Server] [Size: 38]
[OPCode: 0x0700]
000 | f0 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
Network Status Update - not really important.
[code]Dec 31 2008 05:43:05:722 [Raw] [Client->Server] [Size: 86]
[OPCode: 0x0300]
000 | 0a 00 09 00 00 94 35 00 00 00 00 4a 00 09 00 01 | ......5....J.... [code]
Combined packet
contains:
Code:
Dec 31 2008 05:43:05:722 [Decoded] [Client->Server] [Size: 4] -
[OPCode: 0x3594]
000 | 00 00 00 00 | ....
Dec 31 2008 05:43:05:722 [Decoded] [Client->Server] [Size: 68] - OP_ZoneEntry
[OPCode: 0x5a6b]
[Name: OP_ZoneEntry][Updated: 10/07/08][Type: ClientZoneEntryStruct (68) ==]
The first packet isn't a soe ack you can tell by the opcode and the fact that it doesn't include a sequence number. Likely some kind of I am ready for this info packet.
Code:
Dec 31 2008 05:43:05:882 [Raw] [Server->Client] [Size: 5]
[OPCode: 0x1500]
000 | a5 00 01 4a 4f | ...JO
This is an ack packet, tho it looks wrong, they're usually 4 bytes total including the opcode 2 without this one is 7 byte with the opcode 5 without. The opcode is SOE_ACK tho.
Code:
Dec 31 2008 05:43:05:882 [Raw] [Server->Client] [Size: 406] - Varies in size
[OPCode: 0x0900]
000 | 00 00 00 19 0e f0 1a c1 88 00 00 00 00 00 00 64 | ...............d
These are standalone packets, encoded and compressed with a 2 byte sequence on the top probably 0x0000 since this is the first and a crc on the end. It's also possible to combine packets within an 0x0009 packet but you can't combine a raw packet and an eq packet inside the 0x0009 they both have to be EQ packets.
Code:
Dec 31 2008 05:43:06:696 [Raw] [Server->Client] [Size: 507] -
[OPCode: 0x0d00]
000 | 00 26 00 00 5b c2 22 60 fd 19 df 72 00 00 00 00 | .&..[."`...r....
This is a fragmented packet like 0x0009 they are encoded and compressed they have a sequence number for recombining and a length byte. These are used when the data chunk being sent is larger than the max frame size sent on init: 512.
I know this doesn't help at all for figuring out what you need for the SoF stuff but maybe if you understand how the raw protocol works you'll understand it a bit better.
|
|
|
|
|
|
|
01-01-2009, 07:46 AM
|
|
Developer
|
|
Join Date: Aug 2006
Location: USA
Posts: 5,946
|
|
Ya, at least that clears a few things up that I wasn't quite sure about. I was ignoring the 0300 and 0900 because I figured they were doing something like that. I think 0d00 is also something like that, I am guessing raw packets that need to be encrypted? Either way, I ignore those as well :P
Just familiarizing myself with the packet logs, I started breaking down the structure for player profile to see if I could verify what it should look like currently for EQLive. So far I am almost done with it and will post the finished version when it is completed. I think it will help to have an accurate player profile with SoF once it is working at all.
Right now, I think I am really close, but I am doing the same thing live does and the client just stops at that first main loop every time. Maybe I have something messed up earlier on and it isn't figuring that out until that point. Or, maybe I have to have the AA stats opcode for it to continue, and I don't. I have almost all of the ones I need, but that one is really elusive to me lol. I can run Titanium fine without it, so I think it should be ok to run SoF without it, but no way to know for sure.
Basically, this is the order things happen on Titanium in the emu for the part I am having a problem with:
Code:
OP_ReqClientSpawn From Client to request the following:
OP_SpawnDoor
OP_GroundSpawn
OP_SendAAStats
OP_SendExpZonein To client to tell them that we are done sending it all.
OP_SendExpZonein From the Client to ask the server for more stuff
And this the order I am seeing from live for that same part:
Code:
OP_ReqClientSpawn
OP_SpawnDoor
OP_NotSure (not sure which one this is yet)
OP_SendWorldObjectMSG - New from EQLive. Server sends this to client
OP_SendExpZonein - Client sees the Object MSG and sends this asking for more stuff
So, I think SoF is supposed to be set the way Live is now. But for some reason, it still isn't working yet for me. I have tried both ways and more and the client never responds with the SendExpZonein as it should, or anything else for that matter. It is like it is either waiting for something that hasn't come yet, or something came but was messed up in format.
Well, I will keep plugging away at it. I learn more each day and it will help alot once I actually get to the point where I can start cleaning stuff up so people can actually use SoF to play.
Here is the example right from the logs from Live:
Code:
Dec 31 2008 05:43:14:898 [Decoded] [Client->Server] [Size: 0] - Request Client Spawn
[OPCode: 0x1436]
Dec 31 2008 05:43:15:015 [Decoded] [Server->Client] [Size: 184] - Spawn Doors
[OPCode: 0x102f]
000 | 41 43 44 4f 4f 52 53 33 31 30 00 00 ff ff 00 00 | ACDOORS310......
Dec 31 2008 05:43:15:027 [Decoded] [Server->Client] [Size: 484] - Unsure what this is atm. Probably zone points
[OPCode: 0x5821]
000 | 13 00 00 00 00 00 00 00 00 00 87 43 00 00 d9 44 | ...........C...D
Dec 31 2008 05:43:15:028 [Decoded] [Server->Client] [Size: 0] - Send Exp Zone In
[OPCode: 0x69cd]
Here is the full 0x5821 that I am gonna check and see if I can find what it is:
Code:
Dec 31 2008 23:44:35:954 [Decoded] [Server->Client] [Size: 172]
[OPCode: 0x5821]
000 | 06 00 00 00 01 00 00 00 00 00 d1 43 00 00 80 41 | ...........C...A
016 | 00 00 e8 c1 00 80 bf 43 98 00 00 00 02 00 00 00 | .......C........
032 | 00 40 18 c4 00 80 cf c3 00 00 80 c0 00 00 22 43 | .@............"C
048 | a1 00 00 00 03 00 00 00 00 00 16 44 00 60 e5 c4 | ...........D.`..
064 | 00 00 a8 c1 00 00 fc 42 a8 00 00 00 04 00 00 00 | .......B........
080 | 00 80 ec 43 00 c0 e5 c4 00 00 a8 c1 00 00 fe 42 | ...C...........B
096 | a8 00 00 00 05 00 00 00 00 a0 01 45 00 00 e2 c2 | ...........E....
112 | 00 00 ae 42 00 00 be 43 ae 00 00 00 06 00 00 00 | ...B...C........
128 | 00 00 02 45 00 00 75 c3 00 00 ae 42 00 00 e4 42 | ...E..u....B...B
144 | ae 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
160 | 00 00 00 00 00 00 00 00 00 00 00 00 | ............
Last edited by trevius; 01-01-2009 at 03:53 PM..
|
|
|
|
|
|
|
01-05-2009, 01:35 AM
|
|
Developer
|
|
Join Date: Aug 2006
Location: USA
Posts: 5,946
|
|
I guess I am going to break down EQLive and see what each Opcode is so I can get an accurate order for what packets should be going when. Using SEQ, it shouldn't be too tough to get that all sorted out. Once I know the specific details, I am hoping to try them on SoF and see if it works.
Here is what I have so far:
Code:
[OPCode: 0x0100] [Raw] [Client->Server] [Size: 12] - Connect Request
[OPCode: 0x0200] [Raw] [Server->Client] [Size: 19] - Connect Accept Reply
[OPCode: 0x0700] [Raw] [Client->Server] [Size: 38] - Network Status Update
[OPCode: 0x0800] [Raw] [Server->Client] [Size: 38] - Network Status Update Reply?
[OPCode: 0x0300] [Raw] [Client->Server] [Size: 86] - Combined Packet
[OPCode: 0x3594] [Decoded] [Client->Server] [Size: 4] - Probably OP_AckPacket
[OPCode: 0x5a6b] [Decoded] [Client->Server] [Size: 68] - OP_ZoneEntry
[OPCode: 0x1500] [Raw] [Server->Client] [Size: 5] - Some Kind of Ack Packet
[OPCode: 0x0900] [Raw] [Server->Client] [Size: 406] - Stand-Alone Encoded and Compressed Packet
[OPCode: 0x1af0] [Decoded] [Server->Client] [Size: 12]
[OPCode: 0x3bef] [Decoded] [Server->Client] [Size: 0]
[OPCode: 0x322f] [Decoded] [Server->Client] [Size: 120] - OP_SendAATable
[OPCode: 0x1500] [Raw] [Client->Server] [Size: 5] - Some Kind of Ack Packet
[OPCode: 0x0d00] [Raw] [Server->Client] [Size: 507] - Fragmented Packet With Sequence
[OPCode: 0x6022] [Decoded] [Server->Client] [Size: 23488] - OP_PlayerProfile
[OPCode: 0x5a6b] [Decoded] [Server->Client] [Size: 334] - OP_ZoneEntry
[OPCode: 0x6015] [Decoded] [Server->Client] [Size: 8] - OP_TimeOfDay
[OPCode: 0x399b] [Decoded] [Server->Client] [Size: 48] - Maybe OP_TributeUpdate
[OPCode: 0x4036] [Decoded] [Client->Server] [Size: 4] - Maybe OP_TributeTimer
[OPCode: 0x3594] [Decoded] [Client->Server] [Size: 4] - Probably OP_AckPacket
[OPCode: 0x709d] [Decoded] [Server->Client] [Size: 205802] - Character Inventory
[OPCode: 0x5412] [Decoded] [Server->Client] [Size: 4] - Maybe OP_TaskDescription
[OPCode: 0x2641] [Decoded] [Server->Client] [Size: 12] - Maybe OP_TaskActivity or OP_Weather
[OPCode: 0x4292] [Decoded] [Server->Client] [Size: 4] - OP_DeleteSpawn
[OPCode: 0x6c26] [Decoded] [Server->Client] [Size: 4] - Maybe OP_CompletedTasks
[OPCode: 0x2c4c] [Decoded] [Server->Client] [Size: 24] - Maybe OP_Weather
[OPCode: 0x0924] [Decoded] [Client->Server] [Size: 1] - OP_ReqNewZone
[OPCode: 0x43ac] [Decoded] [Client->Server] [Size: 0] - Maybe OP_SendTributes
[OPCode: 0x466c] [Decoded] [Client->Server] [Size: 0] - Maybe OP_TributeInfo
[OPCode: 0x116d] [Decoded] [Server->Client] [Size: 20] - Maybe OP_SendGuildTributes
[OPCode: 0x5ca5] [Decoded] [Server->Client] [Size: 932] - OP_NewZone
[OPCode: 0x1b26] [Decoded] [Server->Client] [Size: 921] - Custom Titles
[OPCode: 0x7bbb] [Decoded] [Client->Server] [Size: 4] - OP_TargetMouse?
[OPCode: 0x3594] [Decoded] [Client->Server] [Size: 4] - Probably OP_AckPacket
[OPCode: 0x1436] [Decoded] [Client->Server] [Size: 0] - OP_ReqClientSpawn
[OPCode: 0x102f] [Decoded] [Server->Client] [Size: 184] - Spawn Doors
[OPCode: 0x5821] [Decoded] [Server->Client] [Size: 484] - Probably GroundSpawns or Zone Points
[OPCode: 0x69cd] [Decoded] [Server->Client] [Size: 0] - New OP_WorldObjectsSent (Replaced OP_SendExpZonein here)
[OPCode: 0x0baa] [Decoded] [Client->Server] [Size: 88] - NEW OP_BlockedSpells
[OPCode: 0x7b73] [Decoded] [Client->Server] [Size: 0] - OP_SendExpZonein
[OPCode: 0x10b7] [Decoded] [Server->Client] [Size: 8] - OP_SpawnAppearance
[OPCode: 0x3088] [Decoded] [Server->Client] [Size: 12] - OP_AAExpUpdate
[OPCode: 0x0e98] [Decoded] [Server->Client] [Size: 8] - OP_ExpUpdate
[OPCode: 0x50d0] [Decoded] [Server->Client] [Size: 12]
[OPCode: 0x7b73] [Decoded] [Server->Client] [Size: 0]
[OPCode: 0x7312] [Decoded] [Client->Server] [Size: 128]
[OPCode: 0x4e4e] [Decoded] [Server->Client] [Size: 4704] - List of Rewards available from /claim
[OPCode: 0x5448] [Decoded] [Server->Client] [Size: 12] - OP_SimpleMessage
[OPCode: 0x435b] [Decoded] [Server->Client] [Size: 4]
[OPCode: 0x0296] [Decoded] [Server->Client] [Size: 4]
[OPCode: 0x5a6b] [Decoded] [Server->Client] [Size: 326] - OP_ZoneEntry (this time from server to client)
[OPCode: 0x3164] [Decoded] [Server->Client] [Size: 5] - OP_RemoveSpawn
[OPCode: 0x5ebc] [Decoded] [Server->Client] [Size: 12]
[OPCode: 0x2d17] [Decoded] [Client->Server] [Size: 8]
[OPCode: 0x6759] [Decoded] [Client->Server] [Size: 0]
[OPCode: 0x7b6e] [Decoded] [Client->Server] [Size: 8]
[OPCode: 0x231f] [Decoded] [Client->Server] [Size: 19] - OP_WearChange
[OPCode: 0x4675] [Decoded] [Client->Server] [Size: 20] - OP_BazaarSearch
[OPCode: 0x19d2] [Decoded] [Client->Server] [Size: 0]
[OPCode: 0x4b49] [Decoded] [Client->Server] [Size: 4]
[OPCode: 0x7eac] [Decoded] [Client->Server] [Size: 12]
[OPCode: 0x365d] [Decoded] [Client->Server] [Size: 4]
[OPCode: 0x266e] [Decoded] [Client->Server] [Size: 4]
[OPCode: 0x7eeb] [Decoded] [Client->Server] [Size: 0]
[OPCode: 0x27bf] [Decoded] [Client->Server] [Size: 8]
[OPCode: 0x7e31] [Decoded] [Client->Server] [Size: 4]
[OPCode: 0x2d37] [Decoded] [Client->Server] [Size: 4]
[OPCode: 0x32c6] [Decoded] [Server->Client] [Size: 140] - Probably OP_GuildMemberList
[OPCode: 0xd677] [Decoded] [Server->Client] [Size: 648] - OP_GuildMOTD
[OPCode: 0x35d3] [Decoded] [Server->Client] [Size: 8]
[OPCode: 0x7b6e] [Decoded] [Server->Client] [Size: 8]
[OPCode: 0x7062] [Decoded] [Client->Server] [Size: 40] - OP_ClientUpdate
[OPCode: 0x7eeb] [Decoded] [Server->Client] [Size: 62] - Looks like the EQPlayers update
[OPCode: 0x538f] [Decoded] [Server->Client] [Size: 10] - Probably OP_HPUpdate
[OPCode: 0x4b61] [Decoded] [Server->Client] [Size: 10] - Maybe new Mana Update
[OPCode: 0x02d6] [Decoded] [Server->Client] [Size: 10] - Maybe new Endurance Update
I will edit this list as I can make more confirmations. It shouldn't take me long to figure out most of this list. I can tell for sure that some of the orders have changed, so I think if I can get that sorted out, it may work almost flawlessly for SoF.
Last edited by trevius; 01-06-2009 at 02:59 AM..
|
|
|
|
|
|
|
01-05-2009, 06:15 PM
|
|
Developer
|
|
Join Date: Aug 2006
Location: USA
Posts: 5,946
|
|
I stumbled on a new struct last night. It doesn't really help this effort much, but it is probably worth noting for use later when we might be able to actually put it to use. There is a feature on Live that was in SoF as well, but not in Titanium. The new feature let's the client set certain spells to be blocked from hitting the client. This is for keeping buffs from overriding each other if you don't want them to.
The EQLive opcode for this is 0x0baa and I found the SoF opcode for it too. I built a struct for it with placeholders just to have something in place for it even though I don't know the values for it yet.
I also confirmed that EQLive now has 60 pages in the spell book as apposed to 50 in Titanium. This means that the MAX_PP_SPELLBOOK is now 480 in EQLive and probably in SoF as well. They had to add it when they upped player levels to 75, so I am sure it was in SoF, otherwise druids and maybe other classes could have overflowing spell books.
I am sure that most of my struct for SoF are correct or very close to it. I think I am just missing something minor that is keeping me from getting past this point I have been stuck at for the past couple of weeks. If I can just get pass that point, I feel that the rest will be much quicker and easier. My current guess is that I may not have all of the right opcodes being encoded on the way out that need to be for SoF. The client is expecting a 0 size opcode 0x1FA1, which is new since Titanium. Basically, it seems to be the same as SendExpZonein, accept instead of server sending that and getting it back from the client, it now sends this new opcode and waits for the SendExpZonein back from the client.
From looking at the EQLive logs, it looks like almost all packets are encoded now, at least while entering a zone. Maybe I have to set them all to be encoded for the client to get all of the info it needs for logging in. That is going to be a bit of a pain, because as far as I can tell, I have to create the handling stuff for each opcode that needs to be encoded. If there was a way for me to just set an opcode to be encoded in the Anniversary_ops.h and then only have to tell the Anniversary.cpp to use the structure for encoding, that would be pretty easy. But, it looks like I need to do something more like this for each one:
Code:
ENCODE(OP_ManaChange) {
ENCODE_LENGTH_EXACT(ManaChange_Struct);
SETUP_DIRECT_ENCODE(ManaChange_Struct, structs::ManaChange_Struct);
OUT(new_mana);
OUT(stamina);
OUT(spell_id);
FINISH_ENCODE();
}
I'm not exactly sure what the OUT stuff means, but I am guessing that all of the stuff set to go OUT is the stuff that gets encoded. If so, then I wonder what happens to stuff in the structure that isn't set to go OUT in the ENCODE. Does that stuff just get ignored? |
|
|
|
01-07-2009, 04:11 PM
|
|
Fire Beetle
|
|
Join Date: Oct 2004
Posts: 7
|
|
Long time lurker, 1st time caller. . .
This work you've been doing is very exciting. With the last ever boxed edition of EQ1 possibly being SoF, this is a big step. I have been looking through the wikis and the forums, and trying to find some up to dat info on if there is anything someone with an active eqlive account can do to collect information for the Devs.
Let me know if there is something that can be done with no experience besides setting up a mini login server in the basement.
Thanks,
Greldor
The Grand Creation
|
01-07-2009, 04:18 PM
|
|
Sarnak
|
|
Join Date: Dec 2006
Posts: 89
|
|
my god man...
i didnt believe in intelligent machines until i read this thread.
Trevius isnt human i tell you! he is the real life Bender!!!!
you're awesome man, good things are comming peoples!
on a nearly equally pointless side note. every time i type/read Trevius' name i think of Golan Trevise from the Foundation series. any relation by chance? |
|
|
|
01-07-2009, 04:55 PM
|
|
Developer
|
|
Join Date: Feb 2004
Location: UK
Posts: 1,540
|
|
Quote:
Originally Posted by trevius
I'm not exactly sure what the OUT stuff means, but I am guessing that all of the stuff set to go OUT is the stuff that gets encoded. If so, then I wonder what happens to stuff in the structure that isn't set to go OUT in the ENCODE. Does that stuff just get ignored?
|
The ENCODE/DECODE is used when the struct is different between Client versions.
ENCODE 'encodes' packets on the way out, from the server to the client, and DECODE does the reverse.
The ENCODE is a translation from the struct in common/eq_packet_structs.h to the struct in the client specific struct in patches/<Client version>_structs.h.
To take your example for OP_ManaChange. The 'EMU' struct for this, in common/eq_packet_structs.h is:
Code:
struct ManaChange_Struct
{
int32 new_mana; // New Mana AMount
int32 stamina;
int32 spell_id;
int32 unknown12;
};
while the Anniversary struct is:
Code:
struct ManaChange_Struct
{
int32 new_mana; // New Mana AMount
int32 stamina;
int32 spell_id;
int32 unknown12;
int32 unknown16;
};
As you can see, Anniversary has an extra field at the end of the struct.
Essentially, the ENCODE section in Anniversary.cpp is copying the fields from the Emulator version of the struct to the version that Anniversary edition needs. I think the outgoing packet is filled with zeroes before the ENCODE takes place, so unknown12 and unknown16 would be zero.
For each struct that has changed in SoF, you would need to map out the fields in the new structure and add it to Anniversary_structs.h, add the Opcode to Anniversary_ops.h and do an ENCODE in Anniversary.cpp.
You would also need to do the same for Client to Server opcodes where the struct has changed, but this time do a DECODE from the SoF client structure to the Emu struct.
|
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -4. The time now is 01:01 PM.
|
|
 |
|
 |
|
|
|
 |
|
 |
|
 |
Linear Mode
