Anarchy

50, actually ;o and I liked this part better

Negative comments should not be removed, and if they are, then positive comments should also. Removing the negative comments towards this server will only hurt the players who come and read this topic and think "oh there's nothing negative posted so it must be good" and then go and play, then 3 weeks down the line when they close the server, that player will have lost all the time and effort they put in, and possibly any money they donated to the server. I say leave the negative comments, it makes for a fairer assessment of the server, and as everything posted by myself is true and based in fact, you can't say it is just random flame.

omg Have any of you guys seen that south park episode where cartman breaks his funny fuse? If you haven't, google it, because this post just made that happen to me. You have to be joking me... PyroMaker's original L2Vendetta was minuscule compared to every other server open at the time, his server NEVER gained over 1000 players vs servers like the original L2Paradise which had over 5000 and the original L2Forever which touched close to 2000 and the original L2Revenge which came close to 3000. ALL of which were open for just as long and in some cases longer than L2Vendetta. And I don't blame him for accepting donations, a server cannot be sustained without donations. But that's not the point here, the point is that this server along with 99% of servers opened by little kids like this are opened FOR DONATIONS, which means if they don't get the donations they wanted in the first month or so they will close, just as they did with previous versions of L2Vendetta AND L2Dismay. These are facts, not assumptions otherwise both L2Dismay and L2Vendetta would still be open. I just pitty the ignorance of this reply... No, a server does not take a lot of work or money, the only work put into this upcoming server is going to be simple script additions and changes that can be made by any 5 year old with a keyboard and basic understanding of the game, and the rest will be copied and pasted from this forum. It does not take a lot of money to start a server, a dedicated server capable of hosting 1000 players can be purchased for no more than $200 per month and a web host will cost no more than $5 per month, all of the files required to start a plug-and-play server, like this one will be, are all available publicly on this forum, and all you need to do is download them and follow any of the 50 guides posted on this site and others.

This made me giggle like a little school girl... Comparing the developer ability of Sawk and PyroMaker is like comparing two pieces of dog shit. Shit is shit, doesn't need comparison.

I'm sorry but when I heard about this I actually fell off my chair laughing. Lets look at some facts here... PyroMaker, for some reason is idolised in this forum despite the fact he can only change numbers in text files, has opened L2Vendetta 3 times (or was it 2?), and closed each time because he wasn't getting enough donations to line his pockets with. Vim, worse than PyroMaker which almost seems impossible, opened L2Dismay twice and closed both times for the exact same reason. I mean lets face it, they are using L2Paradise's name for the same reason that dizzan has used 5 other server's names, and as soon as the donations get low the server will close again. So someone please explain to me why everyone thinks a server created by the combination of 2 of the greediest server owners in the history of L2, is going to be a great server?

"but the rest of it for sure" so you can code AI and debug it in its compiled form? If the answer to that is no, I'm afraid to break it to you, you can't do a lot of shit. Scripts = changing numbers in text files, it aint rocket science... Most people think you never need to know AI in it's compiled form as there are NASC-like compilers readily available, but go look in help sections of any l2off dev forum and you will find a large amount topics where the compilers have failed because of simple syntactical errors and end up compiling blank values to push_const instructions, not to mention none of the compilers support the full shared data structure as they should, and only support values which have already been used in the AI that came with the pack, which also means they can't support the relocated variables of dvampire. It's not my intention (at least not directly) to belittle you for having less knowledge than me in this area, but it annoys the absolute shit out of me when "developers" claim they can do "pretty much everything" when in fact they can only change numbers in text files, when people do that it devalues the title of "developer" so much that people who actually spent years analysing and learning are grouped together with children who have no knowledge at all.

This is a guide for attaching an extender to your L2Server.exe using NTCore's Explorer Suit. First, download and install NTCore's Explorer Suit. You can download it from NTCore's website here. Once you have done that, the tool from Explorer Suit we are going to use is the CFF Explorer, which is located usually in C:\Program Files\NTCore\Explorer Suite\CFF Explorer.exe or Start -> Programs -> Explorer Suit -> CFF Explorer. Now go to File -> Open, and locate your L2Server.exe Now you need to click on "Import Adder" on the left side of the window, and then click the "Add" button, as shown below. Now you need to locate your extender and click open. Once you have done that it should look like the screenshot below. Now you click on the function you wish to import, in my case "DllMain", and click the button "Import By Name" and then click the large button "Rebuild Import Table". This next step is important, you must now click "Rebuilder" on the left side, then check the box named "Build Import Table" and then click "Rebuild", as shown below. Now you can go to File->Save and save your L2Server.exe and your extender is now attached. (If you got an error saying that it cannot find any exported functions, that means you haven't exported your function in your extender correctly, or if the extender is not one you have created, then the creator is most likely using a LoadLibrary method to import that extender, and the above method will not work for attaching it.)

I was going to make quite a mean post regarding your 3 years experience with l2off, but instead I just have a question or 2... what can you actually do? You say you are really good in everything server side... what does that entail? Can you make extenders? Can you write AI, and debug that AI in it's compiled form, not NASC? Can you interpret LinError.txt properly and understand what is causing crashes? Can you read logs correctly and determine how, for example, someone has used an exploit or come across a bug? and finally, if you find yourself in need of a tool or application that doesn't exist for a certain task, what do you do? A. Tell your player's it can't be done. B. Pay someone to make it for you C. Make it yourself I understand that your topic is to recruit developers, which in itself shows that you are lacking in certain areas, but I am just trying to understand the level at which you are, given that you have been working with l2off for 3 years, and are "really good in everything Server side".

Even with amped and the c4 version of depmax... you are still looking at no less than 10 dupe exploits and 5 or so crash exploits... You need either an extender dev, or deep pockets.

credits?

No, that's because you are probably using the default dance/song buffs, which are party only... so you either create new skills that aren't party only, or change your default songs/dances.

so use it then, the only reason I didn't is because I don't redistribute other people's work without their permission, plus as this was only a demonstration project to replace 4 bytes, it wasn't needed... or I would of included my memory writing class.

I find this forum extremely lacking in information for users on extenders, and the only semi-useful shares are pieces of code written by developers which are of no use to the average user or new-comer to the L2 Official experience. Many people also believe that as a result of commercially available extenders, such as dvampire and depmax, that there is no need for the average L2Off server owner to write their own extenders. But there are many things that neither dvampire or depmax do which can be of use to some. So I have decided to write this little guide, with the full source-code included, that will show first of all how to create an IDA Pro Database for your L2Server.exe, and then how to remove the length limit from the //announce GM command using an extender. I'm aiming this guide towards people who maybe know a little C++ but feel intimidated by the prospects of creating an extender, but rest assured, the basic's are quite easy once you get into it. This guide is written for the dvampire L2Server.exe and so any addresses mentioned will only be valid for that exe, that also applies to the source. Source -> http://rapidshare.com/files/394471289/Extender.rar.html Attaching Guide -> http://www.maxcheaters.com/topic/75684-guide-attaching-an-extender/ The first thing you need when starting with extenders is IDA Pro, this program will disassemble the L2Server.exe into assembly, which is invaluable to any extender developer. Some ASM knowledge is required, but the basics required to create simple but useful extenders are pretty easy to learn. So, lets start by creating an IDA Pro database. Once you have downloaded and installed IDA Pro, you must open the 64bit version. You do not require a 64bit operating system to do this, so it is better you create an IDA database on your PC and not your server. Once opened, you will be prompted by the "Welcome to IDA!" screen. The icon on the task bar, and at the top left of the welcome screen, should have a red "64" at the top right corner. This means you are running the 64bit version of IDA Pro, if you do not see the red "64" you are running the wrong version. Click the "New" button, and then IDA Pro will open and prompt you with the "New Disassembly Database" window. Double click the "PE Executable" Icon and IDA will then ask you to locate the PE Executable you wish to disassemble, which is your L2Server.exe, so navigate to your L2Server.exe and select it. You will now be prompted with the "PE Executable file loading wizard", with the latest version of IDA Pro, you don't have to change any of the analysis options to get a decent database, but the more advanced users may want/need to change some settings to get a correct analysis. If you want to change these settings, check the "Analysis Options" box and click next. I typically uncheck "Delete instructions with no xrefs" and "Create offset if data xref to seg32 exists" (After analysis and string generation I usually re-enable the 2nd option and reanalze to fix the data that should be offsets, without breaking unicode strings). Then just keep clicking next until the wizard closes. IDA may then ask you to locate various .dll files depending on what other extenders are already attached to the L2Server.exe you have loaded, you can either locate these files and load them, or just click cancel as they are not necessary for the creation of the database. IDA will also ask if you wish to locate the debug information file, which you don't have, so click No. ( It doesn't matter if you click yes or no, as IDA will not find that file either way ) Now IDA will start analysing your L2Server.exe, depending on your computer's performance this process could take 5 minutes, or something like 20 minutes. For me it takes no longer than 5 minutes, and you can tell when it has finished by the auto analysis status icon on the toolbar, which looks like a yellow circle when IDA is still analysing, and it will turn green when it is done, you will also see "The initial autoanalysis has been finished" in the output window at the bottom of the IDA screen. Older versions of IDA will automatically generate strings on completion of the analysis, but the version I'm using doesn't, and so I go to View->Open Subviews->Strings (or SHIFT+F12) to generate the strings. Congratulations. You have now created your IDA Database. Now comes the more difficult part, now you have created your IDA Database you need to use it to find and fix the length limit for the //announce function. For peoeple who aren't familliar with the structure of the l2server it may be difficult at first to find your way around, but after a while it becomes pretty easy. NCSoft has made our job as extender developers a lot easier because of the way they handle crashes, anyone who has seen a LinError.txt will have noticed the call-stack dump containing a lot of function names, and this is ultimately the easiest way to find a function you are looking for, by searching in the IDA Strings window for the name of the function. The function we need to find is the builder command handler function for the //announce command. So to start looking, go to the strings window, click search at the top of the screen, and then click search under that (or ALT+T Shortcut), and then as we are looking for the announce function, type announce into the box and hit enter. As your analysis may not go exactly the same as mine, and you may be using a different L2Server.exe, the strings that your search picks up may not be in the same order as mine. The first result I get is 'set_interval_announce', which is another GM command, but not the one we are looking for, so I hit CTRL+T to find the next result, and my next results are, critannounce, delannounce, setannounce, and then the command we are looking for... announce. This string is the command which is stored in the builder command handler array, and you can use this string to find the announce function but it is easier to carry on searching for the actual announce function. So CTRL+T once more brings us to exactly what we are looking for, BuilderCmd_announce, this string is the function name used by the L2Server for LinErrors, and so is referenced from the function we need. So I hit enter in the Strings window, and that then opens the location of the string in the IDA View window, by using the keyboard shortcut CTRL+X IDA will then show you the xref's to that string. Click OK and IDA will now jump to where that string is referenced in our BuilderCmd_announce function. If you don't know assembly, this is the point where you will be quite confused by what is on the screen, and so I would suggest learning some basic assembly before attempting this. For this part I am going to assume anyone reading this far knows some assembly and so you should be able to follow this pretty easily. I happen to know the reason for the character limit is because the L2Server copies only a maximum of 50 characters into the buffer which is sent to the "BroadcastToAllUser_Announce" function, which actually sends the announcement to the players ingame. To overcome this problem is an incredibly simple operation. The easiest way to find what we need to change is look for where the announcement string is copied into the buffer to be sent to the players, which is at the address 0x450A5E. The correct way to fix this function would be to overwrite the address in the builder command handler array for this function with a completely new function and rewrite the command handler function itself. But a much easier and much quicker way is to simply send the whole announce command string to the broadcast function instead of the buffer which contains the maxixmum 50 chars. The full announcement string is sent to the function from the builder command handler in the register r8, and at the top of the function the server moves the string (r8) into r12, so all we need to do is move r12 to rcx (the first argument register) for the function call rather than the limited buffer. To do this we need to replace the code at 0x450A63, with "mov rcx, r12". Which in opcode form is 498BCC, and as the code we are replacing is 8 bytes, and our new code is only 3, we must remember NOP the area, which means writing 0x90, for 5 bytes after our code. So we write 498BCC9090909090 to 0x450A63. And it's done! You could also just write the changes into the L2Server.exe using a hex editor, but that's far less fun. The code for these changes can be found here: http://rapidshare.com/files/394471289/Extender.rar.html And I hope that this guide helps more people become extender developers, because we are a rare breed in L2 these days, and it would be great to see more people doing things for themselves, rather than relying on dvampire or depmax to do everything for them. Check this link for a guide of how to attach an extender to your L2Server.exe -> http://maxcheaters.com/forum/index.php?topic=154347.0

exactly... the ONLY way to crash a server without packets is to drive to their servers datacenter and kick the pc off the shelf.

its a roll-over exploit, amped protects against it but there are ways to get around it, also Skizzik, you have proved your stupidity to everyone, all exploits are packet exploits, because everything sent to the server is sent in a packet, period. doesnt matter how the exploit is done, it can be replicated by sending the packet, therefor its a packet exploit, kthnx, also.. what has u being a supermod of some russian forum got to do with shit? just means that some dumbass russian actually believes that u know wtf ur talking about, when its evident that u dont know more than any 5 year old that devotes his life to reading cheat forums.

actually i first found it in october, the exploit i normally use is different to this one, this is just the russians one because well mine pwns too much i know the other one too ;) Actually, there r 2 exploits for PTS in totall, both with packets :D ur a little poser bitch that doesnt know shit, all crash exploits are with packets u dumbass because ALL shit sent to the server IS SENT WITH PACKETS... not only that, none of these crash exploits are with the server itself, they are all vulnerabilities in amped, the exploit protection, because cypher didnt double check his buffers for possible overflows... crawl back under ur rock u fucking wannabe u dont know shit except what every 5 year old can learn from cheat forums. i have 50 bucks says u dont even know how the fuck this exploit crashes the server.

actually i first found it in october, the exploit i normally use is different to this one, this is just the russians one because well mine pwns too much

what the fuck are u talking about? 1. i registered 3 days ago, so please explain the whole "10 days" thing... 2. i just shared the exploit to crash 95% of l2off servers that are out there... 3. i did not once say i would share shit, with the exception of when i said "when this exploit is patched or everyone starts blocking apex ill release some more" 4. i am the clever guy that has everything.

i can assure u that was a coincidence... the authd ("login server") and then l2server are linked only by a tcp connection... which means one can not crash the other... putting the packet on auto wont do anything more than send it more times... may make it d/c u faster because more memory gets overwritten by the overflow... but thats about it... also, the npc server will get owned because when the l2server crashes, the l2npc follows.

when the majority of servers start either using antibot systems, or patching apex, ill release a little present that will get past them all.

Anarchy i wasnt talk about YOUR favorite server .... I was talking about ALL servers not ur..... ahhh okey xD either way l2j sucks ^_^ i dont waste my time trying to find exploits there... i find it much more entertaining punching holes in the ego of l2off owners that think they are untouchable because they use amped..

pff if u think my favorite server is l2j that ur mistaken... -beep- l2j i wouldnt play that shit if the last server alive was an l2j server.. buggy ass laggy piece of shit... anyway... killer_007... hlapex has a flaw with the way it differnciates the authd connection from the l2server connection, it hooks ws2_32.connect and checks the port of the address header sent to it, if the port is 2106, 2222 or 5001-4, then it treats the connection as an authd connection and returns to the normal connect function, if its any other port then it detects it as an l2server connection and replaces the ip in the header to 127.0.0.1, checks if apex is still running, and then returns to the normal connect, which then connects to apex which then proxies to the server which enables it to view/send packets, so yeah... and i just gave every server owner that reads this an explanation of how to block apex, but nevermind because its on PP anyway... also the GM Shop exploit is 100% dependant on the server... not only that its easy to fix just by taking out the items that are exploitable lol... which is why im probably not going to release it...

and also, if 154+ amped or a patch doesnt get released, and people just start changing authd ports to block apex, ill release a dll file that will work with any antibot, and any server, changed ports or not... that will crash it... also u guys need to go crash more servers! my favorite server needs more players ;o

Even with cypher's 154 - 156 patch? as someone on postpacific said enchant skill exploit is fixed by cypher's patch (dunno which version, but i'am sure that not public one, so 150+) btw. Anarchy can I pm ya? i'am sure u have full box now... 150+ fixes the crash exploit and the skillenchant but it doesnt fix others that i know... the cool thing is just about any server with a gm shop, u can exploit adena on... lets just say its a variation of the roll-over exploit for the shops that u could do back with c1 server... the c4 server fixes that specific one but there is one simmilar to it that cyphers patch doesnt stop, not even the 154+

the exploit is already patched, but the fix for it is strictly private, someone will release it as soon as this post reaches postpacific...