+- LCKB (https://lckb.dev/forum)
+-- Forum: ** OLD LCKB DATABASE ** (https://lckb.dev/forum/forumdisplay.php?fid=109)
+--- Forum: Guides & Help Section (https://lckb.dev/forum/forumdisplay.php?fid=193)
+---- Forum: Tutorials & Guides (https://lckb.dev/forum/forumdisplay.php?fid=124)
+----- Forum: Ep1 Guides (https://lckb.dev/forum/forumdisplay.php?fid=178)
+----- Thread: Guild exp contribution bug fix (/showthread.php?tid=614)
- blankname - 01-18-2012
all you need to do is open gameserver.exe with an hex editor and edit the following offsets
0x000164CE E9 0F 1B 21 00
0x000179AD E9 1A 06 21 00
0x00227FCC 7C 05
0x00227FCE 83 F8 32
0x00227FD1 7E 05
0x00227FD3 E9 C8 FB DE FF
0x00227FD8 8B 45 D4
0x00227FDB 8B 08
0x00227FDD E9 D0 F9 DE FF
0x00227FE2 7C 05
0x00227FE4 83 F8 32
0x00227FE7 7E 05
0x00227FE9 E9 D3 E6 DE FF
0x00227FEE 8B 45 C0
0x00227FF1 8B 08
0x00227FF3 E9 DB E4 DE FF
this will not work if your gs already is patched with something else at offset 0x00227FCC+
if so, post it here and ill patch it for you
- Falo - 01-18-2012
i made the same fix some minutes ago, but i use a different server, this is where the exploit packet gets read
in helper.exe:
1. patch, jump into codecave
004209A5 - E9 A6662100 JMP Helper.00637050
004209AA 90 NOP
004209AB 90 NOP
004209AC 90 NOP
2. patch, check edx (fame) and eax (exp) for buggy values (<=0 and >= 100)
00637050 8B55 8C MOV EDX,DWORD PTR SS:[EBP-74] //copy fame to edx
00637053 83FA 00 CMP EDX,0 // compare with 0
00637056 7D 05 JGE SHORT Helper.0063705D // jump if >= 0
00637058 BA 00000000 MOV EDX,0 // else fame = 0
0063705D 83FA 64 CMP EDX,64 // compare with 100
00637060 7E 05 JLE SHORT Helper.00637067 // jump if <= 100
00637062 BA 64000000 MOV EDX,64 // else fame = 100
00637067 52 PUSH EDX
00637068 8B45 98 MOV EAX,DWORD PTR SS:[EBP-68] //copy exp to eax
0063706B 83F8 00 CMP EAX,0// compare with 0
0063706E 7D 05 JGE SHORT Helper.00637075// jump if >= 0
00637070 B8 00000000 MOV EAX,0 // else exp = 0
00637075 83F8 64 CMP EAX,64// compare with 100
00637078 7E 05 JLE SHORT Helper.0063707F// jump if <= 100
0063707A B8 64000000 MOV EAX,64// else exp = 100
0063707F 50 PUSH EAX
00637080 8955 8C MOV DWORD PTR SS:[EBP-74],EDX // copy values back, so gameserver has the same fix and not only db
00637083 8945 98 MOV DWORD PTR SS:[EBP-68],EAX //
00637086 - E9 2299DEFF JMP Helper.004209AD // jump back
0063708B 90 NOP
- Darquise - 01-26-2012
Is this Bug in The 2.0 version already patched?
- Hisoka - 02-22-2012
blackname yours doenst work
it give a crash.
falo:
you should write mote clearly
is you fix made for gameserver or for helper server
in the top you write: you use another server (helper.exe) later you write its fixed in gameserver.exe
now where should i fix this?
- balkia1 - 04-22-2012
I dont find the Offsets in the Gameserver or in the Helper o0 Did i made something wrong?
- LCE DEV - 06-26-2012
need a new GS