After looking through the forums for the past month or so I noticed a few things that seem to be road blocks in making EQEmu more live like (crap grammar sorry). Mainly it seems LDoNs and the bazaar are the main missing features at the moment. So as far as I understand it, the main obstacle for these is figuring out the OPcodes.

Basically the way I understand it is without the OPcodes we can

Five minute rule got me before I noticed half my post was cut off.

here is the full post.

After looking through the forums for the past month or so I noticed a few things that seem to be road blocks in making EQEmu more live like (crap grammar sorry). Mainly it seems LDoNs and the bazaar are the main missing features at the moment. So as far as I understand it, the main obstacle for these is figuring out the OPcodes.

Basically the way I understand it is without the OPcodes we can not trigger the client to respond to LDoN's, bazaar, etc.

K here is the question.

Wouldn't it be easier to patch the client with our own OPcodes instead of trying to find theirs? or is that breaking the rules?

If I am way off the mark please tell me and I will go back to my little corner.

If we had the means to patch the client with our own opcodes then we could probably figure out the real opcodes.

Yes, that would be against the law, and it would be pretty much impossible to do anyway if I understand how it works.

I have been working the past few days to find another way to get the opcodes we need. So far, I haven't had a ton of luck yet, but I figure it is worth a shot.

One thing I have seen that might be helpful is that it looks like MQ2 has all of the opcodes for all commands listed in it, unless those are only opcodes for MQ2 itself.

The thing I can't figure out is exactly where opcodes are stored in the source of the emu. I see a list of them in the emu_oplist.h, but they all look like this:

N(OP_TradeSkillCombine),
N(OP_AugmentItem),
N(OP_ItemName),
N(OP_ShopItem),
N(OP_ShopPlayerBuy),
N(OP_ShopPlayerSell),
N(OP_ShopDelItem),
N(OP_ShopRequest),

I thought that opcodes were supposed to look more like hex or actual code like; "0xffff". Maybe the ones above are being converted into code? It would help alot more if I knew exactly what I was supposed to be looking for.

Also, I was curious from a legal standpoint, what are viable options for attaining the opcodes without breaking the law? I know in the past they have been attained from packet sniffing, but what about debugging the code, or reverse engineering the source of eqgame.exe or something like that? I know all of the info we could ever need should be in there, but what are our legal options for getting it out? I know modifying the file is illegal (at least if you plan to distribute it), but I think debugging it or reading it with a hex editor/etc should be ok.

Thanks for the replies KLS and Trevius. Guess I did not think that one through very well.

Sorry Trevius, I have no idea on your questions. I am just starting to learn about opcodes. Hopefully someone else knows.

Each patch has it's own opcode config file, nothing is stored in source anymore in regards to opcodes. patch_<patch name>.conf is where we store them.

ShowEQ is also a pretty good source for OPCodes is it not? Don't know how helpful that would be with respect to the bazaar and such tho as they are more concerned with mobs, spawns, loot, etc.

Ah, the billion dollar question... How to find OpCodes :-)

I've thought about this myself, and have run into a few roadblocks. Here are the possibilities I've thought of to get these bad boys from the client:


Packet sniffing
eqgame.exe (http://www.eqemulator.net/wiki/wikka.php?wakka=DevOpcodeFinding)
Grabbing from old versions of SEQ


Option 1 wouldn't be too bad, except you have to decode the packets, which makes just using Ethereal, etc, not very helpful. I think there are some utilities in the server source (using Perl) to decode the packets, but I haven't personally messed with any. Ideally, you could just do something on the client, the look for an OpCode that seems out of place.

Option 2 would probably be the best way to dig out OpCodes, especially ones we have no idea about, but it requires a lot of work and knowledge about Assembly (which I don't). As linked above, there is some info in the Wiki (http://www.eqemulator.net/wiki/wikka.php?wakka=DevOpcodeFinding) that gives some general info about doing this, but it's a little above my head.

Option 3 would probably be the easiest way at this point, since the work has already been done. However, unless something was just overlooked in the original (http://seq.cvs.sourceforge.net/seq/showeq/conf/worldopcodes.xml?revision=1.3&view=markup) SEQ files (http://seq.cvs.sourceforge.net/seq/showeq/conf/zoneopcodes.xml?revision=1.6&view=markup), I'm pretty sure we have all of the Titanium OpCodes we can get from SEQ. It looks like the same goes for Anniversary (http://seq.svn.sourceforge.net/viewvc/seq/showeq/trunk/conf/worldopcodes.xml?revision=675&view=markup) edition (http://seq.svn.sourceforge.net/viewvc/seq/showeq/trunk/conf/zoneopcodes.xml?revision=677&view=markup). On the plus side, it gives us a good place to start for the Live (http://seq.svn.sourceforge.net/viewvc/seq/showeq/trunk/conf/worldopcodes.xml?view=markup) client (http://seq.svn.sourceforge.net/viewvc/seq/showeq/trunk/conf/zoneopcodes.xml?view=markup).

Of course, if it was going to be easy, everything would be working by now ;-)

Actually there are a fair amount of bazaar related opcodes in the emulator (or rather, used by the emulator). Just like there appear to be opcodes for tribute, ldon, etc.