← Back to DevelopmentAging & Mixing viewer.dll generatorProgramsClan filesInternet Information ServiceOllyDbg tutorialsMiscellaneousSkinsLinks / Files

prevent_end_of_sentence_from_being_cut

← Back to Miscellaneous
Let's take normal situation, on a normal day, on a normal server.
You're having a little chat with a friend, and then he or she types a lengthy sentence.
And here what happens...

01.jpg

Annoying isn't it ? Why does the server have to cut the end of the sentence ?
It's completely logical to limit the number of character someone can type, but why aren't the client and the server limit matching ?

The limit value is located here :

OllyDbg - Server side

005728F2  |.  83F8 46       CMP EAX,46
005728F5  |.  7E 5E         JLE SHORT 00572955


We can see the message maximum length is 0x46 (= 70) characters.
Now I don't remember the offset in the client, but I wrote down the value configured inside the client and it's 4F ( = 79)! That's a difference of 9 characters...

You are thinking that you just need to change the server value to something like 0x50 (= 80) and it'll be all good right ?
But it's a bit more complicated. Because that maximum length also includes the character name!
Let's see, character name length is maximum, something arround 20 (= 0x14), so a value of 0x64 should do the trick. Let's put the server value to 0x70 (= 112) to be sure!
That should be enough for our messages :)

OllyDbg - Server side

005728F2      83F8 70       CMP EAX,70
005728F5  |.  7E 5E         JLE SHORT 00572955


Yay, fixed !..

02.jpg

Aw, wth... The little dots are gone, but my sentence is still cut!

Oh yeah, I forgot to mention, developers are funny guys. And inside the client, they convert the message into a 8-bit length message before it's sent.

OllyDbg - Client side

0055A580      885C24 62     MOV BYTE PTR SS:[ESP+62],BL
0055A584  |.  E8 C777FFFF   CALL 00551D50


That I tried to understand but I really didn't get it. The complete message is pushed as an argument for the function, then this instruction convert the message that just got pushed into a shorter one. Wow...
Anyway, let's remove that instruction by filling it with NOPs.

OllyDbg - Client side

0055A580      90            NOP
0055A581      90            NOP
0055A582      90            NOP
0055A583      90            NOP
0055A584  |.  E8 C777FFFF   CALL 00551D50


Fixed ?

03.jpg

Fixed :).