Hello Everyone, I'm new here. I was hoping someone experienced in ASM could help me out.
I'm trying to find a way to force the client to reload map data. I've been going through the assembly a little at a time, but I'm not very fast at it (I've had some ASM experience, but not much). Does anyone have any tips?

I was trying to find where the client processes its network packets so I could trace the packet that the server sends to tell the client to update its position. What I'm really looking for is the portion of code the client uses to load data from its map files.

I've been thinking about this for some time.

I don't know where the packets are processed. Never really investigated. The easiest way would be to set a post-breakpoint on the recv function and then configure the breakpoint as a conditional breakpoint where the breakpoint will only break if your intended packet was received. But whatever you do, the client will just copy the received data to a buffer and then process it later on. So you'll have to set a memory breakpoint in the buffer and then continue when that one breaks.

Don't debug with Razor attached, instead, use UO_RICE to remove the encryption from the client.

If you could tell us what client you're working with we might be able to help you better.

The python scripts for ida that you posted were very helpful in locating the jump table for the packets. Thank you for putting that together.

I'm using client 7.0.1.1.

I was able to find the teleport packet in the client, and now I'm tracing through it slowly. My goal is to find a way to force the client to reload map and static data that is on the screen.

I found the function in the client that calls CreateFile, CreateFileMapping, and MapViewOfFile. I altered the byte code so that it calls these functions with shared permissions and passes a predictable name for other processes to use. Then I was able to put together a prototype application that allows me to alter the map files directly while the client is running, by calling OpenFileMapping with the predicted name.

I can change the map, but I don't see changes in game until I move away and come back. The best thing would be to find a way to force the client to reload that portion of the map including statics immediately.

I managed to find some of the doubly-linked lists in memory while the client is running. I've been trying to trace through those to see how the client loads its map and static data. I've been moderately successful in figuring out what the values in the linked lists are, but I can't seem to find the corresponding functions that the client uses to traverse the lists and update them.

Just a quick thought. Maybe trace the packet that processes "MapChange"?
If nothing else; changing the map on the client would force a reload. Bit of a hack, but you could possibly if you can find enough room change map twice.

I went through the 0xBF08 packet, is that the one you mean? It resets a number of pointers, and changes the facet. I learned a few things when I was going through this code. When I craft the packet by hand and send it to the client the map goes blank, and then I can try to wander around but its a black screen around my character with no map updates at all. If I craft packet 0x97 and send it, then when I try to move my character through the client it rubberbands me back and the map appears and I can see the changes I made.

I think I'm getting closer, but it still eludes me.

praxiiz, you should look at Packet 4F, when the light level changes the client will redraw the screen and radar map. Calling the same functions may solvle your problem.