4/13/11 patch

[mons00n]

The 4/13/11 decided to break my SEQ installation. It was working last night with the fixes mentioned in this thread. Now I get a wall OP errors before it seg faults out. I get different errors depending on what zone I go into (I assume it depends on mobs/people). These are the ones I get (and where they show up when grep'd):

ClickObject (interface.cpp)
MobUpdate (everquest.h)
ClientUpdate (interface.cpp)
InspectAnswer (interface.cpp)
DeleteSpawn (spawnlog.cpp/h/moc)

I can't do any logging because it crashes with a seg fault shortly after starting.

Here's a snippet of one of my crashes:

Code:

Warning: OP_ClickObject  (0x442a) (dataLen: 65) doesn't match: sizeof(remDropStruct):8
Warning: OP_ClickObject  (0x442a) (dataLen: 62) doesn't match: sizeof(remDropStruct):8
Player: Exp: Set: 91872946 total, with 3189602 (18/330) into level with 4807566 left, where 1/330 = 24233
Player: Exp: New: < 24233, 436194 (18/330) into level with 7560974 left
Warning: OP_ClientUpdate  (0x7062) (dataLen: 24) doesn't match: sizeof(playerSpawnPosStruct):22 sizeof(playerSelfPosStruct):40
Warning: OP_MobUpdate  (0x4656) (dataLen: 14) doesn't match: sizeof(spawnPositionUpdate):12
Warning: OP_MobUpdate  (0x4656) (dataLen: 14) doesn't match: sizeof(spawnPositionUpdate):12
Warning: OP_InspectAnswer  (0x2370) (dataLen: 10) doesn't match: sizeof(inspectDataStruct):1860
Warning: OP_ClientUpdate  (0x7062) (dataLen: 24) doesn't match: sizeof(playerSpawnPosStruct):22 sizeof(playerSelfPosStruct):40
Warning: OP_InspectAnswer  (0x2370) (dataLen: 10) doesn't match: sizeof(inspectDataStruct):1860
Warning: OP_DeleteSpawn  (0x220c) (dataLen: 12) doesn't match: sizeof(deleteSpawnStruct):4
Segmentation fault

It looks like OP codes have changes, or have the structures changed? How does one tell? There doesn't seem to be much activity in this forum so I'm just curious as to if anyone is still hunting these down.

I can sometimes get it to NOT crash. Now when figuring out these OP codes (if that's all it is) do I change them in conf/zoneopcodes.xml or /usr/local/share/showeq? And does it require a recompile?

[Kalastrom]

*** UPDATED DATA ***
From what I've managed to figure out so far, some opcodes have changed as have some structures. I've managed to fix a very small number so far, one of which is technically inconsequential.

OP_GuildMOTD's opcode has changed to 71D1 (update the xml file).
OP_ZoneEntry's opcode has changed to 02D6

the playerSpawnStruct (in everquest.h) needed to be updated, adding a 2 byte placeholder variable like so:

Code:

/*0000*/ uint16_t spawnId;
         uint8_t  unk[2];
/*0002*/ signed   padding0000:12; // ***Placeholder

playerSelfPosStruct (also in everquest.h) also needed to be updated, increasing uint8_t unknown0004[4] by two bytes making it unknown0004[6].

spawnPositionUpdate (in everquest.h) needed a two byte update as well (it seems, can't completely confirm yet as npc movement on the map isn't working right yet)

Code:

/*0000*/ int16_t  spawnId;
        uint8_t unk1[2];
/*0002*/ int64_t  y:19, z:19, x:19, u3:7;

I also know that the spawnPositionUpdate struct needs to be updated as well by two bytes, but nothing I've tried has worked right yet.

As for the inevitable crashing question, I've found that it doesn't crash in Nektulos Forest for me, for some reason, everywhere else I've tried so far it crashes in.

[mons00n]

Your above changes seem to help a little. If I log in when SEQ is open then I get an immediate seg fault. Upon reopening it and zoning into surefall glade I got the following:

Code:

Warning: OP_ClickObject  (0x442a) (dataLen: 65) doesn't match: sizeof(remDropStruct):8
Warning: OP_ClickObject  (0x442a) (dataLen: 62) doesn't match: sizeof(remDropStruct):8
Warning: OP_InspectAnswer  (0x2370) (dataLen: 10) doesn't match: sizeof(inspectDataStruct):1860
Warning: OP_InspectAnswer  (0x2370) (dataLen: 10) doesn't match: sizeof(inspectDataStruct):1860
Warning: OP_DeleteSpawn  (0x220c) (dataLen: 12) doesn't match: sizeof(deleteSpawnStruct):4
Segmentation fault

So I zoned into Nektulos and sure enough it does not crash just as you said. But I am being flooded with:

Code:

Warning: OP_InspectAnswer  (0x2370) (dataLen: 10) doesn't match: sizeof(inspectDataStruct):1860

I'd love to help but I'm not sure how. What did you do to come up with your above fixes?

[Kalastrom]

I spent many hours looking at the code and the packets being dumped. I've got a most likely fix for OP_InspectAnswer as well. The opcode 2370 is actually OP_GuildMOTD now (I'm pretty sure), but I don't know what the new InspectAnswer code is yet. On top of that, npc and player corpses are not being handled properly either I just discovered. They're drawn when you change zones (player corpses don't have the right icon though), but they do no disappear when they rot, nor do new corpses (post zoning) appear on the map.

[mons00n]

Didn't your original post say that the OP_GuildMOTD was 71D1? My guild MOTD was showing up fine with 71D1, but is gibberish when using 2370.

I also get an OP_ZoneEntry error when zoning into Nektulos:

Code:

Warning: OP_ZoneEntry  (0x2d6) (dataLen: 76) doesn't match: sizeof(ClientZoneEntryStruct):68

Does that mean there's still an issue with the zone entry OP code?

[Kalastrom]

Sorry, braindead. I thought I hadn't included the GuildMOTD in the original post. Been staring at this stuff for too long today possibly. lol

[mons00n]

haha no problem.

Since SEQ figures out what zone I'm entering does that mean that the OP code is ok but the structure is not? (I'm new to the inner workings of SEQ so I'm trying to figure it out)

[Kalastrom]

The zoning code appears to be okay. when I zone into Neriak (for example) from Nek (a zone where I don't crash), the zone loads, map is drawn, NPCs are placed and then it immediately crashes right after (most likely while processing a packet). In my case the last packets I see in the logs are these:
From zone.log:

Code:

Apr 15 2011 02:00:45:867 [Decoded] [Server->Client] [Size: 112]
[OPCode: 0x390c]
[Name: OP_GroupUpdate][Updated: 10/21/09][Type: uint8_t (1) nc]
000 | 00 00 00 00 62 13 00 00 4a 61 76 65 6e 20 54 61  | ....b...Javen Ta 
016 | 56 6f 73 00 00 00 00 00 00 00 00 00 00 00 00 00  | Vos............. 
032 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  | ................ 
048 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  | ................ 
064 | 00 00 00 00 00 00 00 00 54 61 69 6c 6f 72 69 6e  | ........Tailorin 
080 | 67 20 53 75 70 70 6c 69 65 73 00 00 00 00 00 00  | g Supplies...... 
096 | 00 00 00 00 00 00 00 00 06 00 00 00 29 02 e4 01  | ............)...

from unknownzone.log:

Code:

Apr 15 2011 02:00:45:867 [Server->Client] [Size: 10]
[OPCode: 0x6967]
000 | a2 05 00 00 b1 05 00 00 2f 3e                    | ......../> 

Apr 15 2011 02:00:45:867 [Server->Client] [Size: 10]
[OPCode: 0x0ff4]
000 | c0 07 00 00 c0 07 00 00 2f 3e                    | ......../> 

Apr 15 2011 02:00:45:867 [Server->Client] [Size: 3]
[OPCode: 0x7901]
000 | 31 3e 64                                         | 1>d 

Apr 15 2011 02:00:45:867 [Server->Client] [Size: 3]
[OPCode: 0x1912]
000 | 31 3e 00                                         | 1>. 

Apr 15 2011 02:00:45:867 [Server->Client] [Size: 3]
[OPCode: 0x5a6b]
000 | 31 3e 00                                         | 1>.

and from global.log:

Code:

Apr 15 2011 02:00:45:867 [199.108.3.50:1398->client:50870] [Size: 73]
[OPCode: 0x300] [Flags: 5a] [CRC ok]

000 | 00 03 5a 78 9c b3 67 e0 64 bc c8 20 c9 93 9e b9  | ..Zx..g.d.. .... 
016 | 88 95 81 61 23 10 eb db f1 7c e1 3f c0 ce c0 00  | ...a#....|.?.... 
032 | c2 40 4e 81 f2 12 16 06 06 10 d6 b7 63 65 ac 34  | [email protected] 
048 | b4 4b 61 15 92 34 b4 63 60 cd 8e 02 92 2c 0c a2  | .Ka..4.c`....,.. 
064 | 0c dc 00 e3 d8 0c 8e 37 0e                       | .......7.

I'm fairly certain that the first posted packet's opcode is completely wrong, and since I've isolated the ZoneEntry code I'm trying to track down what that one is right now.

[mons00n]

After sitting in Nektulos for a while it seems my most frequent packet has an OPCode:0x38e0, is this a chat channel of some sort?

Code:

Apr 14 2011 22:57:49:644 [Server->Client] [Size: 18]
[OPCode: 0x38e0]
000 | 18 46 00 00 70 19 05 81 6a 10 00 10 b5 80 64 01  | .F..p...j.....d. 
016 | 60 2a                                            | `* 

Apr 14 2011 22:57:49:934 [Server->Client] [Size: 18]
[OPCode: 0x38e0]
000 | 1c 37 00 00 70 1d f6 01 4c e0 00 60 f7 a0 60 05  | .7..p...L..`..`. 
016 | 60 08                                            | `. 

Apr 14 2011 22:57:49:934 [Server->Client] [Size: 18]
[OPCode: 0x38e0]
000 | 29 2a 00 00 70 19 0c 81 a8 40 01 22 14 00 60 04  | )*..p....@."..`. 
016 | c0 14      

.......

[Kalastrom]

I'm not sure what that opcode is, but I'm going to tinker a bit with it since I was looking for a movement update code earlier and couldn't find it. maybe that's the one. EDIT: Nope, that wasn't it. lol

As for the crashes, I think I found out what's causing it, but I can't fix it correctly at the moment. Turns out (at least on my end) that when seq processes the erroneous OP_GroupUpdate packet it crashes, found that out by commenting the opcode out in the xml file.

[mons00n]

As for the crashes, I think I found out what's causing it, but I can't fix it correctly at the moment. Turns out (at least on my end) that when seq processes the erroneous OP_GroupUpdate packet it crashes, found that out by commenting the opcode out in the xml file.

This stopped the crashing for me as well. I can see the mobs/alerts/etc on the map but you're right their movement doesn't seem update. Player movement on the other hand IS updating. I'm also getting this OP error mixed in now along with the InspectAnswer spam:

Code:

Warning: OP_GroupCancelInvite  (0x2736) (dataLen: 0) doesn't match: sizeof(groupDeclineStruct):152

At least it's usable now to some degree!
EDIT: ignore the above statement. I tried to take on a mob in sol-b and it seg faulted on me. I'll see if i can reproduce it while logging data.

[Kalastrom]

Ah HA! OP_TargetMouse has been changed (duh), it's opcode is now 5F5E.

[mons00n]

Ah HA! OP_TargetMouse has been changed (duh), it's opcode is now 5F5E.

Nice that seems to have fixed it so you no longer have to comment out OP_GroupUpdate!

Now I'm getting seg faults when fighting monters. There doesn't seem to be one specific action causing it unfortunately so here are the end of my logs before the seg fault:

unknownzone.log

Code:

Apr 15 2011 00:12:11:608 [Client->Server] [Size: 18]
[OPCode: 0x33f2]
000 | 02 d3 07 c4 fa ef df c3 9e 3b 5c 42 02 5a 6a 6c  | .........;\B.Zjl 
016 | 08 02                                            | .. 

Apr 15 2011 00:12:11:728 [Server->Client] [Size: 4]
[OPCode: 0x3ea4]
000 | 27 45 0a 51                                      | 'E.Q 

Apr 15 2011 00:12:11:728 [Server->Client] [Size: 4]
[OPCode: 0x3ea4]
000 | f6 43 0a 5c                                      | .C.\ 

Apr 15 2011 00:12:11:728 [Server->Client] [Size: 36]
[OPCode: 0x32c6]
000 | 00 00 00 00 b2 01 00 00 1b 01 00 00 63 69 6e 64  | ............cind 
016 | 65 72 20 67 6f 62 6c 69 6e 00 31 35 00 00 00 00  | er goblin.15.... 
032 | 00 00 00 00                                      | .... 

Apr 15 2011 00:12:11:729 [Server->Client] [Size: 18]
[OPCode: 0x38e0]
000 | 45 ac 00 00 72 0d 69 40 eb a0 01 26 c9 81 38 05  | E...r.i@...&..8. 
016 | 20 86

zone.log

Code:

Apr 15 2011 00:12:11:729 [Decoded] [Server->Client] [Size: 28]
[OPCode: 0x7519]
[Name: OP_Action2][Updated: 06/12/09][Type: action2Struct (28) ==]
000 | d5 46 f6 43 1c ff ff 10 00 00 00 cd cc cc 3d bd  | .F.C..........=. 
016 | 78 e8 42 00 00 00 00 00 00 00 00 00              | x.B......... 

Apr 15 2011 00:12:11:729 [Decoded] [Server->Client] [Size: 18]
[OPCode: 0x38e0]
000 | 45 ac 00 00 72 0d 69 40 eb a0 01 26 c9 81 38 05  | E...r.i@...&..8. 
016 | 20 86                                            |  . 

Apr 15 2011 00:12:12:008 [Decoded] [Server->Client] [Size: 24]
[OPCode: 0x7062]
[Name: OP_ClientUpdate][Updated: 01/17/08][Type: playerSpawnPosStruct (24) ==]
000 | 4f 46 00 00 db 07 00 00 10 03 00 00 e7 fc 07 00  | OF.............. 
016 | 61 46 d8 7e f6 00 00 00                          | aF.~.... 

Apr 15 2011 00:12:12:008 [Decoded] [Server->Client] [Size: 12]
[OPCode: 0x3b52]
[Name: OP_FormattedMessage][Updated: 10/21/09][Type: formattedMessageStruct (20) nc]
000 | 0e 01 00 00 08 01 00 00 00 00 00 00              | ............

global.log

Code:

Apr 15 2011 00:12:11:608 [client:47177->199.108.3.87:1428] [Size: 35]
[OPCode: 0x300] [Flags: a5] [CRC ok]

000 | 00 03 a5 18 00 09 00 45 f2 33 02 d3 07 c4 fa ef  | .......E.3...... 
016 | df c3 9e 3b 5c 42 02 5a 6a 6c 08 02 04 00 15 02  | ...;\B.Zjl...... 
032 | 98 b5 a5                                         | ... 

Apr 15 2011 00:12:11:729 [199.108.3.87:1428->client:47177] [Size: 150]
[OPCode: 0x300] [Flags: 5a] [CRC ok]

000 | 00 03 5a 78 9c d3 61 e0 64 9a c9 20 c9 b6 c4 4e  | ..Zx..a.d.. ...N 
016 | dd 95 2b 50 4e b2 f4 a8 9b ba 2b c3 ff ff 1c 0c  | ..+PN.....+..... 
032 | 0c 0c 67 cf 9c b1 bd 21 f4 d5 99 01 06 8a 80 8a  | ..g....!........ 
048 | 67 81 15 7f 73 e6 8a 51 3b 66 04 12 dc c4 c8 c0  | g...s..Q;f...... 
064 | 20 0d c4 c9 99 79 29 a9 45 0a e9 f9 49 39 99 79  |  ....y).E...I9.y 
080 | 0c 86 a6 30 4d 40 33 bf 39 5f 75 fb f9 ff 3f 3f  | [email protected]_u...?? 
096 | 03 16 00 94 be ea f6 cd 59 e6 ff 7f 01 a8 95 7b  | ........Y......{ 
112 | 2b 5e 38 c1 a5 59 18 44 19 5c 45 1e 58 b8 ae 01  | +^8..Y.D.\E.X... 
128 | 5a cf 9b e9 f0 7a 01 a3 da c9 46 0b 56 85 36 00  | Z....z....F.V.6. 
144 | 99 86 2e 53 64 7a                                | ...Sdz 

Apr 15 2011 00:12:11:888 [client:47177->199.108.3.87:1428] [Size: 7]
[OPCode: 0x1500]
000 | 00 15 a5 02 9a 36 4f                             | .....6O

All I did was cast root, a dot or two, or just hit the thing and let it hit me back.

Let me know if these help you out or you need me to try anything. I'm about to turn in for the evening though.

[Kalastrom]

Get some sleep then, I'm getting more than a little annoyed that I can't find the npc movement opcode.

EDIT: Also, uncommenting the GroupUpdate opcode brought crashes back to mine, so it is definitely NOT fixed.

Edit #2: OP_Consider is now 3C2D.

Edit #3: I'm seriously thinking 38E0 is the NpcMoveUpdate code, but the packet's structured differently.

[mons00n]

EDIT: Also, uncommenting the GroupUpdate opcode brought crashes back to mine, so it is definitely NOT fixed.

well changing the OP_TargetMouse and uncommenting the GroupUpdate stops the crash when zoning (other than nek). I'm going to comment out the GroupUpdate again and see if that stops crashing the code when I'm fighting mobs.

EDIT: ok so I'm still crashing when fighting monsters. For me it makes no difference commenting out GroupUpdate (then again I'm not in a group atm)

Appreciate your help, and good luck finding the movement op code! Again if there's anything I can do to help let me know.