Guide Patching dupes using opcodes.

[XManton]

I have join a few servers and 3 dupes have worked.

 

Here are a few fixes like Html, Pet dupe, Warehouse deposit dupe.

 

Check out these opcodes ( Interlude )

 

First make an check bool named bSendPacket = true in the top of your Incoming Packet Hook, If trade found in any of these functions you will return false to block the current packet ( bSendPacket will be false ) then return this result in your incoming packet hook.

 

• 0x21: bSendPacket  = HtmlCMD( pSocket );
  
• 0x8C: bSendPacket  = CheckPet( pSocket );
  
• 0x8B: bSendPacket  = CheckPet( pSocket );
  
• 0x31: bSendPacket  = DepositItem( pSocket,  &RecvPacket[ 1 ] );
  

 

Then deal with these packets, many of these dupes have to trade. So, these packets have to check if player are in trade when send this sort of opcodes.

 

So if we are to check if a user is in the trade and be able to close the trade, we must check offsets of these functions located in User class.

 

Normal PTS offsets, Get a function list and find the offsets for them.

 

bool User::IsNowTrade()  = 0x80F840

User::TradeCancel() = 0x80F370

 

Now let us look at the function we call when send html command ( opcode 0x21)

 

bool HtmlCMD(CSocket *pSocket)
{
//First get pointer to User located in the Socket class ( user ).
User *pUser = pSocket->user;

//Next we will do the check for trade.
if (pUser->IsNowTrade())
{
	//Cancel the trade.
	pUser->TradeCancel();
	return false;
}

// We will also check the StopType so we are not moving ( state 2 )
if (pUser->SD->nStopType == 2)
{
	return false;
}

// All went ok.
return true;
}

 

Now let us look at the function we call when take items from pet ( opcode 0x8C ) or give items to pet ( opcode 0x8B )

 

bool CheckPet(CSocket *pSocket)
{
//First get pointer to User located in the Socket class ( user ).
User *pUser = pSocket->user;

//Next we will do the check for trade.
if (pUser->IsNowTrade())
{
	//Cancel the trade.
	pUser->TradeCancel();
	return false;
}

// All went ok.
return true;
}

 

Note: You can also check the item amount is less then 0 or greater then max amount of 2000000000 inside this function.

 

Now let us look at the function we call when try find duplicated item ID's when Deposit Items to WH( opcode 0x31 )

 

bool DepositItem( CSocket *pSocket, u8 *packet )
{
u32  pCounter = *(u32*)packet;
u32* pData    = (u32*)&packet[ 4 ];

// Loop the amount first time.
for (u32 x = 0; x < pCounter; x++)
{
	// Take out the first object.
	u32 pItemID1 = pData[x * 2];

	// Loop the amount second time.
	for(u32 t = 0; t < pCounter; t++)
	{
		if( x != t )
		{
			// Take out the second object.
			u32 pItemID2 = pData[t * 2];

			//We found same ID then return false on this.
			if(pItemID1 == pItemID2) return false;
		}
	}
}

// All went ok, no duplicated items found.
return true;
}

 

I hope you got a picture of how the patching of dupes are made by using incoming opcodes, If anyone has a problem with a dupe, write here so we can help each other to solve it.

 

This was a simple review of how it works. If you have any questions about this, Feel free to contact me.

 

Good luck all L2OFF users!!.

 

Have a great weekend.

 

-Manton

[Hazel]

; o Great work :)

Thank you ;]

 

Give us more share ;D

[toa]

How do players make this dupes? I test it on my server but it seems I don't know what exactly to do, I tryed some variations

[GoodT]

Good tutorial, but it just for open source extender. With closed project etc. vampir, nextdev user cant do nothing.

[xax0r]

Manton, you're really great Developer 'n please make more guides for us ;) thanks 4Eva' :)

[Alexi]

very nice tutorial but i need too much practice at l2off

[™® Stergios ®™]

oo :) nice guide.. but i think that is easier to download the amped or demp .dll and add it to l2server.exe .. but your way will help the others to searching more about the codes and try to change some of it ..

[aislancezar]

Very useful.

[rtoservers]

what s the program name?