Metin2 Adminpage Buffer Exploit Fix

[mt2user01]

ROHAN2 WORLD 1-120 TR TİPİ OFFICIAL YOHARA, BALATHOR VE AMON! 80. GÜNÜNDE! +10.000 ONLİNE! HİLE VE BOT %100 ENGELLİ HEMEN TIKLA!

hocam bu işlemden sonra bu aşşağıdaki sorununda önüne geçmiş olurmuyuz?, yoksa aşşağıdakinide uygulamamız gerekirmi?
@Luigina

son günlerde serverlere girip item dupelayıp serveri crashleyen arkadaştan kurtulmanız için basit fix

isteyen kullansın istemeyende şu bu yazmasın dönemeyecem öptüm

[CODE lang="cpp" title="input_main.cpp arat"]int CInputMain::Analyze(LPDESC d, BYTE bHeader, const char * c_pData)
{
LPCHARACTER ch;

if (!(ch = d->GetCharacter()))
{
sys_err("no character on desc");
d->SetPhase(PHASE_CLOSE);
return (0);
}

int iExtraLen = 0;

if (test_server && bHeader != HEADER_CG_MOVE)
sys_log(0, "CInputMain::Analyze() ==> Header [%d] ", bHeader);[/CODE]

[CODE lang="cpp" title="altına ekle"]if (ch->GetDesc()->GetPhase() != PHASE_GAME && ch->GetDesc()->GetPhase() != PHASE_DEAD)
{
sys_err("no character in game");
sys_log(0, "no character in game %u %u %u", ch->GetPlayerID(), ch->GetDesc()->GetPhase(), bHeader);
d->SetPhase(PHASE_CLOSE);
return (0);
}[/CODE]

[CODE lang="cpp" title="desc.h ara"]bool IsPhase(int phase) const { return m_iPhase == phase ? true : false; }[/CODE]

[CODE lang="clike" title="altına ekle"]int GetPhase() const { return m_iPhase; }[/CODE]

Spoyler: Olası Durumlar Örnek;

Log ;
Ekli dosyayı görüntüle 62977


Ekli dosyayı görüntüle 62978

Bazı crash örnek;

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0813869a in CItem::GetSize (this=0x4e0c7680) at item.h:46
46      item.h: No such file or directory.
[Current thread is 1 (LWP 101075)]
(gdb) backtrace
#0  0x0813869a in CItem::GetSize (this=0x4e0c7680) at item.h:46
#1  CInputMain::SafeboxCheckin (this=0x4e6a5d9c, ch=0x33418640,
    c_pData=0x4d431d40 "F\027\a\a") at input_main.cpp:2074
#2  0x0813eaf3 in CInputMain::Analyze (this=0x4e6a5d9c, d=0x4e6a5d00,
    bHeader=70 'F', c_pData=0x4d431d40 "F\027\a\a") at input_main.cpp:4013
#3  0x081288f5 in CInputProcessor::Process (iBytes=5,
    r_iBytesProceed=@0xffff9d38: 0, c_pvOrig=0x4d431d40, lpDesc=0x4e6a5d00,
    this=0x4e6a5d9c) at input.cpp:102
#4  CInputProcessor::Process (this=0x4e6a5d9c, lpDesc=0x4e6a5d00,
    c_pvOrig=0x4d431d40, iBytes=5, r_iBytesProceed=@0xffff9d38: 0)
    at input.cpp:62
#5  0x080fe52e in DESC::ProcessInput (this=0x4e6a5d00) at desc.cpp:313
#6  0x08219a65 in io_loop (fdw=0x2988f260) at main.cpp:1004
#7  0x08219cb1 in idle () at main.cpp:887
#8  idle () at main.cpp:856
#9  0x0806e1e5 in main (argc=<optimized out>, argv=<optimized out>)
    at main.cpp:533
(gdb) bt full
#0  0x0813869a in CItem::GetSize (this=0x4e0c7680) at item.h:46
No locals.
#1  CInputMain::SafeboxCheckin (this=0x4e6a5d9c, ch=0x33418640, c_pData=0x4d431d40 "F\027\a\a") at input_main.cpp:2074
        p = 0x4d431d40
        pkSafebox = 0x4d852d00
        pkItem = 0x4e0c7680
        szHint = "\360\000\000\000\320\341\377\377\b\340\377(\024\234\377\377\277\a\366(\314\342\377\377\000\234\377\377O\276\036\000\003\000\000\000\b\340\377(\240\363\214e\210\225\360\n&\362\320O\003\000\000\000\320\037\233\b\201h<\000 \234\377\377+\016{\aY;M(N\000\000\000\320\037\233\b\b\340\377(<\234\377\377\022\a\366(\001\000\000\000\224\063ka\206\235|\307}\252\a\225Y;M(x\234\377\377\000\000\000\000\b\340\377("
#2  0x0813eaf3 in CInputMain::Analyze (this=0x4e6a5d9c, d=0x4e6a5d00, bHeader=70 'F', c_pData=0x4d431d40 "F\027\a\a") at input_main.cpp:4013
        ch = 0x33418640
        __FUNCTION__ = "Analyze"
        iExtraLen = 0
#3  0x081288f5 in CInputProcessor::Process (iBytes=5, r_iBytesProceed=@0xffff9d38: 0, c_pvOrig=0x4d431d40, lpDesc=0x4e6a5d00, this=0x4e6a5d9c) at input.cpp:102
        iExtraPacketSize = <optimized out>
        bHeader = 70 'F'
        c_pszName = 0x4a98cf1c "SafeboxCheckin"
        c_pData = 0x4d431d40 "F\027\a\a"
        bLastHeader = 0 '\000'
        iLastPacketLen = 0
        iPacketLen = 5
        c_pData = <optimized out>
        bLastHeader = <optimized out>
        iLastPacketLen = <optimized out>
        iPacketLen = <optimized out>
        __FUNCTION__ = "Process"
        bHeader = <optimized out>
        c_pszName = <optimized out>
        iExtraPacketSize = <optimized out>
#4  CInputProcessor::Process (this=0x4e6a5d9c, lpDesc=0x4e6a5d00, c_pvOrig=0x4d431d40, iBytes=5, r_iBytesProceed=@0xffff9d38: 0) at input.cpp:62
        c_pData = 0x4d431d40 "F\027\a\a"
        bLastHeader = 0 '\000'
        iLastPacketLen = 0
        iPacketLen = <optimized out>
        __FUNCTION__ = "Process"
        bHeader = <optimized out>
        c_pszName = <optimized out>
        iExtraPacketSize = <optimized out>
#5  0x080fe52e in DESC::ProcessInput (this=0x4e6a5d00) at desc.cpp:313
        iBytesProceed = 0
        bytes_read = 5
        __FUNCTION__ = "ProcessInput"
#6  0x08219a65 in io_loop (fdw=0x2988f260) at main.cpp:1004
        iRet = <optimized out>
        d = 0x4e6a5d00
        num_events = 118
        event_idx = 103
        __FUNCTION__ = "io_loop"
#7  0x08219cb1 in idle () at main.cpp:887
        now = {tv_sec = 1634415508, tv_usec = 541315}
        passed_pulses = <optimized out>
        t = 948579
        pta = {tv_sec = 1634415508, tv_usec = 23440}
        process_time_count = 13
        now = {tv_sec = <optimized out>, tv_usec = <optimized out>}
        passed_pulses = <optimized out>
        t = <optimized out>
#8  idle () at main.cpp:856
        now = {tv_sec = <optimized out>, tv_usec = <optimized out>}
        passed_pulses = <optimized out>
        t = <optimized out>
        pta = {tv_sec = 1634415508, tv_usec = 23440}
        process_time_count = 13
--Type <RET> for more, q to quit, c to continue without paging--Quit

 

[dzceliemre]

Başarılar

 

[EJDER]

Paylaşım için teşekkürler.

 

[ByMoDuS]

Paylaşım için teşekkürler.

 

[mamiyt78]

Paylaşım için teşekkürler