• You've discovered RedGuides, an EverQuest multi-boxing and scripting community 🧙‍♀️⚙️. We want you to play several EQ characters at once, come join us and say hello! 👋

  • A TLP without truebox has thawed (Very Vanilla ready)
    Frostreaver

/zone the future

C

Cobalt

Member
Joined
Sep 20, 2005
RedCents
20¢
Since the patch I've been looking into the new zone command.. this is what i have so far:

The OLD zone function is at: 0x47DEE1.

The new function has 7 params instead of 8 and when you die it seems to skip this function all together. There are at least 2 ways to zone now.

Param1: Zone ID
Param2: Target Zone Y
Param3: Target Zone X
Param4: Target Zone Z
Param5: Heading?
Param6: Unknown
Param7: Reason?

0x49DE8 replaces the OLD zone call functions in at least one spot (death) maybe more. The OLD zone calls 0x49DE8 after setting a bunch of variables.

Rich (BB code): 
.text:0047E04A                 fstp    [esp+58h+var_58]
.text:0047E04D                 push    [ebp+arg_18]
.text:0047E050                 push    ebx
.text:0047E051                 push    [ebp+arg_14]
.text:0047E054                 push    [ebp+arg_0]
.text:0047E057                 call    sub_49DE8F

Here are places where it may skip the OLD zone function (not sure if they all used to use the OLD function.)

Rich (BB code): 
.text:0041A6AC                 push    edi
.text:0041A6AD                 push    offset aPortalSpell ; "portal spell"
.text:0041A6B2                 push    eax
.text:0041A6B3                 call    sub_49DE8

.text:0045B0F6                 push    offset aResurrectPlaye ; "resurrect player"
.text:0045B0FB                 push    ecx
.text:0045B0FC                 mov     ecx, dword_989650
.text:0045B102                 call    sub_49DE8F
.text:0045B107                 jmp     short loc_45B121

.text:0045AD45                 push    offset aZoneCommand ; "zone command"
.text:0045AD4A                 push    esi
.text:0045AD4B
.text:0045AD4B loc_45AD4B:                             ; CODE XREF: sub_45A9D3+202j
.text:0045AD4B                 mov     ecx, dword_989650
.text:0045AD51                 call    sub_49DE8F

.text:0045F90C                 push    1
.text:0045F90E                 push    offset aRepopToHomeAtD ; "repop to home at death"
.text:0045F913                 push    dword ptr [ebp-24h]
.text:0045F916                 call    sub_49DE8F
 
I have verified that the old zone function is called when you walk accross a zone line, click on a PoK style stone/book and step on a zone teleported. It's NOT called when you die (see above post why).
 
ok so does that mean the curent plugin can just be set with new offset or is there going to be new structur changes to the warp plugin?
 
dothezone is over with, you have to figure out a new way to zone
 
I'm pretty much stuck at this point. The data in the remaining unknowns doesn't make 100% sense... I know something in there is reason and probably the where to pop into part (safe 0,0,0) but I'm not understand the values being set to the registers. My ASM is limited to what I've learned hacking this thing apart.
 
odessa said:
dothezone is over with, you have to figure out a new way to zone
Click to expand...

Sorry to be a little on the dense part but.....

this means the current plug-in source files need more then just the offset updated.... this is the actual way in witch the client initiates the zone....

and if that is the case does that mean warp and zone are going to need fixing?
 
you are correct sir, current way to change zones is obsolete and not due to offsets or structs
 
I'll have to dig through it later.. =) Movie time. Thanks for the hint.. oh btw.. am I going at a lost cause? Do you have a working version? if so cool something for me to work towards.
 
If I have a working version now I wouldn't give it away once I saw what you posted :) I get all excited when I see smart people around :=) and I encourage that behaviour
 
man now your makeing me wish i knew more about how the eq stuctures works so i could contribute more....
 
Cobalt said:
I have verified that the old zone function is called when you walk accross a zone line, click on a PoK style stone/book and step on a zone teleported. It's NOT called when you die (see above post why).
Click to expand...

how did you go about verifying that, is there a part in ida that would show you or do you have a direct memory editor??? or another type of program?
 
thenameless said:
how did you go about verifying that, is there a part in ida that would show you or do you have a direct memory editor??? or another type of program?
Click to expand...

Not sure how he did it but there are few ways, for example you can put a breakpoint in the subroutine entry or you can detour the subroutine and 'spy' on it (that's what I do).
 
Rich (BB code): 
.text:0045AD45                 push    offset aZoneCommand ; "zone command"
.text:0045AD4A                 push    esi
.text:0045AD4B
.text:0045AD4B loc_45AD4B:                             ; CODE XREF: sub_45A9D3+202j
.text:0045AD4B                 mov     ecx, dword_989650
.text:0045AD51                 call    sub_49DE8F

seem to me this is the only one you should nee to worry about

~~~~~~~~~

odessa said:
Not sure how he did it but there are few ways, for example you can put a breakpoint in the subroutine entry or you can detour the subroutine and 'spy' on it (that's what I do).
Click to expand...

wow that seems like a lot of work for some one that is not sure 100% about wut they are doing

~~~~~~~~~~~~

ok again plz forgive me for not knowing exactly wut im talking about but....

i read over the warp source and i am trying to figure out the general idea of how this actually works, if i am understanding it correctly you just edit the "Client side memory" to point to where you want to be and it will warp you to that loc..... so if i find out where in "client side memory" my toons X Y Z loc is located that force the memory to the X Y Z i want the client then thinks i am there and tells the server to update my loc.... or am i misunderstanding this?
 
thenameless said:
ok again plz forgive me for not knowing exactly wut im talking about but....

i read over the warp source and i am trying to figure out the general idea of how this actually works, if i am understanding it correctly you just edit the "Client side memory" to point to where you want to be and it will warp you to that loc..... so if i find out where in "client side memory" my toons X Y Z loc is located that force the memory to the X Y Z i want the client then thinks i am there and tells the server to update my loc.... or am i misunderstanding this?
Click to expand...

I am guessing you want to know how warp works because you are not talking about zone :)

Warp is quite simple, there's a function in EQ that moves player to 'safe' coordinates within a zone (the one we update the offset of every patch), think of it as succor spell. We can execute that function, it takes no parameters, all it does is move you to safe coordinates. How we warp is that we fake those safe coordinates and run the function.
So when you want to warp to x,y,z this happens:
we fake that zone safe coordinates are x,y,z
we run the movetosafecoordinates function
we return zone safe coordinates to their original value, that's all :)
 
odessa said:
I am guessing you want to know how warp works because you are not talking about zone :)

Warp is quite simple, there's a function in EQ that moves player to 'safe' coordinates within a zone (the one we update the offset of every patch), think of it as succor spell. We can execute that function, it takes no parameters, all it does is move you to safe coordinates. How we warp is that we fake those safe coordinates and run the function.
So when you want to warp to x,y,z this happens:
we fake that zone safe coordinates are x,y,z
we run the movetosafecoordinates function
we return zone safe coordinates to their original value, that's all :)
Click to expand...


ah ok that makes sence and dose zone work in the same matter?
 
thenameless said:
how did you go about verifying that, is there a part in ida that would show you or do you have a direct memory editor??? or another type of program?
Click to expand...

Well I traced the offset in IDA, then I counted the params loaded up a debugger, put a break point at the offset and walked a zoneline. Breakpoint was flipped, and voila, stepped through the function and watched the registers change. Killed myself and did the same thing (cept it didn't hit a break).
 
thenameless said:
ah ok that makes sence and dose zone work in the same matter?
Click to expand...

Not exactly. Zone was a function where we didn't have to fake anything, it had parameters such as zone number and x,y,z so you just run that function with proper parameters and it moves you to a proper zone and proper coordinates. Now that function has changed and you guys have to figure out how :)
 
odessa said:
Not exactly. Zone was a function where we didn't have to fake anything, it had parameters such as zone number and x,y,z so you just run that function with proper parameters and it moves you to a proper zone and proper coordinates. Now that function has changed and you guys have to figure out how :)
Click to expand...

ok so befor they bugerd it all up we used to just force a call in the code that would normally just be called if we actually walked across zone line or ect...
 
exactly, we just gave it the parameters we wanted and that was it :)
 
ok so the part that changed is around where the offset would nomally be? or is that the other end of the function and we would be looking for the part that points there?

also is IDA good program to use for this?

~~~~~~~~~

oh wow wut a brain fart

i see a biger pix

Rich (BB code): 
; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦

the one above the offset starts the SUB

Rich (BB code): 
; ---------------------------------------------------------------------------

Signafies each area that you were talking about earlyer

i beleive there was 7 parts to the sub instead of 8 if i memer correctly
 
IDA is one and only program if you are serious :)

Also both offsets are in the first message, Cobalt gives a resonable explanation of what's going on.
 
odessa said:
IDA is one and only program if you are serious :)

Also both offsets are in the first message, Cobalt gives a resonable explanation of what's going on.
Click to expand...

ok so if i open curent exe and the 2005.11.16 is hat good for compareing for changes or should i go back farther then 2005.11.16?
 
No need to go any further, old ones will look same as 11/16
This is not much about comparing changes though, it's more about figuring out how new way works. I'm happy you are trying but don't get frustrated if you can't figure stuff out, it's far from trivial in this case.
 
ok so not really trying to find diference between 11.16 and 12.07 but being able to translate wut the SUB and its PARAMS do
 
Nope, you don't even need 11.16 if you have entry points as posted in the beginning here. What you have to do is figure out how to use those subroutines at those offsets.
 
your refering to theese....

Rich (BB code): 
.text:0041A6AC                 push    edi
.text:0041A6AD                 push    offset aPortalSpell ; "portal spell"
.text:0041A6B2                 push    eax
.text:0041A6B3                 call    sub_49DE8

.text:0045B0F6                 push    offset aResurrectPlaye ; "resurrect player"
.text:0045B0FB                 push    ecx
.text:0045B0FC                 mov     ecx, dword_989650
.text:0045B102                 call    sub_49DE8F
.text:0045B107                 jmp     short loc_45B121

.text:0045AD45                 push    offset aZoneCommand ; "zone command"
.text:0045AD4A                 push    esi
.text:0045AD4B
.text:0045AD4B loc_45AD4B:                             ; CODE XREF: sub_45A9D3+202j
.text:0045AD4B                 mov     ecx, dword_989650
.text:0045AD51                 call    sub_49DE8F

.text:0045F90C                 push    1
.text:0045F90E                 push    offset aRepopToHomeAtD ; "repop to home at death"
.text:0045F913                 push    dword ptr [ebp-24h]
.text:0045F916                 call    sub_49DE8F

thenameless said:
ok so befor they bugerd it all up we used to just force a call in the code that would normally just be called if we actually walked across zone line or ect...
Click to expand...

is this still wut we are looking at doing with it?
we just need to figure out wut address needs to be linkd to wut data?
or the "dozone" command you said is no more.... was the dozone part of the actuall exe as the part we forced to triger? so we need to figure out how to force it to triger ?
 
no, these:
0x47DEE1 <-7 parameters
0x49DE8F <-no parameters
 
i assume if /zone is not working, then /fade and /gate are not either right?
 
ok i think i am noticeing were the paramaters are.... so now how the heck do i figure out wut they are for?
 
so what's the problem with /zone? is it simply figuring out the new syntax, or is it figuring how to force the zone call with the new syntax?
 
evidently sony did a good job of hiding the /zone code, so we are currently working to find it. also i had an idea. if zone is indeed dead, pardon me if this doesnt make sense to some people. but i /warp'ed target to a person who was sitting on the zoneline and i zoned as soon as i warped. would it be possible to make a plugin that went along the same lines as the old zone plugin (I.E; parameters *i think you are talking about X,Y,Z, but im 99% sure im wrong lol*). so it would /warp loc X Y Z, where X Y Z is the zoneline location. causing us to zone. and it could be chained just like before. just a thought, and it wouldnt be that hard i dont think, but i dont know anything about plugins so it could be hard as shit lol.
 
ss44 said:
evidently sony did a good job of hiding the /zone code, so we are currently working to find it. also i had an idea. if zone is indeed dead, pardon me if this doesnt make sense to some people. but i /warp'ed target to a person who was sitting on the zoneline and i zoned as soon as i warped. would it be possible to make a plugin that went along the same lines as the old zone plugin (I.E; parameters *i think you are talking about X,Y,Z, but im 99% sure im wrong lol*). so it would /warp loc X Y Z, where X Y Z is the zoneline location. causing us to zone. and it could be chained just like before. just a thought, and it wouldnt be that hard i dont think, but i dont know anything about plugins so it could be hard as shit lol.
Click to expand...

hmm... think thats a good quick fix to get it up and runing but, remember that not all zones are zone lines..... POK Books, Sebilis, ECT...
 
odessa said:
for non-zone lines you can use /switch
Click to expand...

hehe oh ya...... been meaning to try useing /switch..... do you have to have the item targeted? or just reference the item "/switch POKbook"

also does any one want to get loc's for all the zone lines? :rolleyes:
 
/pok will zone you into pok, /switch will switch anything on /doors list
 
I didn't even know that calling the zone routine changed. My stuff still works fine. What happened?

cronic
 
cronic you probably zone through HWM fake packet or outgoing packet right? The actual DoTheZone process changed.
 
You must log in or register to reply here.
/zone the future
Next unread thread 🦁

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top
Cart

Cart

Total -