LCKB ** OLD LCKB DATABASE ** Guides & Help Section Tutorials & Guides Ep1 Guides v
Guild exp contribution bug fix

Threaded Mode
Guild exp contribution bug fix
blankname Offline
Member
***
Posts: 56
Threads: 8
Thanks Received: 0 in 0 posts
Thanks Given: 0
Joined: Jun 2011
Reputation: 0
#1
01-18-2012, 03:56 PM

all you need to do is open gameserver.exe with an hex editor and edit the following offsets

 

0x000164CE E9 0F 1B 21 00
0x000179AD E9 1A 06 21 00

0x00227FCC 7C 05
0x00227FCE 83 F8 32
0x00227FD1 7E 05
0x00227FD3 E9 C8 FB DE FF
0x00227FD8 8B 45 D4
0x00227FDB 8B 08
0x00227FDD E9 D0 F9 DE FF
0x00227FE2 7C 05
0x00227FE4 83 F8 32
0x00227FE7 7E 05
0x00227FE9 E9 D3 E6 DE FF
0x00227FEE 8B 45 C0
0x00227FF1 8B 08
0x00227FF3 E9 DB E4 DE FF

 

this will not work if your gs already is patched with something else at offset 0x00227FCC+

 

if so, post it here and ill patch it for you

Find
Falo Offline
Junior Member
**
Posts: 11
Threads: 2
Thanks Received: 0 in 0 posts
Thanks Given: 0
Joined: Jun 2011
Reputation: 0
#2
01-18-2012, 05:04 PM

i made the same fix some minutes ago, but i use a different server, this is where the exploit packet gets read

 

in helper.exe:

 

1. patch, jump into codecave

004209A5 - E9 A6662100 JMP Helper.00637050
004209AA 90 NOP
004209AB 90 NOP
004209AC 90 NOP

2. patch, check edx (fame) and eax (exp) for buggy values (<=0 and >= 100)

00637050 8B55 8C MOV EDX,DWORD PTR SS:[EBP-74] //copy fame to edx
00637053 83FA 00 CMP EDX,0 // compare with 0
00637056 7D 05 JGE SHORT Helper.0063705D // jump if >= 0
00637058 BA 00000000 MOV EDX,0 // else fame = 0
0063705D 83FA 64 CMP EDX,64 // compare with 100
00637060 7E 05 JLE SHORT Helper.00637067 // jump if <= 100
00637062 BA 64000000 MOV EDX,64 // else fame = 100
00637067 52 PUSH EDX
00637068 8B45 98 MOV EAX,DWORD PTR SS:[EBP-68] //copy exp to eax
0063706B 83F8 00 CMP EAX,0// compare with 0
0063706E 7D 05 JGE SHORT Helper.00637075// jump if >= 0
00637070 B8 00000000 MOV EAX,0 // else exp = 0
00637075 83F8 64 CMP EAX,64// compare with 100
00637078 7E 05 JLE SHORT Helper.0063707F// jump if <= 100
0063707A B8 64000000 MOV EAX,64// else exp = 100
0063707F 50 PUSH EAX
00637080 8955 8C MOV DWORD PTR SS:[EBP-74],EDX // copy values back, so gameserver has the same fix and not only db
00637083 8945 98 MOV DWORD PTR SS:[EBP-68],EAX //
00637086 - E9 2299DEFF JMP Helper.004209AD // jump back
0063708B 90 NOP

Find
Darquise Offline
Member
***
Posts: 163
Threads: 16
Thanks Received: 0 in 0 posts
Thanks Given: 0
Joined: Sep 2011
Reputation: 0
#3
01-26-2012, 06:16 AM
Is this Bug in The 2.0 version already patched?

Find
Hisoka
Unregistered
 
#4
02-22-2012, 07:47 AM

blackname yours doenst work

it give a crash.

falo:

you should write mote clearly Smile

is you fix made for gameserver or for helper server

in the top you write: you use another server (helper.exe) later you write its fixed in gameserver.exe

now where should i fix this?

balkia1 Offline
Junior Member
**
Posts: 43
Threads: 1
Thanks Received: 0 in 0 posts
Thanks Given: 0
Joined: Nov 2011
Reputation: 0
#5
04-22-2012, 11:10 AM
I dont find the Offsets in the Gameserver or in the Helper o0 Did i made something wrong?

Find
LCE DEV
Unregistered
 
#6
06-26-2012, 08:26 PM
need a new GS


Forum Jump:


Users browsing this thread: 1 Guest(s)