Dupe

02/14/2020 15:45 IFlyffMc#1
Any dupe fixer for guildware house procedure release here please?
02/14/2020 15:54 jooodzszsz#2
Code:
void CDPCacheSrvr::OnGuildPenya( CAr & ar, DPID dpidCache, DPID dpidUser, u_long uBufSize )
{
	u_long _uidPlayer, _uGuildId;
	DWORD dwType, dwPenya;

	ar >> _uidPlayer >> _uGuildId;
	ar >> dwType >> dwPenya;

	CMclAutoLock	Lock( g_PlayerMng.m_AddRemoveLock );
	CMclAutoLock	Lock2( g_GuildMng.m_AddRemoveLock );	

	CPlayer* pPlayer = g_PlayerMng.GetPlayerBySerial( dpidUser );	
	if( pPlayer == NULL )
		return;

	CGuild* pGuild = g_GuildMng.GetGuild( pPlayer->m_idGuild );
	if( pGuild && pGuild->IsMaster( pPlayer->uKey ) )
	{
		if( dwType >= MAX_GM_LEVEL && dwPenya < 1000000 )
		{
			pGuild->m_adwPenya[dwType] = dwPenya;
			g_dpCoreSrvr.SendGuildPenya( pPlayer->m_idGuild, dwType, dwPenya );
			
			// GUILD DB AUTHORITY UPDATE
			g_dpDatabaseClient.SendGuildPenya( pPlayer->m_idGuild, pGuild->m_adwPenya );
		}
		else
		{
			SendGuildError( pPlayer, 2 );
		}
	}
}
Send:
dwType = 6
dwPenya = 21855

This would write "pGuild->m_adwPenya[6] = 21855;". As you can see in CGuild class, m_adwPenya has just 5 DWORDs, using 6 overflows it and overwrites m_dwLogo with 21855.

Now you just need to create a Guild Cloak for 10k penya.
"itemElem.m_dwItemId = II_ARM_S_CLO_CLO_SYSCLOAK01 + (pGuild->m_dwLogo - 1);"

As you can see they decrease m_dwLogo by 1 and add 4602 (itemid - 4601)
02/21/2020 23:47 cookie69#3
Quote:
Originally Posted by IFlyffMc View Post
Any dupe fixer for guildware house procedure release here please?
In addition to check the arrays limits, you can also use the compiler's checks in Visual Studio that work in general.
Make sure you don't choose the default value for "Basic Runtime checks" and also make sure you enable the security checks

[Only registered and activated users can see links. Click Here To Register...]
02/26/2020 17:48 IFlyffMc#4
Quote:
Originally Posted by jooodzszsz View Post
Code:
void CDPCacheSrvr::OnGuildPenya( CAr & ar, DPID dpidCache, DPID dpidUser, u_long uBufSize )
{
	u_long _uidPlayer, _uGuildId;
	DWORD dwType, dwPenya;

	ar >> _uidPlayer >> _uGuildId;
	ar >> dwType >> dwPenya;

	CMclAutoLock	Lock( g_PlayerMng.m_AddRemoveLock );
	CMclAutoLock	Lock2( g_GuildMng.m_AddRemoveLock );	

	CPlayer* pPlayer = g_PlayerMng.GetPlayerBySerial( dpidUser );	
	if( pPlayer == NULL )
		return;

	CGuild* pGuild = g_GuildMng.GetGuild( pPlayer->m_idGuild );
	if( pGuild && pGuild->IsMaster( pPlayer->uKey ) )
	{
		if( dwType >= MAX_GM_LEVEL && dwPenya < 1000000 )
		{
			pGuild->m_adwPenya[dwType] = dwPenya;
			g_dpCoreSrvr.SendGuildPenya( pPlayer->m_idGuild, dwType, dwPenya );
			
			// GUILD DB AUTHORITY UPDATE
			g_dpDatabaseClient.SendGuildPenya( pPlayer->m_idGuild, pGuild->m_adwPenya );
		}
		else
		{
			SendGuildError( pPlayer, 2 );
		}
	}
}
Send:
dwType = 6
dwPenya = 21855

This would write "pGuild->m_adwPenya[6] = 21855;". As you can see in CGuild class, m_adwPenya has just 5 DWORDs, using 6 overflows it and overwrites m_dwLogo with 21855.

Now you just need to create a Guild Cloak for 10k penya.
"itemElem.m_dwItemId = II_ARM_S_CLO_CLO_SYSCLOAK01 + (pGuild->m_dwLogo - 1);"

As you can see they decrease m_dwLogo by 1 and add 4602 (itemid - 4601)
Quote:
Originally Posted by cookie69 View Post
In addition to check the arrays limits, you can also use the compiler's checks in Visual Studio that work in general.
Make sure you don't choose the default value for "Basic Runtime checks" and also make sure you enable the security checks

[Only registered and activated users can see links. Click Here To Register...]


Thank you guys! Godbless you both! :handsdown: