Maxis Protocol

From Niotso Wiki
Jump to: navigation, search

This page describes the protocol for ARIES/Voltron, an MMO framework developed by Kesmai (acquired by Electronic Arts) and used by Maxis for The Sims Online. For the new protocol being developed for Niotso, see Niotso Protocol.

Because the client uses the system-wide wininet.dll, it will happily connect to *any* HTTPS website with a valid X.509 certificate. All pages requested by the client may redirect but must eventually return 200 OK. All HTTP headers including content-type and date-modified are ignored by the client.

This page discusses the protocol and game binaries of the TSO New & Improved trial, version 1.1097.1.0.

Note: If suddenly The Sims Online starts crashing whenever you open it, delete status.dat.

Contents

Authorization server[edit]

Reference: authlogin.dll

The host for the authorization server is specified in (gamedata/)sys/gameentry.ini. HTTPS can be disabled by changing the 2 bytes at offset 0x8327 in authlogin.dll from 30 C0 to 00 40; the port can be changed from 443 to 80 by changing the 2 bytes at offset 0x82AD in authlogin.dll from BB 01 to 50 00.

Note: Pre-Alpha hard-codes the host name for the authorization server ("www.ea.com") at offset 0x7FB60 in TSOProtocolsD.dll. HTTPS can be disabled by changing the 2 bytes at offset 0x22B9 in authlogin.dll from 30 C0 to 00 40; the port can be changed from 443 to 80 by changing the 2 bytes at offset 0x20A3 in authlogin.dll from BB 01 to 50 00.

Interestingly, auth.east.ea.com is the only EA server still running to this day (even auth.west.ea.com is down). The DNS records for auth.east.ea.com (159.153.234.80) and auth.west.ea.com (159.153.199.220) went down in December 2014, but if you place those into your hosts file, the situation is otherwise the same; auth.east.ea.com is still running to this day, and it currently responds with the following:

AuthLogin[edit]

When the user attempts to log in, the client will connect to https://auth.east.ea.com/AuthLogin?username=&password=&serviceID=2147&version=2.5 with the "username" and "password" GET variables set to those supplied by the user. AuthLogin should log the player in and return a ticket (session cookie), which the client will later pass to the city selection server. The client must receive "Valid=TRUE" to continue.

The normal response is as such:

Valid=TRUE
Ticket=0123456789abcdef0123456789abcdef

The error response is as such:

Valid=FALSE
Ticket=0
reasoncode=INV-199
reasontext=INV-199: Game authentication is currently experiencing technical difficulties and this game is temporarily unavailable. Please try again later.
reasonurl=

Certain reason codes will override the "reasontext" field with a hardcoded string. These reason codes are as such:

Reason code Text
INV-012 EA.com is currently experiencing technical difficulties and this game is temporarily unavailable. Please try again later.
INV-020 Please enter your EA member name and password. If you forgot your password, you can retrieve it at www.EA.com.
INV-110 The member name or password you have entered is incorrect. Please try again.
INV-120 We're sorry, but you have not registered or subscribed to play this game. Please register at www.EA.com and try again.
INV-121 We're sorry, but your subscription has been suspended or cancelled. If you need help, go to http://accountadmin.custhelp.com.
INV-122 We're sorry, but you are not registered to play this game. Please visit http://eamembers.custhelp.com for more info.
INV-123 We're sorry, but this registration or product code is no longer valid.
INV-150 We're sorry, but your account has been suspended or cancelled. If you need help, go to http://accountadmin.custhelp.com.
INV-160 EA.com is currently experiencing technical difficulties and this game is temporarily unavailable. Please try again later.
INV-170 EA.com is currently experiencing technical difficulties and this game is temporarily unavailable. Please try again later.
INV-180 EA.com is currently experiencing technical difficulties and this game is temporarily unavailable. Please try again later.
INV-300 Unable to verify a connection to EA.com. Please check your Internet connection and make sure your browser is set to accept cookies. If that does not solve the problem, please try again later.
INV-301 EA.com is temporarily unavailable. This may be due to routine server maintenance or other network issues. Please try again later.
INV-302 The game has experienced an internal error. Please try again.

Other valid fields are as such:

Field Meaning
Ticket A string which the client forwards to the city selection server
pingHost
pingPath
igrID
pingtime
pingPort

City selection server[edit]

Reference: TSOServiceClientD.dll

The host for the city selection server is specified in (gamedata/)sys/cityselector.ini. HTTPS can be disabled by changing the 4 bytes at offset 0x923C4 in TSOServiceClientD.dll from 73 3A 2F 2F to 3A 2F 2F 00. The game makes two connections to the city selection server when requesting each page, one on port 443, and another on the port specified in cityselector.ini. To make it use the port in the INI file each time, change the byte at offset 0x17B2 in InternetServiceD.dll from 74 to EB.

Note: Pre-Alpha hard-codes the host name for the city selection server ("xo.max.ad.ea.com") at offset 0x7F860 in TSOProtocolsD.dll. HTTPS can be disabled by changing the 2 bytes at offset 0x22B9 in authlogin.dll from 30 C0 to 00 40; the port can be changed from 443 to 80 by changing the 2 bytes at offset 0x20A3 in authlogin.dll from BB 01 to 50 00.

Each page the client requests from the city selection server is in XML format.

Interestingly, the DNS records for tsocs.tso.ea.com are still up, with DNS 159.153.230.176. Putting this in your hosts file does nothing else though, as the page will take too long to respond.

InitialConnectServlet[edit]

Once authorized by the authorization server, the client connects to https://tsocs.tso.ea.com/cityselector/app/InitialConnectServlet/?ticket=&version= with the "ticket" variable set to that specified by the authorization server and the "version" variable set to a string such as "Version 1.1097.1.0". InitialConnectServlet should verify that the client is up-to-date and that the ticket (session cookie) is valid. InitialConnectServlet should set the "TSOSession" and "TSOSession2" HTTP cookies (see below for details) and respond with either Error-Message, User-Authorized, or Patch-Result as the root element of the XML response.

Error-Message indicates an error, usually an invalid session cookie. The format of Error-Message is as such:

<Error-Message>
  <Error-Number>1337</Error-Number>
  <Error>This error brought to you by InitialConnectServlet.</Error>
</Error-Message>

The error number which the client will override the server's error text for is 132:

Error number Text
132 Authorization Failed. This could mean that you have cookies disabled in your internet settings. Please ensure that cookies are enabled for tso.ea.com.

Patch-Result indicates that the client must download an update before it can continue. (InitialConnectServlet may wish to enforce this by logging the user out.) The format of Patch-Result is as such:

<Patch-Result>
  <Authorization-Ticket>0123456789abcdef0123456789abcdef</Authorization-Ticket>
  <Patch-Address>http://downloads.tso.ea.com:26100/games/PSW/TSO/Maxis-Patch-Production2</Patch-Address>
</Patch-Result>

In response to Patch-Result, the client displays an error requiring the user to apply an update. If the user accepts, the client closes itself, launches the updater utility, and retrieves the update information from the "Patch-Address" field. Interestingly, if the user instead declines the update, the Create-A-Sim Hint dialog will appear if that hint has not yet been disabled, and the user is then brought back to the login dialog.

For experimentation purposes, it may be desired to allow the client to continue even if it is an old version (that is, do not return Patch-Result for old client versions). However, for the updater utility to work, it is important that InitialConnectServlet always returns Patch-Result for version "0.0.0.0". Specifically, when the updater wants to verify the TSOClient game directory, it sends a request with version=0.0.0.0 to ensure that the server responds with Patch-Result so that it can get the URL of the TSOClient Marimba transmitter (presumably Maxis-Patch-Production2). If User-Authorized is returned in this case, the updater will show an error saying that the game verification has failed.

User-Authorized specifies that the user is authorized to continue. The format of User-Authorized is as such:

<User-Authorized>
  <csr /> <!-- Optional: Specifies that the user is a CSR. -->
</User-Authorized>

In addition to sending User-Authorized, InitialConnectServlet should set the "TSOSession" HTTP cookie, which the other JSP pages will check to ensure that the user is logged in. However, there is a cookie-parsing bug in versions of TSO prior to New & Improved, in that the last cookie in the HTTP response is ignored. To ensure TSOSession is not the last cookie in the response, the city server should also set another cookie directly after TSOSession, such as "TSOSession2".

If the server responds with the optional <csr /> tag, the client will log in as a Customer Service Respresentative (CSR). As a CSR, the player is not presented with SAS or CAS; instead, the player selects from a list of cities, and a new temporary character is created for this gameplay session with CSR capabilities (ejecting Sims).

Note: Pre-Alpha connects to /cityselector/initial-connect.jsp rather than /cityselector/app/InitialConnectServlet/. The server responses are the same for all elements except User-Authorized; in Pre-Alpha, User-Authorized does not provide a <csr /> child.

AvatarDataServlet[edit]

After passing InitialConnectServlet, the client connects to https://tsocs.tso.ea.com/cityselector/app/AvatarDataServlet to request the list of avatars. AvatarDataServlet should respond with either Error-Message or The-Sims-Online as the root element of the XML response.

Error-Message follows the same format as described in InitialConnectServlet with the same recognized error number of 132. Interestingly, if AvatarDataServlet returns Error-Message, once the user dismisses the error, the user is still brought to the Select-A-Sim screen.

The-Sims-Online provides a list of 0-3 avatars. The format of The-Sims-Online is as follows:

<The-Sims-Online>
  <!-- The first avatar. -->
  <Avatar-Data>
    <AvatarID>1337</AvatarID>
    <Name>JollySim</Name>
    <Shard-Name>Blazing Falls</Shard-Name>
  </Avatar-Data>
 
  <!-- The second avatar. -->
  <Avatar-Data>
    <AvatarID>1338</AvatarID>
    <Name>Guy</Name>
    <Shard-Name>Alphaville</Shard-Name>
  </Avatar-Data>
 
  <!-- The third avatar. -->
  <Avatar-Data>
    <AvatarID>1339</AvatarID>
    <Name>Coolio</Name>
    <Shard-Name>Test Center</Shard-Name>
  </Avatar-Data>
</The-Sims-Online>

The "Shard-Name" field for each avatar should refer to a shard (city server) defined later in shard-status.jsp.

Note: Pre-Alpha connects to /cityselector/avatar-data.jsp rather than /cityselector/app/AvatarDataServlet. The format of the The-Sims-Online element in Pre-Alpha is different, shown below:
<The-Sims-Online>
  <!-- The first avatar. -->
  <Avatar-Data>
    <AvatarID>1337</AvatarID>
    <Name>JollySim</Name>
    <Simoleans>20000</Simoleans>
    <Simolean-Delta>5000</Simolean-Delta>
    <Popularity>10</Popularity>
    <Popularity-Delta>1</Popularity-Delta>
    <Shard-Name>Blazing Falls</Shard-Name>
  </Avatar-Data>
  <Player-Active />
</The-Sims-Online>

shard-status.jsp[edit]

After passing AvatarDataServlet, the client connects to https://tsocs.tso.ea.com/cityselector/shard-status.jsp to obtain the status of each shard (city server). shard-status.jsp should respond with either Error-Message or Shard-Status-List as the root element of the XML response.

Error-Message follows the same format as described in InitialConnectServlet with the same recognized error number of 132. Interestingly, if shard-status.jsp returns Error-Message, once the user dismisses the error, the user is still brought to the Select-A-Sim screen.

The format of Shard-Status-List is as such:

<Shard-Status-List>
  <!-- The first shard. -->
  <Shard-Status>
    <Name>Blazing Falls</Name> <!-- The name of the city. -->
    <Rank>1</Rank>             <!-- This shard appears first in the list of cities. -->
    <GMT-Range>0</GMT-Range>   <!-- Possibly timezone? e.g. -5: EST, -6: CST, ... -->
    <Status>Up</Status>        <!-- Valid statuses: Up, Down, Busy, Full, Closed, Frontier. -->
    <Map>1</Map>               <!-- Map 1: The Blazing Falls map. -->
    <MotD-List>                <!-- "Message-of-the-day"s. -->
      <!-- The first message of the day. -->
      <MotD>
        <MotD-From>Fatbag</MotD-From>
        <MotD-Subject>Happy Hacking!</MotD-Subject>
        <MotD-Message>This server is hosted by Niotso.org. Spread the word!</MotD-Message>
      </MotD>
 
      <!-- The second message of the day. -->
      <!-- ... -->
    </MotD-List>
  </Shard-Status>
 
  <!-- The second shard. -->
  <!-- ... -->
</Shard-Status-List>

Status should be one of the following: Up, Down, Busy, Full, Closed, Frontier.

The list of maps is as follows:

Value Meaning Notes
1 Blazing Falls This is the only map available in Pre-Alpha.
2 Alphaville
3 Test Center
4 Interhogan
5 Ocean's Edge Lost City
6 East Jerome
7 Fancey Fields
8 Betaville Previously Hyde Park. Betaville was an experimental city with Free Will and fires and traditionally required a special client, but its map can also be played with the regular client.
9 Charvatia Lost City
10 Dragon's Cove Previously Xanadu. Dragon's Cove was the Hardcore City, where making money was more difficult.
11 Rancho Rizzo Lost City
12 Zavadaville Lost City
13 Queen Margaret's Lost City
14 Shannopolis Lost City
15 Grantley Grove Lost City
16 Calvin's Creek
17 The Billabong Lost City
18 Mount Fuji Mount Fuji was recommended to Japanese players on the Japanese TSO website http://www.thesims.jp/tso/
19 Dan's Grove
20 Jolly Pines
21 Yatesport Lost City
22 Landry Lakes Lost City
23 Nichol's Notch Lost City
24 King Canyons Lost City
25 Virginia Islands Lost City
26 Pixie Point Lost City; Not introduced until Play Test Rated T.
27 West Darrington Lost City; Not introduced until Play Test Rated T.
28 Upper Shankelston Lost City; Not introduced until Play Test Rated T.
29 Albertstown Lost City; Not introduced until Play Test Rated T.
30 Terra Tablante Lost City; Not introduced until Play Test Rated T.
Note: Pre-Alpha connects to the same location, /cityselector/shard-status.jsp. The format of Shard-Status-List in Pre-Alpha is as follows:
<Shard-Status-List>
  <Shard-Status>
    <Location>public</Location>
    <Name>somename</Name>
    <Status>somestatus</Status>
    <Online-Avatars>20</Online-Avatars>
  </Shard-Status>
</Shard-Status-List>
In Pre-Alpha, if Location is not defined (anywhere in the server response) as "public", the rest of the XML file is ignored. Also, Status should be only: Up, Down.

ShardSelectorServlet[edit]

The user can enter the city by selecting an existing Sim or by asking to create a Sim in a new city.

When the user enters the city, the client connects to https://tsocs.tso.ea.com/cityselector/app/ShardSelectorServlet?shardName=&avatarId= in order to get the hostname and port of the city server, as well as obtain the avatar id of the newly created Sim (if entering Create-A-Sim). The client passes two GET variables:

  • The "shardName" GET variable is set to the name of the city (as specified by shard-status.jsp).
  • If the player is entering the city as an existing Sim, the "avatarId" GET variable is set to that avatar's ID. (If the player is instead asking to create a new Sim, no avatarId is specified in the request.)

ShardSelectorServlet should verify that the action is legal, generate an avatar id for the newly created Sim (if the player is entering CAS), and respond with either Error-Message, Patch-Result, or Shard-Selection as the root element.

Error-Message follows the same format as described in InitialConnectServlet with the same recognized error number of 132. If shard-status.jsp returns Error-Message, once the user dismisses the error, the user is brought back to the login screen.

Patch-Result follows the same format as described in InitialConnectServlet.

The format of Shard-Selection is as such:

<Shard-Selection>
  <!-- The host may be a domain name or IPv4 address. -->
  <!-- Note that "100" is appended to the port number; hence, 49 becomes port 49100. -->
  <Connection-Address>localhost:49</Connection-Address> <!-- Host: localhost, Port: 49100 -->
  <Authorization-Ticket>0123456789abcdef0123456789abcdef</Authorization-Ticket>
  <PlayerID>5</PlayerID>                 <!-- The player id for the EA account. -->
  <ConnectionID>1</ConnectionID>         <!-- Perhaps 1 means Blazing Falls, 2 means Alphaville, ... -->
  <EntitlementLevel>0</EntitlementLevel> <!-- Perhaps 0 means normal player, 1 means CSR, ... -->
  <AvatarID>1337</AvatarID>              <!-- The avatar id for this avatar. -->
</Shard-Selection>

In response to Shard-Selection, the client will produce the file launchfile.lch with the following data:

[Launch]
Title=RoomServer
App=RoomServer
Missing=The Sims Online is not installed on your machine.
Server={host}:{port}100
Product=1
ServiceIdent=P
Authserv=VoltronAuthserv
[identification]
user={PlayerID}
password={Authorization-Ticket}
email={PlayerID}@{ConnectionID}*{EntitlementLevel}

Notice that "100" will be appended to the port specified by Shard-Selection. For instance, if Shard-Selection specifies a port of 33, the client will connect over port 33100.

Note: Pre-Alpha connects to /cityselector/shard-selector.jsp rather than /cityselector/app/ShardSelectorServlet. The format of Shard-Selection in Pre-Alpha is as follows:
<Shard-Selection>
  <Connection-Address></Connection-Address>
  <Authorization-Ticket></Authorization-Ticket>
  <PlayerID></PlayerID>
</Shard-Selection>

DeleteAvatarServlet[edit]

DeleteAvatarServlet is used for three functions:

Error-Message follows the same format as described in InitialConnectServlet with the same recognized error number of 132.

Afterwards, if the server did not return Error-Message, the client reconnects to AvatarDataServlet to reload the list of avatars.

Note that if there is no root element in the response, the client will display the error "The game has experienced an internal error".

Note: Pre-Alpha connects to /cityselector/delete.jsp rather than /cityselector/app/DeleteAvatarServlet. The server responses are the same.

LogoutServlet[edit]

When the player logs out, the client connects to https://tsocs.tso.ea.com/cityselector/app/LogoutServlet to log out. LogoutServlet should simply log the user out; the client discards the server's response, even if it was not 200 OK.

Note: Pre-Alpha does not make use of LogoutServlet.

City server[edit]

After passing ShardSelectorServlet, the client opens an encrypted TCP connection, using TLS 1.0, to the city server with the IP address and port specified by launchfile.lch. The X.509 certificate supplied by the server may be self-signed; the common name (CN) must simply be a hostname that corresponds with the server's current IP address.

Cracking the city server protocol is currently a subject of interest, as it's necessary to get into the map view, a lot, etc. and play online with others. The associated DLLs are TSOServiceClientD.dll, TSONetServiceSimClientD.dll, and Aries.dll.

Note: Pre-Alpha uses an unencrypted connection. Also, in Pre-Alpha, TSONetServiceSimClientD.dll is known as TSOVoltronDMServiceD.dll.

Aries packets[edit]

The function that reads an Aries packet is AriesClientConnection::PacketFilter (located at Aries_base+0x6e10).

Each TLS packet that the city server sends to the client, and vice versa, consists of one or more Aries frames in succession. An Aries frame begins with the Aries header, using little-endian integers:

  • Aries packet type - A 4-byte unsigned integer specifying the Aries type of this packet. Values greater than zero indicate low-level Aries commands. A value of zero indicates an application-defined packet which will be handled by Voltron rather than Aries. The TSO programmers likely never dealt with Aries commands directly. Valid Aries commands are:
Aries packet type Meaning Packet handler
0 Application-specific (handled by Voltron) Aries_base+0x6e8f
1 AriesClientConnection::InvokeDisconnectCallback Aries_base+0x6fb4
3 AriesLib_InitializeConnection Aries_base+0x6ed1
21 (Client->Server only) Client's response to Type 22 n/a
22 Return information about the client's session Aries_base+0x7249
26 Unknown Aries_base+0x6fdc
27 PerformanceCounter::ProcessTimingPing Aries_base+0x7262
28 PerformanceCounter::Initialize Aries_base+0x7252
29 (Client->Server only) Client's response to Type 28 n/a
31 AriesClientConnection::InvokeRelogonStartCallback Aries_base+0x6ec5
44 AriesClientConnection::InvokeRelogonCompleteCallback Aries_base+0x6fa8
  • Timestamp - A 4-byte unsigned integer representing the timestamp for this packet in milliseconds. This timestamp does not correspond to any timezone or epoch. When the client sends packets to the server, it uses GetTickCount to fill in this field, a Windows API function that returns the number of milliseconds that have elapsed since the system was started—however, it does this in a broken way. When the server sends packets to the client, the client does not even look at this field.
    • The code where the client fills in the timestamp field can be found at Aries_base+0x5630. It appears that the programmers had a preprocessor macro similar to write_dword(dest, src), so they wrote "write_dword(ptr, GetSystemTime());" which expands out into " ptr[0] = (GetSystemTime() >> 0) & 0xFF; ptr[1] = (GetSystemTime() >> 8) & 0xFF; ptr[2] = (GetSystemTime() >> 16) & 0xFF; ptr[3] = (GetSystemTime() >> 24) & 0xFF;" when what they were supposed to write is "temp = GetSystemTime(); write_dword(ptr, temp)".
  • Aries payload size - A 4-byte unsigned integer specifying the size of the payload that follows the Aries header. If there is one Aries frame in the TCP packet, this should be equal to the size of the TCP packet minus 12.

The payload directly follows this header; its contents are specific to the Aries command.

Type 1[edit]

This packet causes the client to disconnect from the server.

The payload of this packet is empty.

Type 3[edit]

This packet causes the client to reconnect to another server without interrupting gameplay.

The format of the payload is as follows:

  • Unknown - 256 bytes containing a null-terminated string
  • Server - 256 bytes containing a null-terminated string in the format "host:port" where "host" is an IPv4 address or a host name
  • Password - 60 bytes containing a null-terminated string corresponding to the "password" field of launchfile.lch

Type 21[edit]

The client sends this in response to the Type 22 Aries packet.

The format of the payload is as follows, using little-endian integers:

  • User - 112 bytes containing a null-terminated string corresponding to the "user" field of launchfile.lch. All data after the string is uninitialized memory (just like Heartbleed).
  • AriesClient version - 80 bytes containing a null-terminated string set to "6.0.2.0o"
  • Email - 40 bytes containing a null-terminated string corresponding to the "email" field of launchfile.lch
  • Authserv - 84 bytes containing a null-terminated string corresponding to the "Authserv" field of launchfile.lch
  • Product - A 2-byte unsigned integer corresponding to the "Product" field of launchfile.lch; should be 0x0001
  • Unknown - 1 byte set to the character '9' (0x39)
  • ServiceIdent - 3 bytes containing a null-terminated string corresponding to the "ServiceIdent" field of launchfile.lch; should be "P"
  • Unknown - A 2-byte unsigned integer, typically equal to 1 (after a Type 3 packet) or 4 (before any Type 3 packets)
  • Password - A non-null-terminated string corresponding to the "password" field of launchfile.lch; this field has a variable length which should be calculated based on the size of the payload: password_len = payload_size - 331.
  • Reserved - 7 bytes of uninitialized memory

Note: The Password field is initially null-terminated when the client reads from launchfile.lch (with the null terminator residing in the first byte of the 7-byte Reserved field); however, when the client receives a Type 3 Aries packet from the city server, the client first copies the password from the Type 3 packet without copying the null-terminator and then subsequently inserts the null-terminator one byte past the end of the string into the second byte of the 7-byte Reserved Data field. (See Aries_base+0x73f9.) Hence, the city server should not assume that the Password field is null-terminated.

Type 22[edit]

When the server sends the Type 22 Aries packet to the client, the client responds with a Type 21 Aries packet containing information about the client's session.

The payload of this packet is empty.

Type 26[edit]

The format of the payload is as follows:

  • Error - A null-terminated string of the form "subject:[error]", where subject is "ARIES OS" or "CADENCE" and error is one of the following: PM1000A, PM1001E, PM1002A, PM1003F, PM1004A, PM1005F, PM1006F, PM1007F, PM1008E, PM1009A, PM1010F, PM1011F, PM1012A, PM1013E, PM1014E, PM1015E, PM1016A, PM1017A, PM1018E, PM1019A, PM1020F, AU1000F, AU1001E, AU1002E, AU1003F, AU1004F, AU1005A, AU1006E, AU1007A, AU1008E, AU1009F, AU1010F, AU1011E, AU1012E.

The client does not close the connection, or show any kind of error, in response to this packet. Perhaps the Error field is really a "last error".

Type 27[edit]

The format of the payload is as follows:

  • Timestamp - A 4-byte unsigned integer specifying the server's prediction of the client's clock once the client receives this packet (in milliseconds)

Type 28[edit]

The format of the payload is as follows:

  • Histogram width - A 4-byte unsigned integer specifying the width of the histogram, that is, the highest prediction error that can be displayed on the histogram (larger errors will be clamped); must be nonzero
  • Unknown - A 4-byte unsigned integer; must be nonzero (e.g. 1)
  • Unknown - A 4-byte unsigned integer; must be nonzero (e.g. 1)

The Type 27 and 28 Aries packets can be used to measure the variance in one-way latency. For an explanation, see: http://niotso.org/files/aries_ping_packets.txt

It turns out that this timing test is not useful for finding the latency itself. To determine round-trip latency, the server should simply use the Type 22 packet as a "ping" packet: that is, find the current time (call it t0), send a Type 22 packet, wait for a response, and find the new current time (call it t1). The round-trip latency is given by t1-t0.

Type 29[edit]

The format is as follows, using little-endian integers:

  • Unknown - 88 bytes set to zero
  • Histogram - 84 bytes (A 4-byte unsigned integer for all 21 bins in the histogram)
  • Total clock drift - A 4-byte unsigned integer specifying the sum of the clock drift over all tests

Type 31[edit]

The payload of this packet is empty.

The relogon start callback function is null (as can be observed by the "test eax, eax" check at Aries_base+0x7cf7), hence the client does not do anything in response to this packet.

Type 44[edit]

The payload of this packet is empty.

The relogon complete callback function is null (as can be observed by the "test eax, eax" check at Aries_base+0x7d67), hence the client does not do anything in response to this packet.

Voltron packets[edit]

The payload of a type 0 Aries frame consists of one or more Voltron packets in succession; in addition, Voltron packets can be split across multiple Aries frames. The Voltron function that looks at the payload is located at offset TSONetServiceSimClientD_base+0x570d0, taking 2 arguments: Arg1 is the Aries payload contents, and Arg2 is the Aries payload size.

Unlike Aries, Voltron generally uses big-endian integers rather than little-endian integers.

A Voltron packet begins with the following header:

  • Voltron packet type - A 2-byte unsigned integer specifying the type of this Voltron packet.
  • Voltron packet size - A 4-byte unsigned integer specifying the size of the entire Voltron packet, including these 6 bytes; this value can be greater than the Aries payload size to indicate that the rest of the Voltron packet will arrive in additional Aries packets.

Aries.dll does not have RTTI (RunTime Type Information) in any version of the game in our possession. TSONetServiceSimClientD.dll has RTTI only in EA-Land; based on this information, assuming the Voltron packet type values did not change, we can give names to the packets. These are the classes whose names contain "PDU," short for "Protocol Data Unit":

class Voltron::ActionRoomNamePDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ActionRoomNameResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::AlertHandledPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::AlertMsgPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::AlertMsgResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::AnnouncementMsgPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::AnnouncementMsgResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class AvatarHasNewLotIDPDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::BBSMessageDataPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class BC_PlayerLoginEventPDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class BC_PlayerLogoutEventPDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class BroadcastDataBlobPDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::PDU : dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ChatMsgFailedPDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ChatMsgPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class CheatPDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ClientByePDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class ClientConfigPDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ClientOnlinePDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ClientPDUFactory : Voltron::PDUFactory;
class Voltron::ClientPersistentPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ClientResponsePDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ClientPersistentResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class ComponentVersionRequestPDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class ComponentVersionResponsePDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::CreateAndJoinRoomFailedPDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::CreateAndJoinRoomPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::CreateRoomPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::CreateRoomResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class CsrEjectAvatarPDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class CsrEjectAvatarResponsePDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class DBRequestWrapperPDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class DataServiceWrapperPDU : IDataServiceWrapperPDU, cIGZUnknown, cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::DeleteMPSMessagePDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::DeleteMPSMessageResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::DestroyRoomPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::DestroyRoomResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::DetachFromRoomFailedPDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::DetachFromRoomPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class EjectAvatarPDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::EjectOccupantPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::EjectOccupantResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ErrorPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ExitRoomFailedPDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ExitRoomPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::FindPlayerPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::FindPlayerResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::FlashGroupPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::FlashGroupResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::FlashMsgPDU : Voltron::ClientPersistentPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::FlashMsgResponsePDU : Voltron::ClientPersistentResponsePDU, Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class GenericFlashPDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class GenericFlashRequestPDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class GenericFlashResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::GetBBSMessageListPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::GetBBSMessageListResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::GetMPSMessagesPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::GetMPSMessagesResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::GetRoomAdminListPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::GetRoomAdminListResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::GpsChatPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::GpsChatResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::GroupAdminRequestPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::GroupAdminResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::GroupInfoRequestPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::GroupInfoResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::GroupMembershipRequestPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::GroupMembershipResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class HSB_ShutdownSimulatorPDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::HandleAlertPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::HostOfflinePDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::HostOnlinePDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class HouseSimConstraintsPDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class HouseSimConstraintsResponsePDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class IDataServiceWrapperPDU : cIGZUnknown;
class Voltron::InvitationMsgPDU : Voltron::ClientPersistentPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::InvitationMsgResponsePDU : Voltron::ClientPersistentResponsePDU, Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class InviteRoommatePDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::JoinPlayerFailedPDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::JoinPlayerPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::JoinRoomFailedPDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::JoinRoomPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class KickoutRoommatePDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::List20RoomsPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::List20RoomsResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ListBBSFoldersPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ListBBSFoldersResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ListGroupsPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ListGroupsResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ListJoinedGroupsPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ListJoinedGroupsResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ListOccupantsPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ListOccupantsResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ListRoomsPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ListRoomsResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class LoadHouseResponsePDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class LogAvatarActionPDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class LogCsrActionPDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::LogEventPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::LogEventResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::LogGPSPetitionPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::LogGPSPetitionResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class LotEntryRequestPDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::MessageLostPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ModifyProfilePDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ModifyProfileResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::NotifyRoomActionedPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::OccupantArrivedPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::OccupantDepartedPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::PDUFactory;
class Voltron::PetitionStatusUpdatePDU : Voltron::ClientPersistentPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::PostBBSMessagePDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::PostBBSMessageResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::PostBBSReplyPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class RSGZWrapperPDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown, cIRSGZWrapperPDU, cIGZUnknown;
class Voltron::ReadProfilePDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ReadProfileResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ReleaseProfilePDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ReleaseProfileResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ResetWatchdogPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ResetWatchdogResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class RoommateGDMPDU : Voltron::ClientPersistentPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class RoommateGDMResponsePDU : Voltron::ClientPersistentResponsePDU, Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class RoommateInvitationAnswerPDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class RoomserverUserlistPDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::ServerByePDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::SetAcceptAlertsPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::SetAcceptAlertsResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::SetAcceptFlashesPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::SetAcceptFlashesResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::SetIgnoreListPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::SetIgnoreListResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::SetInvinciblePDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::SetInvincibleResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::SetInvisiblePDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::SetInvisibleResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::SetRoomNamePDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::SetRoomNameResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class SimsClientPDUFactory : Voltron::ClientPDUFactory, Voltron::PDUFactory;
class Voltron::SplitBufferPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class TSOLogGPSPetitionPDU : Voltron::LogGPSPetitionPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class TestPDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class TransmitCreateAvatarNotificationPDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class TransmitDataBlobPDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class TransmitGenericGDMPDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::UpdateGroupAdminPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::UpdateGroupAdminResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::UpdateGroupMemberPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::UpdateGroupMemberResponsePDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::UpdateIgnoreListPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::UpdateOccupantsPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::UpdatePlayerPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::UpdateProfilePDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::UpdateRoomAdminListPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::UpdateRoomPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::YankPlayerFailedPDU : Voltron::ClientResponsePDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class Voltron::YankPlayerPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;
class cIRSGZWrapperPDU : cIGZUnknown;
class cITSONetMessagePDU : cIGZUnknown;
class cTSONetMessagePDU : cTSOPDU, Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown, cITSONetMessagePDU, cIGZUnknown;
class cTSOPDU : Voltron::PDU, dead::Encodable, dead::IEncodable, opencom::IOCUnknown, cIGZUnknown;

cTSOPDU objects are constructed by the function at the virtual address 0x10040a70, which takes the packet type as an argument. Every call to this function in the DLL is immediately afterwards followed by an overwriting of the v-table pointer with the one corresponding to the child class. Using this information, the following information was obtained:

Note: RazorWing from the http://battletech3025.org/ project has pointed out that the PDUs with value less than 0x2710 also appear in the game Multiplayer BattleTech 3025, a game developed by Kesmai, released as a beta in 2001, and shut down later that same year. (The strings "ALERT_HANDLED_PDU", "HOST_ONLINE_PDU", etc. appear in BT3025.exe.) The PDUs >= 0x2710 are specific to The Sims Online.
Note: TSO Pre-Alpha has separate PDU tables inside TSOVoltronDMServiceD.dll with different PDU values: http://niotso.org/files/prealpha_pdu_tables.txt
Voltron packet type EA-Land class name TSO New & Improved constructor (virtual address)
0x0001 AlertHandledPDU 0x10022A71
0x0002 AlertMsgPDU 0x10022AA7
0x0003 AlertMsgResponsePDU 0x10022ADD
0x0004 AnnouncementMsgResponsePDU 0x10022B13
0x0005 AnnouncementMsgPDU 0x10022B49
0x0006 ClientByePDU 0x10022BEB
0x0007 ServerByePDU 0x100234FD
0x0008 ChatMsgFailedPDU 0x10022B7F
0x0009 ChatMsgPDU 0x10022BB5
0x000a ClientOnlinePDU 0x10022C21
0x000b CreateAndJoinRoomFailedPDU 0x10022C57
0x000c CreateAndJoinRoomPDU 0x10022C8D
0x000d CreateRoomPDU 0x10022CC3
0x000e CreateRoomResponsePDU 0x10022CF9
0x000f DestroyRoomPDU 0x10022D2F
0x0010 DestroyRoomResponsePDU 0x10022D65
0x0011 DetachFromRoomFailedPDU 0x10022D9B
0x0012 DetachFromRoomPDU 0x10022DD1
0x0013 EjectOccupantPDU 0x10022E07
0x0014 EjectOccupantResponsePDU 0x10022E3D
0x0015 ErrorPDU 0x10022E73
0x0016 ExitRoomFailedPDU 0x10022EA9
0x0017 ExitRoomPDU 0x10022EDF
0x0018 FindPlayerPDU 0x10022F15
0x0019 FindPlayerResponsePDU 0x10022F4B
0x001a FlashMsgResponsePDU 0x10022F81
0x001b FlashMsgPDU 0x10022FB7
0x001c HandleAlertPDU 0x10022FED
0x001d HostOfflinePDU 0x10023023
0x001e HostOnlinePDU 0x10023059
0x001f InvitationMsgResponsePDU 0x1002308F
0x0020 InvitationMsgPDU 0x100230C5
0x0021 JoinPlayerFailedPDU 0x100230FB
0x0022 JoinPlayerPDU 0x10023131
0x0023 JoinRoomFailedPDU 0x10023167
0x0024 JoinRoomPDU 0x1002319D
0x0025 ListOccupantsPDU 0x100231D3
0x0026 ListOccupantsResponsePDU 0x10023209
0x0027 ListRoomsPDU 0x1002323F
0x0028 ListRoomsResponsePDU 0x10023275
0x0029 LogEventPDU 0x100232AB
0x002a LogEventResponsePDU 0x100232E1
0x002b MessageLostPDU 0x10023383
0x002c OccupantArrivedPDU 0x100233B9
0x002d OccupantDepartedPDU 0x100233EF
0x002e ReadProfilePDU 0x10023425
0x002f ReadProfileResponsePDU 0x1002345B
0x0030 ReleaseProfilePDU 0x10023491
0x0031 ReleaseProfileResponsePDU 0x100234C7
0x0032 SetAcceptAlertsPDU 0x10023533
0x0033 SetAcceptAlertsResponsePDU 0x10023569
0x0034 SetIgnoreListPDU 0x1002359F
0x0035 SetIgnoreListResponsePDU 0x100235D5
0x0036 SetInvinciblePDU 0x1002360B
0x0037 SetInvincibleResponsePDU 0x10023641
0x0038 SetInvisiblePDU 0x10023677
0x0039 SetInvisibleResponsePDU 0x100236AD
0x003a SetRoomNamePDU 0x100236E3
0x003b SetRoomNameResponsePDU 0x10023719
0x003c UpdateOccupantsPDU 0x1002374F
0x003d UpdatePlayerPDU 0x10023785
0x003e UpdateProfilePDU 0x100237BB
0x003f UpdateRoomPDU 0x100237F1
0x0040 YankPlayerFailedPDU 0x10023893
0x0041 YankPlayerPDU 0x100238C9
0x0042 SetAcceptFlashesPDU 0x100238FF
0x0043 SetAcceptFlashesResponsePDU 0x10023935
0x0044 SplitBufferPDU 0x10023A0D
0x0045 ActionRoomNamePDU 0x1002396B
0x0046 ActionRoomNameResponsePDU 0x100239A1
0x0047 NotifyRoomActionedPDU 0x100239D7
0x0048 ModifyProfilePDU 0x10023827
0x0049 ModifyProfileResponsePDU 0x1002385D
0x004a ListBBSFoldersPDU 0x10023A43
0x004b ListBBSFoldersResponsePDU 0x10023A79
0x004c GetBBSMessageListPDU 0x10023AAF
0x004d GetBBSMessageListResponsePDU 0x10023AE5
0x004e PostBBSMessagePDU 0x10023B1B
0x004f PostBBSReplyPDU 0x10023B51
0x0050 PostBBSMessageResponsePDU 0x10023B87
0x0051 GetMPSMessagesPDU 0x10023BBD
0x0052 GetMPSMessagesResponsePDU 0x10023BF3
0x0053 DeleteMPSMessagePDU 0x10023C29
0x0054 DeleteMPSMessageResponsePDU 0x10023C5F
0x0055 BBSMessageDataPDU 0x10023C95
0x0056 UpdateRoomAdminListPDU 0x10023CCB
0x0057 GetRoomAdminListPDU 0x10023D01
0x0058 GetRoomAdminListResponsePDU 0x10023D37
0x0059 GroupInfoRequestPDU 0x10023D6D
0x005a GroupInfoResponsePDU 0x10023DA3
0x005b GroupAdminRequestPDU 0x10023DD9
0x005c GroupAdminResponsePDU 0x10023E0F
0x005d GroupMembershipRequestPDU 0x10023E45
0x005e GroupMembershipResponsePDU 0x10023E7B
0x005f FlashGroupPDU 0x10023EB1
0x0060 FlashGroupResponsePDU 0x10023EE7
0x0061 UpdateGroupMemberPDU 0x10023F1D
0x0062 UpdateGroupMemberResponsePDU 0x10023F53
0x0063 UpdateGroupAdminPDU 0x10023F89
0x0064 UpdateGroupAdminResponsePDU 0x10023FBF
0x0065 ListGroupsPDU 0x10023FF5
0x0066 ListGroupsResponsePDU 0x1002402B
0x0067 ListJoinedGroupsPDU 0x10024061
0x0068 ListJoinedGroupsResponsePDU 0x10024097
0x0069 GpsChatPDU 0x100240CD
0x006a GpsChatResponsePDU 0x10024103
0x006b PetitionStatusUpdatePDU 0x10024139
0x006c LogGPSPetitionPDU 0x10023317
0x006d LogGPSPetitionResponsePDU 0x1002334D
0x006e List20RoomsPDU 0x1002416F
0x006f List20RoomsResponsePDU 0x100241A5
0x0070 UpdateIgnoreListPDU 0x100241DB
0x0071 ResetWatchdogPDU 0x1002420D
0x0072 ResetWatchdogResponsePDU 0x1002423F
0x2710 BroadcastDataBlobPDU 0x1007B49E
0x2711 TransmitDataBlobPDU 0x1007B50A
0x2712 DBRequestWrapperPDU 0x1007B54B
0x2713 TransmitCreateAvatarNotificationPDU 0x1007B581
0x2715 BC_PlayerLoginEventPDU 0x1007B5CC
0x2716 BC_PlayerLogoutEventPDU 0x1007B602
0x2718 RoomserverUserlistPDU 0x1007B638
0x2719 LotEntryRequestPDU 0x1007B672
0x271a ClientConfigPDU 0x1007B6A8
0x271c KickoutRoommatePDU 0x1007B729
0x271d GenericFlashPDU 0x1007B801
0x271e GenericFlashRequestPDU 0x1007B833
0x271f GenericFlashResponsePDU 0x1007B865
0x2722 TransmitGenericGDMPDU 0x1007B6F3
0x2723 EjectAvatarPDU 0x1007B795
0x2724 TestPDU 0x1007B7CB
0x2725 HouseSimConstraintsPDU 0x1007B75F
0x2726 HouseSimConstraintsResponsePDU 0x1007B8AA
0x2728 LoadHouseResponsePDU 0x1007B8F1
0x2729 ComponentVersionRequestPDU 0x1007B923
0x272a ComponentVersionResponsePDU 0x1007B959
0x272b InviteRoommatePDU 0x1007B98F
0x272c RoommateInvitationAnswerPDU 0x1007B9C5
0x272d RoommateGDMPDU 0x1007B9FB
0x272e HSB_ShutdownSimulatorPDU 0x1007BA31
0x272f RoommateGDMResponsePDU 0x1007BA67
0x2730 RSGZWrapperPDU 0x1007BA9D
0x2731 AvatarHasNewLotIDPDU 0x1007BB14
0x2733 CheatPDU 0x1007BBB6
0x2734 DataServiceWrapperPDU 0x1007BAD3
0x2735 CsrEjectAvatarPDU 0x1007BB4A
0x2736 CsrEjectAvatarResponsePDU 0x1007BB80
0x2737 cTSONetMessagePDU 0x1007BC58
0x2738 LogCsrActionPDU 0x1007BBEC
0x2739 LogAvatarActionPDU 0x1007BC22

AlertHandledPDU[edit]

  • m_senderID
    • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_gameOPID
    • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

AlertMsgPDU[edit]

The format is as such:

  • m_pSenderInfo
    • m_playerID
      • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_badge - 1 byte
    • m_isAlertable - 1 byte set to either 0 or 1
  • m_text - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

AlertMsgResponsePDU[edit]

The format is as such:

  • m_statusCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

AnnouncementMsgPDU[edit]

This PDU can be sent by the server to broadcast a server announcement to a player. e.g. http://niotso.org/files/AnnouncementMsgPDU.png

The format is as such:

  • m_pSenderInfo
    • m_playerID
      • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped; for some reason, the first 2 bytes of the string (after the length) are ignored. This field is used as the "From" field in the announcement.
      • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped. This field does not appear in the announcement.
    • m_badge - 1 byte
    • m_isAlertable - 1 byte set to either 0 or 1
  • m_subject - A Pascal string with 4 string length bytes with the most significant bit of the length flipped. This field is used as the "Subject" field of the announcement.
  • m_text - A Pascal string with 4 string length bytes with the most significant bit of the length flipped. This field is used as the body of the announcement.

AnnouncementMsgResponsePDU[edit]

The format is as such:

  • m_statusCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_messageText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

ClientByePDU[edit]

The client sends this packet when the user clicks cancel on Create-A-Sim, and also in response to ServerByePDU (but not to an Aries disconnect packet or a general closed or lost TLS or TCP connection).

The format is as such:

  • m_reasonCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_requestTicket - 1 byte

ServerByePDU[edit]

The format is as such:

  • m_reasonCode - A 4-byte unsigned integer.
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_ticket - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

According to the switch/case at TSOServiceClientD_base+0x2aab6, valid reason codes are:

m_reasonCode Meaning Notes
16 Inactivity Disconnection You have been automatically disconnected from the server due to inactivity.
137 You have been suspended. We regret to inform you that your account has been suspended for Terms of Service violations. An email message concerning this incident has been sent to the address used to register your Sims Online account. You may also visit 'Game Help' on the player web site and search on the word 'suspend' for information regarding suspended accounts. This message causes the client to shut down after the player clicks OK rather than going back to SAS or the login screen.
138 Connection terminated. You have been disconnected because another user has entered the game with the same account name. If you think someone else is using your account illegally please visit http://thesimsonline.custhelp.com for help.
139 Connection terminated. You have been disconnected because another user has signed on with the same account name and has retired this Sim. If you think someone else is using your account illegally please visit http://thesimsonline.custhelp.com for help.
Other (default case) Network Error Lost server connection. Possible causes: your client may have erroneously disconnected or the server may have crashed. ( Error Code: %d )

ChatMsgFailedPDU[edit]

The format is as such:

  • m_statusCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

ChatMsgPDU[edit]

This PDU can be sent by the server to create a chat bubble above a Sim, and it is also sent by the client when the player attempts to chat. e.g. http://niotso.org/files/chatmsgpdu-2016-03-16.png

The format is as such:

  • m_echoRequested - 1 byte set to either 0 or 1
  • m_pPlayerInfo
    • m_playerID
      • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_badge - 1 byte
    • m_isAlertable - 1 byte set to either 0 or 1
  • m_messageText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

ClientOnlinePDU[edit]

The client sends this packet in response to HostOnlinePDU.

The format is as such:

  • m_pVersionInfo
    • m_majorVersion - 1 byte
    • m_minorVersion - 1 byte
    • m_pointVersion - 1 byte
    • m_artVersion - 1 byte
  • m_pRelogStats
    • Unknown - 4 bytes
    • m_timeRequired
      • m_time - A 4-byte Unix timestamp with the most significant bit flipped
    • m_numberOfAttempts - A 2-byte unsigned integer; must be nonzero, or the client will refuse the packet
  • m_pClientStatus
    • m_lastExitCode - A 4-byte unsigned integer
    • m_lastFailureType - 1 byte
    • m_failureCount - 1 byte
    • m_isRunning - 1 byte set to either 0 or 1
    • m_isRelogging - 1 byte set to either 0 or 1
    • Unknown - 1 byte set to either 0 or 1

At TSONetServiceSimClientD_base+0x3986e, if m_numberOfAttempts is nonzero, then the client will unread those 2 bytes (that is, seek backwards by 2 bytes). However, it does not read anything else in its place. Thus, the "Have we read all bytes in the packet?" check at TSONetServiceSimClientD_base+0x3bfea will fail. Alternatively, if m_numberOfAttempts is missing from the packet altogether, then the stream error will be set to -4 (buffer overrun), and the "Do we have no errors?" check at TSONetServiceSimClientD_base+0x249a7 will fail. Thus, m_numberOfAttempts must be nonzero for the client to accept the packet.

CreateAndJoinRoomPDU[edit]

The format is as such:

  • m_pCreateRoomInfo
    • m_Name - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • Unknown - 1 byte set to either 0 or 1
    • m_Password - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_MaxOccupancy - 4 bytes
    • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_StageID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_RoomType - 1 byte
    • m_Group - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

CreateRoomPDU[edit]

The format is as such:

  • m_pCreateRoomInfo
    • m_Name - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • Unknown - 1 byte set to either 0 or 1
    • m_Password - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_MaxOccupancy - 4 bytes
    • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_StageID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_RoomType - 1 byte
    • m_Group - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

CreateRoomResponsePDU[edit]

The format is as such:

  • m_statusCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_roomID
    • m_hostName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_roomName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

EjectOccupantResponsePDU[edit]

The format is as such:

  • m_statusCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

FindPlayerPDU[edit]

The client sends this to the server when the player clicks the "Where Am I?" button on another player's SimPage, clicks the "Send this Sim a message" button, or clicks the "Send Message" button in the inbox. The format is as such:

  • m_senderID
    • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

FindPlayerResponsePDU[edit]

This packet is used to find another player via the "Where Am I?" Option on the SimPage. Alternatively, it is also used to send a Message to a either a bookmarked Sim, or via the "Send a Message to this Sim" option on the SimPage.

The format is as such:

  • m_reasonCode - 4 bytes -- The reason code determines what type of message you want to send to the Sim. 0 = IM, 1 = Letter. --
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_pRoomInfo
    • m_roomID
      • m_roomName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_hostName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_nameLocked - 1 byte set to either 0 or 1
    • m_ownerID
      • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_stageID
      • m_roomName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_hostName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_currentOccupancy - 4 bytes
    • m_maxOccupancy - A 4-byte unsigned integer
    • m_pwdRequired - 1 byte set to either 0 or 1
    • m_RoomType - 1 byte
    • m_Group - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_AdminList
      • Admin player count - A 2-byte unsigned integer specifing the number of admin players that follow
      • Admin players - For each admin player:
        • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
        • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_EnabledFlag - 1 byte set to either 0 or 1 specifying whether or not this admin list is enabled
    • m_AdmitList
      • Admit player count - A 2-byte unsigned integer specifing the number of admit players that follow
      • Admit players - For each admit player:
        • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
        • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_EnabledFlag - 1 byte set to either 0 or 1 specifying whether or not this admit list is enabled
    • m_DenyList
      • Deny player count - A 2-byte unsigned integer specifing the number of deny players that follow
      • Deny players - For each deny player:
        • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
        • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_EnabledFlag - 1 byte set to either 0 or 1 specifying whether or not this deny list is enabled
    • Unknown - 4 bytes
    • Unknown - 4 bytes
    • Unknown - 4 bytes
  • m_pPlayerInfo
    • m_playerID
      • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_badge - 1 byte
    • m_isAlertable - 1 byte set to either 0 or 1

FlashMsgResponsePDU[edit]

FlashMsgResponsePDU is a confirmation packet which is required in order for a message or a letter to be sent. Sending a letter will send its contents, both your info from UpdatePlayerPDU and the other user's avatar ID.

The format is as such:

  • m_statusCode - 4 bytes -- The status code determines if the server accepts or denies the Letter/IM request. 0 = Success, 3 = Sent a message too quickly right after the previous one, 15 = Offline (Avatar isn't online), 16 = Ignored (Avatar has you on their ignore list), 18 = Gagged (Possible IM/Letter restriction placed by a CSR), 19 = Ignoring (You have the recipient on your Ignore List), 73 = Not Found (Avatar doesn't exist), 80 = Unknown Error Occurred --
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_wasPersisted - 1 byte set to either 0 or 1
  • m_statusCode - 4 bytes
  • m_playerID
    • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_pCorrespondentInfo
    • m_playerID
      • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_badge - 1 byte
    • m_isAlertable - 1 byte set to either 0 or 1
  • m_messageText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

FlashMsgPDU[edit]

This PDU can be sent by the server to send an instant message or a letter to the client, and it is also sent by the client when the user sends a message to another player or when the game asks for confirmation to send the letter. e.g. http://niotso.org/files/FlashMsgPDU.png

The format is as such:

  • m_persistMessage - 1 byte set to either 0 or 1
  • m_wasPersisted - 1 byte set to either 0 or 1
  • m_persistentMessageID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_pSenderInfo
    • m_playerID
      • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_badge - 1 byte
    • m_isAlertable - 1 byte set to either 0 or 1
  • m_receiverID
    • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_text - A Pascal string with 4 string length bytes with the most significant bit of the length flipped. This field is used as the content of the message.

When the server sends this packet to the client, the client does *not* send FlashMsgResponsePDU in response (yet); however, when the client sends it to the server, the server must send FlashMsgResponsePDU in response to get the message or the letter to appear as "accepted" on the client.

HandleAlertPDU[edit]

The format is as such:

  • m_pagingID
    • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

HostOfflinePDU[edit]

The body of this packet is empty.

HostOnlinePDU[edit]

The format is as such:

  • m_HostReservedWords
    • Number of words - A 2-byte unsigned integer specifying the number of reserved words that follow
    • Words - Each word is a Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_pHostParams
    • m_hostVersion - A 2-byte unsigned integer; this field is ignored by the client.
    • m_clientBufSize - A 2-byte unsigned integer specifying the maximum size Aries packet that the server can accept. Before HostOnlinePDU is sent, the Aries buffer size defaults to 1024.

In the function at TSONetServiceSimClientD_base+0x11320, a buffer is (re-)allocated with size m_clientBufSize - 12. This buffer is then used for outgoing Aries packets (but is not used for incoming Aries packets). Since 12 is the size of the Aries header, we can assume that m_clientBufSize specifies the maximum size of any Aries packet that the server can accept from the client.

In response to HostOnlinePDU, the client will send:

  • First time the packet is sent at "35%: Sockets sterilized": ClientOnlinePDU, SetIgnoreListPDU, SetInvisiblePDU, SetInvinciblePDU, SetAcceptAlertsPDU, SetAcceptFlashesPDU, DataServiceWrapperPDU (a MyAvatar request), DBRequestWrapperPDU (an UpdatePreferedLanguageByID request), GetMPSMessagesPDU, three GenericFlashRequestPDUs, ResetWatchdogPDU, ComponentVersionRequestPDU, DBRequestWrapperPDU (a LoadAvatarByID request), DataServiceWrapperPDU (FriendshipWeb_Avatar), DataServiceWrapperPDU (Neighbor_Avatar), DataServiceWrapperPDU (CurrentCity), DataServiceWrapperPDU (CurrentCityTopTenNeighborhoods), and DataServiceWrapperPDU (SimPage_Main) in that order.
  • Past "35%: Sockets sterilized": ClientOnlinePDU, SetIgnoreListPDU, SetInvisiblePDU, SetInvinciblePDU, SetAcceptAlertsPDU, and SetAcceptFlashesPDU, in that order.

InvitationMsgResponsePDU[edit]

  • m_statusCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_wasPersisted - 1 byte set to either 0 or 1
  • m_statusCode - 4 bytes
  • m_playerID
    • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_pCorrespondentInfo
    • m_playerID
      • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_badge - 1 byte
    • m_isAlertable - 1 byte set to either 0 or 1
  • m_action - 4 bytes

InvitationMsgPDU[edit]

  • m_persistMessage - 1 byte set to either 0 or 1
  • m_wasPersisted - 1 byte set to either 0 or 1
  • m_persistentMessageID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_pSenderInfo
    • m_playerID
      • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_badge - 1 byte
    • m_isAlertable - 1 byte set to either 0 or 1
  • m_receiverID
    • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_action - 4 bytes

JoinPlayerPDU[edit]

The format is as such:

  • m_playerID
    • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

JoinRoomPDU[edit]

The format is as such:

  • m_RoomID
    • m_roomName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_hostName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_password - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

ListOccupantsPDU[edit]

The format is as such:

  • m_roomID
    • m_roomName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_hostName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

ListOccupantsResponsePDU[edit]

The format is as such:

  • m_statusCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_roomID
    • m_roomName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_hostName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Number of occupants - A 4-byte unsigned integer specifying the number of occupants that follow
  • Occupants - For each occupant:
    • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_badge - 1 byte
    • m_isAlertable - 1 byte set to either 0 or 1

ListRoomsPDU[edit]

The format is as such:

  • m_RoomType - 1 byte
  • m_Group - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

ListRoomsResponsePDU[edit]

The format is as such:

  • m_statusCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Room count - A 4-byte unsigned integer specifying the number of rooms that follow
  • Rooms - For each room:
    • m_roomID
      • m_roomName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_hostName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_nameLocked - 1 byte set to either 0 or 1
    • m_ownerID
      • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_stageID
      • m_roomName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_hostName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_currentOccupancy - 4 bytes
    • m_maxOccupancy - 4 bytes
    • m_pwdRequired - 1 byte set to either 0 or 1
    • m_RoomType - 1 byte
    • m_Group - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_AdminList
      • Number of admin players - A 2-byte unsigned integer specifying the number of admin players that follow
      • Admin players - For each admin player:
        • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
        • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_EnabledFlag - 1 byte set to either 0 or 1 specifying whether or not this admin list is enabled
    • m_AdmitList
      • Number of admit players - A 2-byte unsigned integer specifying the number of admit players that follow
      • Admit players - For each admit player:
        • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
        • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_EnabledFlag - 1 byte set to either 0 or 1 specifying whether or not this admit list is enabled
    • m_DenyList
      • Number of deny players - A 2-byte unsigned integer specifying the number of deny players that follow
      • Deny players - For each deny player:
        • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
        • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_EnabledFlag - 1 byte set to either 0 or 1 specifying whether or not this deny list is enabled
    • Unknown - 4 bytes
    • Unknown - 4 bytes
    • Unknown - 4 bytes

OccupantArrivedPDU[edit]

The format is as such:

  • m_pPlayerInfo
    • m_playerID
      • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_badge - 1 byte
    • m_isAlertable - 1 byte set to either 0 or 1

MessageLostPDU[edit]

The body of this packet is empty.

OccupantDepartedPDU[edit]

The format is as such:

  • m_pPlayerInfo
    • m_playerID
      • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_badge - 1 byte
    • m_isAlertable - 1 byte set to either 0 or 1

GetMPSMessagesPDU[edit]

The client sends this packet in response to HostOnlinePDU.

The format is as such:

  • Player ID
    • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

The server should respond with GetMPSMessagesResponsePDU.

The client does not provide names for the GetMPSMessagesPDU fields. However, when it parses GetMPSMessagesPDU, it calls the "read player ID" function at TSONetServiceSimClientD_base+0x17a10. This function is used for reading m_ariesID/m_masterAccount pairs in other PDUs such as FindPlayerPDU.

GetMPSMessagesResponsePDU[edit]

The format is as such:

  • m_statusCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

DeleteMPSMessagePDU[edit]

The client sends this packet in response to RoommateGDMPDU as well as PetitionStatusUpdatePDU. This packet is also sent when you try to open more than 3 IM sessions with the text: "Sorry, I can't respond now. My message queue is full."

The format is as such:

  • m_persistentMessageID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Unknown - A 4-byte Unix timestamp with the most significant bit flipped
  • Unknown - A 4-byte Unix timestamp with the most significant bit flipped

UpdateRoomAdminListPDU[edit]

The format is as such:

  • m_action - 4 bytes
  • m_listType - 1 byte
  • m_subjectID
    • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

GetRoomAdminListPDU[edit]

The format is as such:

  • m_listType - 1 byte

GetRoomAdminListResponsePDU[edit]

The format is as such:

  • m_statusCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_listType - 1 byte
  • m_list
    • Number of admin players - A 2-byte unsigned integer specifying the number of admin players that follow
    • Admin players - For each admin player:
      • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_EnabledFlag - 1 byte set to either 0 or 1

FlashGroupPDU[edit]

The format is as such:

  • Unknown - 4 bytes
  • Unknown - 4 bytes
  • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Unknown - 1 byte set to either 0 or 1
  • Unknown - 1 byte set to either 0 or 1
  • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Unknown1 count - 2 bytes
  • Unknown1s - For each Unknown1:
    • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Unknown - 1 byte set to either 0 or 1
  • Unknown2 count - 2 bytes
  • Unknown2s - For each Unknown2:
    • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Unknown - 1 byte set to either 0 or 1
  • Unknown3 count - 2 bytes
  • Unknown3s - For each Unknown3:
    • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Unknown - 1 byte set to either 0 or 1
  • Unknown4 count - 2 bytes
  • Unknown4s - For each Unknown4:
    • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Unknown - 1 byte set to either 0 or 1
  • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_text - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

FlashGroupResponsePDU[edit]

The format is as such:

  • m_statusCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_groupID - 4 bytes

UpdateGroupMemberPDU[edit]

The format is as such:

  • m_memberID
    • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_groupID - 4 bytes
  • m_action - 4 bytes

UpdateGroupMemberResponsePDU[edit]

The format is as such:

  • m_statusCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_action - 4 bytes
  • m_groupID - 4 bytes
  • m_subjectID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

UpdateGroupAdminPDU[edit]

The format is as such:

  • m_subjectID
    • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_groupID - 4 bytes
  • m_listType - 1 byte
  • m_action - 4 bytes

UpdateGroupAdminResponsePDU[edit]

The format is as such:

  • m_statusCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_action - 4 bytes
  • m_groupID - 4 bytes
  • m_listType - 1 byte
  • m_subjectID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

GpsChatPDU[edit]

The format is as such:

  • m_senderID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_receiverID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • AttributeSet
    • Attribute count - A 4-byte unsigned integer with the most significant bit flipped specifying the number of attributes that follow
    • Attributes - For each attribute:
      • Name - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • Value - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

GpsChatResponsePDU[edit]

The format is as such:

  • m_statusCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_senderID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_receiverID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • AttributeSet
    • Attribute count - A 4-byte unsigned integer with the most significant bit flipped specifying the number of attributes that follow
    • Attributes - For each attribute:
      • Name - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • Value - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

PetitionStatusUpdatePDU[edit]

The format is as such:

  • m_persistMessage - 1 byte set to either 0 or 1
  • m_wasPersisted - 1 byte set to either 0 or 1
  • m_persistentMessageID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_receiverID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_timeReceived - A 4-byte Unix timestamp with the most significant bit flipped
  • AttributeSet
    • Attribute count - A 4-byte unsigned integer with the most significant bit flipped specifying the number of attributes that follow
    • Attributes - For each attribute:
      • Name - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • Value - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

ReadProfileResponsePDU[edit]

The format is as such:

  • m_statusCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_ownerID
    • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_pProfileInfo
    • m_playerID
      • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_handle - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_handleLock - 1 byte set to either 0 or 1
    • m_handleModified
      • m_time - A 4-byte Unix timestamp with the most significant bit flipped
    • m_pPermissionInfo
      • perm_CanAlert - 1 byte set to either 0 or 1
      • perm_CanReport - 1 byte set to either 0 or 1
      • perm_CanMessageAll - 1 byte set to either 0 or 1
      • perm_IsAlertable - 1 byte set to either 0 or 1
      • perm_CanSetInvisible - 1 byte set to either 0 or 1
      • perm_CanSetInvincible - 1 byte set to either 0 or 1
      • perm_CanSetAcceptAlerts - 1 byte set to either 0 or 1
      • perm_CanSetAcceptFlashes - 1 byte set to either 0 or 1
      • perm_CanChangeRoomName - 1 byte set to either 0 or 1
      • perm_CanActionRoomName - 1 byte set to either 0 or 1
      • perm_CanChangePlayerName - 1 byte set to either 0 or 1
      • perm_CanActionPlayerName - 1 byte set to either 0 or 1
      • perm_CanGagPlayer - 1 byte set to either 0 or 1
      • perm_CanBanPlayer - 1 byte set to either 0 or 1
      • perm_CanEjectPlayer - 1 byte set to either 0 or 1
      • perm_CanBlacklistPlayer - 1 byte set to either 0 or 1
      • perm_CanYankPlayer - 1 byte set to either 0 or 1
      • perm_CanKillRoom - 1 byte set to either 0 or 1
      • perm_CanModifyPermissions - 1 byte set to either 0 or 1
      • perm_CanOverrideIgnore - 1 byte set to either 0 or 1
      • perm_CanOverrideNoAcceptFlashes - 1 byte set to either 0 or 1
      • perm_CanEnterAnyRoom - 1 byte set to either 0 or 1
      • perm_IgnorePersistLimit - 1 byte set to either 0 or 1
      • perm_CanAdministrateRooms - 1 byte set to either 0 or 1
      • perm_HasAllGroupPrivileges - 1 byte set to either 0 or 1
      • perm_CanRunCheats - 1 byte set to either 0 or 1
      • perm_IsCSR - 1 byte set to either 0 or 1
    • m_appPerms - 4 bytes
    • m_timeCreated
      • m_time - A 4-byte Unix timestamp with the most significant bit flipped
    • m_timeModified
      • m_time - A 4-byte Unix timestamp with the most significant bit flipped
    • Unknown - A 4-byte Unix timestamp with the most significant bit flipped
    • Unknown - A 4-byte Unix timestamp with the most significant bit flipped
    • m_exileType - 1 byte
    • Unknown - 1 byte set to either 0 or 1
    • m_badge - 1 byte
    • m_lastLogin
      • m_time - A 4-byte Unix timestamp with the most significant bit flipped

SetAcceptAlertsPDU[edit]

The client sends this packet in response to HostOnlinePDU.

The format is as such:

  • m_action - 4 bytes

The server should respond with SetAcceptAlertsResponsePDU.

SetAcceptAlertsResponsePDU[edit]

The format is as such:

  • m_statusCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_acceptsAlerts - 1 byte set to either 0 or 1

SetIgnoreListPDU[edit]

The client sends this packet in response to HostOnlinePDU.

The format is as such:

  • m_Ignored
    • Number of PlayerIDs - A 2-byte unsigned integer
    • PlayerIDs - For each PlayerID:
      • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

The server should respond with SetIgnoreListResponsePDU.

SetIgnoreListResponsePDU[edit]

The format is as such:

  • m_statusCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_maxNumberOfIgnored - A 4-byte unsigned integer

SetInvinciblePDU[edit]

The client sends this packet in response to HostOnlinePDU.

The format is as such:

  • m_action - 4 bytes

The server should respond with SetInvincibleResponsePDU.

SetInvincibleResponsePDU[edit]

The format is as such:

  • m_statusCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_currentInvincibilitySetting - 1 byte set to either 0 or 1

SetInvisiblePDU[edit]

The client sends this packet in response to HostOnlinePDU.

The format is as such:

  • m_action - 4 bytes

The server should respond with SetInvisibleResponsePDU.

SetInvisibleResponsePDU[edit]

The format is as such:

  • m_statusCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_currentInvisibleSetting - 1 byte set to either 0 or 1

SetRoomNamePDU[edit]

The format is as such:

  • m_lockName 1 byte set to either 0 or 1
  • m_roomID
    • m_roomName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_hostName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_roomName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

SetRoomNameResponsePDU[edit]

The format is as such:

  • m_statusCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_roomID
    • m_hostName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_roomName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

UpdateOccupantsPDU[edit]

The format is as such:

  • m_requestStatus - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_pRoomInfo
    • m_roomID
      • m_roomName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_hostName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_nameLocked - 1 byte set to either 0 or 1
    • m_ownerID
      • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_stageID
      • m_roomName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_hostName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_currentOccupancy - 4 bytes
    • m_maxOccupancy - A 4-byte unsigned integer
    • m_pwdRequired - 1 byte set to either 0 or 1
    • m_RoomType - 1 byte
    • m_Group - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_AdminList
      • Admin player count - A 2-byte unsigned integer specifing the number of admin players that follow
      • Admin players - For each admin player:
        • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
        • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_EnabledFlag - 1 byte set to either 0 or 1 specifying whether or not this admin list is enabled
    • m_AdmitList
      • Admit player count - A 2-byte unsigned integer specifing the number of admit players that follow
      • Admit players - For each admit player:
        • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
        • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_EnabledFlag - 1 byte set to either 0 or 1 specifying whether or not this admit list is enabled
    • m_DenyList
      • Deny player count - A 2-byte unsigned integer specifing the number of deny players that follow
      • Deny players - For each deny player:
        • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
        • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_EnabledFlag - 1 byte set to either 0 or 1 specifying whether or not this deny list is enabled
    • Unknown - 4 bytes
    • Unknown - 4 bytes
    • Unknown - 4 bytes
  • Occupant count - A 2-byte unsigned integer specifying the number of occupants that follow
  • Occupants - For each occupant:
    • m_pPlayerInfo
      • m_playerID
        • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
        • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_badge - 1 byte
      • m_isAlertable - 1 byte set to either 0 or 1

UpdatePlayerPDU[edit]

The format is as such:

  • m_pPlayerInfo
    • m_playerID
      • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_badge - 1 byte
    • m_isAlertable - 1 byte set to either 0 or 1

UpdateProfilePDU[edit]

The format is as such:

  • m_pProfileInfo
    • m_playerID
      • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_handle - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_handleLock - 1 byte set to either 0 or 1
    • m_handleModified
      • m_time - A 4-byte Unix timestamp with the most significant bit flipped
    • m_pPermissionInfo
      • perm_CanAlert - 1 byte set to either 0 or 1
      • perm_CanReport - 1 byte set to either 0 or 1
      • perm_CanMessageAll - 1 byte set to either 0 or 1
      • perm_IsAlertable - 1 byte set to either 0 or 1
      • perm_CanSetInvisible - 1 byte set to either 0 or 1
      • perm_CanSetInvincible - 1 byte set to either 0 or 1
      • perm_CanSetAcceptAlerts - 1 byte set to either 0 or 1
      • perm_CanSetAcceptFlashes - 1 byte set to either 0 or 1
      • perm_CanChangeRoomName - 1 byte set to either 0 or 1
      • perm_CanActionRoomName - 1 byte set to either 0 or 1
      • perm_CanChangePlayerName - 1 byte set to either 0 or 1
      • perm_CanActionPlayerName - 1 byte set to either 0 or 1
      • perm_CanGagPlayer - 1 byte set to either 0 or 1
      • perm_CanBanPlayer - 1 byte set to either 0 or 1
      • perm_CanEjectPlayer - 1 byte set to either 0 or 1
      • perm_CanBlacklistPlayer - 1 byte set to either 0 or 1
      • perm_CanYankPlayer - 1 byte set to either 0 or 1
      • perm_CanKillRoom - 1 byte set to either 0 or 1
      • perm_CanModifyPermissions - 1 byte set to either 0 or 1
      • perm_CanOverrideIgnore - 1 byte set to either 0 or 1
      • perm_CanOverrideNoAcceptFlashes - 1 byte set to either 0 or 1
      • perm_CanEnterAnyRoom - 1 byte set to either 0 or 1
      • perm_IgnorePersistLimit - 1 byte set to either 0 or 1
      • perm_CanAdministrateRooms - 1 byte set to either 0 or 1
      • perm_HasAllGroupPrivileges - 1 byte set to either 0 or 1
      • perm_CanRunCheats - 1 byte set to either 0 or 1
      • perm_IsCSR - 1 byte set to either 0 or 1
    • m_appPerms - 4 bytes
    • m_timeCreated
      • m_time - A 4-byte Unix timestamp with the most significant bit flipped
    • m_timeModified
      • m_time - A 4-byte Unix timestamp with the most significant bit flipped
    • Unknown - A 4-byte Unix timestamp with the most significant bit flipped
    • Unknown - A 4-byte Unix timestamp with the most significant bit flipped
    • Unknown - string
    • m_exileType - 1 byte
    • Unknown - 1 byte set to either 0 or 1
    • m_badge - 1 byte
    • m_lastLogin
      • m_time - A 4-byte Unix timestamp with the most significant bit flipped

UpdateRoomPDU[edit]

The format is as such:

  • m_reasonCode - 4 bytes
  • m_occupantListFollows - 1 byte set to either 0 or 1
  • m_pRoomInfo
    • m_roomID
      • m_roomName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_hostName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_nameLocked - 1 byte set to either 0 or 1
    • m_ownerID
      • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_stageID
      • m_roomName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_hostName - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_currentOccupancy - 4 bytes
    • m_maxOccupancy - A 4-byte unsigned integer
    • m_pwdRequired - 1 byte set to either 0 or 1
    • m_RoomType - 1 byte
    • m_Group - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_AdminList
      • Admin player count - A 2-byte unsigned integer specifing the number of admin players that follow
      • Admin players - For each admin player:
        • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
        • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_EnabledFlag - 1 byte set to either 0 or 1 specifying whether or not this admin list is enabled
    • m_AdmitList
      • Admit player count - A 2-byte unsigned integer specifing the number of admit players that follow
      • Admit players - For each admit player:
        • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
        • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_EnabledFlag - 1 byte set to either 0 or 1 specifying whether or not this admit list is enabled
    • m_DenyList
      • Deny player count - A 2-byte unsigned integer specifing the number of deny players that follow
      • Deny players - For each deny player:
        • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
        • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_EnabledFlag - 1 byte set to either 0 or 1 specifying whether or not this deny list is enabled
    • Unknown - 4 bytes
    • Unknown - 4 bytes
    • Unknown - 4 bytes

SetAcceptFlashesPDU[edit]

The client sends this packet in response to HostOnlinePDU.

The format is as such:

  • m_action - 4 bytes

The server should respond with SetAcceptFlashesResponsePDU.

SetAcceptFlashesResponsePDU[edit]

The format is as such:

  • m_statusCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_acceptsFlashes - 1 byte set to either 0 or 1

SplitBufferPDU[edit]

Although the client is free to split Voltron PDUs verbatim across multiple Aries packets, in practice, the client always wraps each Voltron fragment inside a SplitBufferPDU, with one SplitBufferPDU per Aries packet, such that each SplitBufferPDU fits within the server's receive limit (SplitBufferPDU.pdu_length <= HostOnlinePDU.m_clientBufSize - 12).

The format is as such:

  • EOF - 1 byte set to either 0 or 1 specifying whether or not this is the last SplitBufferPDU in the sequence. If this flag is set, the client pushes all fragments to the beginning of the client's receive buffer.
  • Fragment size - A 4-byte unsigned integer specifying the size of the fragment that follows.
  • Fragment body - Variable bytes.

UpdateIgnoreListPDU[edit]

The format is as such:

  • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Unknown - 2 bytes

ResetWatchdogPDU[edit]

The client sends this packet in response to HostOnlinePDU.

The body of this packet is empty.

The server should respond with ResetWatchdogResponsePDU.

ResetWatchdogResponsePDU[edit]

The format is as such:

  • m_statusCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_nextTimeout - A 4-byte unsigned integer

BroadcastDataBlobPDU[edit]

The format is as such:

  • SendingAvatarID - 4 bytes
  • m_pSenderInfo
    • m_playerID
      • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_badge - 1 byte
    • m_isAlertable - 1 byte set to either 0 or 1
  • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Body size - A 4-byte unsigned integer specifying the size of the rest of the packet
    • Body

TransmitDataBlobPDU[edit]

The format is as such:

  • SendingAvatarID - 4 bytes
  • m_pSenderInfo
    • m_playerID
      • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_badge - 1 byte
    • m_isAlertable - 1 byte set to either 0 or 1
  • Body size - A 4-byte unsigned integer specifying the size of the rest of the packet
    • Body

DBRequestWrapperPDU[edit]

The client sends this packet in response to HostOnlinePDU.

The format is as such:

  • SendingAvatarID - 4 bytes
  • m_pSenderInfo
    • m_playerID
      • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • m_badge - 1 byte
    • m_isAlertable - 1 byte set to either 0 or 1
  • Message size - A 4-byte unsigned integer specifying the size of the rest of the packet
  • Message
    • Message clsid - 4 bytes; should be the clsid of a Message class, i.e., one that accepts the iid 0x1136D2BF. For DBRequestWrapperPDU, this field is normally 0x125194E5 (cTSONetMessageStandard). Valid values are: 0x125194E5 (cTSONetMessageStandard), 0x125194F5 (cTSONetMessageStream), 0x3EA44787 (cTSOAvatarCreationRequest), 0xAA3ECCB3 (cTSOInterdictor), 0xAA5FA4D8 (cTSOInterdictionPass), 0xCA5FA4E0 (cTSOInterdictionPassAndLog), 0xCA5FA4E3 (cTSOInterdictionDrop), 0xCA5FA4EB (cTSOInterdictionDropAndLog), 0xAA7B191E (cTSONetMessageEnvelope), 0x2A7B4E6A (cTSOChannelMessageEnvelope), 0x0A9D7E3A (cTSODeadStream), 0x09736027 (cTSOTopicUpdateMessage), 0x0A2C6585 (cTSODataTransportBuffer), 0x2A404946 (cTSOTopicUpdateErrorMessage).
    • Message body - variable bytes

The RTTI in EA-Land's version of DBAppServiceSimClientD.dll, and the fact that the cDBRequest constructor (0x100235F0) and cDBResponse constructor (0x10023A90) accept the Request/Response ID as arg1 and message ID as arg2, tell us that these are the possible requests and responses:

Name Request ID Response ID Message ID
GetHouseThumbByID 0x9BF18F10 0x9BF19573 0x69A2E644
GetLotAndObjects 0x0BFD89E3 0x8C6B0A49 0x2BFB0268
GetLotList 0x5BEEB701 0xDBEECD65 0x69A2E641
GetMaxPlayerPerLot 0x5F0A0561 0xDF0A0528 0x3F0A07EA
GetNeighborhoods 0x8AE0FD8C 0x6AE0FD6E 0xAAE10F9A
GetShardVersion 0x5E209378 0x9E2095BE 0x9E209766
GetTopList 0x3D8787DA 0xA928455B 0xC9A2E6AD
GetTopResultSetByID 0xBCD038AC 0xFCD03A1B 0x69AC83C4
InsertBookmarks 0x09CBE333 0x69CBE384 0xE9CBE612
InsertGenericLog 0x3D03D5F7 n/a 0xC9A2E6A1
InsertGenericTask 0xC98B6799 0xA98B6783 0x09A2E6DD
InsertNeighborhoods 0xAAE1247E 0x4AE12821 0x4AE12A15
InsertNewAvatar 0x8A3BE831 0x0A3C127F 0xAA3C1529
InsertNewFriendshipComment 0x6AE8E1ED 0xEAE8E26F 0x6AE9DC97
InsertPendingRoomateInv 0x3CE98067 0xBCE989F6 0xA9A2E68C
InsertSpotlightTextByLotID 0x8B8AE566 0x0B8AE5E6 0xAB9915A8
MoveOutByAvatarID 0x4CEEB62C 0x8CEEB761 0xECF2B8BE
LoadAvatarByID 0x2ADF7EED 0x2ADF8FF5 0x8ADF865D
MoveLotByID 0xEB42651A 0xAB4266CE 0xEB4271F3
PrtControlToggleByAvatarID 0x8A53F433 0x6A53F3F6 0x2A53F7CE
RejectPendingRoomateInv 0xDCE98959 n/a 0xA9A2E68D
ReleaseAvatarLease 0x6B9EAECD 0xAB9EB010 0x0B9EAF64
RenewAvatarLease 0xCB9EAF2F 0x2B9EB082 0x0B9EAF6D
SaveAvatarByID 0x2ADDE378 0x2ADDE27E 0xEADDEA30
SaveLotAndObjectBlobByID 0xCBFD89A7 0xCBFD899C 0x2BFB0265
Search 0x89483786 0xC94837CC 0xE9A2E6C9
SearchExactMatch 0xA952742D 0x89527401 0xE9A2E6CC
SellObject 0x8BFD896A 0x8BFD895F 0x4BFB026E
SetFriendshipComment 0x0AE0AEB8 0xAAE0AE66 0x4AE0BDF2
SetHouseThumbByID 0xFBF6E364 n/a 0x69A2E648
SetLotDesc 0x8A70B952 0x4A70B913 0xAA70C34C
SetLotHoursVisitedByID 0x7C02938C n/a 0x89A2E660
SetLotName 0x6A70B931 0xAA70B969 0x4A70C304
SetMoneyFields 0x5CF147E8 0xFCF14801 0xC9A2E69D
StockDress 0x2B4510AC 0x4B4510D5 0x6B4516F1
UpdateBadgeByID 0xCAFB30AA 0xCAFB31A4 0xEAFB3AC1
UpdateCharDescByID 0xAA3FEDA1 0x6A3FED66 0xAA401B81
UpdateDataServiceLotAdmitInfo_AddAdmittedID 0xCA26E9CF 0xAA270399 0x6A270C4D
UpdateDataServiceLotAdmitInfo_AddBannedID 0xEA26E9F8 0xCA2703AF 0x6A270C52
UpdateDataServiceLotAdmitInfo_RemoveAdmittedID 0xEA26E9E4 0xCA2703C0 0x6A270C4F
UpdateDataServiceLotAdmitInfo_RemoveBannedID 0x0A26EA0C 0xEA2703DD 0x6A270C55
UpdateDataServiceLotAdmitInfo_SetAdmitMode 0xCA26E9BD 0x0A2703F4 0x6A270C49
UpdateLotValueByID 0xDC17FB0E n/a 0x89A2E668
UpdateTaskStatus 0xA92AF562 n/a 0xE9A2E6C6
GetSpotlightLotList 0xEBD4DDAC 0xCBD4DD94 0xCBD4DD7E
GetFinancialDetail 0x0C23D673 0x4C23D6C1 0x2C23D7A1
GetOnlineJobLot 0x8C3BBA00 0x2C3BC494 0xAC3B863F
OnlineJobLotDesactivate 0xAC50944B 0x8C509438 0x8C509423
OnlineJobLotRequestDesactivation 0x0C9D233E 0x4C9D236B 0x4C9D247A
OnlineJobOccupantDesactivate 0xAC96E1AE 0xEC96E1E7 Request: 0xEC96E4FA, Response: 0x8C509423
UpdatePrivacyModeByID 0xA0C6106C 0x20C61C89 0x20C7DD21
GetDataUpdateEventsLastSeqID 0xCBB127FD 0x0BB12839 0xABB128E4
GetDataUpdateEvents 0x0B5E2124 0x0B5E202B 0xCB5E26FC
GetNeighborhoodInfo 0xCB7AD7EE 0x0B7ADA36 0x0B7ADB35
CallCreateFriends 0x21586E78 0x61586EB4 0x21587C80
CallDecayRelationships 0xE1586F32 0xA1586F52 0xE1587C89
UpdateRelationshipLastContact 0x2D33ABF3 0xCD33BF75 0xCD33AB86
UpdatePreferedLanguageByID 0x2D98FAF3 n/a 0xCD99038E
RenameAvatar 0x1060F3A1 0xB061033E 0x3060F7BC
AcceptPendingRoomateInv 0xDCE9801A 0xDCE98A01 0xA9A2E686
AcquireAvatarLease 0x6B9D76FC 0x4B9D77CA 0x2B9E5AE7
BuyDress 0x2B44F0C9 0xCB44F065 0xCB4255DF
BuyLotByAvatarID 0x1D8DD55A 0xBD8DDB9B 0xC9A2E6B3
BuyObject 0x4BFD8A1B 0x4BFD8A12 0x2BFB0269
DeleteAttributeByAvatarID 0xCB392F06 0xCB393006 0xEB43CB98
DeleteAvatarByID 0x6A52E10C 0x4A52E0E6 0x4A52F0D9
DeleteBookmarks 0x2A3C81DB 0x69CBE292 0xE9CBE601
DeleteObject 0x0B25CD36 0x2B219B40 0x2B21934E
DeleteSpotlightTextByLotID 0x6B8D6F5D 0x2B8D6F0B 0x8B991597
GetAvatarIDByName 0xA95BB3D7 0xE95BB42F 0xE9A2E6D0
GetAvatarInventoryByID 0x2BFD89FF 0x2BFD89F5 0x4BFB026F
GetBookmarks 0x0BA7F82C 0x3D8F9003 0xE9A2E6BF
GetCharByID 0x7BAE5079 0x1BAE532A 0x29A2E618
GetCityType 0x2A3927A2 0x4A3929BB 0xCA3959AF
GetDataServiceBuildableMapInfoByXY 0x4A3D75DA 0x6A3D7A09 0x8A3D7E26
GetDataServiceLotAdmitInfo 0x8A2456E6 0xEA245646 0x2A245F85
GetDataServiceLotInfoByXY 0xE9C81D19 0xE9C81D0A 0x09C82624
GetDebitCreditTask 0xE98A1700 0x898A168C 0x09A2E6DA
GetGenericFlash 0x9FE8B670 0x3FE8B5A4 0x5FF08AC5
GetHouseLeaderByLotID 0xDD909124 0xBD90911F 0xC9A2E6B6
GetObjectTuningVariables 0xEFAB815F 0xD6327954 0x245A2D07
GetObjectsAndCatalog 0x9525BE9F 0x6E8EAC4E 0x5F7CD545
CreateObject 0xABCD8986 0xABCD897C 0x3044F7BC
GetSelector 0x17C62EA8 0x2C371266 0x3045F7BC
GetGameConstants 0xCD999E31 0xE1299B7A 0x3046F7BC
RecordFeedEvent 0x688188BA 0x41C22C14 0xD293067E
DebitCredit 0x7C24F627 0x3C24F6BC 0x89A2E66C
GetAllRelationshipsByID 0xAB4A6098 0xCB4A60AC 0xEB4A55D0
GetDataServiceAvatarBudgetByID 0x4AA84714 0x4AA84819 0x0AA84DE5
GetDataServiceAvatarSkillsByID 0x0AA81112 0x8AA81196 0xAAA827A7
GetFriendshipWebCommentByID 0xEAE9F7E3 0x0AE9F8F1 0xAAEA216F
InsertGenericFlash 0xFFE8AC61 0x3FF83299 0x1FF08AB0
SecureTrade 0xABFD8986 0xABFD897C 0x4BFB0271
SetDataServiceAvatarVarSkillLockByID 0xCB9DE627 0xAB9DE815 0x0B9DE77E
SetLotCategory 0xAAD4C4D5 0xCAD4C4F8 0xEAD4F9DD
SetLotNeighborhoodID 0xEAF53BFB 0x0AF53C18 0x0AE8D6B3
SetNeighborhoodCenterGridXY 0x8B0847D4 0xAB0848EF 0x8B084FCE
InventoryTransfer 0x2BFDC6D0 0x4BFDC6DB 0x0BFDC794
GetSelectorApproval 0xA7F41927 0xA46A18AD 0xB411EEF5
DebitCreditSharedAccount 0x1C6A90C3 0xBCD04D22 0x3047F7BC
ExternalBankTransaction 0x51F76976 0xF898CE34 0x51F76976
InsertNewCharBlob (from New & Improved boxed version) tbd tbd
SetCharByID (from New & Improved boxed version) tbd tbd
SetHouseBlobByID (from New & Improved boxed version) tbd tbd
GetCharBlobByID (from New & Improved boxed version) tbd tbd
SetCharBlobByID (from original release version) tbd tbd
InsertNewHouseBlob (from Pre-Alpha) tbd tbd

TransmitCreateAvatarNotificationPDU[edit]

This packet is similar in format to the DataServiceWrapperPDU (with request/response ID 0x3EA44787) that the client sends to the server when the player has clicked OK in Create-A-Sim.

The format of TransmitCreateAvatarNotificationPDU is as such:

  • SendingAvatarID - 4 bytes
  • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Gender - 1 byte specifying the gender; a value of 0 means male, and 1 means female
  • Skin color - 1 byte specifying the skin color; a value of 0 means light, 1 means medium, and 2 means dark
  • Head outfit File ID - A 4-byte unsigned integer specifying the File ID of the head outfit
  • Head outfit Type ID - A 4-byte unsigned integer specifying the Type ID of the head outfit; should be equal to 13 for OFT
  • Body outfit File ID - A 4-byte unsigned integer specifying the File ID of the body outfit
  • Body outfit Type ID - A 4-byte unsigned integer specifying the Type ID of the body outfit; should be equal to 13 for OFT

BC_PlayerLoginEventPDU[edit]

The format is as such:

  • SendingAvatarID - 4 bytes
  • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

BC_PlayerLogoutEventPDU[edit]

The format is as such:

  • SendingAvatarID - 4 bytes
  • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

RoomserverUserlistPDU[edit]

The format is as such:

  • SendingAvatarID - 4 bytes
  • Unknown - 1 byte set to either 0 or 1
  • Unknown - 4 bytes
  • Unknown - 4 bytes
  • User count - A 2-byte unsigned integer specifying the number of users that follow
  • Users - For each user:
    • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

LotEntryRequestPDU[edit]

The format is as such:

  • SendingAvatarID - 4 bytes
  • mGridXY - 4 bytes
  • mpHouseSimsConstraints
  • AttributeSet
    • Attribute count - A 4-byte unsigned integer with the most significant bit flipped specifying the number of attributes to follow
      • Name - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
      • Value - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

ClientConfigPDU[edit]

The format is as such:

  • SendingAvatarID - 4 bytes
  • LotID - 4 bytes
  • ProvideLocalHosting - 1 byte set to either 0 or 1

GenericFlashPDU[edit]

This packet can be sent by the server to send a private message (PM) to a player, e.g. http://niotso.org/files/GenericFlashPDU.png

The format is as such:

  • SendingAvatarID - 4 bytes
  • m_sequenceDBID - 4 bytes
  • m_messageType - 4 bytes
  • m_messageSubType - 4 bytes
  • m_displayType - 4 bytes
  • m_sourceType - 4 bytes
  • m_sourceID - 4 bytes
  • m_targetType - 4 bytes
  • m_targetID - 4 bytes
  • m_data1 - 4 bytes
  • m_data2 - 4 bytes
  • m_data3 - 4 bytes
  • m_data4 - 4 bytes
  • m_subject - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_body - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_year - A 2-byte unsigned integer
  • m_month - A 1 byte unsigned integer
  • m_day - A 1 byte unsigned integer
  • m_hour - A 1 byte unsigned integer
  • m_minute - A 1 byte unsigned integer
  • m_second - A 1 byte unsigned integer

GenericFlashRequestPDU[edit]

The client sends this packet in response to HostOnlinePDU.

The format is as such:

  • SendingAvatarID - A 4-byte unsigned integer
  • mRequesterType - 4 bytes
  • mRequesterID - 4 bytes
  • mTargetType - 4 bytes
  • mTargetID - 4 bytes
  • mSequenceID - 4 bytes

The server should respond with GenericFlashResponsePDU.

GenericFlashResponsePDU[edit]

The format is as such:

  • m_statusCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

TransmitGenericGDMPDU[edit]

The format is as such:

  • SendingAvatarID - 4 bytes
  • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Unknown - A 4-byte unsigned integer with the most significant bit flipped
  • Unknown - 4 bytes

HouseSimConstraintsPDU[edit]

The format is as such:

  • Unknown count - A 4-byte unsigned integer with the most significant bit flipped specifying the number of unknowns that follow
  • Unknowns - For each unknown:
    • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

HouseSimConstraintsResponsePDU[edit]

The format is as such:

  • SendingAvatarID - 4 bytes

LoadHouseResponsePDU[edit]

The format is as such:

  • SendingAvatarID - 4 bytes

ComponentVersionRequestPDU[edit]

The client sends this packet in response to HostOnlinePDU.

The format is as such:

  • SendingAvatarID - 4 bytes

The server should respond with ComponentVersionResponsePDU.

ComponentVersionResponsePDU[edit]

The format is as such:

  • SendingAvatarID - 4 bytes
  • Number of string pairs - A 2-byte unsigned integer with the most significant bit flipped specifying the number of string pairs to follow
    • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
    • Unknown - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

RoommateGDMPDU[edit]

The format is as such:

  • m_persistMessage - 1 byte set to either 0 or 1
  • m_wasPersisted - 1 byte set to either 0 or 1
  • m_persistentMessageID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • mMessageType - 4 bytes
  • mLotID - 4 bytes
  • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • mMoney - 4 bytes
  • m_time A 4-byte Unix timestamp with the most significant bit flipped

RoommateGDMResponsePDU[edit]

The format is as such:

  • m_statusCode - 4 bytes
  • m_reasonText - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_wasPersisted - 1 byte set to either 0 or 1
  • m_statusCode - 4 bytes
  • Unknown - 4 bytes
  • mMessageType - 4 bytes
  • mLotID - 4 bytes
  • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_ariesID - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • m_masterAccount - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Unknown - 4 bytes

RSGZWrapperPDU[edit]

The client sends an RSGZWrapperPDU when the player clicks OK in CAS.

The format is as such:

  • SendingAvatarID - 4 bytes
  • Message ID - 4 bytes
  • Body size - A 4-byte unsigned integer specifying the size of the rest of the packet
  • Message
    • Message clsid - 4 bytes; should be the clsid of a Message class, i.e., one that accepts the iid 0x1136D2BF. For RSGZWrapperPDU, this field is normally 0x125194E5 (cTSONetMessageStandard). Valid values are: 0x125194E5 (cTSONetMessageStandard), 0x125194F5 (cTSONetMessageStream), 0x3EA44787 (cTSOAvatarCreationRequest), 0xAA3ECCB3 (cTSOInterdictor), 0xAA5FA4D8 (cTSOInterdictionPass), 0xCA5FA4E0 (cTSOInterdictionPassAndLog), 0xCA5FA4E3 (cTSOInterdictionDrop), 0xCA5FA4EB (cTSOInterdictionDropAndLog), 0xAA7B191E (cTSONetMessageEnvelope), 0x2A7B4E6A (cTSOChannelMessageEnvelope), 0x0A9D7E3A (cTSODeadStream), 0x09736027 (cTSOTopicUpdateMessage), 0x0A2C6585 (cTSODataTransportBuffer), 0x2A404946 (cTSOTopicUpdateErrorMessage).
    • Message body - variable bytes

AvatarHasNewLotIDPDU[edit]

The format is as such:

  • SendingAvatarID - 4 bytes
  • LotID - 4 bytes
  • AvatarID - 4 bytes
  • Money - 4 bytes
  • Message - 4 bytes

CheatPDU[edit]

The format is as such:

  • SendingAvatarID - 4 bytes
  • CheatString - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

DataServiceWrapperPDU[edit]

The client sends this packet in response to HostOnlinePDU.

The format is as such:

  • SendingAvatarID - 4 bytes
  • String ID - A 4-byte unsigned integer specifying the string ID of a string in TSOData_datadefinition.dat
  • Body size - A 4-byte unsigned integer specifying the size of the rest of the packet
  • Message
    • Message clsid - 4 bytes; should be the clsid of a Message class, i.e., one that accepts the iid 0x1136D2BF. For DataServiceWrapperPDU, this field is normally 0x125194E5 (cTSONetMessageStandard) for topic subscribe/unsubscribe requests and 0x09736027 (cTSOTopicUpdateMessage) for topic update notifications. Valid values are: 0x125194E5 (cTSONetMessageStandard), 0x125194F5 (cTSONetMessageStream), 0x3EA44787 (cTSOAvatarCreationRequest), 0xAA3ECCB3 (cTSOInterdictor), 0xAA5FA4D8 (cTSOInterdictionPass), 0xCA5FA4E0 (cTSOInterdictionPassAndLog), 0xCA5FA4E3 (cTSOInterdictionDrop), 0xCA5FA4EB (cTSOInterdictionDropAndLog), 0xAA7B191E (cTSONetMessageEnvelope), 0x2A7B4E6A (cTSOChannelMessageEnvelope), 0x0A9D7E3A (cTSODeadStream), 0x09736027 (cTSOTopicUpdateMessage), 0x0A2C6585 (cTSODataTransportBuffer), 0x2A404946 (cTSOTopicUpdateErrorMessage).
    • Message body - variable bytes

The RTTI for EA-Land's version of TSODataServiceClientD.dll mimics the contents of TSOData_datadefinition.dat.

LogCsrActionPDU[edit]

The format is as such:

  • SendingAvatarID - 4 bytes
  • actionType - 4 bytes
  • csrID - 4 bytes
  • targetAvatarID - 4 bytes
  • Detail - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Note - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

LogAvatarActionPDU[edit]

The format is as such:

  • SendingAvatarID - 4 bytes
  • actionType - 4 bytes
  • avatarID - 4 bytes
  • targetAvatarID - 4 bytes
  • CSR - 1 byte set to either 0 or 1
  • Detail - A Pascal string with 4 string length bytes with the most significant bit of the length flipped
  • Note - A Pascal string with 4 string length bytes with the most significant bit of the length flipped

DB requests and responses[edit]

LoadAvatarByID[edit]

The client sends a LoadAvatarByID request after receiving a HostOnlinePDU. (LoadAvatarByID was originally GetCharBlobByID prior to FilePlanet Play Test.)

Request:

The client sends the request with 0x3BF82D4E as the message ID. The format of the body is as such:

  • Avatar ID - A 4-byte unsigned integer specifying the avatar ID
  • Unknown - 4 bytes equal to 0
  • Reserved - 32 bytes of uninitialized memory (just like Heartbleed); equal to "BA AD F0 0D BA AD F0 0D ..." if you are running the game in a debugger
  • Unknown - 4 bytes equal to 0x69f4d5e8

Response:

Figuring out LoadAvatarByID is currently a subject of interest. Originally, the only thing that mattered for getting into the map view was the structure of the body (string, string, short, short, ...). Since then, more fields have been figured out which make the avatar visible on the lot, even though more than 50% of the packet is still unknown.

The second-to-last field must be 0x69f4d5e8 for the 0x8ADF865D guard function to return 0. (The guard function is located at TSOServiceClientD_base+0x2c574, and the comparison against 0x69f4d5e8 is made at TSOServiceClientD_base+0x2c5a0.) The response should be made with 0xDBF301A9 as the message ID. The format of the body is as such:

dword Avatar ID: 0x00000539
pascalv Avatar name: "JollySim"
pascalv unknown: "B"
short SkillLockMechanical: 0x1011
short SkillLockCooking: 0x1213
short SkillLockCharisma: 0x1415
short SkillLockLogic: 0x1617
short SkillLockBody: 0x1819
short SkillLockCreativity: 0x1a1b
short Mechanical Skill: 0x1c1d
short Cooking Skill: 0x1e1f
short Charisma Skill: 0x2021
short Logic Skill: 0x2223
short Body Skill: 0x2425
short Creativity Skill: 0x2627
dword unknown: 0x28292a2b
dword unknown: 0x2c2d2e2f
dword unknown: 0x30313233
dword unknown: 0x34353637
dword unknown: 0x38393a3b
dword unknown: 0x3c3d3e3f
dword unknown: 0x40414243
byte Gender: 0x00 (nonzero means female, zero means male)
byte Skin color: 0x00 (0 means light, 1 means medium, 2 means dark)
dword cash: 0x46474849
dword unknown: 0x4a4b4c4d
dword lot coordinates: 0x4e4f5051
byte unknown: 0x52
pascalv Head Outfit ID: "0x000003A10000000D"
pascalv Body Normal ID: "0x0000024A0000000D"
pascalv Body Swimwear ID: "0x000002B70000000D"
pascalv Body Sleepwear ID: "0x000002B60000000D"
pascalv Body Nude ID: "0x0000024E0000000D"
dword unknown: 0x54555657
dword unknown: 0x58595A5B
dword unknown: 0x5C5D5E5F
dword unknown: 0x60616263
dword unknown: 0x64656667
dword unknown: 0x68690000 (note: the bottom two bytes correspond to the "Is Ghost?" person data attribute and should be set to 0 for a normal person)
dword unknown: 0x6C6D6E6F
dword unknown: 0x70717273
dword unknown: 0x74757677
dword bonus count: 0x00000001
* dword unknown: 0x7C7D7E7F
* dword unknown: 0x80818283
* dword Sim bonus: 0x84858687
* dword Property bonus: 0x88898A8B
* dword Visitor bonus: 0x8C8D8E8F
* pascalv date string: "H"
dword count: 0x00000001
* dword unknown: 0x94959697
* qword unknown: 0x98999a9b9c9d9e9f
dword count: 0x00000001
* dword unknown: 0xa5a6a7a8
* dword unknown: 0xa9aaabac
dword count: 0x00000001
* short unknown: 0xb1b2
* short unknown: 0xb3b4
* dword unknown: 0xb5b6b7b8
* short unknown: 0xb9ba
short OnlineJobID: 0xbbbc
short unknown: 0xbdbe
dword unknown: 0xbfc0c1c2
dword unknown: 0xc3c4c5c6
dword count: 0x00000001
* dword unknown: 0xcbcccdce
* dword unknown: 0xcfd0d1d2
* dword unknown: 0xd3d4d5d6
* byte unknown: 0xd7
* byte unknown: 0xd8
* dword unknown: 0xd9dadbdc
* dword unknown: 0xdddedfe0
* dword unknown: 0xe1e2e3e4
dword count: 0x00000001
* dword unknown: 0xe9eaebec
* dword unknown: 0xedeeeff0
* dword unknown: 0xf1f2f3f4
* byte unknown: 0xf5
* byte unknown: 0xf6
* dword unknown: 0xf7f8f9fa
* dword unknown: 0xfbfcfdfe
* dword unknown: 0xff808182
dword count: 0x00000001
* dword unknown: 0x8788898a
* short unknown: 0x8b8c
* dword unknown: 0x8d8e8f90
* dword unknown: 0x91929394
* dword unknown: 0x95969798
* dword unknown: 0x999a9b9c
dword count: 0x00000001
* short unknown: 0x7071
* qword unknown: 0x7273747576777879
dword unknown: 0x7a7b7c7d
dword unknown: 0x7e7f6061
dword unknown: 0x62636465
dword unknown: 0x66676869
dword unknown: 0x6a6b6c6d
dword unknown: 0x6e6f5051
dword unknown: 0x52535455
dword unknown: 0x56575859
dword unknown: 0x69f4d5e8
dword unknown: 0x5e5f4041

In all Play Test versions of the game, the file "userdata/characters/netuser00000.iff" is generated in NoNetwork mode; the NoNetwork Sim's outfit IDs are stored in the "bodystring" chunk. In New & Improved Trial, in response to LoadAvatarByID, it turns out that the bodystring table for the Sim is created at TSOSimulatorClientD_base+0x699d3 with the exact same entries that are in Play Test ("Adult", string, string, "HEAD", "Top", ...). Each entry can be stepped through by placing a breakpoint at TSOSimulatorClientD_base+0x69b42. Using this information, the Outfit ID fields, the Gender field, and the Skin Color field were determined, which are sufficient to make the avatar visible on the lot (once the 0x0ac11f1e packet is sent to the client).

Search[edit]

The client sends a Search request when the user searches for a lot or property using the Wildcard Match button.

Request:

The client sends the request with 0x3BF82D4E as the message ID. The format of the body is as such:

  • Search string - A Pascal string with variable-length coding for the length
  • Search type - A 4-byte unsigned integer specifying what type of search to perform; a value of 1 means Sims; a value of 2 means Properties
  • Unknown - 4 bytes equal to 0
  • Unknown - 4 bytes equal to 0
  • Reserved - 32 bytes of uninitialized memory (just like Heartbleed); equal to "BA AD F0 0D BA AD F0 0D ..." if you are running the game in a debugger
  • Unknown - 4 bytes equal to 0

Response:

The response should be made with 0xDBF301A9 as the message ID. The format of the body is as such:

  • Search string - A Pascal string with variable-length coding for the length
  • Search type - A 4-byte unsigned integer specifying what type of search to perform; a value of 1 means Sims; a value of 2 means Properties
  • Unknown - 4 bytes
  • Result count - A 4-byte unsigned integer specifying the number of search results
  • Results - For each result:
    • Id - 4 bytes, Id associated with the result, sim id for sims and lot id for lots
    • Name - A Pascal string with variable-length coding for the length specifying the name of this search result
  • Reserved
    • Unknown - 4 bytes
    • Unknown - 4 bytes
    • Unknown - 4 bytes
    • Unknown - 4 bytes
    • Unknown - 4 bytes
    • Unknown - 4 bytes
    • Unknown - 4 bytes
    • Unknown - 4 bytes
  • Unknown - 4 bytes

SearchExactMatch[edit]

The client sends a Search request when the user searches for a lot or property using the Exact Match button.

The requests and responses and their message IDs are the same as those of Search.

UpdatePreferedLanguageByID[edit]

The client sends an UpdatePreferedLanguageByID request after receiving a HostOnlinePDU.

Request:

The client sends the request with 0x3BF82D4E as the message ID. The format of the body is as such:

  • Avatar ID - A 4-byte unsigned integer specifying the avatar ID of the currently selected avatar
  • Language - A 4-byte unsigned integer specifying a language code (defined in the IFF STR# chunk)
  • Unknown - 4 bytes equal to 0
  • Reserved - 32 bytes of uninitialized memory (just like Heartbleed); equal to "BA AD F0 0D BA AD F0 0D ..." if you are running the game in a debugger
  • Unknown - 4 bytes equal to 0x69f4d5e8

There is no response ID for UpdatePreferedLanguageByID; therefore, we can assume that the server does not respond to this packet.

Regulators[edit]

The game uses message queues to carry out its logic for various tasks. Each message queue can be thought of as an independently running program. The programs wait for events to arrive and perform short computations in response to those events. After completing a computation to handle an event, the program goes back to sleep. And a program can communicate with other programs by "posting" events into the queues for those programs.

As we see from the debugging strings in TSOServiceClientD.dll (in any version of the game), Maxis calls these message queues "regulators". Very fortunately for us, the game provides a string name for each regulator. The regulator known as "mClientLoginRegulator" is involved when the client connects to the city server, when it enters Create-A-Sim and the map view, and when it disconnects from the city server.

Each regulator has a list of message IDs that it accepts and a callback function for each message ID, similar to event handlers in JavaScript (e.g. 'onmouseover="dosomething();"'). In TSO New & Improved, the subroutines that actually remove the message from the message queue and call the associated callback function are duplicated across many dlls (and TSOClient.exe):

  • TSOClient.exe
  • TSODataServiceClientD.dll
  • TSOEdithPluginClientD.dll
  • TSONetServiceSimClientD.dll
  • TSOServiceClientD.dll
  • TSOSimulatorClientD.dll
  • TSOViewerClientD.dll
  • TSOWinAppD.dll

You can see for yourself if you do a ctrl+f for "regulator" (case-insensitive) in these dlls and look at the duplicated strings. We'll discuss the ones that are found in TSOServiceClientD.dll in the New & Improved trial.

Based on the debugging string found at TSOServiceClientD_base+0x2a674, the function cTSOClientLoginRegulator::HandleInitLogin is found at TSOServiceClientD_base+0x2a65b. If you set a breakpoint on this function, you'll see it gets called when you enter Select-A-Sim. Using "Right-click -> Find references to -> Selected command" in OllyDbg, we see that this function has 5 references. The references are each part of a function call to TSOServiceClientD_base+0x2c76c, one of which looks like this:

CPU Disasm
Address   Hex dump          Command                                  Comments
03229FF6      BE 15D82203   MOV ESI,0322D815 ; "xor eax, eax; ret 4" function
03229FFB      85C0          TEST EAX,EAX
03229FFD      74 1A         JE SHORT 0322A019
03229FFF      33C9          XOR ECX,ECX
0322A001      51            PUSH ECX
0322A002      56            PUSH ESI
0322A003      51            PUSH ECX
0322A004      B9 5BA62203   MOV ECX,cTSOClientLoginRegulator::HandleInitLogin
0322A009      51            PUSH ECX
0322A00A      57            PUSH EDI
0322A00B      68 8951FF89   PUSH 89FF5189
0322A010      8BC8          MOV ECX,EAX
0322A012      E8 55270000   CALL 0322C76C

One would guess that this function call registers the message ID 0x89FF5189 with the function we were just looking at. And it turns out that this function simply constructs and returns an object, which the code then immediately passes (as a pointer) as arg1 to TSOServiceClientD_base+0x33528, which registers the message type with a Regulator object passed as the "this" pointer in ecx. (You can verify that you're looking at a Regulator object by looking for its name. In every regulator object at offset +0x04 is a pointer to a cRZString object representing the name of the regulator.)

We see from the function call shown above that there are actually 2 callback functions associated with a message type (in this case, message type 0x89FF5189 has cTSOClientLoginRegulator::HandleInitLogin as one callback function and "xor eax, eax; ret 4" as another callback function). There is a debugging string at TSOServiceClientD_base+0x33c35 that refers to the second callback function as a "Regulator message guard", so we will call this the "guard function". The first callback function is where the handling logic really appears to occur, so we will call this the "process function".

Looking back at the cTSOClientLoginRegulator::HandleInitLogin example, if you place a breakpoint on this function, enter Select-A-Sim, allow the breakpoint to trip, and look at the call stack, you'll see that the function that calls this function is TSOServiceClientD_base+0x2c81d, which is the second in a sequence of 5 similar-looking small functions. If you place a breakpoint on all 5 functions, you'll see that the guard function of any message gets called by the first and the process function gets called by the second.

It turns out that the guard function determines whether or not the process function gets called; the guard function evaluates whether or not the message (and the payload attached to it) are valid (at the present time) and returns zero to specify that the process function should be called, and nonzero otherwise.

Messages can have different callback functions depending on the current state of the regulator. Maxis decided to model regulators as finite state machines. The debugging string at TSOServiceClientD_base+0x33e46 ("Regulator %s: RequestStateChange to %s when %s has no transition to that state.") tells us two things: that the function at TSOServiceClientD_base+0x33db3 (which accepts a Regulator object in ecx) is called "RequestStateChange", and that state changes must be done through an acceptable "transition" from the current state to the next state. We will discuss this in a moment.

If you do "Find all referenced strings" in OllyDbg and follow the strings that are clearly the name of Regulator objects (e.g. "LeaseManagerRegulator", "AvatarJoinRegulator", and so on), typically there is a specific function call shortly after the reference to that string, e.g. shortly after the reference to "LeaseManagerRegulator" is:

CPU Disasm
Address   Hex dump          Command                                 Comments
031BD52C      6A 06         PUSH 6
031BD52E      68 00172403   PUSH OFFSET 03241700
031BD533      8B01          MOV EAX,DWORD PTR DS:[ECX]
031BD535      FF50 30       CALL DWORD PTR DS:[EAX+30]

It turns out that this function (TSOServiceClientD_base+0x32fd5) registers a list of "message triples", as I called them, with the regulator in ecx. Arg1 specifies the location of the message triples, and arg2 specifies the number of message triples. Each message triple consists of 3 dwords, the second of which can be confirmed to be a message ID; the first and third fields are often the same as each other, but sometimes different. Based on our finding of the "RequestStateChange" function, we can guess that the first and third fields are state IDs. If you enumerate the complete list of all message triples for all regulators in all DLLs (which I will display shortly), there are occasionally message triples with duplicate message IDs. The message triples are only unique when you look at the first field in combination with the second field. It is therefore a reasonable guess that the second field specifies the message ID, the first field specifies the current state ID, and the third field specifies the transition state ID. (It is important to note that this function registers the list of valid message IDs for a given regulator, but does not register what callback functions will handle them; this is done separately by a call to TSOServiceClientD_base+0x33528, which e.g. occurs shortly after the "CALL 0322C76C" instruction in the example provided for cTSOClientLoginRegulator::HandleInitLogin).

Here is the complete list of message triples for all regulators in all dlls, with many constants given names from the Pre-Alpha constants table:

Note that we can add another constant that does not exist in the table, kMSGID_TellRoommateMoveOutSucceeded = 0xAD0E4BA4, according to the file _208_roommateprotocolstrings.cst in New & Improved Trial and the code that looks at entry #130, TSOServiceClientD_base+0x2edb1.
  • BridgedSimulatorLoginRegulator: 2 entries at TSOClient_base+0x45ea8
    • message 0x1BFAACDC (kMSGID_InitLogin) in state 0x69E25134: transition to state 0x89E2514F
    • message 0x3BF7000A (kConnectionEstablished) in state 0x89E2514F: transition to state 0x89E25157
  • LegacyMessageRegulator: 27 entries, list determined by viewing memory at time of call to Regulator::RegisterMessages
    • message 0xBD83DA84 (kMSGID_SetLotID) in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0xBD7E8B0B (kMSGID_EnterLotAsVisitor) in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0x5BF7002F (kPartedRoom) in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0x6B6F23A1 (kServerTickConfirmationMsg) in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0x1D6AB192 (kMSGID_AvatarOnlineResponse) in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0x3BFC2808 (kMSGID_JoinHouseResponse) in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0x9B7ED631 (kMSGID_HouseData) in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0xFBF7001B (kConnectionFailed) in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0x099DA5B8 (kMSGID_MessageHouseOccupants) in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0xA92CB404 (kMSGID_FlashMessage) in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0xE92DA3D1 (kMSGID_FlashMessageResponse) in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0x3D98E704 (kMSGID_ConfirmRoommateInviteRequest) in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0xC98B8830 (kMSGID_TellInviterSetAcceptRMSucceeded) in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0x9D973DB1 (kMSGID_ConfirmMoveOutAvatarRequest) in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0x7DFE4263 (kMSGID_TellOwnerKickoutRMSucceeded) in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0xC98B881F (kMSGID_AskInviteeToAcceptRMInvite) in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0xC98B8835 (kMSGID_TellInviteeSetAcceptRMSucceeded) in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0x89EE097C in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0xC96E2FC3 (kMSGID_GDMQueryStatusResponse) in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0x1E04C15A (kAudioRadioSyncSound) in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0x09C82624 in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0x69A2E641 (kDBGetLotList_Query) in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0xE9A2E6BF (kDBGetBookmarks_Query) in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0x3DD9B59E (kAudioAmbienceSync) in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0xEA42965C in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0x3EC72BF7 in state 0x09EF8F3C: transition to state 0x09EF8F3C
    • message 0x4AE9DD30 in state 0x09EF8F3C: transition to state 0x09EF8F3C
  • DataServiceRegulator: 16 entries at TSODataServiceClientD_base+0x9d6d0
    • message 0xA97360C5 (GZMSGID_cITSOApprovedTopicUpdate) in state 0x6A131659: transition to state 0x6A131659
    • message 0x8A2726E0 in state 0x6A131659: transition to state 0x6A131659
    • message 0xA97360C5 (GZMSGID_cITSOApprovedTopicUpdate) in state 0x0A6E228E: transition to state 0x0A6E228E
    • message 0x8A2726E0 in state 0x0A6E228E: transition to state 0x0A6E228E
    • message 0xA97360C5 (GZMSGID_cITSOApprovedTopicUpdate) in state 0x8A6E4705: transition to state 0x8A6E4705
    • message 0x8A2726E0 in state 0x8A6E4705: transition to state 0x8A6E4705
    • message 0x89FF5197 in state 0x6A131659: transition to state 0x2A92E7ED
    • message 0xEA6C8D8F in state 0x6A131659: transition to state 0x2A92E7ED
    • message 0x89FF519C in state 0x6A131659: transition to state 0x2A92E7ED
    • message 0x7EA33D4D in state 0x2A92E7ED: transition to state 0x0A6E228E
    • message 0x3BF7000A (kConnectionEstablished) in state 0x6A131659: transition to state 0x0A6E228E
    • message 0x3BF7000A (kConnectionEstablished) in state 0x8A6E4705: transition to state 0x0A6E228E
    • message 0xEA6E1298 in state 0x0A6E228E: transition to state 0x8A6E4705
    • message 0xFBF7001B (kConnectionFailed) in state 0x0A6E228E: transition to state 0x6A131659
    • message 0xFBF7001B (kConnectionFailed) in state 0x8A6E4705: transition to state 0x6A131659
    • message 0xFBF7001B (kConnectionFailed) in state 0x2A92E7ED: transition to state 0x6A131659
  • InterestRegulator: 2 entries at TSODataServiceClientD_base+0x9e1c8
    • message 0x09C83484 in state 0xCA8EF0CB: transition to state 0xCA8EF0CB
    • message 0x29C8348F in state 0xCA8EF0CB: transition to state 0xCA8EF0CB
  • TwoPersonJobObjectMaze Regulator: 8 entries at TSOEdithPluginClientD_base+0x84468
    • message 0x4A245A2A in state 0x4A245A3C: transition to state 0x6A245A41
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0x6A245A41: transition to state 0x6A245A41
    • message 0x9D83BC2D (kMSGID_EODEvent) in state 0x6A245A41: transition to state 0x6A245A41
    • message 0xBD83B022 (kMSGID_EdithUserEvent) in state 0x6A245A41: transition to state 0x6A245A41
    • message 0x0A284B40 in state 0x6A245A41: transition to state 0x6A245A41
    • message 0xCA298049 in state 0x6A245A41: transition to state 0x6A245A41
    • message 0xCA36B826 in state 0x6A245A41: transition to state 0x6A245A41
    • message 0x6A36DA90 in state 0x6A245A41: transition to state 0x6A245A41
  • Client NightClubDanceFloor Regulator: 2 entries at TSOEdithPluginClientD_base+0x844f0
    • message 0x0A3DDC22 in state 0x8D113953: transition to state 0x8D113953
    • message 0x2A3DDE2A in state 0x8D113953: transition to state 0x8D113953
  • Client NightClubController Regulator: 2 entries at TSOEdithPluginClientD_base+0x84530
    • message 0x0A3DDC22 in state 0xCCC5BC52: transition to state 0xCCC5BC52
    • message 0x2A3DDE2A in state 0xCCC5BC52: transition to state 0xCCC5BC52
  • Client WarGame Regulator: 16 entries at TSOEdithPluginClientD_base+0x84570
    • message 0xAD65639D in state 0xED6432FE: transition to state 0x0D643305
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0xED6432FE: transition to state 0xED6432FE
    • message 0x2A3DDE2A in state 0xED6432FE: transition to state 0xED6432FE
    • message 0x9D83BC2D (kMSGID_EODEvent) in state 0x0D643305: transition to state 0x0D643305
    • message 0x2D6D23DB in state 0x0D643305: transition to state 0x0D643305
    • message 0xCD657A93 in state 0x0D643305: transition to state 0xAD6D682D
    • message 0xCD657A99 in state 0x0D643305: transition to state 0xED654AE2
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0x0D643305: transition to state 0x0D643305
    • message 0x2A3DDE2A in state 0x0D643305: transition to state 0x0D643305
    • message 0x8D6E8CDF in state 0xAD6D682D: transition to state 0x0D643305
    • message 0xCD657A99 in state 0xAD6D682D: transition to state 0xED654AE2
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0xAD6D682D: transition to state 0xAD6D682D
    • message 0x2A3DDE2A in state 0xAD6D682D: transition to state 0xAD6D682D
    • message 0xAD65639D in state 0xED654AE2: transition to state 0x0D643305
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0xED654AE2: transition to state 0xED654AE2
    • message 0x2A3DDE2A in state 0xED654AE2: transition to state 0xED654AE2
  • Client DJStation Regulator: 8 entries at TSOEdithPluginClientD_base+0x84650
    • message 0x8C5C7163 in state 0x4C5C701E: transition to state 0x4C5C7026
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0x4C5C701E: transition to state 0x4C5C701E
    • message 0x2A3DDE2A in state 0x4C5C701E: transition to state 0x4C5C701E
    • message 0xCC620837 in state 0x4C5C7026: transition to state 0x4C5C7026
    • message 0x9D83BC2D (kMSGID_EODEvent) in state 0x4C5C7026: transition to state 0x4C5C7026
    • message 0x0A3DDC22 in state 0x4C5C7026: transition to state 0x4C5C7026
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0x4C5C7026: transition to state 0x4C5C7026
    • message 0x2A3DDE2A in state 0x4C5C7026: transition to state 0x4C5C7028
  • Client DancePlatform Regulator: 8 entries at TSOEdithPluginClientD_base+0x846d0
    • message 0x6C5A326C in state 0x0C5A3211: transition to state 0xCC55D7CD
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0x0C5A3211: transition to state 0x0C5A3211
    • message 0x2A3DDE2A in state 0x0C5A3211: transition to state 0x0C5A3211
    • message 0x2C58F74F in state 0xCC55D7CD: transition to state 0xCC55D7CD
    • message 0x9D83BC2D (kMSGID_EODEvent) in state 0xCC55D7CD: transition to state 0xCC55D7CD
    • message 0x0A3DDC22 in state 0xCC55D7CD: transition to state 0xCC55D7CD
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0xCC55D7CD: transition to state 0xCC55D7CD
    • message 0x2A3DDE2A in state 0xCC55D7CD: transition to state 0xCC55D7D2
  • Client VideoPoker Regulator: 4 entries at TSOEdithPluginClientD_base+0x84750
    • message 0x9D83BC2D (kMSGID_EODEvent) in state 0x0B709E8C: transition to state 0x0B709E8C
    • message 0x0A3DDC22 in state 0x0B709E8C: transition to state 0x0B709E8C
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0x0B709E8C: transition to state 0x0B709E8C
    • message 0x2A3DDE2A in state 0x0B709E8C: transition to state 0x0B709E97
  • Client RackCustomer Regulator: 7 entries at TSOEdithPluginClientD_base+0x847a0
    • message 0x9D83BC2D (kMSGID_EODEvent) in state 0xCB492996: transition to state 0xCB492996
    • message 0xEB4D2965 in state 0xCB492996: transition to state 0xCB492996
    • message 0x2DEE6BE4 in state 0xCB492996: transition to state 0xCB492996
    • message 0xEB4D296D in state 0xCB492996: transition to state 0xEB49299B
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0xCB492996: transition to state 0xCB492996
    • message 0x2A3DDE2A in state 0xCB492996: transition to state 0xEB49299B
    • message 0xCDEEA04D in state 0xEB49299B: transition to state 0xEB49299B
  • Client RackOwner Regulator: 5 entries at TSOEdithPluginClientD_base+0x847f8
    • message 0x9D83BC2D (kMSGID_EODEvent) in state 0xCB492996: transition to state 0xCB492996
    • message 0x0B8306F5 in state 0xCB492996: transition to state 0xCB492996
    • message 0xAB6628E7 in state 0xCB492996: transition to state 0xCB492996
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0xCB492996: transition to state 0xCB492996
    • message 0x2A3DDE2A in state 0xCB492996: transition to state 0xEB49299B
  • Client Spotlight Regulator: 4 entries at TSOEdithPluginClientD_base+0x84870
    • message 0x9D83BC2D (kMSGID_EODEvent) in state 0x4B6AA0CD: transition to state 0x4B6AA0CD
    • message 0x0A3DDC22 in state 0x4B6AA0CD: transition to state 0x4B6AA0CD
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0x4B6AA0CD: transition to state 0x4B6AA0CD
    • message 0x2A3DDE2A in state 0x4B6AA0CD: transition to state 0x6B6AA0D9
  • Client SkillMiniGame Regulator: 4 entries at TSOEdithPluginClientD_base+0x848c0
    • message 0x9D83BC2D (kMSGID_EODEvent) in state 0xEB5E42AC: transition to state 0xEB5E42AC
    • message 0x0A3DDC22 in state 0xEB5E42AC: transition to state 0xEB5E42AC
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0xEB5E42AC: transition to state 0xEB5E42AC
    • message 0x2A3DDE2A in state 0xEB5E42AC: transition to state 0x0B5E42B0
  • Client Trade Regulator: 1 entry at TSOEdithPluginClientD_base+0x84910
    • message 0x8D6EF45A in state 0xCB79F25D: transition to state 0xCB79F25D
  • Client Dresser Regulator: 3 entries at TSOEdithPluginClientD_base+0x84938
    • message 0x9D83BC2D (kMSGID_EODEvent) in state 0x49FF5620: transition to state 0x49FF5620
    • message 0x4B39A801 in state 0x49FF5620: transition to state 0xA9FF5683
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0x49FF5620: transition to state 0x49FF5620
  • Client Blackjack Regulator: 4 entries at TSOEdithPluginClientD_base+0x84978
    • message 0x9D83BC2D (kMSGID_EODEvent) in state 0x2B2FCC15: transition to state 0x2B2FCC15
    • message 0x0A3DDC22 in state 0x2B2FCC15: transition to state 0x2B2FCC15
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0x2B2FCC15: transition to state 0x2B2FCC15
    • message 0x2A3DDE2A in state 0x2B2FCC15: transition to state 0x2B2FCC19
  • Client Slots Regulator: 6 entries at TSOEdithPluginClientD_base+0x849c8
    • message 0x9D83BC2D (kMSGID_EODEvent) in state 0xEB280FE8: transition to state 0xEB280FE8
    • message 0x0A3DDC22 in state 0xEB280FE8: transition to state 0xEB280FE8
    • message 0xEB32A594 in state 0xEB280FE8: transition to state 0xEB280FE8
    • message 0x2B3CFF89 in state 0xEB280FE8: transition to state 0xEB280FE8
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0xEB280FE8: transition to state 0xEB280FE8
    • message 0x2A3DDE2A in state 0xEB280FE8: transition to state 0xEB280FF1
  • Client Band Regulator: 8 entries at TSOEdithPluginClientD_base+0x84a28
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0xAADFC7D8: transition to state 0xAADFC7D8
    • message 0x9D83BC2D (kMSGID_EODEvent) in state 0xAADFC7D8: transition to state 0xAADFC7D8
    • message 0xCAE26E71 in state 0xAADFC7D8: transition to state 0xAADFC7D8
    • message 0xCAE2962D in state 0xAADFC7D8: transition to state 0xAADFC7D8
    • message 0x4AE280EC in state 0xAADFC7D8: transition to state 0xAADFC7D8
    • message 0xAAE3605C in state 0xAADFC7D8: transition to state 0xAADFC7D8
    • message 0xAAEB8088 in state 0xAADFC7D8: transition to state 0xAADFC7D8
    • message 0x0B16F720 in state 0xAADFC7D8: transition to state 0xAADFC7D8
  • Client Door Regulator: 6 entries at TSOEdithPluginClientD_base+0x84aa0
    • message 0x4A6A10B9 in state 0xCA69F25D: transition to state 0xCA69F25D
    • message 0x9D83BC2D (kMSGID_EODEvent) in state 0xCA69F25D: transition to state 0xCA69F25D
    • message 0x8A6A4DDA in state 0xCA69F25D: transition to state 0xCA69F25D
    • message 0x8A95DD0E in state 0xCA69F25D: transition to state 0xCA69F256
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0xCA69F25D: transition to state 0xCA69F25D
    • message 0x2A3DDE2A in state 0xCA69F25D: transition to state 0xCA69F256
  • Client Timer Regulator: 4 entries at TSOEdithPluginClientD_base+0x84b00
    • message 0x9D83BC2D (kMSGID_EODEvent) in state 0xAA65FF8F: transition to state 0xAA65FF8F
    • message 0x0A3DDC22 in state 0xAA65FF8F: transition to state 0xAA65FF8F
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0xAA65FF8F: transition to state 0xAA65FF8F
    • message 0x2A3DDE2A in state 0xAA65FF8F: transition to state 0xAA65FF8F
  • Client Signs Regulator: 5 entries at TSOEdithPluginClientD_base+0x84b48
    • message 0xCA64DBBB in state 0x8A6355FD: transition to state 0x8A6355FD
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0x8A6355FD: transition to state 0x8A6355FD
    • message 0x2A3DDE2A in state 0x8A6355FD: transition to state 0x8A635602
    • message 0x9D83BC2D (kMSGID_EODEvent) in state 0x8A6355FD: transition to state 0x8A6355FD
    • message 0xAA63B4C5 in state 0x8A6355FD: transition to state 0x8A635602
  • Client Trunk Regulator: 4 entries at TSOEdithPluginClientD_base+0x84ba0
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0x6A5E41A0: transition to state 0x6A5E41A0
    • message 0x2A3DDE2A in state 0x6A5E41A0: transition to state 0x8A5E41B8
    • message 0x9D83BC2D (kMSGID_EODEvent) in state 0x6A5E41A0: transition to state 0x6A5E41A0
    • message 0xCA5FA3B6 in state 0x6A5E41A0: transition to state 0x8A5E41B8
  • Client Roulette Regulator: 19 entries at TSOEdithPluginClientD_base+0x84bf8
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0xCB2A7B46: transition to state 0xCB2A7B46
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0xCB2A7B4A: transition to state 0xCB2A7B4A
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0xCB2A7B4E: transition to state 0xCB2A7B4E
    • message 0x9D83BC2D (kMSGID_EODEvent) in state 0xCB2A7B46: transition to state 0xCB2A7B46
    • message 0x9D83BC2D (kMSGID_EODEvent) in state 0xCB2A7B4A: transition to state 0xCB2A7B4A
    • message 0x6B2A7BD6 in state 0xCB2A7B46: transition to state 0xCB2A7B46
    • message 0x6B2A7BD6 in state 0xCB2A7B4A: transition to state 0xCB2A7B4A
    • message 0x6B2A7BD6 in state 0xCB2A7B4E: transition to state 0xCB2A7B4E
    • message 0xEB2A6B70 in state 0xCB2A7B46: transition to state 0xCB2A7B46
    • message 0x4B327E42 in state 0xCB2A7B46: transition to state 0xCB2A7B46
    • message 0xEB2A6B70 in state 0xCB2A7B4A: transition to state 0xCB2A7B4A
    • message 0x4B327E42 in state 0xCB2A7B4A: transition to state 0xCB2A7B4A
    • message 0x8B2A7306 in state 0xCB2A7B46: transition to state 0xCB2A7B4A
    • message 0xAB2A7325 in state 0xCB2A7B4A: transition to state 0xCB2A7B4E
    • message 0xBB2A7335 in state 0xCB2A7B4E: transition to state 0xCB2A7B46
    • message 0xCB429ADD in state 0xCB2A7B4E: transition to state 0xCB2A7B52
    • message 0x4B464D66 in state 0xCB2A7B46: transition to state 0xCB2A7B46
    • message 0x4B464D66 in state 0xCB2A7B4A: transition to state 0xCB2A7B46
    • message 0x4B464D66 in state 0xCB2A7B4E: transition to state 0xCB2A7B46
  • Client PizzaMaker Regulator: 17 entries at TSOEdithPluginClientD_base+0x84d08
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0xCA496966: transition to state 0xCA496966
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0xCA49696B: transition to state 0xCA49696B
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0xCA496970: transition to state 0xCA496970
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0xCA496974: transition to state 0xCA496979
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0xCA496979: transition to state 0xCA496979
    • message 0x9D83BC2D (kMSGID_EODEvent) in state 0xCA496970: transition to state 0xCA496970
    • message 0x2A4969C6 in state 0xCA496966: transition to state 0xCA496966
    • message 0x2A4969C6 in state 0xCA49696B: transition to state 0xCA49696B
    • message 0x2A4969C6 in state 0xCA496970: transition to state 0xCA496970
    • message 0x2A4969C6 in state 0xCA496974: transition to state 0xCA496974
    • message 0x2A4969C6 in state 0xCA496979: transition to state 0xCA496979
    • message 0x4A4969F7 in state 0xCA496966: transition to state 0xCA49696B
    • message 0x4A4969FC in state 0xCA49696B: transition to state 0xCA496970
    • message 0x4A496A00 in state 0xCA496970: transition to state 0xCA496970
    • message 0x6A496A08 in state 0xCA496970: transition to state 0xCA496974
    • message 0x6A496A0C in state 0xCA496974: transition to state 0xCA496979
    • message 0x6A496A11 in state 0xCA496979: transition to state 0xCA496966
  • Client PaperChase Regulator: 6 entries at TSOEdithPluginClientD_base+0x84df0
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0xCA41A464: transition to state 0xCA41A464
    • message 0x9D83BC2D (kMSGID_EODEvent) in state 0xCA41A464: transition to state 0xCA41A464
    • message 0xAA419468 in state 0xCA41A464: transition to state 0xCA41A464
    • message 0xAA47FCC3 in state 0xCA41A464: transition to state 0xCA41A464
    • message 0xAA47FCCF in state 0xCA41A464: transition to state 0xCA41A464
    • message 0xEA41CC60 in state 0xCA41A464: transition to state 0xCA41A464
  • Client DanceFloor Regulator: 3 entries at TSOEdithPluginClientD_base+0x84e80
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0x49FF5620: transition to state 0x49FF5620
    • message 0x9D83BC2D (kMSGID_EODEvent) in state 0x49FF5620: transition to state 0x49FF5620
    • message 0x0A3DDC22 in state 0x49FF5620: transition to state 0x49FF5620
  • Client Scoreboard Regulator: 4 entries at TSOEdithPluginClientD_base+0x84ec0
    • message 0x9D83BC2D (kMSGID_EODEvent) in state 0x49FF5620: transition to state 0x49FF5620
    • message 0x0A3DDC22 in state 0x49FF5620: transition to state 0x49FF5620
    • message 0xFD7FCA5B (kMSGID_EODShutDown) in state 0x49FF5620: transition to state 0x49FF5620
    • message 0x2A3DDE2A in state 0x49FF5620: transition to state 0xA9FF5683
  • NetMessagePDURegulator: 2 entries at TSONetServiceSimClientD_base+0xa8e28
    • message 0x4ABA95B3 in state 0xCA3FF2A6: transition to state 0xCA3FF2A6
    • message 0xDBF301A9 (kDBServiceResponseMsg) in state 0xCA3FF2A6: transition to state 0xCA3FF2A6
  • PDURegulator: 162 entries, list determined by viewing memory at time of call to Regulator::RegisterMessages
    • message 0x0A411AC7 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000001 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000002 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000003 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000004 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000005 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000006 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000007 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000008 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000009 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000000A in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000000B in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000000C in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000000D in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000000E in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000000F in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000010 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000011 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000012 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000013 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000014 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000015 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000016 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000017 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000018 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000019 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000001A in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000001B in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000001C in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000001D in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000001E in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000001F in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000020 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000021 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000022 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000023 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000024 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000025 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000026 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000027 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000028 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000029 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000002A in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000002B in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000002C in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000002D in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000002E in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000002F in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000030 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000031 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000032 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000033 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000034 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000035 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000036 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000037 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000038 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000039 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000003A in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000003B in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000003C in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000003D in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000003E in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000003F in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000040 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000041 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000042 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000043 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000044 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000045 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000046 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000047 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000048 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000049 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000004A in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000004B in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000004C in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000004D in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000004E in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000004F in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000050 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000051 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000052 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000053 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000054 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000055 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000056 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000057 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000058 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000059 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000005A in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000005B in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000005C in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000005D in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000005E in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000005F in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000060 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000061 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000062 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000063 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000064 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000065 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000066 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000067 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000068 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000069 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000006A in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000006B in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000006C in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000006D in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000006E in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000006F in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000070 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000071 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00000072 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002710 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002711 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002712 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002713 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002714 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002715 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002716 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002717 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002718 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002719 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000271A in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000271B in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000271C in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000271D in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000271E in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000271F in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002720 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002721 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002722 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002723 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002724 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002725 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002726 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002727 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002728 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002729 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000272A in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000272B in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000272C in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000272D in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000272E in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000272F in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002730 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002731 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002732 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002733 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002734 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002735 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002736 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002737 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002738 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x00002739 in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000273A in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000273C in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000273D in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000273E in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
    • message 0x0000273F in state 0xCA3FF2A5: transition to state 0xCA3FF2A5
  • LeaseManagerRegulator: 6 entries at TSOServiceClientD_base+0x91700
    • message 0x6B9D4335 in state 0xCBA150AE: transition to state 0xCBA150AE
    • message 0x2B9E5AE7 in state 0xCBA150AE: transition to state 0xCBA150AE
    • message 0x0B9EAF6D in state 0xCBA150AE: transition to state 0xCBA150AE
    • message 0x0B9EAF64 in state 0xCBA150AE: transition to state 0xCBA150AE
    • message 0xDBF301A9 (kDBServiceResponseMsg) in state 0xCBA150AE: transition to state 0xCBA150AE
    • message 0xEC7195C8 in state 0xCBA150AE: transition to state 0xCBA150AE
  • AvatarJoinRegulator: 38 entries at TSOServiceClientD_base+0x92928, 1 entry at TSOServiceClientD_base+0x92af0
    • message 0xC984DE7B (kMSGID_AvatarJoinRequest) in state 0x2984DCF8 (kAvatarIdleState): transition to state 0x49DB85B0
    • message 0xC984DE88 (kMSGID_AvatarLeaveRequest) in state 0x2984DCF8 (kAvatarIdleState): transition to state 0xEA5410D3
    • message 0x521A94E0 (kClientHasDisconnected) in state 0x2984DCF8 (kAvatarIdleState): transition to state 0xEA5410D3
    • message 0x69DB85D9 in state 0x49DB85B0: transition to state 0x6B9D5123
    • message 0xA9BEF212 (kMSGID_HouseLoaded) in state 0x49DB85B0: transition to state 0x6B9D5123
    • message 0xC984DE88 (kMSGID_AvatarLeaveRequest) in state 0x49DB85B0: transition to state 0xEA5410D3
    • message 0x521A94E0 (kClientHasDisconnected) in state 0x49DB85B0: transition to state 0xEA5410D3
    • message 0x2B9D43E9 in state 0x6B9D5123: transition to state 0x4984DD01 (kAvatarJoiningState)
    • message 0x4B9D43F8 in state 0x6B9D5123: transition to state 0xEA5410D3
    • message 0xC984DE88 (kMSGID_AvatarLeaveRequest) in state 0x6B9D5123: transition to state 0xEA5410D3
    • message 0x521A94E0 (kClientHasDisconnected) in state 0x6B9D5123: transition to state 0xEA5410D3
    • message 0x8ADF865D in state 0x4984DD01 (kAvatarJoiningState): transition to state 0x8C93180D
    • message 0xC984DE88 (kMSGID_AvatarLeaveRequest) in state 0x4984DD01 (kAvatarJoiningState): transition to state 0xEA5410D3
    • message 0x521A94E0 (kClientHasDisconnected) in state 0x4984DD01 (kAvatarJoiningState): transition to state 0xEA5410D3
    • message 0x4B9D43F8 in state 0x4984DD01 (kAvatarJoiningState): transition to state 0xEA5410D3
    • message 0xAC3B863F in state 0x8C93180D: transition to state 0x0CDC594A
    • message 0x8CDC2DF4 in state 0x8C93180D: transition to state 0x0CDC594A
    • message 0xC984DE88 (kMSGID_AvatarLeaveRequest) in state 0x8C93180D: transition to state 0xEA5410D3
    • message 0x521A94E0 (kClientHasDisconnected) in state 0x8C93180D: transition to state 0xEA5410D3
    • message 0x4B9D43F8 in state 0x8C93180D: transition to state 0xEA5410D3
    • message 0xACDC4FF2 in state 0x0CDC594A: transition to state 0xCA5420A1
    • message 0xC984DE88 (kMSGID_AvatarLeaveRequest) in state 0x0CDC594A: transition to state 0xEA5410D3
    • message 0x521A94E0 (kClientHasDisconnected) in state 0x0CDC594A: transition to state 0xEA5410D3
    • message 0x4B9D43F8 in state 0x0CDC594A: transition to state 0xEA5410D3
    • message 0xA980F3FD (kMSGID_AvatarJoinDone) in state 0xCA5420A1: transition to state 0x4984DD07 (kAvatarJoinedState)
    • message 0xC984DE88 (kMSGID_AvatarLeaveRequest) in state 0xCA5420A1: transition to state 0xEA5410D3
    • message 0x521A94E0 (kClientHasDisconnected) in state 0xCA5420A1: transition to state 0xEA5410D3
    • message 0x4B9D43F8 in state 0xCA5420A1: transition to state 0xEA5410D3
    • message 0x8A736D18 in state 0x4984DD07 (kAvatarJoinedState): transition to state 0x8A736719
    • message 0x4B9D43F8 in state 0x4984DD07 (kAvatarJoinedState): transition to state 0xEA5410D3
    • message 0x521A94E0 (kClientHasDisconnected) in state 0x4984DD07 (kAvatarJoinedState): transition to state 0x6A736712
    • message 0xC984DE88 (kMSGID_AvatarLeaveRequest) in state 0x4984DD07 (kAvatarJoinedState): transition to state 0xEA5410D3
    • message 0x8A736D18 in state 0x6A736712: transition to state 0x4984DD0D (kAvatarLeavingState)
    • message 0x521A94E0 (kClientHasDisconnected) in state 0x8A736719: transition to state 0x4984DD0D (kAvatarLeavingState)
    • message 0xC984DE88 (kMSGID_AvatarLeaveRequest) in state 0x4984DD0D (kAvatarLeavingState): transition to state 0x4984DD0D (kAvatarLeavingState)
    • message 0x521A94E0 (kClientHasDisconnected) in state 0x4984DD0D (kAvatarLeavingState): transition to state 0x4984DD0D (kAvatarLeavingState)
    • message 0xC984DE88 (kMSGID_AvatarLeaveRequest) in state 0xEA5410D3: transition to state 0xEA5410D3
    • message 0x521A94E0 (kClientHasDisconnected) in state 0xEA5410D3: transition to state 0xEA5410D3
    • (in the second list) message 0x00000000 in state 0x2984DCF8 (kAvatarIdleState): transition to state 0x2984DCF8 (kAvatarIdleState)
  • mMapViewRegulator: 22 entries at TSOServiceClientD_base+0x92b10
    • message 0xBBFAABC8 (kMSGID_InitMapView) in state 0x6A1995A2: transition to state 0x6A1995A2
    • message 0x3BF68DAA (kMSGID_RoomListResponse) in state 0x6A1995A2: transition to state 0x6A1995A2
    • message 0x4947E8F6 (kMSGID_CreateFilterResults_MostPopularHouses) in state 0x6A1995A2: transition to state 0x6A1995A2
    • message 0x6947E915 (kMSGID_CreateFilterResults_RecentlyVisitedHouses) in state 0x6A1995A2: transition to state 0x6A1995A2
    • message 0x09488E0E (kMSGID_ClearFilterResults) in state 0x6A1995A2: transition to state 0x6A1995A2
    • message 0xE9664888 (kMSGID_TuningVariablesReady) in state 0x6A1995A2: transition to state 0x6A1995A2
    • message 0x3C017DF8 (kMSGID_SelectLot) in state 0x6A1995A2: transition to state 0x6A1995A2
    • message 0xDBF301A9 (kDBServiceResponseMsg) in state 0x6A1995A2: transition to state 0x6A1995A2
    • message 0xC9A2E6B3 (kDBBuyLotByAvatarID_Query) in state 0x6A1995A2: transition to state 0x6A1995A2
    • message 0xDC17B470 (kMSGID_BuyLot) in state 0x6A1995A2: transition to state 0x6A1995A2
    • message 0xDC17B472 in state 0x6A1995A2: transition to state 0x6A1995A2
    • message 0x7C39E037 (kMSGID_AutoJoinSelectedAvatarsLot) in state 0x6A1995A2: transition to state 0x6A1995A2
    • message 0xA92C873A (kMSGID_PurgeVisitorAndDelayedJoinHouse) in state 0x6A1995A2: transition to state 0x6A1995A2
    • message 0xBD7E8B0B (kMSGID_EnterLotAsVisitor) in state 0x6A1995A2: transition to state 0x6A1995A2
    • message 0xC991C894 (kMSGID_CreateRoomFailed) in state 0x6A1995A2: transition to state 0x6A1995A2
    • message 0x5BF7002F (kPartedRoom) in state 0x6A1995A2: transition to state 0x6A1995A2
    • message 0x69FF6855 in state 0x6A1995A2: transition to state 0x6A1995A2
    • message 0x8A91C0E3 in state 0x6A1995A2: transition to state 0x6A1995A2
    • message 0xEB3D1B30 in state 0x6A1995A2: transition to state 0x6A1995A2
    • message 0x0B45338E in state 0x6A1995A2: transition to state 0x6A1995A2
    • message 0x20AA4123 in state 0x6A1995A2: transition to state 0x6A1995A2
    • message 0xEC97A26F in state 0x6A1995A2: transition to state 0x6A1995A2
  • GameEntryRegulator: 14 entries at TSOServiceClientD_base+0x93250
    • message 0x9C86B025 (kMSGID_InitCitySelector) in state 0xE9EE7711: transition to state 0x49EE7F7C
    • message 0xE9F521D7 in state 0x49EE7F7C: transition to state 0x09EE7736
    • message 0x69F52253 in state 0x49EE7F7C: transition to state 0x09EE7736
    • message 0x3C8C05AD (kMSGID_CSPatch) in state 0x49EE7F7C: transition to state 0x49EE7F7C
    • message 0xCAC80225 in state 0x49EE7F7C: transition to state 0x89FFD18B
    • message 0x89FF5189 in state 0x49EE7F7C: transition to state 0x29F53607
    • message 0x89FF518E in state 0x49EE7F7C: transition to state 0x29F53607
    • message 0x89FF5197 in state 0x49EE7F7C: transition to state 0x29F53607
    • message 0xEA6C8D8F in state 0x49EE7F7C: transition to state 0x29F53607
    • message 0x89FF519C in state 0x49EE7F7C: transition to state 0x29F53607
    • message 0x0A03BE32 in state 0x49EE7F7C: transition to state 0xE9EE7711
    • message 0x0A03BE32 in state 0x29F53607: transition to state 0xE9EE7711
    • message 0x9C86B025 (kMSGID_InitCitySelector) in state 0x29F53607: transition to state 0x49EE7F7C
    • message 0xCA947042 in state 0x29F53607: transition to state 0x29F53607
  • CitySelectorRegulator: 19 entries at TSOServiceClientD_base+0x932f8
    • message 0x7C86B02D (kMSGID_CSAuthorize) in state 0xE9F6869B: transition to state 0x29EBEAC9
    • message 0xCA039216 in state 0xE9F6869B: transition to state 0x2A00896B
    • message 0x6A8D7300 in state 0xE9F6869B: transition to state 0xE9F6869B
    • message 0x6A8D7300 in state 0x29EBEAC9: transition to state 0x2A00896B
    • message 0x7C86B02D (kMSGID_CSAuthorize) in state 0x29EBEAC9: transition to state 0x29EBEAC9
    • message 0xBC86B033 (kMSGID_CSInitialConnect) in state 0x29EBEAC9: transition to state 0x2A00896B
    • message 0x8A03539C in state 0x2A00896B: transition to state 0xCA0352CF
    • message 0x6A8D7300 in state 0x2A00896B: transition to state 0xCA0352CF
    • message 0xA97360C5 (GZMSGID_cITSOApprovedTopicUpdate) in state 0xCA0352CF: transition to state 0xCA0352CF
    • message 0x8A0353A2 in state 0xCA0352CF: transition to state 0xCA0352D7
    • message 0x6A8D7300 in state 0xCA0352CF: transition to state 0xCA0352D7
    • message 0x3C8C0552 (kMSGID_CSSelectShardWithAvatar) in state 0xCA0352D7: transition to state 0x6C153B3D
    • message 0xDCE95E19 (kMSGID_CSSelectAvatar) in state 0xCA0352D7: transition to state 0x29EE765A
    • message 0x6A8D7300 in state 0xCA0352D7: transition to state 0x29EE765A
    • message 0x3C8C0552 (kMSGID_CSSelectShardWithAvatar) in state 0x29EE765A: transition to state 0x6C153B3D
    • message 0x6A8D7300 in state 0x29EE765A: transition to state 0x6C153B3D
    • message 0x3C8C0552 (kMSGID_CSSelectShardWithAvatar) in state 0x6C153B3D: transition to state 0x6C153B3D
    • message 0x6A8D7300 in state 0x6C153B3D: transition to state 0x29EE765A
    • message 0x6A8D7300 in state 0x6C153B3D: transition to state 0x6C153B3D
  • mClientLoginRegulator: 8 entries at TSOServiceClientD_base+0x93860
    • message 0x89FF5189 in state 0xEA01E68B: transition to state 0xEA01E683
    • message 0x89FF518E in state 0xEA01E68B: transition to state 0xEA01E683
    • message 0x89FF5197 in state 0xEA01E68B: transition to state 0xEA01E683
    • message 0xEA6C8D8F in state 0xEA01E68B: transition to state 0xEA01E683
    • message 0x89FF519C in state 0xEA01E68B: transition to state 0xEA01E683
    • message 0x3BF7000A (kConnectionEstablished) in state 0xEA01E683: transition to state 0xEA01E67C
    • message 0xFBF7001B (kConnectionFailed) in state 0xEA01E683: transition to state 0xEA01E68B
    • message 0xFBF7001B (kConnectionFailed) in state 0xEA01E67C: transition to state 0xEA01E68B
  • mClientLoginConnectedRegulator: 18 entries at TSOServiceClientD_base+0x938c0
    • message 0xAA0234F9 in state 0x29FA0DCD: transition to state 0x29FA0DD4
    • message 0x69FF6866 in state 0x29FA0DCD: transition to state 0x29FA0DD4
    • message 0xAA023502 in state 0x29FA0DCD: transition to state 0x49FA0DE1
    • message 0xEA6CA161 in state 0x29FA0DCD: transition to state 0x49FA0DE1
    • message 0xAA023506 in state 0x29FA0DCD: transition to state 0x49FA0DEB
    • message 0x49FF7D2C in state 0x49FA0DE1: transition to state 0x29FA0DCD
    • message 0x69FF6866 in state 0x49FA0DE1: transition to state 0x29FA0DD4
    • message 0xAA0234F9 in state 0x49FA0DE1: transition to state 0x29FA0DD4
    • message 0x69FF6855 in state 0x49FA0DE1: transition to state 0x29FA0DCD
    • message 0x49FF7D2C in state 0x49FA0DEB: transition to state 0x29FA0DCD
    • message 0x69FF6866 in state 0x49FA0DEB: transition to state 0x29FA0DD4
    • message 0xAA0234F9 in state 0x49FA0DEB: transition to state 0x29FA0DD4
    • message 0x69FF6855 in state 0x49FA0DEB: transition to state 0x29FA0DCD
    • message 0x69FF6855 in state 0x29FA0DD4: transition to state 0x29FA0DCD
    • message 0xAA0234F9 in state 0x29FA0DD4: transition to state 0x29FA0DD4
    • message 0x69FF6855 in state 0x29FA0DD4: transition to state 0x29FA0DCD
    • message 0x69FF6866 in state 0x29FA0DD4: transition to state 0x29FA0DD4
    • message 0x4B043159 in state 0x29FA0DD4: transition to state 0x29FA0DD4
  • mClientLoginDatabaseRegulator: 7 entries at TSOServiceClientD_base+0x93808
    • message 0x2A03513F in state 0xEA0356E6: transition to state 0xEA0356F1
    • message 0x8ADF865D in state 0xEA0356F1: transition to state 0xEA0356E6
    • message 0x49FF8D1D in state 0xEA0356E6: transition to state 0x9EA3328A
    • message 0x29FF7D18 in state 0xEA0356E6: transition to state 0x9EA3328A
    • message 0x29FF7D1D in state 0xEA0356E6: transition to state 0x9EA3328A
    • message 0x7EA33D4D in state 0x9EA3328A: transition to state 0xEA0356E6
    • message 0xDBF301A9 (kDBServiceResponseMsg) in state 0xEA0356E6: transition to state 0xEA0356E6
  • SystemMessageRegulator: 6 entries at TSOServiceClientD_base+0x93d10
    • message 0x3C817530 (kMSGID_DisciplinaryActionNotification) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x1C828202 (kMSGID_ReceivedMOTD) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x0A2C5702 in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x6A2C5756 in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x6A2C5757 in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x6A2C5758 in state 0x0A160F18: transition to state 0x0A160F18
  • RoommateRegulator: 40 entries at TSOServiceClientD_base+0x93dd0
    • message 0xDCDDD019 (kMSGID_RoommateAddEdithEvent) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x7D8CA534 (kMSGID_RequestMoveOutAvatar) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x3D9600B6 (kMSGID_RequestKickOutVisitor) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x9D973DB1 (kMSGID_ConfirmMoveOutAvatarRequest) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x3D973DB8 (kMSGID_ConfirmMoveOutAvatarResponse) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x3D98E704 (kMSGID_ConfirmRoommateInviteRequest) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x5D98E70C (kMSGID_ConfirmRoommateInviteResponse) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x898F94A5 (kMSGID_RoommateAddPersonPage) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x4989C897 (kMSGID_RoommateCreditMoney) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0xC98B881F (kMSGID_AskInviteeToAcceptRMInvite) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0xC98B8822 (kMSGID_TellInviterInviteeRejectedRMInvite) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0xC98B882B (kMSGID_TellInviteeSetAcceptRMFailed) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0xFDFF5886 (kMSGID_TellInviterSetAcceptRMFailed_NumRM) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x3DFF588B (kMSGID_TellInviterSetAcceptRMFailed_NoOwnerLot) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0xA98B8811 (kMSGID_TellInviterSetPendingRMFailed) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0xA98B8815 (kMSGID_TellInviterSetPendingRMFailed_RMHistory) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0xA98B8818 (kMSGID_TellInviterSetPendingRMFailed_NumRM) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0xC98B881B (kMSGID_TellInviterSetPendingRMFailed_AlreadyRM) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0xDDFF587E (kMSGID_TellInviterSetPendingRMFailed_NoOwnerLot) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0xC98B8835 (kMSGID_TellInviteeSetAcceptRMSucceeded) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0xC98B8830 (kMSGID_TellInviterSetAcceptRMSucceeded) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x7DFE4263 (kMSGID_TellOwnerKickoutRMSucceeded) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x3DFE4269 (kMSGID_TellOwnerKickoutRMFailed) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0xFDFE4300 (kMSGID_TellRoommateTheyWereKickedout) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0xAD0E4BA4 (kMSGID_TellRoommateMoveOutSucceeded) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x9DFFA106 (kMSGID_TellRMThatRMMovedOut) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0xBDFF5F58 (kMSGID_TellRMKickoutRM) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x5DFF588E (kMSGID_TellRMNewRM) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x8A2C281B in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x298E16CA (kMSGID_TellSimulatorRMInviteSucceeded) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x298E16CD (kMSGID_TellSimulatorMoveOutAvatar) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0xDBF301A9 (kDBServiceResponseMsg) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x4989C899 (kMSGID_ExecuteMoneyTask) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x09A2E6DD (kDBInsertGenericTask_Query) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x09A2E6DA (kDBGetDebitCreditTask_Query) in state 0x0A160F18: transition to state 0x0A160F18
    • message 0xECF2B8BE in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x4989C89B in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x4989C89A in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x4989C89E in state 0x0A160F18: transition to state 0x0A160F18
    • message 0x4989C89D in state 0x0A160F18: transition to state 0x0A160F18
  • NeighborhoodClientRegulator: 6 entries at TSOSimulatorClientD_base+0xf8348
    • message 0x0AC11F1E in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x09F627FE in state 0xCA392E28: transition to state 0xCA392E28
    • message 0xA9DD088D in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x2A3AAB1C in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x0BB4E694 in state 0xCA392E28: transition to state 0xCA392E28
    • message 0xCD191ADB in state 0xCA392E28: transition to state 0xCA392E28
  • ObjectConfigurationRegulator: 1 entry at TSOSimulatorClientD_base+0xf84b8
    • message 0x0B341D90 in state 0x0B34259A: transition to state 0x0B34259A
  • ConnectionRegulator: 9 entries at TSOSimulatorClientD_base+0xf84e8
    • message 0xE9664888 (kMSGID_TuningVariablesReady) in state 0x4989FB48 (kDisconnectedState): transition to state 0x4989FB48 (kDisconnectedState)
    • message 0x3BF7000A (kConnectionEstablished) in state 0x4989FB48 (kDisconnectedState): transition to state 0x4989FB4F (kConnectedState)
    • message 0xFBF7001B (kConnectionFailed) in state 0x4989FB48 (kDisconnectedState): transition to state 0x4989FB48 (kDisconnectedState)
    • message 0xCBBC0936 in state 0x4989FB48 (kDisconnectedState): transition to state 0x4989FB48 (kDisconnectedState)
    • message 0xEA24791E in state 0x4989FB48 (kDisconnectedState): transition to state 0x4989FB48 (kDisconnectedState)
    • message 0xFBF7001B (kConnectionFailed) in state 0x4989FB4F (kConnectedState): transition to state 0x4989FB48 (kDisconnectedState)
    • message 0xCBBC0936 in state 0x4989FB4F (kConnectedState): transition to state 0x4989FB4F (kConnectedState)
    • message 0xEA24791E in state 0x4989FB4F (kConnectedState): transition to state 0x4989FB4F (kConnectedState)
    • message 0xE9664888 (kMSGID_TuningVariablesReady) in state 0x4989FB4F (kConnectedState): transition to state 0x4989FB4F (kConnectedState)
  • HouseLoadRegulator: 14 entries at TSOSimulatorClientD_base+0xf8558
    • message 0x5BF7002C (kJoinedRoom) in state 0x6974F26C (kStartedState): transition to state 0x6974F26C (kStartedState)
    • message 0x3BFC2808 (kMSGID_JoinHouseResponse) in state 0x6974F26C (kStartedState): transition to state 0x6974F26C (kStartedState)
    • message 0x7D1A4415 (kMSGID_GenericMessage) in state 0x6974F26C (kStartedState): transition to state 0x6974F26C (kStartedState)
    • message 0x5BF828CB (kRoomJoinFailed) in state 0x6974F26C (kStartedState): transition to state 0x6974F26C (kStartedState)
    • message 0x5BF7002F (kPartedRoom) in state 0x6974F26C (kStartedState): transition to state 0x6974F26C (kStartedState)
    • message 0x9B7ED631 (kMSGID_HouseData) in state 0x6974F26C (kStartedState): transition to state 0x6974F27B (kLoadedEmptyState)
    • message 0x7D1A4415 (kMSGID_GenericMessage) in state 0x6974F27B (kLoadedEmptyState): transition to state 0x6974F27B (kLoadedEmptyState)
    • message 0x1C0A629E (kMSGID_PurgeVisitorRequest) in state 0x6974F27B (kLoadedEmptyState): transition to state 0x6974F27B (kLoadedEmptyState)
    • message 0x294F5AF5 (kMSGID_PurgeVisitorAndDelayedSwitchGameView) in state 0x6974F27B (kLoadedEmptyState): transition to state 0x6974F27B (kLoadedEmptyState)
    • message 0x6A3ED2E9 in state 0x6974F27B (kLoadedEmptyState): transition to state 0x6974F27B (kLoadedEmptyState)
    • message 0x6A4A96D5 in state 0x6974F27B (kLoadedEmptyState): transition to state 0x6974F27B (kLoadedEmptyState)
    • message 0x6A4A96E0 in state 0x6974F27B (kLoadedEmptyState): transition to state 0x6974F27B (kLoadedEmptyState)
    • message 0x5BF828CB (kRoomJoinFailed) in state 0x6974F27B (kLoadedEmptyState): transition to state 0x6974F26C (kStartedState)
    • message 0x5BF7002F (kPartedRoom) in state 0x6974F27B (kLoadedEmptyState): transition to state 0x6974F26C (kStartedState)
  • ClientGamePlayRegulator: 21 entries at TSOSimulatorClientD_base+0xf8600
    • message 0xCA135AB9 in state 0x2A0AFC54: transition to state 0x2A0AFC54
    • message 0x2B09D908 in state 0x2A0AFC54: transition to state 0x2A0AFC54
    • message 0xCB09DAAD in state 0x2A0AFC54: transition to state 0x2A0AFC54
    • message 0x8ED12D38 in state 0x2A0AFC54: transition to state 0x2A0AFC54
    • message 0x4976558A (kAddObjectToInventoryEvent) in state 0x2A0AFC54: transition to state 0x2A0AFC54
    • message 0x4976558F (kMoveObjectToLotEvent) in state 0x2A0AFC54: transition to state 0x2A0AFC54
    • message 0x697655A7 (kDeleteObjectFromInventoryEvent) in state 0x2A0AFC54: transition to state 0x2A0AFC54
    • message 0x0A397EB1 in state 0x2A0AFC54: transition to state 0x2A0AFC54
    • message 0x697655B4 (kFailedAddObjectEvent) in state 0x2A0AFC54: transition to state 0x2A0AFC54
    • message 0x0B567293 in state 0x2A0AFC54: transition to state 0x2A0AFC54
    • message 0x697655B6 (kFailedMoveObjectEvent) in state 0x2A0AFC54: transition to state 0x2A0AFC54
    • message 0x2A8B26C3 in state 0x2A0AFC54: transition to state 0x2A0AFC54
    • message 0x6B32CF19 in state 0x2A0AFC54: transition to state 0x2A0AFC54
    • message 0x6BA15097 in state 0x2A0AFC54: transition to state 0x2A0AFC54
    • message 0x69FF4A62 in state 0x2A0AFC54: transition to state 0x2A0AFC54
    • message 0xCB3BA585 in state 0x2A0AFC54: transition to state 0x2A0AFC54
    • message 0xEF7FBB07 in state 0x2A0AFC54: transition to state 0x2A0AFC54
    • message 0xEF7FBB0E in state 0x2A0AFC54: transition to state 0x2A0AFC54
    • message 0xEF7FBB15 in state 0x2A0AFC54: transition to state 0x2A0AFC54
    • message 0xEF7FBB16 in state 0x2A0AFC54: transition to state 0x2A0AFC54
    • message 0x0CB4CF8E in state 0x2A0AFC54: transition to state 0x2A0AFC54
  • ObjectModuleServerRegulator: 18 entries at TSOSimulatorClientD_base+0xf9b28
    • message 0x092B2A57 (kServerCreateObjectEvent) in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x092B2A59 (kServerKillObjectEvent) in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x09512A6B in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x092B2A5B (kServerCancelInteractionEvent) in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x092B2A6B in state 0xCA392E28: transition to state 0xCA392E28
    • message 0xCA19D865 in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x4A1DE60D in state 0xCA392E28: transition to state 0xCA392E28
    • message 0xAA3DB7C2 in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x8A3BFE54 in state 0xCA392E28: transition to state 0xCA392E28
    • message 0xAA3D4D38 in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x6CBE3481 in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x8CBE3489 in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x0A5D1A43 in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x092B2A5F in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x4B50D2D9 in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x6A3D4FEE in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x6CF2B5EE in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x6CF2FA95 in state 0xCA392E28: transition to state 0xCA392E28
  • ObjectModuleClientRegulator: 23 entries at TSOSimulatorClientD_base+0xf9c00
    • message 0x092B2A58 (kClientCreateObjectEvent) in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x092B2A5D in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x092B2A5E in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x4B50D2D2 in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x092B2A5A (kClientKillObjectEvent) in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x092B2A5C (kClientCancelInteractionEvent) in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x092B2A6C in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x092B2A7C in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x4A1DE615 in state 0xCA392E28: transition to state 0xCA392E28
    • message 0xAA3DB7B9 in state 0xCA392E28: transition to state 0xCA392E28
    • message 0xA93EA4D6 (kClientGotoDestObjectEvent) in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x8A3BFE59 in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x0A3D4D91 in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x6CBE3486 in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x8CBE348D in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x8A3D4FF2 in state 0xCA392E28: transition to state 0xCA392E28
    • message 0xCA5D0217 in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x8A484F92 in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x6AA71D17 in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x8B049413 in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x4BA2A373 in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x6BA2A390 in state 0xCA392E28: transition to state 0xCA392E28
    • message 0x8D05C47C in state 0xCA392E28: transition to state 0xCA392E28
  • SimulatorRegulator: 1 entry at TSOSimulatorClientD_base+0xfd0a0
    • message 0x1B6F221B (kSimRequestMsg) in state 0xCA3FF2A7: transition to state 0xCA3FF2A7
  • ToolRegulator: 9 entries at TSOViewerClientD_base+0x707a0
    • message 0xA952C7A6 (kShoppingClientChangeToolEvent) in state 0x89F4E4BC: transition to state 0x89F4E4BC
    • message 0x09C80739 in state 0x89F4E4BC: transition to state 0x89F4E4BC
    • message 0x6976F109 (kShoppingClientMoveObjectEvent) in state 0x89F4E4BC: transition to state 0x89F4E4BC
    • message 0x69878885 (kClientSetOwnerEvent) in state 0x89F4E4BC: transition to state 0x89F4E4BC
    • message 0x4980E554 (kShoppingClientClearChangeEvent) in state 0x89F4E4BC: transition to state 0x89F4E4BC
    • message 0xA952C7AF (kShoppingChangeToolFailedEvent) in state 0x89F4E4BC: transition to state 0x89F4E4BC
    • message 0x4B941965 in state 0x89F4E4BC: transition to state 0x89F4E4BC
    • message 0x8B96CF0A in state 0x89F4E4BC: transition to state 0x89F4E4BC
    • message 0x2A00E84E in state 0x89F4E4BC: transition to state 0x89F4E4BC
  • Presentation Layer Regulator: 4 entries at TSOViewerClientD_base+0x70958
    • message 0x4A79FA73 in state 0x2A7A0B52: transition to state 0x2A7A0B52
    • message 0x6ABFF7B0 in state 0x2A7A0B52: transition to state 0x2A7A0B52
    • message 0x4989C89C in state 0x2A7A0B52: transition to state 0x2A7A0B52
    • message 0x4989C89F in state 0x2A7A0B52: transition to state 0x2A7A0B52
  • ActionQueueUIRegulator: 9 entries at TSOWinAppD_base+0x217008
    • message 0x092B2A5C (kClientCancelInteractionEvent) in state 0x2A3D8466: transition to state 0x2A3D8466
    • message 0x092B2A6C in state 0x2A3D8466: transition to state 0x2A3D8466
    • message 0xEA19D86B in state 0x2A3D8466: transition to state 0x2A3D8466
    • message 0x4A1DE615 in state 0x2A3D8466: transition to state 0x2A3D8466
    • message 0xAA48042D in state 0x2A3D8466: transition to state 0x2A3D8466
    • message 0xCA135AB9 in state 0x2A3D8466: transition to state 0x2A3D8466
    • message 0x0A08AA60 in state 0x2A3D8466: transition to state 0x2A3D8466
    • message 0xAA31900F in state 0x2A3D8466: transition to state 0x2A3D8466
    • message 0x5BF7002F (kPartedRoom) in state 0x2A3D8466: transition to state 0x2A3D8466
  • MessagingRegulator: 10 entries at TSOWinAppD_base+0x21c348
    • message 0xA92CB404 (kMSGID_FlashMessage) in state 0x8A10C29E: transition to state 0x8A10C29E
    • message 0xE92DA3D1 (kMSGID_FlashMessageResponse) in state 0x8A10C29E: transition to state 0x8A10C29E
    • message 0x6A2E8CD3 in state 0x8A10C29E: transition to state 0x8A10C29E
    • message 0xA92D84BD (kMSGID_SendInstantMessage) in state 0x8A10C29E: transition to state 0x8A10C29E
    • message 0xC961562B (kMSGID_SendLetter) in state 0x8A10C29E: transition to state 0x8A10C29E
    • message 0x8A36889A in state 0x8A10C29E: transition to state 0x8A10C29E
    • message 0x0A2EC64F in state 0x8A10C29E: transition to state 0x8A10C29E
    • message 0x0A2EC650 in state 0x8A10C29E: transition to state 0x8A10C29E
    • message 0x1D6AB192 (kMSGID_AvatarOnlineResponse) in state 0x8A10C29E: transition to state 0x8A10C29E
    • message 0xA97360C5 (GZMSGID_cITSOApprovedTopicUpdate) in state 0x8A10C29E: transition to state 0x8A10C29E

cTSONetMessageStandard[edit]

Fortunately for us, there is a leftover message logging function from developer builds located at TSOServiceClientD_base+0x675c0 which some message handlers (such as cTSOClientLoginRegulator::HandleConnectionEstablished) use to log the messages they receive. (The function constructs a string of the form "cTSOClientLoginRegulator::HandleConnectionEstablished Type = %s, Data1 = %ld, Data2 = %ld, Data3 = %ld, Data4 = %ld, String = '%s', (with extra)" but destroys it at the very end without outputting it.)

By placing a breakpoint on it and single-stepping, we can identify which fields of the cTSONetMessageStandard packet those names refer to.

Thus, using names provided by TSOServiceClientD_base+0x675c0, the format is as follows:

  • Transaction ID - This 4-byte field consists of two shorts, the lower of which increments over time. We can guess that this is a Transaction ID.
  • SendingAvatarID - 4 bytes
  • Flags - 1 byte
  • Message ID - 4 bytes (most common values are 0x3BF82D4E or 0xDBF301A9; 0x897360BF or 0xA97360C5; 0x49736C62 or 0xC9736CE8; 0x09C83484 or 0x29C8348F)
  • If (Flags & (1<<1)):
    • Data1 - 4 bytes
  • If (Flags & (1<<2)):
    • Data2 - 4 bytes
  • If (Flags & (1<<3)):
    • Data3 - 4 bytes
  • If (Flags & (1<<5)):
    • Extra clsid - 4 bytes
    • Extra body - variable bytes
  • If (Flags & (1<<6)):
  • If (Flags & (1<<4)):
    • Data4 - 4 bytes

cTSONetMessageStream[edit]

The format is as follows:

cTSOTopicUpdateMessage[edit]

The format is as follows:

  • Update counter - 4 bytes
  • Message ID - 4 bytes; should be 0xA97360C5 for GZMSGID_cITSOApprovedTopicUpdate
  • Unknown - 4 bytes (Probably m_statusCode)
  • Vector size - A 4-byte unsigned integer specifying the number of elements in the following vector
  • Vector - For each element of the vector
    • Data - 4 bytes
  • cTSOValue clsid - A 4-byte unsigned integer specifying the clsid of a class that accepts the IID 0xE96D0B02 (GZIID_cITSOValueBase). Valid clsids are (note that names are supplied by the RTTI in EA-Land's TSODataServiceClientD.dll):
    • 0x09736027: cTSOTopicUpdateMessage
    • 0x097608AB: cTSOValueVector<unsigned char>
    • 0x097608AF: cTSOValueVector<signed char>
    • 0x097608B3: cTSOValueVector<unsigned short>
    • 0x097608B6: cTSOValueVector<short>
    • 0x0A2C6585: cTSODataTransportBuffer
    • 0x29739B14: cTSOTopic
    • 0x2A404946: cTSOTopicUpdateErrorMessage
    • 0x496A78BC: cTSODataDefinitionContainer
    • 0x696D1183: cTSOValue<bool>
    • 0x696D1189: cTSOValue<unsigned long>
    • 0x69D3E3DB: cTSOValue<unsigned __int64>
    • 0x896D1196: cTSOValue<long>
    • 0x896D11A2: cTSOValueMap<class cRZAutoRefCount<class cITSOProperty> >
    • 0x896D1688: cTSOValue<class cRZAutoRefCount<class cIGZString> >
    • 0x89738492: cTSOValueBVector
    • 0x89738496: cTSOValueVector<unsigned long>
    • 0x8973849A: cTSOValueVector<long>
    • 0x8973849E: cTSOValueVector<class cRZAutoRefCount<class cIGZString> >
    • 0x89739A79: cTSOProperty
    • 0x89D3E3EF: cTSOValue<__int64>
    • 0x89D3E40E: cTSOValueMap<unsigned __int64>
    • 0xA96E38A0: cTSOValueMap<unsigned long>
    • 0xA96E38A8: cTSOValueMap<long>
    • 0xA96E38AC: cTSOValueMap<class cRZAutoRefCount<class cIGZString> >
    • 0xA96E7E5B: cTSOValue<class cRZAutoRefCount<class cITSOProperty> >
    • 0xA97353EE: cTSODataService
    • 0xA97384A3: cTSOValueVector<class cRZAutoRefCount<class cITSOProperty> >
    • 0xA975FA6E: cTSODataServiceClient
    • 0xA99AF3A8: cTSOValueMap<class cRZAutoRefCount<class cIGZUnknown> >
    • 0xA99AF3AC: cTSOValueVector<class cRZAutoRefCount<class cIGZUnknown> >
    • 0xA99AF3B7: cTSOValue<class cRZAutoRefCount<class cIGZUnknown> >
    • 0xA9D3E412: cTSOValueMap<__int64>
    • 0xA9D3E428: cTSOValueVector<unsigned __int64>
    • 0xA9D3E42D: cTSOValueVector<__int64>
    • 0xC976087C: cTSOValue<unsigned char>
    • 0xC97757F5: cTSOValueMap<bool>
    • 0xE976088A: cTSOValue<signed char>
    • 0xE9760891: cTSOValue<unsigned short>
    • 0xE9760897: cTSOValue<short>
    • 0xE976089F: cTSOValueMap<unsigned char>
    • 0xE97608A2: cTSOValueMap<signed char>
    • 0xE97608A5: cTSOValueMap<unsigned short>
    • 0xE97608A8: cTSOValueMap<short>
  • cTSOValue body - To be documented...
  • String - A pascalvlc string (Probably m_reasonText)

cTSODataTransportBuffer[edit]

  • Body size - 4 bytes
  • Body - variable bytes

cTSOTopicUpdateErrorMessage[edit]

  • Unknown - 4 bytes
  • Unknown - 4 bytes
  • Vector size - A 4-byte unsigned integer specifying the number of elements in the following vector
  • Vector - For each element of the vector
    • Data - 4 bytes
  • cTSOValue clsid - A 4-byte unsigned integer specifying the clsid of a class that accepts the IID 0xE96D0B02 (GZIID_cITSOValueBase). For valid clsids, see cTSOTopicUpdateMessage.
  • String - A pascalvlc string (Probably m_reasonText)

Miscellaneous[edit]

Packet logging patch[edit]

On November 17, 2013, Fatbag released a patch to enable packet logging in the client. Incoming and outgoing PDUs are now logged to a file called "packetlog.dat" using the packet logging functionality left over from developer builds, which supplies names to many fields of the PDUs.

The patch can be downloaded here and should be applied to TSONetServiceSimClientD.dll (please keep a copy of the original TSONetServiceSimClientD.dll):

Here is what packetlog.dat looks like when the server sends HostOnlinePDU:

--- INCOMING PDUS ---
Unknown
Message ID: 30
m_HostReservedWords: 
 Number of words: 0
m_pHostParams: 
 m_hostVersion: 32767
 m_clientBufSize: 4096
--- OUTGOING PDUS ---
Unknown
Message ID: 10
m_pVersionInfo: 
 m_majorVersion: 0
 m_minorVersion: 0
 m_pointVersion: 0
 m_artVersion: 0
m_pRelogStats: 
 m_timeRequired: 
  m_time: Wed Dec 31 18:00:00 1969

 m_numberOfAttempts: 0
m_pClientStatus: 
 m_lastExitCode: 13
 m_lastFailureType: 3
 m_failureCount: \x02
 m_isRunning: 1
 m_isRelogging: 0
Unknown
Message ID: 52
m_Ignored: 
 Number of PlayerIDs: 0
Unknown
Message ID: 56
m_action: 0
Unknown
Message ID: 54
m_action: 0
Unknown
Message ID: 50
m_action: 0
Unknown
Message ID: 66
m_action: 0
Unknown
Message ID: 10036
SendingAvatarID :4277006349
Unknown
Message ID: 10002
SendingAvatarID :4277006349
m_pSenderInfo: 
 m_playerID: 
  m_ariesID: 
  m_masterAccount: 
 m_badge: \x00
 m_isAlertable: 0
Unknown
Unknown
Unknown
Message ID: 10014
SendingAvatarID :4277006349
  mRequesterType [1] mRequesterID [1337] mTargetType [1] mTargetID [1337] mSequenceID [0]
Unknown
Unknown
Message ID: 10014
SendingAvatarID :4277006349
  mRequesterType [1] mRequesterID [1337] mTargetType [5] mTargetID [0] mSequenceID [0]
Unknown
Unknown
Message ID: 10014
SendingAvatarID :4277006349
  mRequesterType [1] mRequesterID [1337] mTargetType [6] mTargetID [0] mSequenceID [0]
Unknown
Message ID: 113
Unknown
Message ID: 10025
SendingAvatarID :4277006349
Unknown
Message ID: 10002
SendingAvatarID :4277006349
m_pSenderInfo: 
 m_playerID: 
  m_ariesID: 
  m_masterAccount: 
 m_badge: \x00
 m_isAlertable: 0
Unknown
Message ID: 10036
SendingAvatarID :4277006349
Unknown
Message ID: 10036
SendingAvatarID :4277006349

Regulator logging patch[edit]

On February 03, 2016, Fatbag released a patch that logs (to the terminal) when regulators are created and destroyed and when regulators receive messages. This patch allows us see how the game creates TSOData topic update messages and cTSOSimEvent messages, allowing one to make packets that send the same messages. (This is easy because the cTSONetMessageStandard layout in memory has a very near correspondence with the cTSONetMessageStandard packet structure, and likewise for cTSOTopicUpdateMessage.)

The patch can be downloaded here and should be applied to TSOServiceClientD.dll (please keep a copy of the original TSOServiceClientD.dll):

Before applying the patch, you should enable the command line by opening TSOClient.exe with a hex editor and changing the byte at offset 0x15c from 02 to 03.

Progress bar[edit]

_251_connectprogressdialog.cst carries very useful comments about each stage of the progress bar:

1  ^Connect Progress^
2  ^Overall Progress^
3  ^Current Task^

# Login Steps to enter a city

4  ^Starting engines^                 # City is Selected...
5  ^Talking with the mothership^      # Connecting to City Selector...
6  ^Mapping information superhighway^ # Processing XML response...
7  ^Sterilizing TCP/IP sockets^       # Connecting to City...
8  ^Sockets sterilized^               # Connection Established...
9  ^Reticulating spleens^             # Asking for Avatar data from DB...
10 ^Spleens Reticulated^              # Received Avatar data from DB...
11 ^Purging psychographic metrics^    # Asking for Character data from DB...
12 ^Metrics Purged^                   # Received Character data from DB...
13 ^Pressurizing peer network^        # Asking for Relationships data from DB...
14 ^Network pressurized^              # Received Relationships data from DB...
15 ^Aligning social agendas^          # Asking for Reversed Relationships data from DB...
16 ^Agendas aligned^                  # Received Reversed Relationships data from DB...
17 ^Preparing cartography^            # Loading City map...

The function that updates the progress bar when asked has been spotted at TSOWinAppD_base+0x306d9, taking the number of the CST file as the first argument (251) and the ID of the string as the second argument. The following calls to this function have been found:

CST file String Index String DLL Location of call (virtual address)
_211_housesimloginstrings.cst 23 Verifying permissions... TSOServiceClientD.dll 0x10021426
_251_connectprogressdialog.cst 7 Sterilizing TCP/IP sockets TSONetServiceSimClientD.dll 0x1006E1BD
8 Sockets sterilized TSONetServiceSimClientD.dll 0x1006E1D7
9 Reticulating spleens TSOServiceClientD.dll 0x1002B4E1
10 Spleens Reticulated TSOServiceClientD.dll 0x1002B4F6
11 Purging psychographic metrics TSOServiceClientD.dll 0x1002BA77
12 Metrics Purged TSOServiceClientD.dll 0x1002BA8C
13 Pressurizing peer network TSOServiceClientD.dll 0x1002BB6F
14 Network pressurized TSOServiceClientD.dll 0x1002BB84
15 Aligning social agendas TSOServiceClientD.dll 0x1002BC09
16 Agendas aligned TSOServiceClientD.dll 0x1002BC1E
17 Preparing cartography TSOServiceClientD.dll 0x10020C7C

Current progress[edit]

Specifying niotso.org as the host for the authorization server and city selection server is enough to get into Select-A-Sim in any version of the game. The instructions are:

  • Make a backup of sys/gameentry.ini. Then open it with a text editor and set the "Server" field to niotso.org. If your version of TSO also has a gamedata/sys/ folder, do the same thing with the copy of gameentry.ini in that folder.
  • Make a backup of sys/cityselector.ini. Then open it with a text editor and set the "ServerName" field to niotso.org. Keep "ServerPort" at 80. If your version of TSO also has a gamedata/sys/ folder, do the same thing with the copy of cityselector.ini in that folder.
  • The niotso.org server does not support HTTPS, so disable it in your client through the following steps:
    • Make a backup of authlogin.dll. Then open it with a hex editor. Replace the 5 bytes "68 00 30 C0 84" (in version 1.1097.1.0 these appear at offset 0x8325) with "68 00 00 40 84". Also, replace the 5 bytes "68 BB 01 00 00" (in version 1.1097.1.0 these appear at offset 0x82AC) with "68 50 00 00 00".
    • Make a backup of TSOServiceClientD.dll. Then open it with a hex editor. Replace the 8 bytes "68 74 74 70 73 3A 2F 2F" (in version 1.1097.1.0 these appear at offset 0x923C0) with "68 74 74 70 3A 2F 2F 00".
    • Make a backup of InternetServiceD.dll. Then open it with a hex editor. Replace the 7 bytes "74 07 68 BB 01 00 00" (in version 1.1097.1.0 these appear at offset 0x17B2) with "EB 07 68 BB 01 00 00". Not all versions of the game contain this code (Play Test and EA-Land do not), so for those versions, this file should remain untouched.

The niotso.org server specifies 127.0.0.1:49100 as the city server to the client. If you decide to proceed into Create-A-Sim, the map view, or a lot, you will need to run TSO-SE in the background before doing this.

To login, the username is asdf and the password is hjkl.

You can download pre-made PDUs here:

When you get to "35%: Sockets sterilized", TSO-SE should report "Accepted connection. To see the list of commands, type 'help'." (If it does not do this, make sure TSO-SE is whitelisted in Windows Firewall, because it listens on port 49100.) To advance past this, type "send hostonlinepdu.dat" in TSO-SE. This is enough to get you into Create-A-Sim; for the map view, this gets you to "64%: Metrics purged", so type "send loadavatarbyid.dat" (after hostonlinepdu.dat) and this will get you into the map view.

Some screenshots of the current progress: