Opcodes

[Areanda]

arent there more Opcodes?

[w4kfu]

Hmm, what are we talking about? Documentation? Server implementation? IDA script?

[wtd23]

hello I tested this it works but why is it changing the original opcodes instead of just changing the new ones? example is it changes theses which should not be changed these are original ones should not be changed F_MONSTER_STATS = 0x47 to 0x46 F_PLAYER_RENOWN = 0x4E to 0x4D) F_PLAY_SOUND = 0x61 changed to 0x60 F_CREATE_MONSTER = 0x72 changed to 0x71

[w4kfu]

Those opcodes values are from the original executable extracted from the ISO.

[wtd23]

ok so how do i get the full list of changed opcodes names with the values this gets 251 opcodes but theres a lot more missing from this list like heres a fue of them, Also some opcodes are same is this ok and correct ? F_CREATE_STATIC F_QUEST F_UPDATE_SIEGE_LOOK_AT F_PLAYER_EXIT F_PLAYER_HEALTH F_CHAT F_TEXT F_OBJECT_DEATH F_PING F_PLAYER_QUIT

[w4kfu]

What list are you talking about? The initial issue was opened by @Areanda

arent there more Opcodes?

There is no context, please provide more information and what exactly you are looking for.

Then @warork jumped into the issue with:

hello I tested this it works

What have you tested exactly?

[wtd23]

ok original opcodes list is this [+] 2 (0x02) ; F_QUEST [+] 3 (0x03) ; F_UPDATE_SIEGE_LOOK_AT [+] 4 (0x04) ; F_PLAYER_EXIT [+] 5 (0x05) ; F_PLAYER_HEALTH [+] 6 (0x06) ; F_CHAT [+] 7 (0x07) ; F_TEXT [+] 9 (0x09) ; F_OBJECT_STATE [+] 10 (0x0A) ; F_OBJECT_DEATH [+] 11 (0x0B) ; F_PING [+] 12 (0x0C) ; F_PLAYER_QUIT [+] 13 (0x0D) ; F_DUMP_STATICS [+] 15 (0x0F) ; F_CONNECT [+] 16 (0x10) ; F_DISCONNECT [+] 17 (0x11) ; F_HEARTBEAT [+] 19 (0x13) ; F_REQUEST_CHAR_TEMPLATES [+] 20 (0x14) ; F_HIT_PLAYER [+] 21 (0x15) ; F_DEATHSPAM [+] 22 (0x16) ; F_REQUEST_INIT_OBJECT [+] 23 (0x17) ; F_OPEN_GAME [+] 24 (0x18) ; F_PLAYER_INFO [+] 25 (0x19) ; F_WORLD_ENTER [+] 26 (0x1A) ; F_CAMPAIGN_STATUS [+] 27 (0x1B) ; F_REQ_CAMPAIGN_STATUS [+] 29 (0x1D) ; F_GUILD_DATA [+] 30 (0x1E) ; F_MAX_VELOCITY [+] 31 (0x1F) ; F_SWITCH_REGION [+] 32 (0x20) ; F_PET_INFO [+] 33 (0x21) ; F_PLAYER_CLEAR_DEATH [+] 34 (0x22) ; F_COMMAND_CONTROLLED [+] 37 (0x25) ; F_GUILD_COMMAND [+] 39 (0x27) ; F_REQUEST_TOK_REWARD [+] 40 (0x28) ; F_SURVEY_BEGIN [+] 41 (0x29) ; F_SHOW_DIALOG [+] 42 (0x2A) ; F_PLAYERORG_APPROVAL [+] 43 (0x2B) ; F_QUEST_INFO [+] 47 (0x2F) ; F_INVITE_GROUP [+] 48 (0x30) ; F_JOIN_GROUP [+] 49 (0x31) ; F_PLAYER_DEATH [+] 53 (0x35) ; F_DUMP_ARENAS_LARGE [+] 55 (0x37) ; F_GROUP_COMMAND [+] 56 (0x38) ; F_ZONEJUMP [+] 57 (0x39) ; F_PLAYER_EXPERIENCE [+] 58 (0x3A) ; F_XENON_VOICE [+] 64 (0x40) ; F_REQUEST_WORLD_LARGE [+] 65 (0x41) ; F_ACTION_COUNTER_INFO [+] 68 (0x44) ; F_ACTION_COUNTER_UPDATE [+] 70 (0x46) ; F_PLAYER_STATS [+] 71 (0x47) ; F_MONSTER_STATS [+] 72 (0x48) ; F_PLAY_EFFECT [+] 73 (0x49) ; F_REMOVE_PLAYER [+] 74 (0x4A) ; F_ZONEJUMP_FAILED [+] 75 (0x4B) ; F_TRADE_STATUS [+] 78 (0x4E) ; F_PLAYER_RENOWN [+] 79 (0x4F) ; F_MOUNT_UPDATE [+] 80 (0x50) ; F_PLAYER_LEVEL_UP [+] 81 (0x51) ; F_ANIMATION [+] 82 (0x52) ; F_PLAYER_WEALTH [+] 83 (0x53) ; F_TROPHY_SETLOCATION [+] 84 (0x54) ; F_REQUEST_CHAR [+] 85 (0x55) ; F_REQUEST_CHAR_RESPONSE [+] 86 (0x56) ; F_REQUEST_CHAR_ERROR [+] 87 (0x57) ; F_CHARACTER_PREFS [+] 88 (0x58) ; F_SEND_CHARACTER_RESPONSE [+] 89 (0x59) ; F_SEND_CHARACTER_ERROR [+] 90 (0x5A) ; F_PING_DATAGRAM [+] 92 (0x5C) ; F_ENCRYPTKEY [+] 93 (0x5D) ; F_PQLOOT_TRIGGER [+] 94 (0x5E) ; F_SET_TARGET [+] 96 (0x60) ; F_MYSTERY_BAG [+] 97 (0x61) ; F_PLAY_SOUND [+] 98 (0x62) ; F_PLAYER_STATE2 [+] 99 (0x63) ; F_QUERY_NAME [+] 100 (0x64) ; F_QUERY_NAME_RESPONSE [+] 101 (0x65) ; F_ADD_NAME [+] 104 (0x68) ; F_DELETE_NAME [+] 106 (0x6A) ; F_CHECK_NAME [+] 107 (0x6B) ; F_CHECK_NAME_RESPONSE [+] 111 (0x6F) ; F_LOCALIZED_STRING [+] 112 (0x70) ; F_KILLING_SPREE [+] 113 (0x71) ; F_CREATE_STATIC [+] 114 (0x72) ; F_CREATE_MONSTER [+] 115 (0x73) ; F_PLAYER_IMAGENUM [+] 117 (0x75) ; F_TRANSFER_ITEM [+] 121 (0x79) ; F_CRAFTING_STATUS [+] 122 (0x7A) ; F_REQUEST_LASTNAME [+] 124 (0x7C) ; F_INIT_PLAYER [+] 125 (0x7D) ; F_REQUEST_INIT_PLAYER [+] 126 (0x7E) ; F_SET_ABILITY_TIMER [+] 128 (0x80) ; S_PID_ASSIGN [+] 129 (0x81) ; S_PONG [+] 130 (0x82) ; S_CONNECTED [+] 131 (0x83) ; S_WORLD_SENT [+] 132 (0x84) ; S_NOT_CONNECTED [+] 133 (0x85) ; S_GAME_OPENED [+] 134 (0x86) ; F_MAIL [+] 135 (0x87) ; S_DATAGRAM_ESTABLISHED [+] 136 (0x88) ; S_PLAYER_INITTED [+] 137 (0x89) ; S_PLAYER_LOADED [+] 138 (0x8A) ; F_RECEIVE_ENCRYPTKEY [+] 140 (0x8C) ; F_MORALE_LIST [+] 141 (0x8D) ; F_SURVEY_ADDQUESTION [+] 142 (0x8E) ; F_SURVEY_END [+] 143 (0x8F) ; F_SURVEY_RESULT [+] 144 (0x90) ; F_EMOTE [+] 145 (0x91) ; F_CREATE_CHARACTER [+] 146 (0x92) ; F_DELETE_CHARACTER [+] 147 (0x93) ; F_GFX_MOD [+] 148 (0x94) ; F_INSTANCE_INFO [+] 150 (0x96) ; F_KEEP_STATUS [+] 151 (0x97) ; F_PLAY_TIME_STATS [+] 152 (0x98) ; F_CATAPULT [+] 153 (0x99) ; F_GRAVITY_UPDATE [+] 154 (0x9A) ; F_HELP_DATA [+] 155 (0x9B) ; F_UPDATE_LASTNAME [+] 158 (0x9E) ; F_GET_CULTIVATION_INFO [+] 159 (0x9F) ; F_CRASH_PACKET [+] 160 (0xA0) ; F_LOGINQUEUE [+] 161 (0xA1) ; F_INTERRUPT [+] 162 (0xA2) ; F_INSTANCE_SELECTED [+] 163 (0xA3) ; F_ACTIVE_EFFECTS [+] 166 (0xA6) ; F_START_SIEGE_MULTIUSER [+] 167 (0xA7) ; F_SIEGE_WEAPON_RESULTS [+] 168 (0xA8) ; F_INTERACT_QUEUE [+] 169 (0xA9) ; F_UPDATE_HOT_SPOT [+] 170 (0xAA) ; F_GET_ITEM [+] 171 (0xAB) ; F_DUEL [+] 172 (0xAC) ; F_PLAYER_JUMP [+] 173 (0xAD) ; F_INTRO_CINEMA [+] 174 (0xAE) ; F_MAGUS_DISC_UPDATE [+] 175 (0xAF) ; F_FIRE_SIEGE_WEAPON [+] 176 (0xB0) ; F_GRAPHICAL_REVISION [+] 178 (0xB2) ; F_AUCTION_POST_ITEM [+] 179 (0xB3) ; F_CAST_PLAYER_EFFECT [+] 180 (0xB4) ; F_AUCTION_SEARCH_QUERY [+] 181 (0xB5) ; F_FLIGHT [+] 182 (0xB6) ; F_SOCIAL_NETWORK [+] 183 (0xB7) ; F_AUCTION_SEARCH_RESULT [+] 184 (0xB8) ; F_PLAYER_ENTER_FULL [+] 187 (0xBB) ; F_AUCTION_BID_ITEM [+] 188 (0xBC) ; F_ESTABLISH_DATAGRAM [+] 189 (0xBD) ; F_PLAYER_INVENTORY [+] 190 (0xBE) ; F_CHARACTER_INFO [+] 191 (0xBF) ; F_INIT_STORE [+] 192 (0xC0) ; F_STORE_BUY_BACK [+] 193 (0xC1) ; F_OBJECTIVE_INFO [+] 194 (0xC2) ; F_OBJECTIVE_UPDATE [+] 195 (0xC3) ; F_SCENARIO_INFO [+] 196 (0xC4) ; F_SCENARIO_POINT_UPDATE [+] 197 (0xC5) ; F_OBJECTIVE_STATE [+] 198 (0xC6) ; F_REALM_BONUS [+] 199 (0xC7) ; F_OBJECTIVE_CONTROL [+] 200 (0xC8) ; F_INTERFACE_COMMAND [+] 201 (0xC9) ; F_SCENARIO_PLAYER_INFO [+] 202 (0xCA) ; F_FLAG_OBJECT_STATE [+] 203 (0xCB) ; F_FLAG_OBJECT_LOCATION [+] 204 (0xCC) ; F_CITY_CAPTURE [+] 205 (0xCD) ; F_ZONE_CAPTURE [+] 206 (0xCE) ; F_SALVAGE_ITEM [+] 207 (0xCF) ; F_AUCTION_BID_STATUS [+] 208 (0xD0) ; F_PUNKBUSTER [+] 209 (0xD1) ; F_ITEM_SET_DATA [+] 210 (0xD2) ; F_INTERACT [+] 213 (0xD5) ; F_DO_ABILITY [+] 214 (0xD6) ; F_SET_TIME [+] 215 (0xD7) ; F_INIT_EFFECTS [+] 216 (0xD8) ; F_GROUP_STATUS [+] 217 (0xD9) ; F_USE_ITEM [+] 218 (0xDA) ; F_USE_ABILITY [+] 219 (0xDB) ; F_INFLUENCE_DETAILS [+] 220 (0xDC) ; F_SWITCH_ATTACK_MODE [+] 221 (0xDD) ; F_BUG_REPORT [+] 222 (0xDE) ; F_OBJECT_EFFECT_STATE [+] 226 (0xE2) ; F_EXPERIENCE_TABLE [+] 227 (0xE3) ; F_CREATE_PLAYER [+] 228 (0xE4) ; F_UPDATE_STATE [+] 229 (0xE5) ; F_UI_MOD [+] 231 (0xE7) ; F_RVR_STATS [+] 232 (0xE8) ; F_CLIENT_DATA [+] 233 (0xE9) ; F_INTERACT_RESPONSE [+] 234 (0xEA) ; F_QUEST_LIST [+] 235 (0xEB) ; F_QUEST_UPDATE [+] 236 (0xEC) ; F_REQUEST_QUEST [+] 237 (0xED) ; F_QUEST_LIST_UPDATE [+] 238 (0xEE) ; F_CAREER_CATEGORY [+] 239 (0xEF) ; F_PLAYER_INIT_COMPLETE [+] 241 (0xF1) ; F_CAREER_PACKAGE_UPDATE [+] 242 (0xF2) ; F_BUY_CAREER_PACKAGE [+] 243 (0xF3) ; F_CAREER_PACKAGE_INFO [+] 244 (0xF4) ; F_PLAYER_RANK_UPDATE [+] 245 (0xF5) ; F_DO_ABILITY_AT_POS [+] 246 (0xF6) ; F_CHANNEL_LIST [+] 247 (0xF7) ; F_TACTICS [+] 248 (0xF8) ; F_TOK_ENTRY_UPDATE [+] 249 (0xF9) ; F_TRADE_SKILL_UPDATE [+] 250 (0xFA) ; F_RENDER_PRIMITIVE [+] 251 (0xFB) ; F_INFLUENCE_UPDATE [+] 252 (0xFC) ; F_INFLUENCE_INFO [+] 253 (0xFD) ; F_KNOCKBACK [+] 254 (0xFE) ; F_PLAY_VOICE_OVER

and the updated script gets changed value 8 (0x08) ; F_OBJECT_STATE so its moved all opcode values down a value, so all sniffed packets from the live servers will be no use how you gona use them now? heres a packet from live servers 1.4.8 before close down

[Server] packet : (0x09) F_OBJECT_STATE Size = 21	------------------------------------------------	----------------		00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F	0123456789ABCDEF
00 12 09 0F A8 45 A2 C2 31 1B 21 64 00 6A 00 00	.....E..1.!d.j..
00 00 00 A4 00	.....

---

and its 0x09 so I don't think opcodes values would of changed on there own when live servers have been off for like 4 years they should stay same and the script should just get the missing names and values F_CURRENT_EVENTS F_MONSTER_POSITION F_RRQ ect?

[w4kfu]

Nice catch!

I didn't notice that the opcode value passed as third argument of the function at virtual address 0x4C30CE was decremented by one. So make sense the shift down (now fixed in https://github.com/w4kfu/waronline_fun/commit/69eda3ed8b83059e3ba66d0c9a9539e39297970e).

so all sniffed packets from the live servers will be no use how you gona use them now?

I'm not working on the project anymore so ...

the script should just get the missing names and values F_CURRENT_EVENTS F_MONSTER_POSITION F_RRQ ect?

The best is to refer to this page : http://w4kfu.github.io/waronline_fun/WorldServerOpcodeNames.html

[wtd23]

ok it nearly correct if I look at live server orignal packets [Server] packet : (0x60) F_MYSTERY_BAG Size = 1025 but the new script genarates the same value 60 for F_VIEW_LOOT_BAG = 0x60, can there be two opcodes same ? and this F_CURRENT_EVENTS = 0x0E is wrong value it should be 0x95 if you fix this to change to 0x95 then I think rest should also be correct

also how do u make missing client packets or do u not know ? say for .F_FIRE_SIEGE_WEAPON I did add this to movementhandlers but its not working } [PacketHandlerAttribute(PacketHandlerType.TCP, (int)Opcodes.F_FIRE_SIEGE_WEAPON, (int)eClientState.WorldEnter, "F_FIRE_SIEGE_WEAPON")] static public void F_FIRE_SIEGE_WEAPON(BaseClient client, PacketIn packet) { GameClient cclient = client as GameClient;

        if (cclient.Plr == null)
            return;

here is orinal client live server packet

[Client] packet : (0xAF) F_FIRE_SIEGE_WEAPON Size = 26	------------------------------------------------	----------------		00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F	0123456789ABCDEF
00 0E 0C 3B 00 C4 00 00 00 AF 06 93 2C 0D 47 C4	...;........,.G.
BA 9D 1A 10 00 6A 14 00 00 00	..........

---

[w4kfu]

Hello,

I worked on the binary version 1,4,8,573 (md5: 3C78A494DF37F707AB013360BA4CFBF6).

I confirm that opcode with value 0x60 is F_VIEW_LOOT_BAG.

This can be confirmed by using a debugger:

1. Set EIP register to value 0x004AE6C1
2. Set ECX register to value 0x60
3. Set EAX register to some random memory that can be read (e.g : _KUSER_SHARED_DATA : 0x7ffe0000)
4. Run and the program will crash in the handler F_VIEW_LOOT_BAG.

Same steps can be used to verify that F_CURRENT_EVENTS is 0x0E.

Regarding your second question:

also how do u make missing client packets or do u not know ? say for .F_FIRE_SIEGE_WEAPON I did add this to movementhandlers but its not working

The code you are talking about is not part of this project, so I have no idea what you are talking about.

[w4kfu]

There's been any sign of life from the original author of this issue, closing it.

[Areanda]

sorry about the not ending the sign of life Thank you for your work ! we made it and are way past this point luckily we are like 99 % done in ida and we appreciate the responses u gave us and gladly we learned a great deal along the way ! atm we are doing the last touch ups on the lightmaps decoding and etc. (just to give ya kinda an update ) . again thank you for all !