Xentales

Talk about stuff, and if you must, about Xenimus
It is currently 18 Jun 2018 19:20

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 74 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: Updated Xenimus Map?
PostPosted: 15 Apr 2013 14:21 
Offline

Joined: 25 Feb 2010 11:07
Posts: 95
Anyone have the most recent version of the Xenimus map? Using the one in Xenimus is a pain in the ass for finding things.

Thanks.


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 17 Apr 2013 17:27 
Offline

Joined: 25 Feb 2010 11:07
Posts: 95
I managed to find one.

For anyone who wants it: http://www.xenimusworld.com/files/xenmap0.bmp


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 21 Apr 2013 18:32 
Offline
Bigger than Stabbity's
User avatar

Joined: 24 Oct 2006 20:13
Posts: 35
Location: California, USA
Character(s): Pwnsauce
This is not the most recent map, just FYI. But it is somewhat modern. It should give you a good idea of 95% of Xenimus.

_________________
Image

Pwnsauce's Market!!!11one


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 21 Apr 2013 20:27 
Offline
Very Important Poster
User avatar

Joined: 28 Nov 2007 23:35
Posts: 187
Character(s): None.
Image

One I generated for Evidyon.


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 22 Apr 2013 08:45 
Offline

Joined: 16 Jan 2013 01:29
Posts: 23
Character(s): peanutbutterjellytime
Nice thanks uber


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 23 Apr 2013 10:41 
Offline

Joined: 25 Feb 2010 11:07
Posts: 95
<3 Uber


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 27 Apr 2013 15:25 
Offline
Bigger than Stabbity's
User avatar

Joined: 24 Oct 2006 20:13
Posts: 35
Location: California, USA
Character(s): Pwnsauce
Hey uber, jw, did you have a more higher-res version? And if so, anyway you could please send it to me?

_________________
Image

Pwnsauce's Market!!!11one


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 27 Apr 2013 15:29 
Offline
Very Important Poster
User avatar

Joined: 28 Nov 2007 23:35
Posts: 187
Character(s): None.
Pwnsauce wrote:
Hey uber, jw, did you have a more higher-res version? And if so, anyway you could please send it to me?

I do not. Map is generated as one pixel per tile, I have no way of doing anything better than that.

On another note, the fact that grass is green and dirt is brown was a complete coincidence lolol. I didn't actually specify that. It just kinda magically happened (I still don't know how)


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 27 Apr 2013 15:31 
Offline
Bigger than Stabbity's
User avatar

Joined: 24 Oct 2006 20:13
Posts: 35
Location: California, USA
Character(s): Pwnsauce
For sure man, thanks anyways :) I wish I knew the link to Engima's Google Map one. That f- was such high res o.O

_________________
Image

Pwnsauce's Market!!!11one


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 27 Apr 2013 15:32 
Offline
Very Important Poster
User avatar

Joined: 28 Nov 2007 23:35
Posts: 187
Character(s): None.
Strictly speaking, if you zoom in on an area (in, say, paint) you should be able to see per tile details of that area. But not in any great way.

Enigmas google map one is super outdated, though, btw :P


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 18 Jun 2013 19:54 
Offline
User avatar

Joined: 13 Mar 2008 16:45
Posts: 61
how can you even generate a map liek Enigmas ?

_________________
Image>Image


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 18 Jun 2013 21:04 
Offline
User avatar

Joined: 30 Apr 2013 00:03
Posts: 221
Sourceofprovidence wrote:
how can you even generate a map liek Enigmas ?


either find all the correct memory addresses (thats how Enigma did his) and then it would be a long process of Take Picture, Change Memory, Take Picture, Change Memory, ect ect.

or like others have done (harder now because of the IP address in xenimus being a bitch to change), you can set up a simple server to send packets to xenimus that change the location, screen shot, change location, screen shot, ect ect.


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 06 Jul 2013 22:44 
Offline
Bigger than Stabbity's
User avatar

Joined: 24 Oct 2006 20:13
Posts: 35
Location: California, USA
Character(s): Pwnsauce
I think Enigma did his on a second computer, if I remember correctly.

_________________
Image

Pwnsauce's Market!!!11one


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 07 Jul 2013 03:54 
Offline

Joined: 05 Nov 2007 11:14
Posts: 128
Lawn gnome is right. However, using a server is too slow (trust me it was my first implementation of it), you need to block incoming packets from xen and use memory locations to update on a frame by frame basis (quickest way).

To get into the technical details of it, you also want to be in fullscreen mode for an exclusivity lock on buffers (which also makes it faster), and then you want to modify the xen camera to be orthographic (so there's no distortion and resolution then doesn't matter).


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 07 Jul 2013 15:30 
Offline
User avatar

Joined: 30 Apr 2013 00:03
Posts: 221
I can get you into the game world (i think i PM'd this concept to someone). This is the exact method Engima used. The values i dont have, Light value (needed so the map has light on it, as some parts are set to be darker), and X/Y values to change.

Simple to use. Launch the game with this (you can use either xenlua or xenscan, as both are great launchers), then you need to login to the world once (this will load the map into the game). Then logout. When you press enter, you will be in the map. (you will probably still have a menu showing on screen, simply press escape a few times and you will see the map)

Code:
#pragma comment(lib, "d3d9.lib")
#pragma comment(lib, "d3dx9.lib")

#include <WinSock2.h>
#include <d3d9.h>
#include <d3dx9.h>
#include "detours\detours.h"
#include <Windows.h>
#include <stdio.h>
#include <io.h>
#include <fcntl.h>

typedef unsigned char uint8;
typedef unsigned short uint16;
typedef unsigned int uint32;


typedef IDirect3D9* (__stdcall* tDirect3DCreate9)(UINT SDKVersion);
typedef HRESULT (APIENTRY *tCreateDevice)(IDirect3D9*, UINT, D3DDEVTYPE, HWND, DWORD, D3DPRESENT_PARAMETERS*, IDirect3DDevice9**);
typedef HRESULT (WINAPI* tBeginScene)(LPDIRECT3DDEVICE9 pDevice);
typedef HRESULT (WINAPI* tEndScene)(LPDIRECT3DDEVICE9 pDevice);
typedef HRESULT (WINAPI* tDrawIndexedPrimitive)(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE PrimType,INT BaseVertexIndex,UINT MinVertexIndex,UINT NumVertices,UINT startIndex,UINT primCount);
typedef HRESULT(WINAPI* tReset)(LPDIRECT3DDEVICE9 pDevice, D3DPRESENT_PARAMETERS* pPresentationParameters);

tDirect3DCreate9 oDirect3DCreate9;
tCreateDevice oCreateDevice;
tBeginScene oBeginScene;
tEndScene oEndScene;
tDrawIndexedPrimitive oDrawIndexedPrimitive;
tReset oReset;

LPDIRECT3DDEVICE9 g_Device;
IDirect3D9* __stdcall hkDirect3DCreate9(UINT sdkVers);
HRESULT APIENTRY hkCreateDevice(IDirect3D9* pThis, UINT Adapter, D3DDEVTYPE DeviceType, HWND hFocusWindow, DWORD BehaviorFlags, D3DPRESENT_PARAMETERS *pPresentationParameters, IDirect3DDevice9 **ppReturnedDeviceInterface);
HRESULT WINAPI hkBeginScene(LPDIRECT3DDEVICE9 pDevice);
HRESULT WINAPI hkEndScene(LPDIRECT3DDEVICE9 pDevice);
HRESULT WINAPI hkDrawIndexedPrimitive(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE PrimType,INT BaseVertexIndex,UINT MinVertexIndex,UINT NumVertices,UINT startIndex,UINT primCount);
HRESULT WINAPI hkReset(LPDIRECT3DDEVICE9 pDevice, D3DPRESENT_PARAMETERS* pPresentationParameters);

uint8* InGame = (uint8*)0x543DEC;
uint8* Page = (uint8*)0x543DE0;

DWORD WINAPI ApplyHooks(LPVOID lpBuffer);
DWORD WINAPI InputHandler(LPVOID lpBuffer);
void setupConsole();

BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
   if (ul_reason_for_call == DLL_PROCESS_ATTACH) {
      DisableThreadLibraryCalls(hModule);
      CreateThread(0, 0, ApplyHooks, 0, 0, 0);
      CreateThread(0, 0, InputHandler, 0, 0, 0);
      setupConsole();
   }
   if (ul_reason_for_call == DLL_PROCESS_DETACH){

   }
   return TRUE;
}

void EnterWorld()
{
   *InGame = 0;
   *Page = 0;
}
DWORD WINAPI InputHandler(LPVOID lpBuffer)
{
   while(true)
   {
      if(GetAsyncKeyState(VK_RETURN))
      {
         printf("Entering World\n");
         EnterWorld();
      }
      Sleep(10);
   }
   return 0;
}

DWORD WINAPI ApplyHooks(LPVOID lpBuffer)
{
   HMODULE hD3D9 = LoadLibrary("d3d9.dll");
   PBYTE pD3D9Create = (PBYTE)GetProcAddress(hD3D9, "Direct3DCreate9");
   oDirect3DCreate9 = (tDirect3DCreate9)DetourFunction(pD3D9Create, (PBYTE)hkDirect3DCreate9);
   
   while(g_Device == NULL) Sleep(100);

   DWORD* pVTable = (DWORD*)g_Device;
   pVTable = (DWORD*)pVTable[0];

   oBeginScene = (tBeginScene)DetourFunction((PBYTE)pVTable[41], (PBYTE)hkBeginScene);
   oEndScene = (tEndScene)DetourFunction((PBYTE)pVTable[42], (PBYTE)hkEndScene);
   oDrawIndexedPrimitive = (tDrawIndexedPrimitive)DetourFunction((PBYTE)pVTable[82], (PBYTE)hkDrawIndexedPrimitive);
   oReset = (tReset)DetourFunction((PBYTE)pVTable[16], (PBYTE)hkReset);

   return 0;
}

IDirect3D9* __stdcall hkDirect3DCreate9(UINT sdkVers)
{
   IDirect3D9* pD3D9 = oDirect3DCreate9(sdkVers);

   DWORD* pVtable = (DWORD*)*((DWORD*)pD3D9);
   oCreateDevice  = (tCreateDevice)DetourFunction((PBYTE)pVtable[16], (PBYTE)hkCreateDevice);
   
   return pD3D9;
}

HRESULT APIENTRY hkCreateDevice(IDirect3D9* pThis, UINT Adapter, D3DDEVTYPE DeviceType, HWND hFocusWindow, DWORD BehaviorFlags, D3DPRESENT_PARAMETERS *pPresentationParameters, IDirect3DDevice9 **ppReturnedDeviceInterface)
{
   HRESULT ret = oCreateDevice(pThis, Adapter, DeviceType, hFocusWindow, BehaviorFlags, pPresentationParameters, ppReturnedDeviceInterface);
   
   if(ret == D3D_OK)
   {
      if(DeviceType == 1)
      {
         g_Device = *ppReturnedDeviceInterface;
      }
   }
   return ret;
}
HRESULT WINAPI hkBeginScene(LPDIRECT3DDEVICE9 pDevice)
{

   D3DVIEWPORT9 viewport;
   pDevice->GetViewport(&viewport);

   D3DXMATRIX matOrtho;
   D3DXMatrixOrthoLH (&matOrtho, (float)viewport.Width, (float)viewport.Height, 1.0f, 3000.0f);
   pDevice->SetTransform (D3DTS_PROJECTION, &matOrtho);


   HRESULT ret = oBeginScene(pDevice);

   return ret;
}
HRESULT WINAPI hkEndScene(LPDIRECT3DDEVICE9 pDevice)
{
   HRESULT ret = oEndScene(pDevice);
   
   return ret;
}
HRESULT WINAPI hkDrawIndexedPrimitive(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE PrimType,INT BaseVertexIndex,UINT MinVertexIndex,UINT NumVertices,UINT startIndex,UINT primCount)
{
   HRESULT ret = oDrawIndexedPrimitive(pDevice, PrimType, BaseVertexIndex, MinVertexIndex, NumVertices, startIndex, primCount);
    return ret;
}
HRESULT WINAPI hkReset(LPDIRECT3DDEVICE9 pDevice, D3DPRESENT_PARAMETERS* pPresentationParameters)
{

    HRESULT ret = oReset(pDevice, pPresentationParameters);
   if(ret == D3D_OK)
   {

   }
    return ret;
}

void setupConsole()
{
   AllocConsole();
   int hCrt, i;
   FILE *hf;
   hCrt = _open_osfhandle((long) GetStdHandle(STD_OUTPUT_HANDLE), _O_TEXT);
   hf = _fdopen( hCrt, "w" );
   *stdout = *hf;
   i = setvbuf( stdout, NULL, _IONBF, 0 );
   printf("[setupConsole] Console is setup for output\n");
}


EDIT: was trying to play around with loading the map WITHOUT having to login to the game once. Im sure Andy knows the way to do this. but here is some steps in the right direction
Code:
typedef int (__cdecl* MapLoaderCall)(void);
MapLoaderCall maploader = (MapLoaderCall)0x4683E0;

//pseudo-code would be something like
address_of_map_to_load = main1.map
maploader()
//Map would now be in memory
//You could now enter the world using the above code without pre-logging in


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 08 Jul 2013 17:11 
Offline

Joined: 05 Nov 2007 11:14
Posts: 128
I have a working map generator. The only thing I need to do is to freeze the time delta and set time to mid day for a good bright map. I'll probably do a pass on it over the next few days.

New way light updates is reversed, just need to update the map generator to modify some memory so the light isn't updating in background.


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 08 Jul 2013 17:15 
Offline

Joined: 05 Nov 2007 11:14
Posts: 128
packet 0x1F is the following structure FYI (for light):

Code:
struct InitialLoginData
{
   int32 positionX; //0
   int32 positionY; //4
   uint32 mapId; //8
   uint16 serverId; //12
   uint16 unk; //14 high bits of serverid, seems to be 32bit, unused
   uint16 unk2; //16 seems to be initial login (show tutorial if 1)
   uint16 unk3; //18
   uint16 serverId2; //20 if this != previous id, do not login, don't know why this is here, maybe an old hack by that hollow guy
   uint16 unk4; //22 high bits of serverid, unused
   float time_current; //24 time as of login
   float time_roc; //28 rate of change (every 50 milliseconds passing, rate value changes)
   uint8 unk7; //32
};


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 08 Jul 2013 22:21 
Offline
User avatar

Joined: 30 Apr 2013 00:03
Posts: 221
how would you go about blocking the packets and subsequently faking a received packet?

Was playing around with the encrypt hook, couldnt fully block packets, though if i memset them to 0's it essentially a blank packet and the game wont update anything because of it.

Not sure how i could fake a packet being received, unless i hook the recvfrom function and make it return the number of bytes while setting the buffer to the packet. I feel like im thinking too hard on this and it shouldnt really be this much work.

EDIT: also, after sifting through ollydbg, here is how to load the map before you even login.

Code:
uint32* mapId = (uint32*)0x541EE4;

//(inside main code somewhere)

*mapId = 0; //0 = main | 1 = ds | -1 = no map (default value)
maploader();


I did the above, hit enter in my code, and bam im in the map without having to login once. I think i found the light value too. Probably should set that before i enter the world, as the map was slightly dark. The memory address is somewhere inside the following:
Spoiler:
Code:
004A0D08   > B8 08217605    MOV EAX,Xenimus.05762108                 ;  Case 1F of switch 0049F167
004A0D0D   . C705 BCB87F05 >MOV DWORD PTR DS:[57FB8BC],0BB8
004A0D17   . EB 07          JMP SHORT Xenimus.004A0D20
004A0D19   . 8DA424 0000000>LEA ESP,DWORD PTR SS:[ESP]
004A0D20   > C700 FFFFFFFF  MOV DWORD PTR DS:[EAX],-1
004A0D26   . 05 D0000000    ADD EAX,0D0
004A0D2B   . 3D B8A57F05    CMP EAX,Xenimus.057FA5B8
004A0D30   .^7C EE          JL SHORT Xenimus.004A0D20
004A0D32   . A1 5E014C02    MOV EAX,DWORD PTR DS:[24C015E]
004A0D37   . 3B05 66014C02  CMP EAX,DWORD PTR DS:[24C0166]
004A0D3D   . 891D 38CBAD01  MOV DWORD PTR DS:[1ADCB38],EBX
004A0D43   . C705 60B87F05 >MOV DWORD PTR DS:[57FB860],Xenimus.024C0>
004A0D4D   . 0F85 32260000  JNZ Xenimus.004A3385
004A0D53   . 53             PUSH EBX
004A0D54   . 68 8C0A0000    PUSH 0A8C
004A0D59   . E8 7251F7FF    CALL Xenimus.00415ED0
004A0D5E   . 83C4 08        ADD ESP,8
004A0D61   . E8 7A96F8FF    CALL Xenimus.0042A3E0
004A0D66   . 84C0           TEST AL,AL
004A0D68   . 0F84 17260000  JE Xenimus.004A3385
004A0D6E   . 53             PUSH EBX
004A0D6F   . E8 0C99FEFF    CALL Xenimus.0048A680
004A0D74   . A1 60B87F05    MOV EAX,DWORD PTR DS:[57FB860]
004A0D79   . 891D 747F6705  MOV DWORD PTR DS:[5677F74],EBX
004A0D7F   . 891D EC3D5400  MOV DWORD PTR DS:[543DEC],EBX
004A0D85   . DB00           FILD DWORD PTR DS:[EAX]
004A0D87   . D91D D4830F01  FSTP DWORD PTR DS:[10F83D4]
004A0D8D   . DB40 04        FILD DWORD PTR DS:[EAX+4]
004A0D90   . D91D 48AC4C02  FSTP DWORD PTR DS:[24CAC48]
004A0D96   . 66:8B48 10     MOV CX,WORD PTR DS:[EAX+10]
004A0D9A   . 66:890D 589167>MOV WORD PTR DS:[5679158],CX
004A0DA1   . 8B48 0C        MOV ECX,DWORD PTR DS:[EAX+C]
004A0DA4   . 890D F4590F01  MOV DWORD PTR DS:[10F59F4],ECX
004A0DAA   . D940 18        FLD DWORD PTR DS:[EAX+18]
004A0DAD   . D91D F87E6705  FSTP DWORD PTR DS:[5677EF8]
004A0DB3   . D940 1C        FLD DWORD PTR DS:[EAX+1C]
004A0DB6   . D91D 043E5400  FSTP DWORD PTR DS:[543E04]
004A0DBC   . 0FBE50 20      MOVSX EDX,BYTE PTR DS:[EAX+20]
004A0DC0   . D905 D4830F01  FLD DWORD PTR DS:[10F83D4]
004A0DC6   . 8915 487F6705  MOV DWORD PTR DS:[5677F48],EDX
004A0DCC   . D9C0           FLD ST
004A0DCE   . 890D 50207605  MOV DWORD PTR DS:[5762050],ECX
004A0DD4   . DD05 00265000  FLD QWORD PTR DS:[502600]
004A0DDA   . DCF9           FDIV ST(1),ST
004A0DDC   . D9C9           FXCH ST(1)
004A0DDE   . E8 BD940000    CALL Xenimus.004AA2A0
004A0DE3   . D905 48AC4C02  FLD DWORD PTR DS:[24CAC48]
004A0DE9   . D9C0           FLD ST
004A0DEB   . 8BF0           MOV ESI,EAX
004A0DED   . DEF2           FDIVRP ST(2),ST
004A0DEF   . 8935 10DA8C03  MOV DWORD PTR DS:[38CDA10],ESI
004A0DF5   . D9C9           FXCH ST(1)
004A0DF7   . E8 A4940000    CALL Xenimus.004AA2A0
004A0DFC   . D9C9           FXCH ST(1)
004A0DFE   . 8BC8           MOV ECX,EAX
004A0E00   . D91D 7C424D02  FSTP DWORD PTR DS:[24D427C]
004A0E06   . B8 EBA00EEA    MOV EAX,EA0EA0EB
004A0E0B   . F7EE           IMUL ESI
004A0E0D   . D91D B0D74C02  FSTP DWORD PTR DS:[24CD7B0]
004A0E13   . 03D6           ADD EDX,ESI
004A0E15   . C1FA 05        SAR EDX,5
004A0E18   . 8BC2           MOV EAX,EDX
004A0E1A   . C1E8 1F        SHR EAX,1F
004A0E1D   . 03C2           ADD EAX,EDX
004A0E1F   . A3 E479EE02    MOV DWORD PTR DS:[2EE79E4],EAX
004A0E24   . B8 EBA00EEA    MOV EAX,EA0EA0EB
004A0E29   . F7E9           IMUL ECX
004A0E2B   . 03D1           ADD EDX,ECX
004A0E2D   . 890D 588F0F01  MOV DWORD PTR DS:[10F8F58],ECX
004A0E33   . C1FA 05        SAR EDX,5
004A0E36   . 8BCA           MOV ECX,EDX
004A0E38   . C1E9 1F        SHR ECX,1F
004A0E3B   . 03CA           ADD ECX,EDX
004A0E3D   . 53             PUSH EBX
004A0E3E   . 68 8D0A0000    PUSH 0A8D
004A0E43   . 890D 2C5AEE02  MOV DWORD PTR DS:[2EE5A2C],ECX
004A0E49   . E8 8250F7FF    CALL Xenimus.00415ED0
004A0E4E   . 83C4 0C        ADD ESP,0C
004A0E51   . E8 CA70F8FF    CALL Xenimus.00427F20
004A0E56   . 66:392D 589167>CMP WORD PTR DS:[5679158],BP
004A0E5D   . 75 32          JNZ SHORT Xenimus.004A0E91
004A0E5F   . 833D E41E5400 >CMP DWORD PTR DS:[541EE4],-1
004A0E66   . 75 29          JNZ SHORT Xenimus.004A0E91
004A0E68   . 53             PUSH EBX
004A0E69   . 68 8E0A0000    PUSH 0A8E
004A0E6E   . E8 5D50F7FF    CALL Xenimus.00415ED0
004A0E73   . 83C4 08        ADD ESP,8
004A0E76   . 68 74945000    PUSH Xenimus.00509474                    ;  ASCII "Press F1 for help"
004A0E7B   . B9 4C896705    MOV ECX,Xenimus.0567894C
004A0E80   . E8 DB14F6FF    CALL Xenimus.00402360
004A0E85   . D905 90945000  FLD DWORD PTR DS:[509490]
004A0E8B   . D91D 4C014C02  FSTP DWORD PTR DS:[24C014C]
004A0E91   > 391D E41E5400  CMP DWORD PTR DS:[541EE4],EBX
004A0E97   . 7C 36          JL SHORT Xenimus.004A0ECF
004A0E99   . 53             PUSH EBX
004A0E9A   . 68 8F0A0000    PUSH 0A8F
004A0E9F   . E8 2C50F7FF    CALL Xenimus.00415ED0
004A0EA4   . 8B15 60B87F05  MOV EDX,DWORD PTR DS:[57FB860]
004A0EAA   . 8B42 08        MOV EAX,DWORD PTR DS:[EDX+8]
004A0EAD   . C1E0 06        SHL EAX,6
004A0EB0   . 83C4 08        ADD ESP,8
004A0EB3   . 05 C0DD5300    ADD EAX,Xenimus.0053DDC0                 ;  ASCII "Xenimus Prime       "
004A0EB8   . 50             PUSH EAX
004A0EB9   . B9 4C896705    MOV ECX,Xenimus.0567894C
004A0EBE   . E8 9D14F6FF    CALL Xenimus.00402360
004A0EC3   . D905 90945000  FLD DWORD PTR DS:[509490]
004A0EC9   . D91D 4C014C02  FSTP DWORD PTR DS:[24C014C]
004A0ECF   > 8B0D 60B87F05  MOV ECX,DWORD PTR DS:[57FB860]
004A0ED5   . 8B51 08        MOV EDX,DWORD PTR DS:[ECX+8]
004A0ED8   . C1E2 06        SHL EDX,6
004A0EDB   . 0FBF82 ECDD530>MOVSX EAX,WORD PTR DS:[EDX+53DDEC]
004A0EE2   . 3905 E41E5400  CMP DWORD PTR DS:[541EE4],EAX
004A0EE8   . 74 6C          JE SHORT Xenimus.004A0F56
004A0EEA   . 53             PUSH EBX
004A0EEB   . 68 900A0000    PUSH 0A90
004A0EF0   . E8 DB4FF7FF    CALL Xenimus.00415ED0
004A0EF5   . 8B0D 60B87F05  MOV ECX,DWORD PTR DS:[57FB860]
004A0EFB   . 8B51 08        MOV EDX,DWORD PTR DS:[ECX+8]
004A0EFE   . C1E2 06        SHL EDX,6
004A0F01   . 0FBF82 ECDD530>MOVSX EAX,WORD PTR DS:[EDX+53DDEC]
004A0F08   . 50             PUSH EAX
004A0F09   . 68 68945000    PUSH Xenimus.00509468                    ;  ASCII "loading %d
"
004A0F0E   . 68 905C5400    PUSH Xenimus.00545C90
004A0F13   . A3 E41E5400    MOV DWORD PTR DS:[541EE4],EAX
004A0F18   . E8 D8800000    CALL Xenimus.004A8FF5
004A0F1D   . 68 905C5400    PUSH Xenimus.00545C90
004A0F22   . E8 A91AF6FF    CALL Xenimus.004029D0
004A0F27   . 83C4 18        ADD ESP,18
004A0F2A   . B9 40856705    MOV ECX,Xenimus.05678540
004A0F2F   . E8 1C09F6FF    CALL Xenimus.00401850
004A0F34   . A1 505E5400    MOV EAX,DWORD PTR DS:[545E50]
004A0F39   . 3BC3           CMP EAX,EBX
004A0F3B   . 74 02          JE SHORT Xenimus.004A0F3F
004A0F3D   . 8918           MOV DWORD PTR DS:[EAX],EBX
004A0F3F   > E8 9C74FCFF    CALL Xenimus.004683E0
004A0F44   . 68 54945000    PUSH Xenimus.00509454                    ;  ASCII "load mongen.grd
"
004A0F49   . E8 821AF6FF    CALL Xenimus.004029D0
004A0F4E   . 83C4 04        ADD ESP,4
004A0F51   . E8 1AC2F8FF    CALL Xenimus.0042D170
004A0F56   > 53             PUSH EBX
004A0F57   . 68 910A0000    PUSH 0A91
004A0F5C   . E8 6F4FF7FF    CALL Xenimus.00415ED0
004A0F61   . A1 E479EE02    MOV EAX,DWORD PTR DS:[2EE79E4]
004A0F66   . 8B0D 2C5AEE02  MOV ECX,DWORD PTR DS:[2EE5A2C]
004A0F6C   . 6BC0 5C        IMUL EAX,EAX,5C
004A0F6F   . 0FB69408 6083E>MOVZX EDX,BYTE PTR DS:[EAX+ECX+2EE8360]
004A0F77   . 52             PUSH EDX
004A0F78   . E8 73A9F8FF    CALL Xenimus.0042B8F0
004A0F7D   . D9EE           FLDZ
004A0F7F   . D915 00207605  FST DWORD PTR DS:[5762000]
004A0F85   . D91D 04207605  FSTP DWORD PTR DS:[5762004]
004A0F8B   . E8 50F6F8FF    CALL Xenimus.004305E0
004A0F90   . 53             PUSH EBX
004A0F91   . 68 920A0000    PUSH 0A92
004A0F96   . 892D 307F6705  MOV DWORD PTR DS:[5677F30],EBP
004A0F9C   . 892D 247F6705  MOV DWORD PTR DS:[5677F24],EBP
004A0FA2   . E8 294FF7FF    CALL Xenimus.00415ED0
004A0FA7   . D905 50545100  FLD DWORD PTR DS:[515450]
004A0FAD   . D91D 8C5E5400  FSTP DWORD PTR DS:[545E8C]
004A0FB3   . 83C4 14        ADD ESP,14
004A0FB6   . D905 4C545100  FLD DWORD PTR DS:[51544C]
004A0FBC   . D91D 885E5400  FSTP DWORD PTR DS:[545E88]
004A0FC2   . E9 BE230000    JMP Xenimus.004A3385


(once again, im probably just saying stuff andy already knows lol)


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 09 Jul 2013 10:50 
Offline

Joined: 05 Nov 2007 11:14
Posts: 128
Block incoming packet: buffer[0] = 255;

What you want to do is iteratively capture each 3x3 tile (the games "portaling" system always displays the 3x3 around char) and take loads of screenshots. Update the actual local positions to get where you want and just ignore the log out packet.


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 09 Jul 2013 13:31 
Offline
User avatar

Joined: 30 Apr 2013 00:03
Posts: 221
when i update the local position, it doesnt stick. im assuming the game has some checks in place that lock the x/y. what happens is i get a flickering view of the x/y i set, but it doesnt stay.

Im assuming, there is a memory address that the update packet sets that acts as a check for the local x/y? idk, im looking through his case 3 switch right now for incoming packets.


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 09 Jul 2013 14:51 
Offline

Joined: 05 Nov 2007 11:14
Posts: 128
If an update packet is received with a position more then 200 units away from the local position, local position is updated to the packets contents immediately.


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 09 Jul 2013 15:49 
Offline
User avatar

Joined: 30 Apr 2013 00:03
Posts: 221
Know what my problem was? It was stupid, i always make these little minor mistakes lol

Before:
Code:
uint32* LocX = (uint32*)0x10F83D4;


After:
Code:
float* LocX = (float*)0x10F83D4;


stupid. Yeah so i can navigate the map now. Cool deal.


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 09 Jul 2013 16:36 
Offline

Joined: 05 Nov 2007 11:14
Posts: 128
First test: https://dl.dropboxusercontent.com/u/8888648/MainMap.png

It ignores deep water to speed up, and it's only the top right for now, I'm using this PC atm so I'll do a full map parse overnight.


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 09 Jul 2013 18:13 
Offline
Where is my tobago?
User avatar

Joined: 16 Aug 2006 18:22
Posts: 137
Location: In your dreams
Character(s): I Love Kevin
Isn't that Semel? Also, what's this going to be used for?


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 10 Jul 2013 02:53 
Offline
User avatar

Joined: 30 Apr 2013 00:03
Posts: 221
Andy what/how do you stitch the images together? I am saving 3x3 tiles, but am having difficulty finding a way to stitch them together. I have tried a php script, but it comes out really f- up looking. I have tried microsofts image stitcher, but it doesnt always work lol


edit:

oh god, im going to have to compress and scale this shit. alot. 10mb just for this small bit lol

https://www.dropbox.com/s/ko3tg397szhevuz/Mapping.png

edit2:

Resized image down to about 25% of original + changed compression to 9. result = 5-6mb. much better. All from a ridiculous amount of 380mb of images (bmp files suck)

https://www.dropbox.com/s/8m0sc2y4bzfusat/mapp.png

Andy, it looks like you still need to change your light value before you go any further. And is there anyway to remove the roofs without destroying the rest of the z buffer? Looks like min z @950ish removes roofs, but also destroys mountains and trees haha.


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 10 Jul 2013 18:39 
Offline
User avatar

Joined: 30 Apr 2013 00:03
Posts: 221
Alright, so my brother and i are planning to create a new xenmaps like engimas old one. We are currently playing around with resizing/compression/colorbits to create an image with good quality but not being a whole bunch of gigs.

Anyways here is a quick sample of what the map will probably look like at full zoom (remember, compression and color depth is still being tested. So hopefully we can get things sorted out so it looks a little better).

https://www.dropbox.com/s/2ye8w2esu7h8tgt/Full.jpg

Thats a 59689x1281 pixel image. You can download it and see how far in it lets you zoom. its still a pretty good zoom. And at only 3527kb, im pretty happy with the progress sofar.


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 11 Jul 2013 05:30 
Offline

Joined: 05 Nov 2007 11:14
Posts: 128
I will be looking to update the main map files for xenlua using this data and also give an improved mini map allowing zooming.

Unfortunately that is hard, can't just load 50000 images into xenlua at once, as VRAM would just run out, also can't just load a giant image due to texture limits of the GPU.


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 11 Jul 2013 13:24 
Offline
User avatar

Joined: 30 Apr 2013 00:03
Posts: 221
im about 75% done scanning and saving the main map. if you want i can compress or help in some way andy. Currently im taking 245x242 png images, then im going back through and converting to 64x63 jpeg images. All in all, the jpegs are all under 1kb in size. so the entire map, in jpegs, should be under 1gig.


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 11 Jul 2013 18:17 
Offline
User avatar

Joined: 30 Apr 2013 00:03
Posts: 221
Andy123456 wrote:
I will be looking to update the main map files for xenlua using this data and also give an improved mini map allowing zooming.

Unfortunately that is hard, can't just load 50000 images into xenlua at once, as VRAM would just run out, also can't just load a giant image due to texture limits of the GPU.


so how do you propose doing this? What do you think the max width/height you can use? I could split the map into whatever size tiles really. Just would take some time. Im currently about 85% done mapping the main server. Im going to try a new method for DS as it has taken me way to long to actually map the main server.


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 12 Jul 2013 00:11 
Offline
User avatar

Joined: 30 Apr 2013 00:03
Posts: 221
http://murderdev.com/Projects.aspx wrote:
This program was very fun to work on. It was actually accomplished before by other people. They required multiple machines and used networking to modify packets to scan the map. I took this a step further by not using any packet modifications and modifying the games memory instead. This proved to be much faster and more efficient requiring only one machine. I am now able to scan a single server in about 1 hr or less when the other methods took more than 12-24 hours. The part that takes a long time for me is creating the zoom levels. There are massive amounts of images that need to be processed and the hard drive becomes a bottleneck with so many reads/writes.


^^ that right there, i just dont believe Engima. 1 hour per map? I looked at this code, he is taking a picture every 3-5 frames. I changed mine to take pictures every 1 frame and it was still about an hour per 100 lines of the map.


Anyways, finished the main map. I am doing some quick stitching atm and then ill post a full image of the map (JPEG's only allow 65500x65500 images. so thats how big it will be)


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 12 Jul 2013 07:47 
Offline

Joined: 05 Nov 2007 11:14
Posts: 128
I believe it is possible to do 1 hour for the map but you have to figure out how to clip roofs and disable the client "portaling" system.

You say you take 245 x 242 images, what?

If you make an ortho camera, height and width as the same as screen dimensions, every tile will be exactly 80 x 80 (game coords are 20x20 per tile but the world is scaled by 4 in the engine).


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 12 Jul 2013 10:37 
Offline
User avatar

Joined: 30 Apr 2013 00:03
Posts: 221
i did it in windowed mode. didnt go full screen to capture.


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 12 Jul 2013 15:33 
Offline

Joined: 05 Nov 2007 11:14
Posts: 128
But each tile is 80x80 regardless of resolution or screen mode.

I would love to see your screenshot code for windowed mode to be honest, mine is slow as f- and causes a spike in framerate.

Mine:

Code:
void UIController::TakeScreenshotWindowed(const char* outname, int32 sx /*= -1*/, int32 sy /*= -1*/, int32 width /*= -1*/, int32 height /*= -1*/)
{
   IDirect3DSurface9* surface;
   m_d3ddev->GetBackBuffer(0, 0, D3DBACKBUFFER_TYPE_MONO, &surface);
   if (sx != -1)
   {
      RECT rct;
      rct.left = sx;
      rct.right = sx + width;
      rct.top = sy;
      rct.bottom = sy + height;
      D3DXSaveSurfaceToFile(outname, D3DXIFF_JPG, surface, NULL, &rct);
   }
   else
      D3DXSaveSurfaceToFile(outname, D3DXIFF_JPG, surface, NULL, NULL);

   surface->Release();
}


Of course, this is the only code I've found so far that interacts well with desktop window manager in windowed mode.


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 12 Jul 2013 16:51 
Offline
User avatar

Joined: 30 Apr 2013 00:03
Posts: 221
See i wanted to go that route as i prefer the DirectX functions. Mine still scans pretty quick, but i hate windows GDI crap. And i actually just took this straight from Microsofts examples because every other example i looked at online was shit.

Code:
int CaptureAnImage(HWND hWnd)
{
   wchar_t filename[200];
   memset(filename,0,sizeof(filename));
   wsprintfW(filename, L"map//y%i//x%iy%i.png", y, x, y);


    HDC hdcScreen;
    HDC hdcWindow;
    HDC hdcMemDC = NULL;
    HBITMAP hbmScreen = NULL;
    //BITMAP bmpScreen;

    // Retrieve the handle to a display device context for the client
    // area of the window.
    hdcScreen = GetDC(NULL);
    hdcWindow = GetDC(hWnd);

    // Create a compatible DC which is used in a BitBlt from the window DC
    hdcMemDC = CreateCompatibleDC(hdcWindow);

    //This is the best stretch mode
    SetStretchBltMode(hdcWindow, HALFTONE);

    //The source DC is the entire screen and the destination DC is the current window (HWND)
    StretchBlt(hdcWindow,
               0,0,
               245, 242,
               hdcScreen,
               562,252,
               242,
               245,
               SRCCOPY);
   
    // Create a compatible bitmap from the Window DC
    hbmScreen = CreateCompatibleBitmap(hdcWindow, 245, 242);

    // Select the compatible bitmap into the compatible memory DC.
    SelectObject(hdcMemDC,hbmScreen);
   
    // Bit block transfer into our compatible memory DC.
    BitBlt(hdcMemDC,
               0,0,
               245, 242,
               hdcWindow,
               0,0,
               SRCCOPY);

   Gdiplus::Bitmap bitmap(hbmScreen, NULL);
   CLSID clsid;
   GetEncoderClsid(L"image/png", &clsid);
   bitmap.Save(filename, &clsid);

       
    //Clean up
    DeleteObject(hbmScreen);
    DeleteObject(hdcMemDC);
    ReleaseDC(NULL,hdcScreen);
    ReleaseDC(hWnd,hdcWindow);

    return 0;
}



In all honesty, im going to have to do another passover on the map.

While the light on the main world is perfect, anytime im over a dungeon, they have a different light value, so they are all darker. So i need to find another light value to set so everything is one brightness.

Example: https://www.dropbox.com/s/mkvkxfxs0uebrk3/bleh.jpg


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 12 Jul 2013 17:05 
Offline

Joined: 05 Nov 2007 11:14
Posts: 128
Heck I still have streaky shit as the time is changing.

Code:
   if (buffer[0] == 0x1F) //enter world
   {
      InitialLoginData* data = (InitialLoginData*)&buffer[2];
      sPlayer.m_charid = data->serverId;
      sPlayer.m_mapid = data->mapId;

      LUANumber arg(data->mapId);
      sLuaMgr.FireEvent("EVENT_MAP_CHANGED", 1, &arg);
      g_mapid = data->mapId;
      g_mapswitchms = GetMSTime();
      sPlayer.ClearPath();

#ifdef MAPGEN
      data->time_current = 200;
      data->time_roc = 0; //NO CHANGEY TIME PLS SIT
#endif
   }


Seems to have not worked.

Will look into it more.


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 12 Jul 2013 17:30 
Offline
User avatar

Joined: 30 Apr 2013 00:03
Posts: 221
Code:
InitialLoginData* ild = (InitialLoginData*)&packet[2];
      //printf("X/Y: %i, %i\nMap: %i\nServerId: %i\nUnk: %i\nUnk2: %i\nUnk3: %i\nServerId2: %i\nUnk4: %i\nTime: %f\nRoC: %f\nUnk7: %i\n",
      //   ild->positionX, ild->positionY, ild->mapId, ild->serverId, ild->unk, ild->unk2, ild->unk3, ild->serverId2, ild->unk4, ild->time_current, ild->time_roc, ild->unk7);

      ild->positionX = 30;
      ild->positionY = (y * 60) + 30; //So i can exit out and just set my Y variable, be right back where i started
      ild->time_current = 200.0f;
      ild->time_roc = 0.0f;


Possibly int to float conversion loss? Mine works no problem.


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 12 Jul 2013 17:40 
Offline

Joined: 05 Nov 2007 11:14
Posts: 128
Selective characters also receive old light updates. Byte 17 in update packet.

Edit: I'm wrong, removed.


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 12 Jul 2013 17:57 
Offline
User avatar

Joined: 30 Apr 2013 00:03
Posts: 221
what im planning to do for my next passover is Login to the game, allow update packets to be received but only the first 24 bytes (no objects/spells/units will then be displayed), then cast night vision, then block update packets after that. Should, ideally, get rid of the light changes in dungeons


edit:

also i just did testing. My method produced around 20-25fps, yours was getting me around 30-35fps. So yours is faster for sure.

and i was planing to do your method (back buffer) so that way i could still use my computer as it scanned. But EJ has his FPS drop down to about 15-20 when you do not have xenimus as the foreground window. I wonder if there is a way to lock the FPS.


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 12 Jul 2013 21:25 
Offline
User avatar

Joined: 30 Apr 2013 00:03
Posts: 221
Strange memory addresses...

So trying to f- with the light. I have found these 4 values
Code:
uint8 24C0163
uint8 2EBB8F1
uint32 57FB89C
Float 5677EF8


Now, i have had NO success setting any of the Byte values. They seem to do nothing.

Here is the interesting part though. The float value, when i enter a dark area in the game (while logged in) and i lock the value in cheat engine, then when i go back into lighter areas, it stays dark. But when i lock the value in a lighter area and go into a darker area, the darker area doesnt change. the, f-.


edit:

Night Vision
Code:
uint32 5677F14


Thats actually just the charges flag. but if you set to 8 you get night vision.


Top
 Profile  
 
 Post subject: Re: Updated Xenimus Map?
PostPosted: 12 Jul 2013 22:27 
Offline
User avatar

Joined: 30 Apr 2013 00:03
Posts: 221
Another update for anyone that wants it:

Ok so seeing as how my computer doesnt contain enough RAM to create files 65500x65500 (an image half that size would require like 10gigs of ram or something just to create it), i created an HTML file that will render the map.

The way the html file works:

When you first open the HTML file, it will only display the first 100 lines of the map (total of 1074 lines).

You can make the html file show you whatever lines you want by simply adding arguments to the url
Code:
MainMap.html?s=#&e=#


So to see lines 100-200 you would do:
Code:
MainMap.html?s=100&e=200


To display the full map (its very, very, very, very large guys):
Code:
MainMap.html?s=0&e=1074



Download the .zip file here (~563mb)
https://www.dropbox.com/s/2enn0wt8ev0hnuo/MainMap.zip


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 74 posts ]  Go to page 1, 2  Next

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group