|
|
|
 |
|
|
 |
|
 |
 |
|
 |
 |
|
 |
|
| Development::Development Forum for development topics and for those interested in EQEMu development. (Not a support forum) |
 |
|
 |
12-21-2008, 06:33 PM
|
 |
Developer
|
|
Join Date: Aug 2006
Location: USA
Posts: 5,946
|
|
Ya, I have been using all of those to get as far as I have :P They have been very useful.
Even though SoF was released on 11/13/07, it was actually built on 9/7/07 (according to the EQ Debug Logs). So, anything from 9/7/07 to around the beginning of 2008 is probably useful. They may have patched in some of the SoF stuff to live before it actually came out, so the structures and stuff may have already been there for the most part. The main thing that would have changed alot are the opcodes. Unfortunately, most of the opcodes in SEQ weren't updated until after December, so many of them aren't correct.
I am thinking about trying a current version of SEQ and running a trial live account just to see if I can find 100% accurate structures that can be used to help getting SoF to work. I am betting that the current live structs are probably closer to SoF than the Titanium ones are.
If anyone has packet collects from right around the time that SoF was released (preferrably from SEQ if possible), I would love to get a copy of them. I think that would help alot once I knew what I was looking at. But, I am not holding my breath to get them, because I doubt anyone has still them.
I am not really sure what it is for, but a code obfuscater was added to SEQ around the time that SoF came out. From looking at the comments around the code for it, it appears to be used for pulling opcodes directly from the assembly code of the eqgame.exe. I have no idea how it is actually used though, or if I am just misunderstanding what it does. I have seen comments about it on the SEQ forums that seem to say something about opcodes changing from time to time when you zone or log on other characters/servers. I guess it is some kind of simple encryption or something. But, it seems that the new obfuscate can pull an opcode table from the exe file. If that is true, maybe we can use it on Titanium, and then on SoF and compare the 2 tables and compare the conf files for known opcodes and match them up. Here is a link to the obfuscate getting added to SEQ SVN:
http://seq.svn.sourceforge.net/viewv...85&pathrev=686
Last edited by trevius; 12-22-2008 at 03:16 AM..
|
 |
|
 |
12-23-2008, 04:57 PM
|
|
Developer
|
|
Join Date: Aug 2006
Location: USA
Posts: 5,946
|
|
I moved this to the development section, because it seems more appropriate.
|
|
|
|
12-24-2008, 10:03 PM
|
|
Developer
|
|
Join Date: Aug 2006
Location: USA
Posts: 5,946
|
|
I figured out where it is currently breaking when it is trying to log in. It seems that the opcode OP_SendExpZonein=0x3703 is where the problem is. This is the last opcode that the client receives before it stops responding. I also verified that by removing this opcode from Titanium it will fail at the exact same point according to the EQ Debug Logs.
Code:
DoMainLoop: just before first while(!EverQuest.ReceievedWorldObjects).
Actually, in Titanium, the log entry is slightly different, but it is the same thing just renamed:
Code:
DoMainLoop: just before first while(!ReadyEnterWorld).
My guess is that this opcode now needs to be encoded like many of the other important ones. And since it isn't being encoded, it isn't recognizing it, so it is failing. I am 99% sure that I have the correct opcode set for it.
Looking at the place where it is failing, here is the Assembly code for it:
Code:
.text:004DCC8F push offset aDomainloopJu_1 ; "DoMainLoop: just before first while(!Ev"...
.text:004DCC94 mov dword_907F60, esi
.text:004DCC9A call sub_645680 ; Call Procedure
.text:004DCC9F mov al, byte_9262EC
.text:004DCCA4 add esp, 18h ; Add
.text:004DCCA7 cmp al, bl ; Compare Two Operands
.text:004DCCA9 jnz short loc_4DCCF8 ; Jump if Not Zero (ZF=0)
.text:004DCCAB jmp short loc_4DCCB0 ; Jump
.text:004DCCAB ; ---------------------------------------------------------------------------
.text:004DCCAD align 10h
.text:004DCCB0
.text:004DCCB0 loc_4DCCB0: ; CODE XREF: sub_4DC610+69Bj
.text:004DCCB0 ; sub_4DC610+6E6j
.text:004DCCB0 mov eax, dword_761C6C
.text:004DCCB5 cmp eax, ebx ; Compare Two Operands
.text:004DCCB7 jz short loc_4DCCCA ; Jump if Zero (ZF=1)
.text:004DCCB9 mov ecx, [eax+4Ch]
.text:004DCCBC cmp ecx, ebx ; Compare Two Operands
.text:004DCCBE jz short loc_4DCCCA ; Jump if Zero (ZF=1)
.text:004DCCC0 push 1F4h
.text:004DCCC5 call sub_60DAD0 ; Call Procedure
.text:004DCCCA
.text:004DCCCA loc_4DCCCA: ; CODE XREF: sub_4DC610+6A7j
.text:004DCCCA ; sub_4DC610+6AEj
.text:004DCCCA mov ecx, edi
.text:004DCCCC call sub_4D9FF0 ; Call Procedure
.text:004DCCD1 push 1
.text:004DCCD3 push 4841h
.text:004DCCD8 push offset aCP4Everquest_0 ; "C:\\p4\\EverQuest\\live\\EverQuest\\EverQues"...
.text:004DCCDD mov ecx, edi
.text:004DCCDF call sub_4C1EA0 ; Call Procedure
.text:004DCCE4 test al, al ; Logical Compare
.text:004DCCE6 jnz loc_4DE160 ; Jump if Not Zero (ZF=0)
.text:004DCCEC push 1
.text:004DCCEE call ebp ; Indirect Call Near Procedure
.text:004DCCF0 cmp byte_9262EC, bl ; Compare Two Operands
.text:004DCCF6 jz short loc_4DCCB0 ; Jump if Zero (ZF=1)
.text:004DCCF8
.text:004DCCF8 loc_4DCCF8: ; CODE XREF: sub_4DC610+699j
.text:004DCCF8 push offset aDomainloopComp ; "DoMainLoop: complete after first while("...
.text:004DCCFD call sub_645680 ; Call Procedure
.text:004DCD02 add esp, 4 ; Add
.text:004DCD05 mov ecx, edi
.text:004DCD07 call sub_4E3B70 ; Call Procedure
.text:004DCD0C push 1
.text:004DCD0E mov ecx, edi
.text:004DCD10 mov dword_926EAC, ebx
.text:004DCD16 mov dword_926EA8, ebx
.text:004DCD1C call sub_4C2850 ; Call Procedure
.text:004DCD21 mov dword ptr [edi+38E94h], 1
.text:004DCD2B cmp byte_98452C, bl ; Compare Two Operands
.text:004DCD31 jz loc_4DCDE6 ; Jump if Zero (ZF=1)
.text:004DCD37 mov ecx, dword_907F0C
.text:004DCD3D push ebx
.text:004DCD3E push 3043h
.text:004DCD43 mov byte_98452C, bl
.text:004DCD49 call sub_6138B0 ; Call Procedure
.text:004DCD4E push 1 ; char
.text:004DCD50 push 111h ; int
.text:004DCD55 push eax ; char *
.text:004DCD56 mov ecx, edi
.text:004DCD58 call sub_4C5160 ; Call Procedure
.text:004DCD5D mov eax, dword_907F54
.text:004DCD62 mov edx, [eax+8]
.text:004DCD65 mov ecx, [edx+4]
.text:004DCD68 lea eax, [ecx+eax+8] ; Load Effective Address
.text:004DCD6C lea ecx, [eax+4] ; Load Effective Address
.text:004DCD6F call sub_61DF20 ; Call Procedure
.text:004DCD74 cmp dword ptr [eax+1304h], 0Ah ; Compare Two Operands
.text:004DCD7B jg short loc_4DCD96 ; Jump if Greater (ZF=0 & SF=OF)
.text:004DCD7D mov ecx, dword_907F0C
.text:004DCD83 push ebx
.text:004DCD84 push 213Ah
.text:004DCD89 call sub_6138B0 ; Call Procedure
.text:004DCD8E push eax ; char *
.text:004DCD8F mov ecx, edi
.text:004DCD91 call sub_4C5310 ; Call Procedure
.text:004DCD96
.text:004DCD96 loc_4DCD96: ; CODE XREF: sub_4DC610+76Bj
.text:004DCD96 mov ecx, dword_907F54
.text:004DCD9C add ecx, 0EEF8h ; Add
.text:004DCDA2 xor esi, esi ; Logical Exclusive OR
.text:004DCDA4 call sub_41C4D0 ; Call Procedure
.text:004DCDA9 test al, al ; Logical Compare
.text:004DCDAB jbe short loc_4DCDE6 ; Jump if Below or Equal (CF=1 | ZF=1)
.text:004DCDAD db 8Dh,49h,0 ; <BAD>lea ecx, [ecx+0] ; Load Effective Address
.text:004DCDB0
.text:004DCDB0 loc_4DCDB0: ; CODE XREF: sub_4DC610+7D4j
.text:004DCDB0 mov ecx, dword_907F54
.text:004DCDB6 push esi
.text:004DCDB7 add ecx, 0EEF8h ; Add
.text:004DCDBD call sub_41DA40 ; Call Procedure
.text:004DCDC2 cmp [eax], bl ; Compare Two Operands
.text:004DCDC4 jz short loc_4DCDCD ; Jump if Zero (ZF=1)
.text:004DCDC6 mov byte_925E8C, 1
.text:004DCDCD
.text:004DCDCD loc_4DCDCD: ; CODE XREF: sub_4DC610+7B4j
.text:004DCDCD mov ecx, dword_907F54
.text:004DCDD3 add ecx, 0EEF8h ; Add
.text:004DCDD9 inc esi ; Increment by 1
.text:004DCDDA call sub_41C4D0 ; Call Procedure
.text:004DCDDF movzx edx, al ; Move with Zero-Extend
.text:004DCDE2 cmp esi, edx ; Compare Two Operands
.text:004DCDE4 jl short loc_4DCDB0 ; Jump if Less (SF!=OF)
.text:004DCDE6
.text:004DCDE6 loc_4DCDE6: ; CODE XREF: sub_4DC610+721j
.text:004DCDE6 ; sub_4DC610+79Bj
.text:004DCDE6 push ebx ; int
.text:004DCDE7 push ebx ; int
.text:004DCDE8 push ebx ; int
.text:004DCDE9 push ebx ; int
.text:004DCDEA push ebx ; int
.text:004DCDEB push ebx ; int
.text:004DCDEC push ebx ; int
.text:004DCDED push ebx ; int
.text:004DCDEE push offset byte_925F9C ; int
.text:004DCDF3 lea eax, [esp+104h] ; Load Effective Address
.text:004DCDFA push 3045h ; int
.text:004DCDFF push eax ; char *
.text:004DCE00 call sub_4A3080 ; Call Procedure
.text:004DCE05 add esp, 2Ch ; Add
.text:004DCE08 push 1 ; char
.text:004DCE0A push 111h ; int
.text:004DCE0F lea ecx, [esp+0E8h] ; Load Effective Address
.text:004DCE16 push ecx ; char *
.text:004DCE17 mov ecx, edi
.text:004DCE19 call sub_4C5160 ; Call Procedure
.text:004DCE1E call sub_4EA590 ; Call Procedure
.text:004DCE23 mov ecx, eax
.text:004DCE25 call sub_4EA5C0 ; Call Procedure
.text:004DCE2A cmp dword_926328, 4 ; Compare Two Operands
.text:004DCE31 jnz short loc_4DCE92 ; Jump if Not Zero (ZF=0)
.text:004DCE33 mov eax, dword_907F54
.text:004DCE38 mov edx, [eax+8]
.text:004DCE3B mov ecx, [edx+4]
.text:004DCE3E lea eax, [ecx+eax+8] ; Load Effective Address
.text:004DCE42 lea ecx, [eax+4] ; Load Effective Address
.text:004DCE45 call sub_61DF20 ; Call Procedure
.text:004DCE4A cmp dword ptr [eax+1304h], 6 ; Compare Two Operands
.text:004DCE51 jge short loc_4DCE92 ; Jump if Greater or Equal (SF=OF)
.text:004DCE53 mov eax, dword_907F54
.text:004DCE58 mov edx, [eax+8]
.text:004DCE5B mov ecx, [edx+4]
.text:004DCE5E mov eax, [ecx+eax+108h]
.text:004DCE65 mov ecx, dword_907F34
.text:004DCE6B push eax
.text:004DCE6C call sub_62A060 ; Call Procedure
.text:004DCE71 test al, al ; Logical Compare
.text:004DCE73 jnz short loc_4DCE92 ; Jump if Not Zero (ZF=0)
.text:004DCE75 mov ecx, dword_907F0C
.text:004DCE7B push 1 ; char
.text:004DCE7D push 0Dh ; int
.text:004DCE7F push ebx
.text:004DCE80 push 3046h
.text:004DCE85 call sub_6138B0 ; Call Procedure
.text:004DCE8A push eax ; char *
.text:004DCE8B mov ecx, edi
.text:004DCE8D call sub_4C5160 ; Call Procedure
.text:004DCE92
.text:004DCE92 loc_4DCE92: ; CODE XREF: sub_4DC610+821j
.text:004DCE92 ; sub_4DC610+841j ...
.text:004DCE92 mov al, byte ptr word_92636C
.text:004DCE97 cmp al, 7Eh ; Compare Two Operands
.text:004DCE99 jz short loc_4DCED4 ; Jump if Zero (ZF=1)
.text:004DCE9B cmp al, bl ; Compare Two Operands
.text:004DCE9D jz short loc_4DCED4 ; Jump if Zero (ZF=1)
.text:004DCE9F push ebx ; int
.text:004DCEA0 push ebx ; int
.text:004DCEA1 push ebx ; int
.text:004DCEA2 push ebx ; int
.text:004DCEA3 push ebx ; int
.text:004DCEA4 push ebx ; int
.text:004DCEA5 push ebx ; int
.text:004DCEA6 push ebx ; int
.text:004DCEA7 push offset word_92636C ; int
.text:004DCEAC lea edx, [esp+104h] ; Load Effective Address
.text:004DCEB3 push 3047h ; int
.text:004DCEB8 push edx ; char *
.text:004DCEB9 call sub_4A3080 ; Call Procedure
.text:004DCEBE add esp, 2Ch ; Add
.text:004DCEC1 push 1 ; char
.text:004DCEC3 push 0Fh ; int
.text:004DCEC5 lea eax, [esp+0E8h] ; Load Effective Address
.text:004DCECC push eax ; char *
.text:004DCECD mov ecx, edi
.text:004DCECF call sub_4C5160 ; Call Procedure
.text:004DCED4
.text:004DCED4 loc_4DCED4: ; CODE XREF: sub_4DC610+889j
.text:004DCED4 ; sub_4DC610+88Dj
.text:004DCED4 mov ecx, offset unk_761D50
.text:004DCED9 mov byte ptr word_92636C, 7Eh
.text:004DCEE0 call sub_453C10 ; Call Procedure
.text:004DCEE5 mov ecx, dword_996AB4
.text:004DCEEB cmp ecx, ebx ; Compare Two Operands
.text:004DCEED jz short loc_4DCEF4 ; Jump if Zero (ZF=1)
.text:004DCEEF call sub_5E8870 ; Call Procedure
.text:004DCEF4
.text:004DCEF4 loc_4DCEF4: ; CODE XREF: sub_4DC610+8DDj
.text:004DCEF4 push offset aDomainloopJu_2 ; "DoMainLoop: just before second while(!R"...
.text:004DCEF9 call sub_645680 ; Call Procedure
.text:004DCEFE add esp, 4 ; Add
.text:004DCF01 call sub_4EC1F0 ; Call Procedure
.text:004DCF06 mov esi, eax
.text:004DCF08 cmp [esi+20h], bl ; Compare Two Operands
.text:004DCF0B jnz short loc_4DCF14 ; Jump if Not Zero (ZF=0)
.text:004DCF0D mov ecx, esi
.text:004DCF0F call sub_4EBE60 ; Call Procedure
.text:004DCF14
.text:004DCF14 loc_4DCF14: ; CODE XREF: sub_4DC610+8FBj
.text:004DCF14 mov byte ptr [esi+20h], 1
.text:004DCF18 mov ecx, dword_9A1CB4
.text:004DCF1E push 1
.text:004DCF20 dec ecx ; Decrement by 1
.text:004DCF21 push ebx
.text:004DCF22 mov dword_9A1CB4, ecx
.text:004DCF28 mov ecx, dword_761C68
.text:004DCF2E push 3703h
.text:004DCF33 call sub_637360 ; Call Procedure
.text:004DCF38 push eax
.text:004DCF39 push offset dword_907EF0
.text:004DCF3E push ebx
.text:004DCF3F push ebx ; char
.text:004DCF40 call sub_4BB750 ; Call Procedure
.text:004DCF45 dec dword_907F60 ; Decrement by 1
.text:004DCF4B call sub_4A2CF0 ; Call Procedure
.text:004DCF50 push offset aZoneConnectSen ; "Zone Connect -- Sending out a MSG_READY"...
.text:004DCF55 call sub_645680 ; Call Procedure
.text:004DCF5A mov eax, dword_925C80
.text:004DCF5F add esp, 18h ; Add
.text:004DCF62 cmp eax, ebx ; Compare Two Operands
.text:004DCF64 jnz short loc_4DCFAA ; Jump if Not Zero (ZF=0)
And, from client_packet.cpp, here is the code that handles that opcode:
Code:
void Client::Handle_Connect_OP_SendExpZonein(const EQApplicationPacket *app)
{
//////////////////////////////////////////////////////
// Spawn Appearance Packet
EQApplicationPacket* outapp = new EQApplicationPacket(OP_SpawnAppearance, sizeof(SpawnAppearance_Struct));
SpawnAppearance_Struct* sa = (SpawnAppearance_Struct*)outapp->pBuffer;
sa->type = AT_SpawnID; // Is 0x10 used to set the player id?
sa->parameter = GetID(); // Four bytes for this parameter...
outapp->priority = 6;
QueuePacket(outapp);
safe_delete(outapp);
// Inform the world about the client
outapp = new EQApplicationPacket();
CreateSpawnPacket(outapp);
outapp->priority = 6;
if (!GetHideMe()) entity_list.QueueClients(this, outapp, true);
safe_delete(outapp);
if(GetPVP()) //force a PVP update until we fix the spawn struct
SendAppearancePacket(AT_PVP, GetPVP(), true, false);
//Send AA Exp packet:
if(GetLevel() >= 51)
SendAAStats();
// Send exp packets
outapp = new EQApplicationPacket(OP_ExpUpdate, sizeof(ExpUpdate_Struct));
ExpUpdate_Struct* eu = (ExpUpdate_Struct*)outapp->pBuffer;
int32 tmpxp1 = GetEXPForLevel(GetLevel()+1);
int32 tmpxp2 = GetEXPForLevel(GetLevel());
// Quag: crash bug fix... Divide by zero when tmpxp1 and 2 equalled each other, most likely the error case from GetEXPForLevel() (invalid class, etc)
if (tmpxp1 != tmpxp2 && tmpxp1 != 0xFFFFFFFF && tmpxp2 != 0xFFFFFFFF) {
float tmpxp = (float) ( (float) m_pp.exp-tmpxp2 ) / ( (float) tmpxp1-tmpxp2 );
eu->exp = (uint32)(330.0f * tmpxp);
outapp->priority = 6;
QueuePacket(outapp);
}
safe_delete(outapp);
if(GetLevel() >= 51)
SendAATimers();
outapp = new EQApplicationPacket(OP_SendExpZonein, 0);
QueuePacket(outapp);
safe_delete(outapp);
outapp = new EQApplicationPacket(OP_RaidUpdate, sizeof(ZoneInSendName_Struct));
ZoneInSendName_Struct* zonesendname=(ZoneInSendName_Struct*)outapp->pBuffer;
strcpy(zonesendname->name,m_pp.name);
strcpy(zonesendname->name2,m_pp.name);
zonesendname->unknown0=0x0A;
QueuePacket(outapp);
safe_delete(outapp);
/* this is actually the guild MOTD
outapp = new EQApplicationPacket(OP_ZoneInSendName2, sizeof(ZoneInSendName_Struct2));
ZoneInSendName_Struct2* zonesendname2=(ZoneInSendName_Struct2*)outapp->pBuffer;
strcpy(zonesendname2->name,m_pp.name);
QueuePacket(outapp);
safe_delete(outapp);*/
if(IsInAGuild()) {
SendGuildMembers();
}
//No idea why live sends this if even were not in a guild
SendGuildMOTD();
return;
}
So, either the opcode needs to be encoded, or this handling code needs to be changed. I am guessing the opcode needs to be encoded, because the jump is looking for anything that isn't 0, so I would think that it is just making sure it got something for it. And, if it isn't encoded and is supposed to be, maybe it shows up as 0. But, if it doesn't need to be encoded, I don't know why it would be 0.
I will mess with it and see if I can figure out how to get that opcode encoded, but I don't really know how that will work, since the only opcodes I see currently getting encoded already have structures tied to them, but I don't see one for SendExpZonein. Unless maybe it is named differently.
At least I know where it is failing now, so I should be able to come up with something to move it to the next step. It should be getting pretty close now. I was able to find and verify more of the required opcodes for logging in over the past couple of days as well. Making some progress at least  |
|
|
|
|
|
|
12-28-2008, 06:08 PM
|
|
Developer
|
|
Join Date: Aug 2006
Location: USA
Posts: 5,946
|
|
I am still stuck at this same point, but I am not giving up that easily :P Last night, I started trying to figure out why character creation wasn't working. I have the correct Opcode, but I see that the server is expecting a struct to come in and the client is sending just the opcode with a size of 0. The client just hangs probably waiting for something back that we aren't sending. I am going to try filling in the needed character select stuff on the server side and then have it send the character create opcode back to the client. So, it would be working in reverse of how Titanium does it. If that works, then it means they might have been adjusting the order of server/client communications, maybe to optimize some stuff.
If so, maybe that is the reason that sendexpzonein is failing. It could be waiting for something else that we aren't sending. I will try forcing a few of the packets that normally follow the sendexpzonein and see if that makes any difference. I definitely see it is doing something extra in the assembly code of SoF that wasn't in Titanium, but there is no way to really tell what it is. It could either be waiting for an extra opcode that got added to the sendexpzonein stuff, or it could be waiting for a new structure that we don't have in Titanium. I am hoping it is the former, not the latter.
Other than that, the other big difference I notice is that some of the subs being called in area where the problem is happening have about 1000 set as the variables where Titanium has about 800 set. That makes me think that it is checking the size of a certain packet structure, but I don't know which one. If I am right, I think that one of the structures needed at this point has changed and we need to figure out which one and what it was changed to so it can be adjusted.
My last resort will be to setup the current showeq for Live and setup a trial account to watch the logs from SEQ and see what the current structures really are. I am sure that some of the SEQ structures are correct, but there is alot of info they don't need for SEQ to function so it probably gets ignored. Maybe I can find more details and get them filled in to get it working. Also, it would help to see if anything new is being sent. Unfortunately, I don't have any SEQ logs from when Titanium was running on Live, so I don't have anything to compare with. That will probably make feeding through this stuff considerably harder.
|
|
|
|
12-28-2008, 10:55 PM
|
|
Developer
|
|
Join Date: Aug 2006
Location: USA
Posts: 5,946
|
|
From looking at the MQ2 source, I found a few more item fields that may be needed for SoF to load items properly:
HeroicSvPoison
HeroicSvMagic
HeroicSvFire
HeroicSvDisease
HeroicSvCold
HeroicSvCorruption
MaxPower
Power
I imagine that the Herioc Resists are almost certainly required fields. The Power and MaxPower fields may not be required though, I don't really know much about them.
|
|
|
|
12-29-2008, 04:21 AM
|
|
Developer
|
|
Join Date: Aug 2006
Location: USA
Posts: 5,946
|
|
Maybe the MQ2 source can be useful after-all. After looking at it again, some of the stuff in there is starting to make more sense to me now that I am getting more used to looking at the assembly code from eqgame.exe. I found that MQ2 even has a version for the SoF retail eqgame.exe by looking at the debug from SoF:
Code:
Starting EverQuest (Built Sep 7 2007 09:11:49)
And then at the MQ2 build for that date, it wants this exact version (seen in the MQ2Main\eqgame.h file):
Code:
#define __ClientName "eqgame"
#define __ExpectedVersionDate "Sep 7 2007"
#define __ExpectedVersionTime "09:11:49"
So, that tells me that everything we needed to build EQ for SoF was actually already in place at that time.
This should also mean that SEQ structs and maybe some opcodes from that time might be useful as well. Unfortunately, SEQ wasn't updated between 3/25/2007 and 11/05/2007. It was just not functioning at all for about 6 months in between there. They finally got it working again in November right before the actual retail release of SoF. But, at least this confirms that I should use certain older structures over some that were changed after that. |
|
|
|
|
|
|
12-31-2008, 07:07 PM
|
|
Developer
|
|
Join Date: Aug 2006
Location: USA
Posts: 5,946
|
|
After being stumped on this a while, I finally decided to take a step that would hopefully help me alot. I paid for my old EQ account so it could play on EQLive again. Then, I got the current version of ShowEQ working and put a hub in my network so I can sniff the packets to/from EQ. This is letting me watch the logs directly from EQLive that show pretty much everything I would need to get EQEmu working with EQLive. I am hoping that EQLive runs pretty close to how SoF did, and it should since there haven't been nearly as many changes to Live since SoF as there was from Titanium to SoF.
Already, I have found that the order of packets when logging in is pretty different from Titanium. I think I found the place that is stopping me from logging in all of the way. I just need to work on it some more to get it past that point. From what I can tell so far, it looks like this will be more helpful than anything I have tried. I am hoping to make more progress tonight now that I have this new information.
Here is an example of the logs of zoning in. I cut out a bunch of the actual data and stuff. I also made notes next to some of the packets.
Code:
Dec 31 2008 05:43:05:342 [Raw] [Client->Server] [Size: 12]
[OPCode: 0x0100]
000 | 00 00 00 02 6b 0b ee 8f 00 00 02 00 | ....k.......
Dec 31 2008 05:43:05:442 [Raw] [Server->Client] [Size: 19]
[OPCode: 0x0200]
000 | 6b 0b ee 8f 45 d7 b5 02 02 01 00 00 00 02 00 00 | k...E...........
Dec 31 2008 05:43:05:450 [Raw] [Client->Server] [Size: 38]
[OPCode: 0x0700]
000 | f0 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
Dec 31 2008 05:43:05:562 [Raw] [Server->Client] [Size: 38]
[OPCode: 0x0800]
000 | f0 82 aa d9 db 45 00 00 00 00 00 00 00 02 00 00 | .....E..........
Dec 31 2008 05:43:05:722 [Raw] [Client->Server] [Size: 86]
[OPCode: 0x0300]
000 | 0a 00 09 00 00 94 35 00 00 00 00 4a 00 09 00 01 | ......5....J....
Dec 31 2008 05:43:05:722 [Decoded] [Client->Server] [Size: 4] - Probably OP_AckPacket
[OPCode: 0x3594]
000 | 00 00 00 00 | ....
Dec 31 2008 05:43:05:722 [Decoded] [Client->Server] [Size: 68] - OP_ZoneEntry
[OPCode: 0x5a6b]
[Name: OP_ZoneEntry][Updated: 10/07/08][Type: ClientZoneEntryStruct (68) ==]
Dec 31 2008 05:43:05:882 [Raw] [Server->Client] [Size: 5]
[OPCode: 0x1500]
000 | a5 00 01 4a 4f | ...JO
Dec 31 2008 05:43:05:882 [Raw] [Server->Client] [Size: 406] - Varies in size
[OPCode: 0x0900]
000 | 00 00 00 19 0e f0 1a c1 88 00 00 00 00 00 00 64 | ...............d
Dec 31 2008 05:43:05:882 [Decoded] [Server->Client] [Size: 12]
[OPCode: 0x1af0]
000 | c1 88 00 00 00 00 00 00 64 00 00 00 | ........d...
Dec 31 2008 05:43:05:883 [Decoded] [Server->Client] [Size: 0]
[OPCode: 0x3bef]
Dec 31 2008 05:43:05:883 [Decoded] [Server->Client] [Size: 120] - OP_SendAATable
[OPCode: 0x322f]
000 | 02 00 00 00 01 ff ff ff ff ff ff ff ff 02 00 00 | ................
Dec 31 2008 05:43:06:603 [Raw] [Client->Server] [Size: 5]
[OPCode: 0x1500]
000 | a5 00 23 0b ab | ..#..
Dec 31 2008 05:43:06:696 [Raw] [Server->Client] [Size: 507] - I think these are compressed, combined or encoded packets, or maybe combinations of each
[OPCode: 0x0d00]
000 | 00 26 00 00 5b c2 22 60 fd 19 df 72 00 00 00 00 | .&..[."`...r....
Dec 31 2008 05:43:06:973 [Decoded] [Server->Client] [Size: 23488] - OP_PlayerProfile
[OPCode: 0x6022]
[Name: OP_PlayerProfile][Updated: 01/17/08][Type: charProfileStruct (23488) ==]
Dec 31 2008 05:43:07:150 [Decoded] [Server->Client] [Size: 334] - OP_ZoneEntry
[OPCode: 0x5a6b]
[Name: OP_ZoneEntry][Updated: 10/07/08][Type: uint8_t (1) nc]
Dec 31 2008 05:43:07:163 [Decoded] [Server->Client] [Size: 8] - OP_TimeOfDay
[OPCode: 0x6015]
[Name: OP_TimeOfDay][Updated: 01/17/08][Type: timeOfDayStruct (8) ==]
000 | 16 2b 02 01 69 0c 00 00 | .+..i...
Dec 31 2008 05:43:07:163 [Decoded] [Server->Client] [Size: 48] - Maybe OP_TributeUpdate
[OPCode: 0x399b]
000 | 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff | ................
Dec 31 2008 05:43:07:179 [Decoded] [Client->Server] [Size: 4]
[OPCode: 0x4036]
000 | a9 04 00 00 | ....
Dec 31 2008 05:43:07:179 [Decoded] [Client->Server] [Size: 4] - Probably OP_AckPacket
[OPCode: 0x3594]
000 | 00 00 00 00 | ....
Dec 31 2008 05:43:07:680 [Decoded] [Server->Client] [Size: 205802] - Character Inventory
[OPCode: 0x709d]
000 | 30 00 00 00 01 00 00 00 00 00 00 00 1e 00 00 00 | 0...............
Dec 31 2008 05:43:08:028 [Decoded] [Server->Client] [Size: 4]
[OPCode: 0x5412]
000 | 00 00 00 00 | ....
Dec 31 2008 05:43:08:029 [Decoded] [Server->Client] [Size: 12] - Looks like OP_Weather
[OPCode: 0x2641]
000 | ff 00 00 00 00 00 00 00 01 00 00 00 | ............
Dec 31 2008 05:43:08:029 [Decoded] [Server->Client] [Size: 4] - OP_DeleteSpawn
[OPCode: 0x4292]
[Name: OP_DeleteSpawn][Updated: 10/07/08][Type: deleteSpawnStruct (4) ==]
000 | 4f 48 00 00 | OH..
Dec 31 2008 05:43:08:029 [Decoded] [Server->Client] [Size: 4]
[OPCode: 0x6c26]
000 | 00 00 00 00 | ....
Dec 31 2008 05:43:08:029 [Decoded] [Server->Client] [Size: 24]
[OPCode: 0x2c4c]
000 | 92 cb ce 02 08 08 00 00 0b e0 d9 aa 00 00 00 00 | ................
016 | 10 00 00 00 00 00 00 00 | ........
Dec 31 2008 05:43:08:431 [Decoded] [Client->Server] [Size: 1]
[OPCode: 0x0924]
000 | 30 | 0
Dec 31 2008 05:43:08:431 [Decoded] [Client->Server] [Size: 0]
[OPCode: 0x43ac]
Dec 31 2008 05:43:08:431 [Decoded] [Client->Server] [Size: 0] - Maybe OP_ReqNewZone
[OPCode: 0x466c]
Dec 31 2008 05:43:08:611 [Decoded] [Server->Client] [Size: 20]
[OPCode: 0x116d]
000 | 00 00 00 00 a0 bb 0d 00 20 bf 02 00 05 00 00 00 | ........ .......
016 | 00 00 00 00 | ....
Dec 31 2008 05:43:08:612 [Decoded] [Server->Client] [Size: 932] - OP_NewZone
[OPCode: 0x5ca5]
[Name: OP_NewZone][Updated: 01/17/08][Type: newZoneStruct (932) ==]
Dec 31 2008 05:43:08:676 [Decoded] [Server->Client] [Size: 921] - Custom Titles
[OPCode: 0x1b26]
000 | 22 00 00 00 3c 00 00 00 64 00 00 00 41 70 70 72 | "...<...d...Appr
Dec 31 2008 05:43:12:766 [Decoded] [Client->Server] [Size: 4] - OP_TargetMouse?
[OPCode: 0x7bbb]
[Name: OP_TargetMouse][Updated: 01/17/08][Type: clientTargetStruct (4) ==]
000 | 00 00 00 00 | ....
Dec 31 2008 05:43:14:898 [Decoded] [Client->Server] [Size: 4] - Probably OP_AckPacket
[OPCode: 0x3594]
000 | 00 00 00 00 | ....
Dec 31 2008 05:43:14:898 [Decoded] [Client->Server] [Size: 0] - Request Client Spawn
[OPCode: 0x1436]
Dec 31 2008 05:43:15:015 [Decoded] [Server->Client] [Size: 184] - Spawn Doors
[OPCode: 0x102f]
000 | 41 43 44 4f 4f 52 53 33 31 30 00 00 ff ff 00 00 | ACDOORS310......
Dec 31 2008 05:43:15:027 [Decoded] [Server->Client] [Size: 484]
[OPCode: 0x5821]
000 | 13 00 00 00 00 00 00 00 00 00 87 43 00 00 d9 44 | ...........C...D
Dec 31 2008 05:43:15:028 [Decoded] [Server->Client] [Size: 0] - New World Objects Sent (Replaced sendexpzonein)
[OPCode: 0x69cd]
Dec 31 2008 05:43:15:167 [Decoded] [Client->Server] [Size: 88]
[OPCode: 0x0baa]
000 | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff | ................
Dec 31 2008 05:43:15:168 [Decoded] [Client->Server] [Size: 0] - Send Exp Zone In
[OPCode: 0x7b73]
Dec 31 2008 05:43:15:339 [Decoded] [Server->Client] [Size: 8] - OP_SpawnAppearance
[OPCode: 0x10b7]
[Name: OP_SpawnAppearance][Updated: 01/17/08][Type: spawnAppearanceStruct (8) ==]
000 | 00 00 10 00 53 48 00 00 | ....SH..
Dec 31 2008 05:43:15:339 [Decoded] [Server->Client] [Size: 12] - OP_AAExpUpdate
[OPCode: 0x3088]
[Name: OP_AAExpUpdate][Updated: 01/17/08][Type: altExpUpdateStruct (12) ==]
000 | 06 00 00 00 00 00 00 00 00 00 00 00 | ............
Dec 31 2008 05:43:15:340 [Decoded] [Server->Client] [Size: 8] - OP_ExpUpdate
[OPCode: 0x0e98]
[Name: OP_ExpUpdate][Updated: 01/17/08][Type: expUpdateStruct (8) ==]
000 | 43 00 00 00 00 00 00 00 | C.......
Dec 31 2008 05:43:15:340 [Decoded] [Server->Client] [Size: 12]
[OPCode: 0x50d0]
000 | 00 00 00 00 00 00 00 00 25 59 5b 49 | ........%Y[I
Dec 31 2008 05:43:15:355 [Decoded] [Server->Client] [Size: 0]
[OPCode: 0x7b73]
Dec 31 2008 05:43:15:506 [Decoded] [Client->Server] [Size: 128]
[OPCode: 0x7312]
000 | 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 | ................
Dec 31 2008 05:43:15:621 [Decoded] [Server->Client] [Size: 4704] - List of Rewards available from /claim
[OPCode: 0x4e4e]
000 | cc 0b 00 00 01 00 00 00 01 00 00 00 bc 9f 00 00 | ................
Dec 31 2008 05:43:15:625 [Decoded] [Server->Client] [Size: 12] - OP_SimpleMessage
[OPCode: 0x5448]
[Name: OP_SimpleMessage][Updated: 01/17/08][Type: simpleMessageStruct (12) ==]
000 | 0e 0e 00 00 0f 00 00 00 00 00 00 00 | ............
Dec 31 2008 05:43:15:625 [Decoded] [Server->Client] [Size: 4]
[OPCode: 0x435b]
000 | 00 00 00 00 | ....
Dec 31 2008 05:43:15:625 [Decoded] [Server->Client] [Size: 4]
[OPCode: 0x0296]
000 | 00 00 00 00 | ....
Dec 31 2008 05:43:15:626 [Decoded] [Server->Client] [Size: 326] - OP_ZoneEntry (this time from server to client)
[OPCode: 0x5a6b]
[Name: OP_ZoneEntry][Updated: 10/07/08][Type: uint8_t (1) nc]
Dec 31 2008 05:43:15:626 [Decoded] [Server->Client] [Size: 5] - OP_RemoveSpawn
[OPCode: 0x3164]
[Name: OP_RemoveSpawn][Updated: 04/17/08][Type: removeSpawnStruct (5) nc]
000 | 4f 48 00 00 01 | OH...
Dec 31 2008 05:43:15:626 [Decoded] [Server->Client] [Size: 12]
[OPCode: 0x5ebc]
000 | 00 00 00 00 62 70 cb 32 00 00 00 00 | ....bp.2....
Dec 31 2008 05:43:15:659 [Decoded] [Client->Server] [Size: 8]
[OPCode: 0x2d17]
000 | 62 70 cb 32 4a 17 19 da | bp.2J...
Dec 31 2008 05:43:15:660 [Decoded] [Client->Server] [Size: 0]
[OPCode: 0x6759]
Dec 31 2008 05:43:15:660 [Decoded] [Client->Server] [Size: 8]
[OPCode: 0x7b6e]
000 | 53 48 00 00 40 00 00 00 | SH..@...
Dec 31 2008 05:43:15:660 [Decoded] [Client->Server] [Size: 19] - OP_WearChange
[OPCode: 0x231f]
[Name: OP_WearChange][Updated: 01/17/08][Type: SpawnUpdateStruct (19) ==]
000 | 53 48 50 00 00 00 00 00 00 00 00 00 00 00 00 00 | SHP.............
016 | 00 00 09 | ...
Dec 31 2008 05:43:15:661 [Decoded] [Client->Server] [Size: 20] - OP_BazaarSearch
[OPCode: 0x4675]
[Name: OP_BazaarSearch][Updated: 01/17/08][Type: bazaarSearchQueryStruct (100) nc]
000 | 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
016 | 00 00 00 00 | ....
Dec 31 2008 05:43:15:661 [Decoded] [Client->Server] [Size: 0]
[OPCode: 0x19d2]
Dec 31 2008 05:43:15:661 [Decoded] [Client->Server] [Size: 4]
[OPCode: 0x4b49]
000 | 17 00 00 00 | ....
Dec 31 2008 05:43:15:662 [Decoded] [Client->Server] [Size: 12]
[OPCode: 0x7eac]
000 | 26 02 00 00 fa 02 00 00 00 f7 44 04 | &.........D.
Dec 31 2008 05:43:15:662 [Decoded] [Client->Server] [Size: 4]
[OPCode: 0x365d]
000 | 01 01 01 01 | ....
Dec 31 2008 05:43:15:662 [Decoded] [Client->Server] [Size: 4]
[OPCode: 0x266e]
000 | 01 01 01 01 | ....
Dec 31 2008 05:43:15:662 [Decoded] [Client->Server] [Size: 0]
[OPCode: 0x7eeb]
Dec 31 2008 05:43:15:662 [Decoded] [Client->Server] [Size: 8]
[OPCode: 0x27bf]
000 | 00 00 00 00 ff ff ff ff | ........
Dec 31 2008 05:43:15:663 [Decoded] [Client->Server] [Size: 4]
[OPCode: 0x7e31]
000 | 01 01 01 01 | ....
Dec 31 2008 05:43:15:663 [Decoded] [Client->Server] [Size: 4]
[OPCode: 0x2d37]
000 | 01 01 01 01 | ....
Dec 31 2008 05:43:15:738 [Decoded] [Server->Client] [Size: 140] - Probably OP_GuildMemberList
[OPCode: 0x32c6]
000 | 0a 00 00 00 54 72 65 76 69 75 73 00 00 00 00 00 | ....XXXXXXX..... (name removed)
Dec 31 2008 05:43:15:902 [Decoded] [Server->Client] [Size: 648] - OP_GuildMOTD
[OPCode: 0xd677]
[Name: OP_GuildMOTD][Updated: 01/17/08][Type: guildMOTDStruct (136) nc]
Dec 31 2008 05:43:15:902 [Decoded] [Server->Client] [Size: 8]
[OPCode: 0x35d3]
000 | 92 f4 00 00 00 00 00 00 | ........
Dec 31 2008 05:43:15:903 [Decoded] [Server->Client] [Size: 8]
[OPCode: 0x7b6e]
000 | 53 48 00 00 40 00 00 00 | SH..@...
Dec 31 2008 05:43:15:959 [Decoded] [Client->Server] [Size: 40] - OP_ClientUpdate
[OPCode: 0x7062]
[Name: OP_ClientUpdate][Updated: 01/17/08][Type: playerSelfPosStruct (40) ==]
Dec 31 2008 05:43:16:339 [Decoded] [Server->Client] [Size: 62] - Looks like the EQPlayers update
[OPCode: 0x7eeb]
000 | 68 74 74 70 73 3a 2f 2f 77 77 77 2e 65 71 70 2e | https://www.eqp.
Dec 31 2008 05:43:16:339 [Decoded] [Server->Client] [Size: 10]
[OPCode: 0x538f]
000 | 58 12 00 00 16 1d 00 00 53 48 | X.......SH
Dec 31 2008 05:43:16:340 [Decoded] [Server->Client] [Size: 10]
[OPCode: 0x4b61]
000 | 00 00 00 00 00 00 00 00 53 48 | ........SH
Dec 31 2008 05:43:16:340 [Decoded] [Server->Client] [Size: 10]
[OPCode: 0x02d6]
000 | d9 1b 00 00 d9 1b 00 00 53 48 | ........SH
Last edited by trevius; 01-05-2009 at 06:42 AM..
|
|
|
|
| Thread Tools |
|
|
| Display Modes |
 Hybrid Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -4. The time now is 11:59 AM.
|
|
 |
|
 |
|
|
|
 |
|
 |
|
 |
