I looked through last expansion's threads, and found this post (http://www.showeq.net/forums/showthread.php?6402-Underfoot-Expansion&p=45545&viewfull=1#post45545) that has ksmith's perl script parse through eqgame.exe to generate information on the zones.

I tried this using the new .exe, and it's failing:


Use of uninitialized value within @stack in subtraction (-) at (eval 2) line 1.
Use of uninitialized value within @stack in subtraction (-) at (eval 2) line 1.
Use of uninitialized value in printf at (eval 2) line 1.
{non-ASCII symbols}
@ 001EDBC0 Unknown opcode: 66A3D853

Is there something that needs to be updated with the perl script (if ksmith is still with us?)

I ran the script on the old eqgame.exe from Dec '09, and it worked fine. It's just when I ran it against the new one.

Thanks.

All the zone names and numbers are in a constructor called "EQWorldData::EQWorldData". The address for it in the previous exe (sept 15) is at 0x6B87A0. The address in today's exe is at 0x6FA650. Within this function there are lines of code like this:


.text:006FA6F3 020 68 34 0C 8A 00 push offset aSurefallGlade ; "Surefall Glade" <--long name
.text:006FA6F8 024 68 DC 02 87 00 push offset aQrg ; "qrg" <-- short name
.text:006FA6FD 028 6A 03 push 3 ; int <-- zone id
.text:006FA6FF 02C 6A 00 push 0 ; int <-- expansion (ignore this)
.text:006FA701 030 8B CE mov ecx, esi
.text:006FA703 030 E8 C8 FA FF FF call sub_6FA1D0 ; EQWorldData::AddZone(EQExpansion,EQZoneIndex,char const *,char const *)


The important parameters are the second, third and fourth (zone id, zone short name, zone long name, respectively). It's a huge function and might take some time to do manually, but that's how I always do it. I'm tight on time these days so if someone wants to take a stab at it that would be great.

The byte pattern zones.pl uses to find EQWorldData::EQWorldData needed to be expanded to match the right place.

Around line 17 or so, where it starts with 'my $offset = find(' change it to be 'my $offset = find(split(/ /, "6a 07 68 c3 08 00 00"));'.


Loading ./eqgame.exe: .................................................. ....................................5615616 bytes
Found offset 002fa69d
0 2243 qeynos South Qeynos
2 2244 qeynos2 North Qeynos
3 2245 qrg Surefall Glade
4 2246 qeytoqrg Qeynos Hills
6 2248 highkeep HighKeep
8 2249 freportn North Freeport
9 2250 freportw West Freeport
10 2251 freporte East Freeport
11 2252 runnyeye Clan RunnyEye
12 2253 qey2hh1 West Karana
13 2254 northkarana North Karana
14 2255 southkarana South Karana
15 2256 eastkarana East Karana
16 2257 beholder Gorge of King Xorbb
17 2258 blackburrow BlackBurrow
18 2259 paw Infected Paw
19 2260 rivervale Rivervale
20 2261 kithicor Kithicor Forest
21 2262 commons West Commonlands
22 2263 ecommons East Commonlands
408 616 commonlands Commonlands
409 2310 oceanoftears Ocean Of Tears
410 2261 kithforest Kithicor Forest
411 2277 befallenb Befallen
412 2248 highpasskeep HighKeep
413 2287 innothuleb Innothule Swamp
414 2279 toxxulia Toxxulia Forest
415 2274 mistythicket Misty Thicket
23 2264 erudnint Erudin Palace
24 2265 erudnext Erudin
25 2266 nektulos Nektulos Forest
26 2267 cshome Sunset Home
27 2268 lavastorm Lavastorm Mountains
28 2269 nektropos Nektropos
29 2270 halas Halas
30 2271 everfrost Everfrost Peaks
31 2276 soldunga Solusek's Eye
32 2277 soldungb Nagafen's Lair
33 2274 misty Misty Thicket
34 2275 nro North Ro
35 2276 sro South Ro
36 2277 befallen Befallen
37 2278 oasis Oasis of Marr
38 2279 tox Toxxulia Forest
39 2280 hole The Ruins of Old Paineel
40 2281 neriaka Neriak Foreign Quarter
41 2282 neriakb Neriak Commons
42 2283 neriakc Neriak Third Gate
43 2284 neriakd Neriak Palace
44 2285 najena Najena
45 2286 qcat Qeynos Catacombs
46 2287 innothule Innothule Swamp
47 2288 feerrott The Feerrott
48 2289 cazicthule Cazic-Thule
49 2290 oggok Oggok
50 2291 rathemtn Mountains of Rathe
51 2292 lakerathe Lake Rathetear
52 2293 grobb Grobb
53 2294 aviak Aviak Village
54 2295 gfaydark Greater Faydark
55 2296 akanon Ak'Anon
56 2297 steamfont Steamfont Mountains
57 2298 lfaydark Lesser Faydark
58 2299 crushbone Clan Crushbone
59 2300 mistmoore Castle Mistmoore
60 2308 kaladima Kaladim
61 2303 felwithea Felwithe
62 2303 felwitheb Felwithe
63 2304 unrest Estate of Unrest
64 2305 kedge Kedge Keep
65 2306 guktop Upper Guk
66 2307 gukbottom Lower Guk
67 2308 kaladimb Kaladim
68 2309 butcher Butcherblock Mountains
69 2310 oot Ocean of Tears
70 2311 cauldron Dagnor's Cauldron
71 2312 airplane Plane of Sky
72 2313 fearplane Plane of Fear
73 2314 permafrost Permafrost Keep
74 2315 kerraridge Kerra Isle
75 2316 paineel Paineel
76 2317 hateplane The Plane of Hate
77 2401 arena The Arena
78 2319 fieldofbone The Field of Bone
79 2320 warslikswood Warsliks Wood
80 2321 soltemple Temple of Solusek Ro
81 2322 droga Temple of Droga
82 2323 cabwest West Cabilis
83 2324 swampofnohope Swamp of No Hope
84 2325 firiona Firiona Vie
85 2326 lakeofillomen Lake of Ill Omen
86 2327 dreadlands Dreadlands
87 2328 burningwood Burning Woods
88 2329 kaesora Kaesora
89 2330 sebilis Old Sebilis
90 2331 citymist City of Mist
91 2332 skyfire Skyfire Mountains
92 2333 frontiermtns Frontier Mountains
93 2334 overthere The Overthere
94 2335 emeraldjungle The Emerald Jungle
95 2336 trakanon Trakanon's Teeth
96 2337 timorous Timorous Deep
97 2338 kurn Kurn's Tower
98 2339 erudsxing Erud's Crossing
100 2340 stonebrunt Stonebrunt Mountains
101 2341 warrens The Warrens
102 2342 karnor Karnor's Castle
103 2343 chardok Chardok
104 2344 dalnir Dalnir
105 2345 charasis Howling Stones
106 2346 cabeast East Cabilis
107 2347 nurga Mines of Nurga
108 2348 veeshan Veeshan's Peak
109 2349 veksar Veksar
110 2350 iceclad Iceclad Ocean
111 2351 frozenshadow Tower of Frozen Shadow
112 2352 velketor Velketor's Labyrinth
113 2353 kael Kael Drakkal
114 2354 skyshrine Skyshrine
115 2355 thurgadina Thurgadin
116 2356 eastwastes Eastern Wastes
117 2357 cobaltscar Cobalt Scar
118 2358 greatdivide Great Divide
119 2359 wakening The Wakening Land
120 2360 westwastes Western Wastes
121 2361 crystal Crystal Caverns
123 2362 necropolis Dragon Necropolis
124 2363 templeveeshan Temple of Veeshan
125 2364 sirens Siren's Grotto
126 2365 mischiefplane Plane of Mischief
127 2366 growthplane Plane of Growth
128 2367 sleeper Sleeper's Tomb
129 2368 thurgadinb Icewell Keep
130 2369 erudsxing2 Marauder's Mire
150 2370 shadowhaven Shadow Haven
151 2371 bazaar The Bazaar
152 2372 nexus The Nexus
153 2373 echo Echo Caverns
154 2374 acrylia Acrylia Caverns
155 2375 sharvahl Shar Vahl
156 2376 paludal Paludal Caverns
157 2377 fungusgrove Fungus Grove
158 2378 vexthal Vex Thal
159 2379 sseru Sanctus Seru
160 2380 katta Katta Castellum
161 2381 netherbian Netherbian Lair
162 2382 ssratemple Ssraeshza Temple
163 2383 griegsend Grieg's End
164 2384 thedeep The Deep
165 2385 shadeweaver Shadeweaver's Thicket
166 2386 hollowshade Hollowshade Moor
167 2387 grimling Grimling Forest
168 2388 mseru Marus Seru
169 2389 letalis Mons Letalis
170 2390 twilight The Twilight Sea
171 2391 thegrey The Grey
172 2392 tenebrous The Tenebrous Mountains
173 2393 maiden The Maiden's Eye
174 2394 dawnshroud Dawnshroud Peaks
175 2395 scarlet The Scarlet Desert
176 2396 umbral The Umbral Plains
179 2397 akheva Akheva Ruins
180 2401 arena2 The Arena
181 2398 jaggedpine The Jaggedpine Forest
182 5803 nedaria Nedaria's Landing
187 5827 shadowrest Shadowrest
183 2399 tutorial Tutorial Zone
188 5856 tutoriala The Mines of Gloomingdeep
189 5856 tutorialb The Mines of Gloomingdeep
190 2301 clz Loading
184 2301 load Loading
185 2301 load2 Loading
996 0 arttest Art Testing Domain
999 0 apprentice Designer Apprentice
202 9004 poknowledge Plane of Knowledge
203 9005 potranquility Plane of Tranquility
200 9006 codecay Ruins of Lxanvom
201 9007 pojustice Plane of Justice
204 9008 ponightmare Plane of Nightmare
221 9009 nightmareb Lair of Terris Thule
205 9010 podisease Plane of Disease
206 9011 poinnovation Plane of Innovation
207 9012 potorment Plane of Torment
208 9013 povalor Plane of Valor
209 9014 bothunder Torden, The Bastion of Thunder
210 9015 postorms Plane of Storms
211 9016 hohonora Halls of Honor
220 9017 hohonorb Temple of Marr
212 9018 solrotower Solusek Ro's Tower
213 9019 powar Plane of War
214 9020 potactics Drunder, Fortress of Zek
215 9021 poair Eryslai, the Kingdom of Wind
216 9022 powater Reef of Coirnav
217 9023 pofire Doomfire, The Burning Lands
218 9024 poeartha Vegarlson, The Earthen Badlands
222 9025 poearthb Stronghold of the Twelve
219 9026 potimea Plane of Time
223 9026 potimeb Plane of Time
226 4046 torgiran Torgiran Mines
227 4047 nadox Crypt of Nadox
224 4048 gunthak Gulf of Gunthak
225 4049 dulak Dulak's Harbor
228 4050 hatesfury Hate's Fury, The Scorned Maiden
186 2317 hateplaneb The Plane of Hate
277 598 chardokb The Halls of Betrayal
278 600 soldungc The Caverns of Exile
229 9086 guka The Cauldron of Lost Souls
230 9114 ruja The Bloodied Quarries
231 9124 taka The Sunken Library
232 9094 mira The Silent Gallery
233 9104 mmca The Forlorn Caverns
234 9087 gukb The Drowning Crypt
235 9115 rujb The Halls of War
236 9125 takb The Shifting Tower
237 9095 mirb The Maw of the Menagerie
238 9105 mmcb The Dreary Grotto
239 9088 gukc The Ancient Aqueducts
240 9116 rujc The Wind Bridges
241 9126 takc The Fading Temple
242 9096 mirc The Spider Den
243 9106 mmcc The Asylum of Invoked Stone
244 9089 gukd The Mushroom Grove
245 9117 rujd The Gladiator Pits
246 9127 takd The Royal Observatory
247 9097 mird The Hushed Banquet
248 9107 mmcd The Chambers of Eternal Affliction
249 9090 guke The Foreboding Prison
250 9118 ruje The Drudge Hollows
251 9128 take The River of Recollection
252 9098 mire The Frosted Halls
253 9108 mmce The Sepulcher of the Damned
254 9091 gukf The Chapel of the Witnesses
255 9119 rujf The Fortified Lair of the Taskmasters
256 9129 takf The Sandfall Corridors
257 9099 mirf The Forgotten Wastes
258 9109 mmcf The Ritualistic Summoning Grounds
259 9092 gukg The Root Garden
260 9120 rujg The Hidden Vale
261 9130 takg The Balancing Chamber
262 9100 mirg The Heart of the Menagerie
263 9110 mmcg The Cesspits of Putrescence
264 9093 gukh The Accursed Sanctuary
265 9121 rujh The Blazing Forge
266 9131 takh The Sweeping Tides
267 9101 mirh The Morbid Laboratory
268 9111 mmch The Aisles of Blood
269 9122 ruji The Arena of Chance
270 9132 taki The Antiquated Palace
271 9102 miri The Theater of Imprisoned Horrors
272 9112 mmci The Halls of Sanguinary Rites
273 9123 rujj The Barracks of War
274 9133 takj The Prismatic Corridors
275 9103 mirj The Grand Library
276 9113 mmcj The Infernal Sanctuary
77 2401 arena The Arena
279 3385 abysmal Abysmal Sea
280 3386 natimbi Natimbi, The Broken Shores
281 3387 qinimi Qinimi, Court of Nihilia
282 3388 riwwi Riwwi, Coliseum of Games
283 3389 barindu Barindu, Hanging Gardens
284 3390 ferubi Ferubi, Forgotten Temple of Taelosia
285 3391 snpool Sewers of Nihilia, Pool of Sludge
286 3392 snlair Sewers of Nihilia, Lair of Trapped Ones
287 3393 snplant Sewers of Nihilia, Purifying Plant
288 3394 sncrematory Sewers of Nihilia, the Crematory
289 3395 tipt Tipt, Treacherous Crags
290 3396 vxed Vxed, The Crumbling Caverns
291 3397 yxtta Yxtta, Pulpit of Exiles
292 3398 uqua Uqua, The Ocean God Chantry
293 3399 kodtaz Kod'Taz, Broken Trial Grounds
294 3447 ikkinz Ikkinz, Chambers of Destruction
296 3448 inktuta Inktu`Ta, The Unmasked Chapel
297 3449 txevu Txevu, Lair of the Elite
298 3450 tacvi Tacvi, Seat of the Slaver
295 3451 qvic Qvic, Prayer Grounds of Calling
299 5826 qvicb Qvic, the Hidden Vault
300 5889 wallofslaughter Wall of Slaughter
301 5890 bloodfields The Bloodfields
302 5891 draniksscar Dranik's Scar
303 5892 causeway Nobles' Causeway
304 5898 chambersa Muramite Proving Grounds
305 5898 chambersb Muramite Proving Grounds
306 5898 chambersc Muramite Proving Grounds
307 5898 chambersd Muramite Proving Grounds
308 5898 chamberse Muramite Proving Grounds
309 5898 chambersf Muramite Proving Grounds
316 5893 provinggrounds Muramite Proving Grounds
317 5894 anguish Asylum of Anguish
318 5899 dranikhollowsa Dranik's Hollows
319 5899 dranikhollowsb Dranik's Hollows
320 5899 dranikhollowsc Dranik's Hollows
321 5899 dranikhollowsd Dranik's Hollows
322 5899 dranikhollowse Dranik's Hollows
323 5899 dranikhollowsf Dranik's Hollows
324 5899 dranikhollowsg Dranik's Hollows
325 5899 dranikhollowsh Dranik's Hollows
326 5899 dranikhollowsi Dranik's Hollows
327 5899 dranikhollowsj Dranik's Hollows
328 5900 dranikcatacombsa Catacombs of Dranik
329 5900 dranikcatacombsb Catacombs of Dranik
330 5900 dranikcatacombsc Catacombs of Dranik
331 5901 draniksewersa Sewers of Dranik
332 5901 draniksewersb Sewers of Dranik
333 5901 draniksewersc Sewers of Dranik
334 5895 riftseekers Riftseekers' Sanctum
335 5896 harbingers Harbingers' Spire
336 5897 dranik The Ruined City of Dranik
998 5158 fhalls The Forgotten Halls
337 5160 broodlands The Broodlands
338 5161 stillmoona Stillmoon Temple
339 5162 stillmoonb The Ascent
340 5163 thundercrest Thundercrest Isles
341 5164 delvea Lavaspinner's Lair
342 5165 delveb Tirranun's Delve
343 5166 thenest The Accursed Nest
344 6112 guildlobby The Guild Lobby
345 6111 guildhall Guild Hall
346 6116 barter The Barter Hall
347 5170 illsalin Ruins of Illsalin
348 5171 illsalina Imperial Bazaar
349 5172 illsalinb Temple of the Korlach
350 5173 illsalinc The Nargilor Pits
351 5174 dreadspire Dreadspire Keep
354 5175 drachnidhive The Hive
355 5176 drachnidhivea Living Larder
356 5177 drachnidhiveb Coven of the Skinwalkers
357 5178 drachnidhivec Queen Sendaii's Lair
358 5179 westkorlach Stoneroot Falls
359 5180 westkorlacha Chambers of Xill
360 5181 westkorlachb Caverns of the Lost
361 5182 westkorlachc Lair of the Korlach
362 5183 eastkorlach Undershore
363 5184 eastkorlacha Snarlstone Dens
364 5185 shadowspine Shadowspine
365 5186 corathus Corathus Creep
366 5187 corathusa Sporali Caverns
367 5188 corathusb Corathus Lair
368 5189 nektulosa Shadowed Grove
369 3630 arcstone Arcstone
370 3631 relic Relic
371 3632 skylance Skylance
372 3633 devastation The Devastation
373 3634 devastationa The Seething Wall
374 3635 rage Sverag, Stronghold of Rage
375 3636 ragea Razorthorn, Tower of Sullon Zek
376 3637 takishruins Ruins of Takish-Hiz
377 3638 takishruinsa The Root of Ro
378 3639 elddar The Elddar Forest
379 3640 elddara Tunare's Shrine
380 3641 theater Theater of Blood
381 3642 theatera Deathknell, Tower of Dissonance
382 3643 freeporteast East Freeport
383 3644 freeportwest West Freeport
384 3645 freeportsewers Freeport Sewers
385 3646 freeportacademy Academy of Arcane Sciences
386 3647 freeporttemple Temple of Marr
387 3648 freeportmilitia Freeport Militia House
388 3649 freeportarena Arena
389 3650 freeportcityhall City Hall
390 3651 freeporttheater Theater
391 3652 freeporthall Hall of Truth
392 2275 northro North Ro
393 2276 southro South Ro
394 3675 crescent Crescent Reach
395 3676 moors Blightfire Moors
396 3677 stonehive Stone Hive
397 3678 mesa Goru`kar Mesa
398 3679 roost Blackfeather Roost
399 3680 steppes The Steppes
400 3681 icefall Icefall Glacier
401 3682 valdeholm Valdeholm
402 3683 frostcrypt Frostcrypt, Throne of the Shade King
403 3684 sunderock Sunderock Springs
404 3685 vergalid Vergalid Mines
405 3686 direwind Direwind Cliffs
406 3687 ashengate Ashengate, Reliquary of the Scale
407 2247 highpasshold Highpass Hold
416 617 kattacastrum Katta Castrum
417 618 thalassius Thalassius, the Coral Keep
418 619 atiiki Jewel of Atiiki
419 620 zhisza Zhisza, the Shissar Sanctuary
420 621 silyssar Silyssar, New Chelsith
421 622 solteris Solteris, the Throne of Ro
422 623 barren Barren Coast
423 624 buriedsea The Buried Sea
424 625 jardelshook Jardel's Hook
425 626 monkeyrock Monkey Rock
426 627 suncrest Suncrest Isle
427 628 deadbone Deadbone Reef
428 629 blacksail Blacksail Folly
429 630 maidensgrave Maiden's Grave
430 631 redfeather Redfeather Isle
431 8057 shipmvp The Open Sea
432 8057 shipmvu The Open Sea
433 8057 shippvu The Open Sea
434 8057 shipuvu The Open Sea
435 8057 shipmvm The Open Sea
436 652 mechanotus Fortress Mechanotus
437 653 mansion Meldrath's Majestic Mansion
438 654 steamfactory The Steam Factory
439 655 shipworkshop S.H.I.P. Workshop
440 656 gyrospireb Gyrospire Beza
441 657 gyrospirez Gyrospire Zeka
442 658 dragonscale Dragonscale Hills
443 659 lopingplains Loping Plains
444 660 hillsofshade Hills of Shade
445 661 bloodmoon Bloodmoon Keep
446 662 crystallos Crystallos, Lair of the Awakened
447 663 guardian The Mechamatic Guardian
449 665 cryptofshade Crypt of Shade
450 671 dragonscalea Tinmizer's Wunderwerks
451 672 dragonscaleb Deepscar's Den
452 1216 oldfieldofbone Field of Scale
478 1216 oldfieldofboneb Field of Scale
453 1216 oldkaesoraa Kaesora Library
454 1216 oldkaesorab Hatchery Wing
455 1216 oldkurn Kurn's Tower
456 1216 oldkithicor Bloody Kithicor
457 1216 oldcommons Old Commonlands
458 1216 oldhighpass Highpass Hold
459 1216 thevoida The Void
460 1216 thevoidb The Void
461 1216 thevoidc The Void
462 1216 thevoidd The Void
463 1216 thevoide The Void
464 1216 thevoidf The Void
465 1216 thevoidg The Void
466 1216 oceangreenhills Oceangreen Hills
467 1216 oceangreenvillage Oceangreen Village
468 1216 oldblackburrow Blackburrow
469 1216 bertoxtemple Temple of Bertoxxulous
470 1216 discord Korafax, Home of the Riders
471 1216 discordtower Citadel of the Worldslayer
472 1216 oldbloodfield Old Bloodfields
473 1216 precipiceofwar The Precipice of War
474 1216 olddranik City of Dranik
475 1216 toskirakk Toskirakk
476 1216 korascian Korascian Warrens
477 1216 rathechamber Rathe Council Chambers
448 2297 steamfontmts Steamfont Mountains
479 1216 crafthalls Ngreth's Den
480 1216 brellsrest Brell's Rest
481 1216 fungalforest Fungal Forest
482 1216 underquarry The Underquarry
483 1216 coolingchamber The Cooling Chamber
484 1216 shiningcity Kernagir, The Shining City
485 1216 arthicrex Arthicrex
486 1216 foundation The Foundation
487 1216 lichencreep Lichen Creep
488 1216 pellucid Pellucid Grotto
489 1216 stonesnake Volska's Husk
490 1216 brellstemple Brell's Temple
491 1216 convorteum The Convorteum
492 1216 brellsarena Brell's Arena
493 1216 weddingchapel Wedding Chapel
494 1216 weddingchapeldark Wedding Chapel
495 1216 dragoncrypt Lair of the Fallen
700 1216 feerrott2 The Feerrott
701 1216 thulehouse1 House of Thule
702 1216 thulehouse2 House of Thule, Upper Floors
703 1216 housegarden The Grounds
704 1216 thulelibrary The Library
705 1216 well The Well
706 1216 fallen Erudin Burning
707 1216 morellcastle Morell's Castle
708 1216 somnium Sanctum Somnium
709 1216 alkabormare Al'Kabor's Nightmare
710 1216 miragulmare Miragul's Nightmare
711 1216 thuledream Fear Itself
712 1216 neighborhood Sunrise Hills
713 1216 phylactery Miragul's Phylactery
714 1216 phinterior3a1 House Interior
716 1216 phinterior3a2 House Interior
717 1216 phinterior3a3 House Interior
715 1216 phinterior1a1 House Interior
718 1216 phinterior1a2 House Interior
719 1216 phinterior1a3 House Interior
719 1216 phinterior1a3 House Interior
720 1216 phinterior1b1 Dragon House Interior
723 1216 phinterior1d1 Dragon House Interior

Thanks . that will help. though, I'm still confused as to how you found that offset, but if it works, it works :)

Here's a diff of zones.h based on this information:


diff zones.h.old zones.h
711,716c711,716
< { "thulehouse1", "Thule House 1" }, // 701
< { "thulehouse2", "Thule House 2" }, // 702
< { "housegarden", "House Garden" }, // 703
< { "houselibrary", "House Library" }, // 704
< { "well", "Well" }, // 705
< { "fallen", "Fallen" }, // 706
---
> { "thulehouse1", "House of Thule" }, // 701
> { "thulehouse2", "House of Thule, Upper Floors" }, // 702
> { "housegarden", "The Grounds" }, // 703
> { "houselibrary", "The Library" }, // 704
> { "well", "The Well" }, // 705
> { "fallen", "Erudin Burning" }, // 706
718c718
< { "morelltower", "Morell's Tower" }, // 708
---
> { "somnium", "Sanctum Somnium" }, // 708
721,730c721,730
< { "thuledream", "Thule's Dream" }, // 711
< { NULL, NULL }, // 712
< { NULL, NULL }, // 713
< { NULL, NULL }, // 714
< { NULL, NULL }, // 715
< { NULL, NULL }, // 716
< { NULL, NULL }, // 717
< { NULL, NULL }, // 718
< { NULL, NULL }, // 719
< { NULL, NULL }, // 720
---
> { "thuledream", "Fear Itself" }, // 711
> { "neighborhood", "Sunrise Hills" }, // 712
> { "phylactery", "Miragul's Phylactery" }, // 713
> { "phinterior3a1", "House Interior" }, // 714
> { "phinterior1a1", "House Interior" }, // 715
> { "phinterior3a2", "House Interior" }, // 716
> { "phinterior3a3", "House Interior" }, // 717
> { "phinterior1a2", "House Interior" }, // 718
> { "phinterior1a3", "House Interior" }, // 719
> { "phinterior1b1", "Dragon House Interior" }, // 720
733c733
< { NULL, NULL }, // 723
---
> { "phinterior1d1", "Dragon House Interior" }, // 723

It's searching for the instruction 'push 0x000008c3' where 0x8c3 is the eqstr_us index for "South Queynos". South Queynos happens to be the first zone in the function. Take a look at it in a disassembler :)

The offset my scripts generate are off by 0x400000 because they're offsets into the eqgame.exe file and not into actual memory. When a PE (Windows) program is run/loaded, it starts at 0x400000 instead of 0.

What disassembler do you use? the few that I've tried crashed when I gave it the "eqgame.exe" file.

I like using IDA, but it is what I have used the most.

Razzle

I always used ht.

I installed IDA and found the "South Qeynos" string in it, and still don't know what you all are looking at. oh well.

I've never used ida before, but you're just looking for raw bytes, in particular 6a 07 68 c3 08 00 00. You probably just turn on the raw bytes view and then do a search. That's how it works in ht at least. Look at ieatacid's disassembly above. The red parts are the bytes that correspond to the commands on the right. This is what you're searching for.



.text:006FA6F3 020 68 34 0C 8A 00 push offset aSurefallGlade ; "Surefall Glade" <--long name
.text:006FA6F8 024 68 DC 02 87 00 push offset aQrg ; "qrg" <-- short name
.text:006FA6FD 028 6A 03 push 3 ; int <-- zone id
.text:006FA6FF 02C 6A 00 push 0 ; int <-- expansion (ignore this)
.text:006FA701 030 8B CE mov ecx, esi
.text:006FA703 030 E8 C8 FA FF FF call sub_6FA1D0 ; EQWorldData::AddZone(EQExpansion,EQZoneIndex,char const *,char const *



Like ksmith said, the script looks for pushing the South Qeynos string from eqstr onto the stack, which happens at the start of the EQWorldData constructor. In partricular, the byte string that is being searched for is push 0x07 and then push 0x000008c3 and it just so happens that this byte string only happens in the place we're looking for.

Before, it wasn't searching on as much detail. I assume that the old version only searched for 6a 07 68 c3 08 without the 00 00 on it. It matched an earlier incorrect byte pattern. We're just searching raw bytes, so it's possible to match incorrectly because the same byte string is in the middle of some other assembly. Adding the extra 00 00 on the end made it only match once at the place we wanted, so the script worked again. The secret to pulling data out of the exe like this is finding a byte pattern that doesn't change between compiles and then navigating the assembly to find the data you want. That's why ksmith's x86opcodes perl script is useful. Once you've found your offset, it will let you walk the assembly calls to pull information out.

The secret to pulling data out of the exe like this is finding a byte pattern that doesn't change between compiles and then navigating the assembly to find the data you want. That's why ksmith's x86opcodes perl script is useful. Once you've found your offset, it will let you walk the assembly calls to pull information out.

I also use ht, but that's because I do most of my work on linux. Not having IDA's scripting capabilities meant having to write some crazy perl scripts.

In zones.pl, you'll notice that I'm overriding the behavior of a number of different opcodes since the script is only interested in the arguments to call (0xe8). Rather than calling another function in the exe, it dumps the stack and de-references some pointers. The evaluation of EQWorldData::EQWorldData then continues normally until ret (0xc3) at which point zones.pl exits. The other opcodes that are overridden have no effect on the information zones.pl needs, so it was easier to make them noop than it would have been to implement them.

If you change the 'if (0)' on line 229 of zones.pl (r131) to 'if (1)', it will let you step through each instruction as it's evaluated. For example, here's what it looks like when it's adding North Queynos to the zone list:


eax: 00000000 ebx: 00000000 ecx: 00000000 edx: 00000000 ebp: 00000000 esi: 00000000 edi: 00000000 esp: 00000000
| stack: [ 0, 0, 0, 7, 8c4, 8a1c64, 8a1c5c, 2, 0 ]
002fb44e op_e8 call imm32 [ e8 ed fa ff ff ]

> n
2 2244 qeynos2 North Qeynos

Read the stack from right-to-left to see the arguments passed. The 0x8a1c... are offsets into memory where the strings 'queynos2' and 'North Queynos' are.

Looks like something changed with RoF... my main PC crashed and I lost my disassmbler.


[root@fedora14 showeq-stuff]# perl zones.pl
Loading ./eqgame.exe: .................................................. .................................................. .................................8685568 bytes
Found offset 003d3e9e
1 2243 entSize
Use of uninitialized value within @stack in subtraction (-) at (eval 16) line 1.
Use of uninitialized value within @stack in subtraction (-) at (eval 16) line 1.
Use of uninitialized value in printf at (eval 16) line 1.
504 0 ��h��� ��h
@ 003D3ED4 Unknown opcode: 0485C074

A quick install later... and here's what I was able to find:


text:007D4A30 sub_7D4A30 proc near ; CODE XREF: sub_52F900+25FAp
.text:007D4A30 push esi
.text:007D4A31 mov esi, ecx
.text:007D4A33 mov dword ptr [esi], offset off_9FC2C8
.text:007D4A39 mov word ptr [esi+4], 8
.text:007D4A3F mov word ptr [esi+6], 101h
.text:007D4A45 mov eax, 0C64h
.text:007D4A4A mov [esi+8], eax
.text:007D4A4D mov word ptr [esi+0Ch], 8
.text:007D4A53 mov word ptr [esi+0Eh], 101h
.text:007D4A59 mov [esi+10h], eax
.text:007D4A5C call sub_800B40
.text:007D4A61 mov [esi+18h], eax
.text:007D4A64 call ds:GetTickCount
.text:007D4A6A push 0FA0h
.text:007D4A6F mov [esi+14h], eax
.text:007D4A72 lea eax, [esi+20h]
.text:007D4A75 push 0
.text:007D4A77 push eax
.text:007D4A78 call sub_8D2750
.text:007D4A7D mov eax, [esi+24h]
.text:007D4A80 add esp, 0Ch
.text:007D4A83 test eax, eax
.text:007D4A85 jnz short loc_7D4AC1
.text:007D4A87 push 1F8h
.text:007D4A8C call loc_8D312B
.text:007D4A91 add esp, 4
.text:007D4A94 test eax, eax
.text:007D4A96 jz short loc_7D4ABC
.text:007D4A98 push 0
.text:007D4A9A push 0
.text:007D4A9C push 0
.text:007D4A9E push 7
.text:007D4AA0 push 8C3h
.text:007D4AA5 push offset aSouthQeynos ; "South Qeynos"
.text:007D4AAA push offset dword_9C54D4
.text:007D4AAF push 1
.text:007D4AB1 push 0
.text:007D4AB3 mov ecx, eax
.text:007D4AB5 call sub_7D42B0
.text:007D4ABA jmp short loc_7D4ABE
.text:007D4ABC ; ---------------------------------------------------------------------------
.text:007D4ABC
.text:007D4ABC loc_7D4ABC: ; CODE XREF: sub_7D4A30+66j
.text:007D4ABC xor eax, eax
.text:007D4ABE
.text:007D4ABE loc_7D4ABE: ; CODE XREF: sub_7D4A30+8Aj
.text:007D4ABE mov [esi+24h], eax
.text:007D4AC1
.text:007D4AC1 loc_7D4AC1: ; CODE XREF: sub_7D4A30+55j
.text:007D4AC1 mov eax, [esi+28h]
.text:007D4AC4 test eax, eax
.text:007D4AC6 jnz short loc_7D4B02
.text:007D4AC8 push 1F8h
.text:007D4ACD call loc_8D312B
.text:007D4AD2 add esp, 4
.text:007D4AD5 test eax, eax
.text:007D4AD7 jz short loc_7D4AFD
.text:007D4AD9 push 0
.text:007D4ADB push 0
.text:007D4ADD push 0
.text:007D4ADF push 7
.text:007D4AE1 push 8C4h
.text:007D4AE6 push offset aNorthQeynos ; "North Qeynos"
.text:007D4AEB push offset aQeynos2 ; "qeynos2"
.text:007D4AF0 push 2
.text:007D4AF2 push 0
.text:007D4AF4 mov ecx, eax
.text:007D4AF6 call sub_7D42B0
.text:007D4AFB jmp short loc_7D4AFF


Not sure how I would adjust zones.pl but hoping someone still lurking here will be able to make something of it. In the meantime, updating by hand for RoF zones.

I will take a look at it. I use olly debug. It is finding the correct offset. I will try to figure out what it is doing from there.

I will take a look at it. I use olly debug. It is finding the correct offset. I will try to figure out what it is doing from there.

As best I can tell things are a little different now that Sony played with how they compile eqgame.exe.... half the zone table looks like it used but the first half includes a lot more stuff than it used to. I grabbed an old eqgame.exe from 9/2010 and zones.pl worked like a champ. When I disassembled the old exe, the zone table was uniform from start to finish unlike the current exe. Guessing that is part of the problem.

I ended up pulling everything by hand and updating zones.h that way. Working on a few final opcode updates and should be ready to test and, with luck, upload an update. I've mapped about 2/3 of playerprofile packet using r6express' zonemgr code as a start. So much data shifted around that it was just too hard to map it all out just looking at logs. Only things missing that get's spit out to the console is Exp and AAexp. Still hunting for those.

With all the work that's been done over the years, I was surprised to find a new hunk of data in playerprofile... accountCreateDate. Not the date the toon was created but the actual date the account was activated. Still not a programmer but slowly putting some things together.

Im sorry to say but it is beyond my capabilities to fix. It is the right offset, but wrong memory location.

Well I commited some changes to SVN last night... haven't had time to compose a post in the announcements section yet. Feel free to download and test. I discovered that leveling caused a CTD so I had to disable the opcode for the time being. The data struct is right so the two areas I feel pretty confident working with (opcodes and structs) are not the culprit so will take some time for me to figure out what is up there. Looks a lot like the Exp opcode that's been causing me to CTD for months now.

Awesome, can't wait to try it out. If it helps, the CTD on levelling was happening pre-VoA.