MacroQuest64

Need to talk about MacroQuest to other MacroQuest users?
https://mq64.org/phpBB3/

Delicioso!!!!!

https://mq64.org/phpBB3/viewtopic.php?t=2590

Page 1 of 4

Delicioso!!!!!

Posted: Fri Jun 27, 2003 11:53 pm
by dont_know_at_all
Thanks to Wes, we have a matching testeqgame.exe and testeqgame.map. For a couple of hours on the 24th, they really screwed up by putting the map file out there. In this map file are function names and prototypes.

http://macroquest2.com/downloads/map/

Play nice, kids.

See also undname.exe from VS to undecorate the types.

This is unfreakin' believable.

Posted: Fri Jun 27, 2003 11:59 pm
by wassup
What happened to the map? SoE already get it nuked?

Posted: Sat Jun 28, 2003 12:14 am
by Darkhearted_Wizard
Wassup wrote:What happened to the map? SoE already get it nuked?
SoE patches a dummy testeqgame.map to make sure anyone who's got it lost it. Dummy is just an empty file, to overwrite. If I had known that a .map would be something useful I woulda posted the file when I got it. *makes a note to announce and save any curious looking files in the future*

Edit: DKAA. Link is not working, gives a nice big fat internal server error.

Posted: Sat Jun 28, 2003 12:20 am
by iluvseq
Apparantly .map is an extension recognized as some sort of server parsed file on that apache server. You should re-name the file, or remove the Apache module that is trying to parse it.

Posted: Sat Jun 28, 2003 3:01 am
by dont_know_at_all
Sorry, renamed the map file to testeqgame.txt.

Posted: Sat Jun 28, 2003 3:45 am
by wassup
Whoa... Quite a bit of interesting stuff in there.

I surely hope it helps you devs to figure out some missing info.

Wonder who made the blunder of posting this on the test patch server.

Posted: Sat Jun 28, 2003 9:36 am
by Valerian
wow... I particularly like the part about the LMouseDown, LMouseUp, RMouseDown, RMouseUp... I bet I could figure a way to use those funcs for a non-detoured click.... heh

Posted: Sun Jun 29, 2003 2:42 pm
by compuboy
sounds like they'll be paying for this for a while hehe

Posted: Sun Jun 29, 2003 9:27 pm
by sprite
Amazing =) Looks like devs are gonna have to be extra busy now.

Posted: Sun Jun 29, 2003 9:50 pm
by sprite
0001:0007df5e ?BitchCanTrain@EQ_PC@@QAEHHHH@Z 0047ef5e f EQ_PC.obj

Posted: Mon Jun 30, 2003 5:17 am
by Amadeus
The thing that cracked me up the most from reading through it quick is that some of these .cpp files must be *HUGE*....lol. No wonder EQ crashes all the time...debugging it must be pure hell.

Posted: Mon Jun 30, 2003 1:52 pm
by compuboy
so what exactially is this file contain, i am a n00b when it comes to mem addresses and c++ so could someone fill in the uninitiated.

thanks

Posted: Mon Jun 30, 2003 2:14 pm
by eq_freak
Function names, their parameters and offset in eqgame.exe..

Takes alot of the guesswork out of figuring out what a given function does. As an example see sprites use of the MoveMoney function(posted on general board).

And yeah definately lots of things to play around with there. I just hope my account will survive the experiments :D

Posted: Tue Jul 01, 2003 5:05 am
by Darkhearted_Wizard
DKAA asked for the 6-24 offsets. Assuming the .exe in the directory is the 6-24(and I'm pretty sure it is) I built up a set of offsets. I haven't checked this by hand(going to do that now) but here's the preliminary listing. Did a quick handcheck on a few, they're correct. I'm still working on my search algorithims for locating them, so lemme know if any are wrong(they damn well shouldn't be, I spent many hours tweaking them but.. :D it happens). Going to bed, I'll check by in the morning. Hope these help!

Code: Select all

[MacroQuest]
MacroQuestVersion=SRC-20030516
ClientName=testeqgame
ClientVersion=xxx Jun xx xx:xx:xx 2003
ClientOverride=0
MacroQuestWinClassName=__MacroQuestTray
MacroQuestWinName=MacroQuest

[Function Locations]
WriteChatColor=004e857c
GetRaceByID=004dda2b
GetClassByID=004dd3d6
GetDeityByID=004deecd
LeftClick=004e1a1f
RightClick=004efad4
ScreenItem=0045f44c
ScreenSpawn=004eff7d
NewUIINI=0044a194
MaxMana=00467636
Commands=004eee6e
CmdCleanup=
MemChecker=00501505
MemChecker2=0050504F
MemCheckAddr1=005050bd
MemCheckAddr2=00505f5
MemChecker3=005024ad

[DirectInput8]
Main=0078130c
Keyboard=00781310
Mouse=00781314

[Memory Locations]
Clicks=00703424
Zoning=00766600
Zones=0076661c
SpawnHeader=00766620
Items=00766624
Doors=00766634
SpawnFooter=00766644
Char=00766658
CharInfo=00766660
Target=00766664
Guilds=0070423c
Packs=
OldAttack=
Mouse=00781318
Attack=0070423c
Spells=00774368
CommandList=005b96b0
DoAbilityList=0073cfd8
DoAbilityAvailable=007041d8
Group=006b6a78
GroupCount=006b6930
HSliderItems=
HSliderMoney=
PackPanel1=
PackPanel2=
clsMain=
clsItems=00766688
clsSpawns=00766610
clsInvPanel=
clsMerchantPanelStatus=
clsMerchantItemBase=
clsMerchantSelectedItem=
clsMerchantSelectedSlotID=
clsMainNewUI=00781494
clsMainSpellRefresh=
clsMainSpellMemId=
clsMainSpellMemBar=
clsMainSpellMemGem=

EncryptPad=005d33c8
EncryptPad3=005d37ec
EncryptPad2=005d4250

ServerHost=0070320c

Posted: Tue Jul 01, 2003 11:44 am
by sprite
Not really a use for it anymore since .map file leaked, but an alternate way to do it (the way I found MoveMoney function). Load up EQgame disassembly in IDA (w32dasm won't tell you how many args and such a function has so it can be more confusing).

I wanted to find the function that moved my money so I added the following code to my MQ:

Code: Select all

VOID BankInfo(PSPAWNINFO pChar, PCHAR szLine)
{
	CHAR szAddr[MAX_STRING] = {0};
	PCHARINFO pCharInfo = NULL;
	pCharInfo = *EQADDR_CHAR_INFO;
	sprintf(szAddr,"Address of bank plat: %x, Address of bank gold: %x",(DWORD)&(pCharInfo->BankPlat),(DWORD)&(pCharInfo->BankGold));
	WriteChatColor(szAddr,CONCOLOR_RED);
}
This was just so I easily could get the real addresses of my bank plat and money.

Load up Debugging tools for windows.

Add the following breakpoint:
ba w4 [realaddress] "r eip;g" (Translation: break on access when a DWORD is written to the address of my plat/gold, read me the instruction pointer and continue)

After that you go to the instruction pointer in disassembly (This actually points to the next instruction that the program is to execute, so that if it's after a jump/call you need to figure out where it came from)

Once you have found the place where the plat/gold is written (or whatever function you're working on) you need to find the beginning of the function (In w32dasm just look for a referenced by call at blah blah and in IDA just look for a bunch of vars and args and SUBROUTINE in big letters).

Once you have found the beginning of the function set a breakpoint at it. Load up call stack in windbg, do your action again, such as dropping money in the bank. You can then figure out where the call came from, keep this in mind. You may also want to set a simple breakpoint at the beginning of function: bp functionaddr "r eip;g" then do anything that you think they function may be handleling to see exactly what it does, where it applies and where it does not.

Once you have figured that out you need to look at the arguments passed to it (Anything that is pushed onto stack before the call), read these in the debugger, write down the values, try to find a pattern to figure out what the different values represent. There really is no other way than experimentations to figure out what the args are (other than perhaps looking at how they are used)

Once you have figured all that out you can call the function with inline asm like I did for the MoveMoney function. Have fun messing with .map file. Hopefully I cleared up some questions that people were having.
All times are UTC-04:00
Page 1 of 4
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/