ps_game.exe crash

hi.
im having problem with my server.

there have been this kind of unfair competition with this guy going around crashing all the server so his own server can stay on top.

i think he do some kind of packet attack.

at first we encounter some weird bug like item switching all over the place.
like lapis icon on helm. armor.
wrong itemcount all over the place too.
and then after sometimes the ps_game crash.

here is the log.
i applied the enchant bug fix but sadly this is not the case.
mine was a ep4.5 ps_game.

Quote:

2021-10-07 23:51:57 PS_GAME__system log start (Game01) [KR] 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/sorp1 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/croco1 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/croco2 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/Troll1 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/Spink1 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/GoldenPig 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/Sorp3 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/SorpNamed1 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/SorpNamed2 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/Sorp2 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/CrocoNamed1 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/CrocoNamed2 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/CrocoNamed3 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/OrcNamed1 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/OrcNamed2 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/OrcNamed3 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/TrollNamed1 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/HellTouthNamed1 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/Deinos 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/Parridalis 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/Alcarian 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/ZinAlcaria 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/Belizabeth 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/Kirhiross 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/CrypticOne 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/Haruhion 2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/Freezing 2021-10-07 23:52:34 <Console input> /nprotectoff 2021-10-07 23:52:34 <Console output> cmd NProtect off ok 2021-10-07 23:52:59 connect mgr 820 2021-10-07 23:52:59 connect dbagent 1208 2021-10-07 23:52:59 connect dbagent2 1212 2021-10-07 23:52:59 connect gamelog 1228 2021-10-07 23:53:00 Market End ----------------------- 2021-10-07 23:53:01 Load Shaiya.SData 25 2021-10-08 02:20:07 Error Item Count : Char=bbb, Bag=1, Slot=2, Type=9, TypeID=2, OldCount=255, FixedCount=1 2021-10-08 02:20:34 discon client: (104, 1236) T=002:23:00:000, RC=849,RCS=0, RB=9465,RBS=1, SC=9169,SCS=1, SB=185115,SBS=21 2021-10-08 02:21:06 Error Item Count : Char=bbb, Bag=1, Slot=0, Type=9, TypeID=2, OldCount=3, FixedCount=1 2021-10-08 02:21:30 discon client: (104, 1236) T=001:48:00:000, RC=10804,RCS=1, RB=139680,RBS=21, SC=139374,SCS=21, SB=2326794,SBS=358 2021-10-08 02:24:17 1 1 PacketOver nSendCount=786440, MaxOverSize=786432, m_nSendProcessing=192, m_nMaxSendProcessing=192 2021-10-08 02:24:17 discon client: ( 15, 64) T=000:01:00:000, RC=239,RCS=2, RB=2974,RBS=24, SC=4996,SCS=41, SB=52186,SBS=438 === GenerateExceptionHandler ======================================== 2021-10-08 02:24:33 Exception !!!, code=0x00000000, address=0x004DB32D Minidump write end..................... 0x004DB32D ps_game.exe: <unknown symbol> 0x00405360 ps_game.exe: <unknown symbol> Stack trace end..................... Stack trace(all thread) begin..................... Module list: C:\ShaiyaServer\PSM_Client\bin\ps_game.exe, loaded at 0x00400000 - 09/07/15 12:22:00 WARNING: ps_game.exe is not accessible Symbol search path is: ps_game.pdb WARNING: ps_game.pdb is not accessible WARNING: ps_game.pdb is not accessible Microsoft (R) Windows Debugger Version 6.3.0017.0 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\ShaiyaServer\PSM_Client\bin\Log\20211007_235157 _ps_game.dmp] User Mini Dump File: Only registers, stack and portions of memory are available Windows Longhorn Version 9200 MP (4 procs) Free x86 compatible Product: Server, suite: TerminalServer DataCenter SingleUserTS Debug session time: Fri Oct 08 02:24:33 2021 System Uptime: not available Process Uptime: 0 days 2:32:36.000 Symbol search path is: ps_game.pdb Executable search path is: ps_game.exe .................................................. . The call to LoadLibrary(ext) failed, Win32 error 2 "The system cannot find the file specified." Please check your debugger configuration and/or network access. The call to LoadLibrary(exts) failed, Win32 error 2 "The system cannot find the file specified." Please check your debugger configuration and/or network access. The call to LoadLibrary(uext) failed, Win32 error 2 "The system cannot find the file specified." Please check your debugger configuration and/or network access. The call to LoadLibrary(ntsdexts) failed, Win32 error 2 "The system cannot find the file specified." Please check your debugger configuration and/or network access. (1c74.ad4): Unknown exception - code 00000000 (!!! second chance !!!) thread count = 24 thread 0(4356) 0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12 0x751C61D2 KERNELBASE.dll: WaitForSingleObject + 18 0x74FCB312 sechost.dll: RegisterServiceCtrlHandlerExW + 818 0x74FDCF21 sechost.dll: RpcClientCapabilityCheck + 2145 0x74FDC4A7 sechost.dll: StartServiceCtrlDispatcherA + 87 0x004E427D ps_game.exe: <unknown symbol> 0x00540640 ps_game.exe: <unknown symbol> 0x004CCB90 ps_game.exe: <unknown symbol> 0x95E90000 <unknown module>: <unknown symbol> thread 1(7912) 0x770CF04C ntdll.dll: ZwWaitForMultipleObjects + 12 0x751D3828 KERNELBASE.dll: WaitForMultipleObjects + 24 0x004E2B99 ps_game.exe: <unknown symbol> 0xCCCC747E <unknown module>: <unknown symbol> thread 2(7984) 0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12 0x751C61D2 KERNELBASE.dll: WaitForSingleObject + 18 0x004D5738 ps_game.exe: <unknown symbol> 0x747762C4 KERNEL32.DLL: BaseThreadInitThunk + 36 0x770C1B69 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1081 0x770C1B34 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1028 thread 3(7864) 0x770CF04C ntdll.dll: ZwWaitForMultipleObjects + 12 0x747762C4 KERNEL32.DLL: BaseThreadInitThunk + 36 0x770C1B69 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1081 0x770C1B34 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1028 thread 4(2772) 0x770CF8FC ntdll.dll: NtGetContextThread + 12 0x04680A50 dbghelp.dll: SymGetModuleBase 0x52990C45 <unknown module>: <unknown symbol> 0x52990C45 <unknown module>: <unknown symbol> thread 5(4804) 0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12 0x73A3AE46 MSWSOCK.dll: sethostname + 13750 0x7504B37D WS2_32.dll: WSAAccept + 173 0x004D7ECE ps_game.exe: <unknown symbol> thread 6(5052) 0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12 0x751C61D2 KERNELBASE.dll: WaitForSingleObject + 18 0x004D9E2B ps_game.exe: <unknown symbol> 0xCCCC747E <unknown module>: <unknown symbol> thread 7(7536) 0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12 0x751C61D2 KERNELBASE.dll: WaitForSingleObject + 18 0x004D9E2B ps_game.exe: <unknown symbol> 0xCCCC747E <unknown module>: <unknown symbol> thread 8(5032) 0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12 0x751C61D2 KERNELBASE.dll: WaitForSingleObject + 18 0x004D9E2B ps_game.exe: <unknown symbol> 0xCCCC747E <unknown module>: <unknown symbol> thread 9(5296) 0x770D065C ntdll.dll: ZwWaitForAlertByThreadId + 12 0x770B88ED ntdll.dll: RtlWaitOnAddress + 477 0x770B87DF ntdll.dll: RtlWaitOnAddress + 207 0x7709E0A5 ntdll.dll: RtlEnterCriticalSection + 293 0x7709DFC5 ntdll.dll: RtlEnterCriticalSection + 69 0x0040CA38 ps_game.exe: <unknown symbol> 0x4D8B51EC <unknown module>: <unknown symbol> thread 10(1148) 0x770CEB0C ntdll.dll: NtRemoveIoCompletion + 12 0x004DCB92 ps_game.exe: <unknown symbol> thread 11(6696) 0x770CEB0C ntdll.dll: NtRemoveIoCompletion + 12 0x004DCB92 ps_game.exe: <unknown symbol> thread 12(6888) 0x770CEB0C ntdll.dll: NtRemoveIoCompletion + 12 0x004DCB92 ps_game.exe: <unknown symbol> thread 13(8176) 0x770CEB0C ntdll.dll: NtRemoveIoCompletion + 12 0x004DCB92 ps_game.exe: <unknown symbol> thread 14(7932) 0x770CEB0C ntdll.dll: NtRemoveIoCompletion + 12 0x004DCB92 ps_game.exe: <unknown symbol> thread 15(5972) 0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12 0x751C61D2 KERNELBASE.dll: WaitForSingleObject + 18 0x004D9E2B ps_game.exe: <unknown symbol> 0xCCCC747E <unknown module>: <unknown symbol> thread 16(4924) 0x770D065C ntdll.dll: ZwWaitForAlertByThreadId + 12 0x770B88ED ntdll.dll: RtlWaitOnAddress + 477 0x770B87DF ntdll.dll: RtlWaitOnAddress + 207 0x7709E0A5 ntdll.dll: RtlEnterCriticalSection + 293 0x7709DFC5 ntdll.dll: RtlEnterCriticalSection + 69 0x004218BA ps_game.exe: <unknown symbol> 0x4D8B51EC <unknown module>: <unknown symbol> thread 17(7440) 0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12 0x751C61D2 KERNELBASE.dll: WaitForSingleObject + 18 0x00406FEC ps_game.exe: <unknown symbol> thread 18(4232) 0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12 0x751C61D2 KERNELBASE.dll: WaitForSingleObject + 18 0x0040734B ps_game.exe: <unknown symbol> thread 19(8068) 0x00424303 ps_game.exe: <unknown symbol> 0x25870008 <unknown module>: <unknown symbol> 0x00409610 ps_game.exe: <unknown symbol> 0x00409610 ps_game.exe: <unknown symbol> 0x5754BB80 <unknown module>: <unknown symbol> thread 20(7392) 0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12 0x751C61D2 KERNELBASE.dll: WaitForSingleObject + 18 0x0040734B ps_game.exe: <unknown symbol> thread 21(4040) 0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12 0x751C61D2 KERNELBASE.dll: WaitForSingleObject + 18 0x0040734B ps_game.exe: <unknown symbol> thread 22(6868) 0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12 0x751C61D2 KERNELBASE.dll: WaitForSingleObject + 18 0x0040734B ps_game.exe: <unknown symbol> thread 23(3068) 0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12 0x751C61D2 KERNELBASE.dll: WaitForSingleObject + 18 0x004D9E2B ps_game.exe: <unknown symbol> 0xCCCC747E <unknown module>: <unknown symbol> Stack trace(all thread) end..................... === GenerateExceptionHandler End ================================================ 2021-10-08 02:24:33 DeadLock[ConnectError] Occur : WorldDB 2021-10-08 02:24:43 DeadLock[ConnectError] Occur : WorldDB 2021-10-08 02:24:53 DeadLock[ConnectError] Occur : WorldDB 2021-10-08 02:25:03 DeadLock[ConnectError] Occur : WorldDB 2021-10-08 02:25:13 DeadLock[ConnectError] Occur : WorldDB 2021-10-08 02:25:23 DeadLock[ConnectError] Occur : WorldDB 2021-10-08 02:25:33 DeadLock[ConnectError] Occur : WorldDB 2021-10-08 02:25:43 DeadLock[ConnectError] Occur : WorldDB 2021-10-08 02:25:53 DeadLock[ConnectError] Occur : WorldDB 2021-10-08 02:26:03 DeadLock[ConnectError] Occur : WorldDB 2021-10-08 02:26:13 DeadLock[ConnectError] Occur : WorldDB

i trimmed only the lines causing issue.
can anyone please help me to address this exploit?

well after checking the other threads i found another server facing the same issue as me.
[Only registered and activated users can see links. Click Here To Register...]
i guess this kind of attack must be very popular these day.
pls point me in the right direction.

edit: my discord
8BitGentleMan#2327

your help would be much appreciated.

It seems like you got packet injection cause to crash. There are 2 options I can recommend:

1. Server side: Edit your ps_game.exe to drop the invalid merge item packets.
2. Client side: Attach an anti-cheat to your game.exe to prevent injection from running.

The #2 just a "buy-time" solution, if the "mental-guy" who did it to your server can bypass your anti-cheat system, then it will be crashed again, so it is better to have the fix on the server side. Of course, if you can deliver these 2 options, it will be more secure.

In additional, there was SQL Deadlock you need to check too.

Quote:

Originally Posted by nick4ever It seems like you got packet injection cause to crash. There are 2 options I can recommend: 1. Server side: Edit your ps_game.exe to drop the invalid merge item packets. 2. Client side: Attach an anti-cheat to your game.exe to prevent injection from running. The #2 just a "buy-time" solution, if the "mental-guy" who did it to your server can bypass your anti-cheat system, then it will be crashed again, so it is better to have the fix on the server side. Of course, if you can deliver these 2 options, it will be more secure. In additional, there was SQL Deadlock you need to check too.

hi there,

thank you for pointing that out for me.

unfortunately, i'm not familiar much with assembly and packet editing.
the server need to be up and running asap.

i'm willing to pay for the fix if you can do it.
in the meanwhile, i'll learn reverse engineering to better secure my server.


again, thank you for your reply :)

Yeah I know, I know you need the server is back up as soon as possible.

However, my advice is if you can not completely kill this exploit, do not re-open it, it will destroy your reputation in gamer's eyes, that is exactly the purpose of the "psycho-guy". Or you can think about upgrading your EP to 5.4 or above.

that's what i thought too.
upgrading was not an option since our home country "official shaiya" was dead at 5.3, so we stuck with the latest client which support our language (utf-8) at 5.3.

guess i'll stuck w 5.3 and waiting for someone who can fix this :D

hi, i'm still waiting and willing to pay for someone who can patch the ps_game to drop the attack packets.

my discord
8BitGentleMan#2327

I can help you if you still need it. Check your discord

Quote:

Originally Posted by ntkhang1409vt hi, i'm still waiting and willing to pay for someone who can patch the ps_game to drop the attack packets. my discord 8BitGentleMan#2327

I can help you. call me discord