Home
by This will be the one and only time I release such a fix.
Why?
After releasing a fix, people will start finding out a new exploit.
You all who don't know how to fix such things by yourself should learn it, it's easy.
Explanation
62 00 91 44 10 00 04 01 00 00 00 01 00
This is the crash packet exidis trainer is using.
Do not worry about the bolded byte yet.
Now, some of you who have no idea about that stuff could wonder now, how I found out what that packet does.
Answer: You see the first byte of the packet (0x62 in this case), it's the header of the packet (in hex).
In your players.cpp it does check for the header of the packet and does assign it to the correct function. So:
| Code: |
| case 0x62: Inventory::itemMove(this ,buf+2); break; |
You see? So I knew the crash has something to do with this function.
Now open up Inventory.cpp and look up for the itemMove function.
In there I did set printf(()'s before and after every action that it
writes something in the console before/after it does/did something.
After this whole shit I found out that it crashs in this line:
| short amount = getShort(packet+9); |
So that means, it can't assign packet+9 to this variable.
Now, remember the byte I bolded in the crash-packet? It was 01, and that's exactly what it tries to assign to the variable. So I just wrote a little check, like that:
| if(packet[9] != 1) amount = getShort(packet+9); else return; |
It checks if packet[9] is 1. if it's not 1 it will just assign it to the variable ammount, else it will stop.
Done!
You see, it's very easy ye?
How to fix
- Open up your Inventory.cpp
- Look up for the itemMove function
- Replace the function with this:
| void Inventory::itemMove(Player* player, unsigned char* packet){ char inv = packet[4]; short slot1 = getShort(packet+5); short slot2 = getShort(packet+7); if(inv == 1){ if(slot2 == 0){ InventoryPacket::moveItem(player, inv, slot1, slot2); Equip* equip = NULL; int num; for(int i=0; i<player->inv->getEquipNum(); i++){ if(player->inv->getEquipPos(i) == slot1){ equip = player->inv->getEquip(i); num = i; break; } } if(equip==NULL) return; Drop* drop = new Drop(player->getMap()); drop->setID(equip->id); drop->setOwner(player->getPlayerid()); drop->setTime(0); drop->setEquip(true); Dropped dropper; dropper.id = player->getPlayerid(); dropper.pos = player->getPos(); drop->setPos(player->getPos()); DropInfo dropi; dropi.type = equip->type; dropi.scrolls = equip->scrolls; dropi.slots = equip->slots; dropi.istr = equip->istr; dropi.idex = equip->idex; dropi.iint = equip->iint; dropi.iluk = equip->iluk; dropi.ihp = equip->ihp; dropi.imp = equip->imp; dropi.iwatk = equip->iwatk; dropi.imatk = equip->imatk; dropi.iwdef = equip->iwdef; dropi.imdef = equip->imdef; dropi.iacc = equip->iacc; dropi.iavo = equip->iavo; dropi.ihand = equip->ihand; dropi.ijump = equip->ijump; dropi.ispeed = equip->ispeed; drop->setDropInfo(dropi); drop->doDrop(dropper); player->inv->deleteEquip(num); return; } for(int i=0; i<player->inv->getEquipNum(); i++){ if(player->inv->getEquipPos(i) == slot1){ for(int j=0; j<player->inv->getEquipNum(); j++){ if(player->inv->getEquipPos(j) == slot2){ player->inv->setEquipPos(j, slot1); break; } } player->inv->setEquipPos(i, slot2); break; } } InventoryPacket::moveItem(player, inv, slot1, slot2); InventoryPacket::updatePlayer(player); } else { if(slot2 == 0){ short amount; if(packet[9] != 1) amount = getShort(packet+9); else { printf("'%s' tried to crash the Server with exidis crash packet \n", player->getName()); return; } Item* item; int num; for(int i=0; i<player->inv->getItemNum(); i++){ if(player->inv->getItemPos(i) == slot1 && player->inv->getItem(i)->inv == inv){ item = player->inv->getItem(i); num = i; break; } } if(item==NULL) return; if (ISSTAR(item->id)) amount = item->amount; if(item->amount - amount == 0){ item->amount = 0; InventoryPacket::moveItem(player, inv, slot1, slot2); } else{ item->amount -= amount; InventoryPacket::moveItemS(player, inv, slot1, item->amount); } Drop* drop = new Drop(player->getMap()); drop->setID(item->id); drop->setOwner(player->getPlayerid()); drop->setTime(0); drop->setAmount(amount); Dropped dropper; dropper.id = player->getPlayerid(); dropper.pos = player->getPos(); drop->setPos(player->getPos()); drop->doDrop(dropper); if(item->amount == 0) player->inv->deleteItem(num); return; } int stack=0; int amount1=0; int amount2=0; for(int i=0; i<player->inv->getItemNum(); i++){ if(player->inv->getItemPos(i) == slot1 && player->inv->getItem(i)->inv == inv){ for(int j=0; j<player->inv->getItemNum(); j++){ if(player->inv->getItemPos(j) == slot2 && player->inv->getItem(j)->inv == inv){ if(player->inv->getItem(i)->id == player->inv->getItem(j)->id){ if(player->inv->getItem(j)->amount + player->inv->getItem(i)->amount <= Drops::items[player->inv->getItem(i)->id].maxslot){ stack=1; Item* newitem = player->inv->getItem(j); newitem->amount += player->inv->getItem(i)->amount; amount1 = newitem->amount; player->inv->setItem(newitem, j); player->inv->deleteItem(i); } else{ stack=2; Item* newitem1 = player->inv->getItem(j); Item* newitem2 = player->inv->getItem(i); int amountt = player->inv->getItem(j)->amount; newitem1->amount = Drops::items[player->inv->getItem(j)->id].maxslot; newitem2->amount -= newitem1->amount - amountt; amount2 = newitem1->amount; amount1 = newitem2->amount; player->inv->setItem(newitem1, j); player->inv->setItem(newitem2, i); } } else player->inv->setItemPos(j, slot1); break; } } if(stack==0) player->inv->setItemPos(i, slot2); break; } } if(stack==0) InventoryPacket::moveItem(player, inv, slot1, slot2); else if(stack==1){ InventoryPacket::moveItemS(player, inv, slot2, amount1); InventoryPacket::moveItem(player, inv, slot1, 0); } else if(stack==2) InventoryPacket::moveItemS2(player, inv, slot1, amount1, slot2, amount2); } } |
PS: It will write the IGN of someone who tries to crash the server in the console.
Credits to rEakW0n
Cya,
Danny
