Request Help! Shaiya Login Hack

gm_frey · 09/03/2017, 07:24

There is a new kind of vulnerability into Shaiya Private Servers.

Is not only me who reported that Login goes down.

I've been searching all topics but can't figurate the problem there isn't yet any fix released.

Server is working fine till the the hacker starts the attack into Ps_Login.

NOTE: I'm using Nubness PS_Login.exe from this

There is the LOGS comes from Login.

2017-09-03 07:51:24 PS_LOGIN__system log start (Login01)

================================================== ==============

2017-09-03 07:52:09 Exception !!!, code=0xC0000005, address=0x004096F0

Minidump write end.....................

0x004096F0 ps_login.exe: <unknown symbol>

0x00404555 ps_login.exe: <unknown symbol>

0x21583AD0 <unknown module>: <unknown symbol>

Stack trace end.....................

Stack trace(all thread) begin.....................

Module list:

C:\ShaiyaServer\Server\PSM_Client\Bin\ps_login.exe , loaded at 0x00400000 - 07/12/07 11:46:58 (ETC)

WARNING: ps_login.exe is not accessible
Symbol search path is: ps_login.pdb
WARNING: ps_login.pdb is not accessible
WARNING: ps_login.pdb is not accessible

Microsoft (R) Windows Debugger Version 6.3.0017.0
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\ShaiyaServer\Server\PSM_Client\Bin\Log\20170903 _075124_ps_login.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available

Windows Longhorn Version 9200 MP (10 procs) Free x86 compatible
Product: Server, suite: Enterprise TerminalServer DataCenter SingleUserTS
Debug session time: Sun Sep 03 07:52:09 2017
System Uptime: not available
Process Uptime: 0 days 0:00:45.000
Symbol search path is: ps_login.pdb
Executable search path is: ps_login.exe
.................................................. ...
The call to LoadLibrary(ext) failed, Win32 error 2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(exts) failed, Win32 error 2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(uext) failed, Win32 error 2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(ntsdexts) failed, Win32 error 2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.
(1c48.1d40): Access violation - code c0000005 (!!! second chance !!!)

thread count = 71
thread 0(13768)

0x770ADC2C ntdll.dll: ZwWaitForSingleObject + 12

0x7451ABE2 KERNELBASE.dll: WaitForSingleObject + 18

0x74E3B332 sechost.dll: RegisterServiceCtrlHandlerExW + 818

0x74E4CB42 sechost.dll: RpcClientCapabilityCheck + 2130

0x74E4C0D7 sechost.dll: StartServiceCtrlDispatcherA + 87

0x00421D9D ps_login.exe: <unknown symbol>

0x0044C5C0 ps_login.exe: <unknown symbol>

0x00407840 ps_login.exe: <unknown symbol>

0xA5E90000 <unknown module>: <unknown symbol>

thread 1(14044)

0x770AF7FC ntdll.dll: NtWaitForWorkViaWorkerFactory + 12

0x76D662C4 KERNEL32.DLL: BaseThreadInitThunk + 36

0x770A0609 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1081

0x770A05D4 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1028

thread 2(8016)

0x770AF7FC ntdll.dll: NtWaitForWorkViaWorkerFactory + 12

0x76D662C4 KERNEL32.DLL: BaseThreadInitThunk + 36

0x770A0609 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1081

0x770A05D4 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1028

thread 3(5224)

0x770AF7FC ntdll.dll: NtWaitForWorkViaWorkerFactory + 12

0x76D662C4 KERNEL32.DLL: BaseThreadInitThunk + 36

0x770A0609 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1081

0x770A05D4 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1028

thread 4(12284)

0x770AE1BC ntdll.dll: NtWaitForMultipleObjects + 12

0x74521928 KERNELBASE.dll: WaitForMultipleObjects + 24

0x004207A9 ps_login.exe: <unknown symbol>

0xCCCC76DD <unknown module>: <unknown symbol>

thread 5(14968)

0x770ADC2C ntdll.dll: ZwWaitForSingleObject + 12

0x7451ABE2 KERNELBASE.dll: WaitForSingleObject + 18

0x0041A3A8 ps_login.exe: <unknown symbol>

0x76D662C4 KERNEL32.DLL: BaseThreadInitThunk + 36

0x770A0609 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1081

0x770A05D4 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1028

thread 6(13100)

0x770AE1BC ntdll.dll: NtWaitForMultipleObjects + 12

0x76D662C4 KERNEL32.DLL: BaseThreadInitThunk + 36

0x770A0609 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1081

0x770A05D4 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1028

thread 7(2020)

0x770ADC2C ntdll.dll: ZwWaitForSingleObject + 12

0x7451ABE2 KERNELBASE.dll: WaitForSingleObject + 18

0x0041117B ps_login.exe: <unknown symbol>

0xCCCC76DD <unknown module>: <unknown symbol>

thread 8(5244)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 9(8448)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 10(5168)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 11(11820)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 12(9756)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 13(2908)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 14(9036)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 15(8284)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 16(10272)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 17(6620)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 18(11772)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 19(14116)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 20(10556)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 21(14540)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 22(6008)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 23(8600)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 24(3580)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 25(6328)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 26(6456)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 27(10152)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 28(10276)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 29(9316)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 30(8992)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 31(14084)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 32(15356)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 33(14556)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 34(15040)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 35(8928)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 36(5128)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 37(12592)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 38(12120)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 39(5108)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 40(10532)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 41(14592)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 42(7288)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 43(11752)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 44(2460)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 45(7972)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 46(14752)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 47(3616)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 48(6476)

0x770ADC2C ntdll.dll: ZwWaitForSingleObject + 12

0x7254AD46 MSWSOCK.dll: sethostname + 13750

0x73AFB95D WS2_32.dll: WSAAccept + 173

0x0041462E ps_login.exe: <unknown symbol>

thread 49(6076)

0x770ADC2C ntdll.dll: ZwWaitForSingleObject + 12

0x7451ABE2 KERNELBASE.dll: WaitForSingleObject + 18

0x0041117B ps_login.exe: <unknown symbol>

0xCCCC76DD <unknown module>: <unknown symbol>

thread 50(8368)

0x770ADC2C ntdll.dll: ZwWaitForSingleObject + 12

0x7451ABE2 KERNELBASE.dll: WaitForSingleObject + 18

0x0041117B ps_login.exe: <unknown symbol>

0xCCCC76DD <unknown module>: <unknown symbol>

thread 51(8460)

0x770ADC2C ntdll.dll: ZwWaitForSingleObject + 12

0x7451ABE2 KERNELBASE.dll: WaitForSingleObject + 18

0x0041117B ps_login.exe: <unknown symbol>

0xCCCC76DD <unknown module>: <unknown symbol>

thread 52(14340)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 53(4552)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 54(10168)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 55(1508)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 56(15216)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 57(10176)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 58(9108)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 59(14244)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 60(8276)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 61(10464)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 62(8668)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 63(5856)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 64(13380)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 65(12276)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 66(9904)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 67(7488)

0x770AEA6C ntdll.dll: NtGetContextThread + 12

0x02830A50 dbghelp.dll: SymGetModuleBase

0xC9330C45 <unknown module>: <unknown symbol>

thread 68(9512)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 69(7716)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 70(11952)

0x00426F57 ps_login.exe: <unknown symbol>

Stack trace(all thread) end.....................

================================================== ==============

gm_frey · 09/03/2017, 11:02

If you are able to help me fix that vulnerability i will pay you. Thanks lot Cup, i wait your response.

santimc · 09/13/2017, 17:54

Quote:
Originally Posted by Cups
If you see the line of code at that address, you'll see:
Code:
mov [ecx+esi*4-04],eax
I suspect that the reason the ps_login is crashing, is because because the ecx register doesn't contain a value, when it should. This might happen due to poor multi-threading in Shaiya, and having a program which would flood the login service very rapidly and cause the counters to become desynchronized. Or it might be something else entirely. I will have a look when I get home and see if I can make a quick fix for you.

Bro, help me please// give me skype

anton1312 · 11/01/2017, 19:45

Spoiler

Quote:

Originally Posted by gm_frey

There is a new kind of vulnerability into Shaiya Private Servers.

Is not only me who reported that Login goes down.

I've been searching all topics but can't figurate the problem there isn't yet any fix released.

Server is working fine till the the hacker starts the attack into Ps_Login.

NOTE: I'm using Nubness PS_Login.exe from this

There is the LOGS comes from Login.

2017-09-03 07:51:24 PS_LOGIN__system log start (Login01)

================================================== ==============

2017-09-03 07:52:09 Exception !!!, code=0xC0000005, address=0x004096F0

Minidump write end.....................

0x004096F0 ps_login.exe: <unknown symbol>

0x00404555 ps_login.exe: <unknown symbol>

0x21583AD0 <unknown module>: <unknown symbol>

Stack trace end.....................

Stack trace(all thread) begin.....................

Module list:

C:\ShaiyaServer\Server\PSM_Client\Bin\ps_login.exe , loaded at 0x00400000 - 07/12/07 11:46:58 (ETC)

WARNING: ps_login.exe is not accessible
Symbol search path is: ps_login.pdb
WARNING: ps_login.pdb is not accessible
WARNING: ps_login.pdb is not accessible

Microsoft (R) Windows Debugger Version 6.3.0017.0
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\ShaiyaServer\Server\PSM_Client\Bin\Log\20170903 _075124_ps_login.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available

Windows Longhorn Version 9200 MP (10 procs) Free x86 compatible
Product: Server, suite: Enterprise TerminalServer DataCenter SingleUserTS
Debug session time: Sun Sep 03 07:52:09 2017
System Uptime: not available
Process Uptime: 0 days 0:00:45.000
Symbol search path is: ps_login.pdb
Executable search path is: ps_login.exe
.................................................. ...
The call to LoadLibrary(ext) failed, Win32 error 2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(exts) failed, Win32 error 2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(uext) failed, Win32 error 2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(ntsdexts) failed, Win32 error 2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.
(1c48.1d40): Access violation - code c0000005 (!!! second chance !!!)

thread count = 71
thread 0(13768)

0x770ADC2C ntdll.dll: ZwWaitForSingleObject + 12

0x7451ABE2 KERNELBASE.dll: WaitForSingleObject + 18

0x74E3B332 sechost.dll: RegisterServiceCtrlHandlerExW + 818

0x74E4CB42 sechost.dll: RpcClientCapabilityCheck + 2130

0x74E4C0D7 sechost.dll: StartServiceCtrlDispatcherA + 87

0x00421D9D ps_login.exe: <unknown symbol>

0x0044C5C0 ps_login.exe: <unknown symbol>

0x00407840 ps_login.exe: <unknown symbol>

0xA5E90000 <unknown module>: <unknown symbol>

thread 1(14044)

0x770AF7FC ntdll.dll: NtWaitForWorkViaWorkerFactory + 12

0x76D662C4 KERNEL32.DLL: BaseThreadInitThunk + 36

0x770A0609 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1081

0x770A05D4 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1028

thread 2(8016)

0x770AF7FC ntdll.dll: NtWaitForWorkViaWorkerFactory + 12

0x76D662C4 KERNEL32.DLL: BaseThreadInitThunk + 36

0x770A0609 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1081

0x770A05D4 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1028

thread 3(5224)

0x770AF7FC ntdll.dll: NtWaitForWorkViaWorkerFactory + 12

0x76D662C4 KERNEL32.DLL: BaseThreadInitThunk + 36

0x770A0609 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1081

0x770A05D4 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1028

thread 4(12284)

0x770AE1BC ntdll.dll: NtWaitForMultipleObjects + 12

0x74521928 KERNELBASE.dll: WaitForMultipleObjects + 24

0x004207A9 ps_login.exe: <unknown symbol>

0xCCCC76DD <unknown module>: <unknown symbol>

thread 5(14968)

0x770ADC2C ntdll.dll: ZwWaitForSingleObject + 12

0x7451ABE2 KERNELBASE.dll: WaitForSingleObject + 18

0x0041A3A8 ps_login.exe: <unknown symbol>

0x76D662C4 KERNEL32.DLL: BaseThreadInitThunk + 36

0x770A0609 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1081

0x770A05D4 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1028

thread 6(13100)

0x770AE1BC ntdll.dll: NtWaitForMultipleObjects + 12

0x76D662C4 KERNEL32.DLL: BaseThreadInitThunk + 36

0x770A0609 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1081

0x770A05D4 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1028

thread 7(2020)

0x770ADC2C ntdll.dll: ZwWaitForSingleObject + 12

0x7451ABE2 KERNELBASE.dll: WaitForSingleObject + 18

0x0041117B ps_login.exe: <unknown symbol>

0xCCCC76DD <unknown module>: <unknown symbol>

thread 8(5244)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 9(8448)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 10(5168)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 11(11820)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 12(9756)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 13(2908)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 14(9036)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 15(8284)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 16(10272)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 17(6620)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 18(11772)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 19(14116)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 20(10556)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 21(14540)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 22(6008)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 23(8600)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 24(3580)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 25(6328)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 26(6456)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 27(10152)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 28(10276)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 29(9316)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 30(8992)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 31(14084)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 32(15356)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 33(14556)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 34(15040)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 35(8928)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 36(5128)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 37(12592)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 38(12120)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 39(5108)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 40(10532)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 41(14592)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 42(7288)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 43(11752)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 44(2460)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 45(7972)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 46(14752)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 47(3616)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x004141BD ps_login.exe: <unknown symbol>

0x25FF5DEC <unknown module>: <unknown symbol>

thread 48(6476)

0x770ADC2C ntdll.dll: ZwWaitForSingleObject + 12

0x7254AD46 MSWSOCK.dll: sethostname + 13750

0x73AFB95D WS2_32.dll: WSAAccept + 173

0x0041462E ps_login.exe: <unknown symbol>

thread 49(6076)

0x770ADC2C ntdll.dll: ZwWaitForSingleObject + 12

0x7451ABE2 KERNELBASE.dll: WaitForSingleObject + 18

0x0041117B ps_login.exe: <unknown symbol>

0xCCCC76DD <unknown module>: <unknown symbol>

thread 50(8368)

0x770ADC2C ntdll.dll: ZwWaitForSingleObject + 12

0x7451ABE2 KERNELBASE.dll: WaitForSingleObject + 18

0x0041117B ps_login.exe: <unknown symbol>

0xCCCC76DD <unknown module>: <unknown symbol>

thread 51(8460)

0x770ADC2C ntdll.dll: ZwWaitForSingleObject + 12

0x7451ABE2 KERNELBASE.dll: WaitForSingleObject + 18

0x0041117B ps_login.exe: <unknown symbol>

0xCCCC76DD <unknown module>: <unknown symbol>

thread 52(14340)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 53(4552)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 54(10168)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 55(1508)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 56(15216)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 57(10176)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 58(9108)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 59(14244)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 60(8276)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 61(10464)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 62(8668)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 63(5856)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 64(13380)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 65(12276)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 66(9904)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 67(7488)

0x770AEA6C ntdll.dll: NtGetContextThread + 12

0x02830A50 dbghelp.dll: SymGetModuleBase

0xC9330C45 <unknown module>: <unknown symbol>

thread 68(9512)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 69(7716)

0x770ADC7C ntdll.dll: NtRemoveIoCompletion + 12

0x00416240 ps_login.exe: <unknown symbol>

thread 70(11952)

0x00426F57 ps_login.exe: <unknown symbol>

Stack trace(all thread) end.....................

================================================== ==============

Hi, i have fix for that, contact with me if you want it

killer2p · 11/01/2017, 21:01

@

cups just released the fix

Vaka Vaka · 11/01/2017, 21:35

Quote:

Originally Posted by killer2p

@ cups just released the fix

The fact that Anton wants to make money on this is a problem? gm_frey himself wrote that he would pay for the fix. I do not see a fix from the Cups on the forum and I do not understand why you are trying to prevent Anton from earning.

Velocity. · 11/01/2017, 21:53

Quote:

Originally Posted by Vaka Vaka

The fact that Anton wants to make money on this is a problem? gm_frey himself wrote that he would pay for the fix. I do not see a fix from the Cups on the forum and I do not understand why you are trying to prevent Anton from earning.

Can you read? Tell me where does it say that he said it was a problem because i don't see it. He simply said cups released it. All he is trying to do is help the user get this fixed, if it stops anton from earning its not his problem.

Vaka Vaka · 11/01/2017, 22:56

Quote:

Originally Posted by Velocity.

Can you read? Tell me where does it say that he said it was a problem because i don't see it. He simply said cups released it. All he is trying to do is help the user get this fixed, if it stops anton from earning its not his problem.

Released? Or can be released? I do not see the release on the forum or in the discord conference. And now it sounds like "hey man no one needs your work, get out of here" or am I wrong?

Velocity. · 11/01/2017, 23:43

Quote:

Originally Posted by Vaka Vaka

Released? Or can be released? I do not see the release on the forum or in the discord conference. And now it sounds like "hey man no one needs your work, get out of here" or am I wrong?

i am simply telling you what he said. you are asking the wrong person. in my opinion, you are wrong but thats none of my business so gl.

killer2p · 11/02/2017, 03:18

now i was never dising anton i know he does good work. but cups had a release for the ps_login but he removed it so relax

Vaka Vaka · 11/02/2017, 12:09

Quote:

Originally Posted by killer2p

now i was never dising anton i know he does good work. but cups had a release for the ps_login but he removed it so relax

Oh, I just did not find it on the forum and your message seemed very strange to me because of this. I did not want to offend anyone, sorry.

[ADM]SpyRow · 11/04/2017, 15:37

Quote:

Originally Posted by anton1312

Spoiler

Hi, i have fix for that, contact with me if you want it

Ofc you have the fix time you are behind of this injection.
You are me 3 years ago!
DDoS around and then HEY i have the fix or
HEY i stop when you pay!

I think i must get back to my old services!

anton1312 · 11/04/2017, 15:48

Quote:

Originally Posted by [ADM]SpyRow

Ofc you have the fix time you are behind of this injection.
You are me 3 years ago!
DDoS around and then HEY i have the fix or
HEY i stop when you pay!

I think i must get back to my old services!

what are you talking about?

Spoiler

Vaka Vaka · 11/04/2017, 16:38

Quote:

Originally Posted by [ADM]SpyRow

Ofc you have the fix time you are behind of this injection.
You are me 3 years ago!
DDoS around and then HEY i have the fix or
HEY i stop when you pay!

I think i must get back to my old services!

What are you talking about? Do you think that only he knows how to use it? You compare it with yourself in those times when you were engaged in dark affairs. You were just a man who bred everyone for money, but sometimes you even did not keep their promises after you received money. Death of Shaiya Nemesis this same was your handiwork, yes? Do you remember how many times they paid you? As far as I know Cups tested this fix and everything works fine. You can buy it and not think about that this bug can still appear on your server or for example make a fix yourself. Good luck.

[ADM]SpyRow · 11/04/2017, 16:48

Quote:

Originally Posted by Vaka Vaka

What are you talking about? Do you think that only he knows how to use it? You compare it with yourself in those times when you were engaged in dark affairs. You were just a man who bred everyone for money, but sometimes you even did not keep their promises after you received money. Death of Shaiya Nemesis this same was your handiwork, yes? Do you remember how many times they paid you? As far as I know Cups tested this fix and everything works fine. You can buy it and not think about that this bug can still appear on your server or for example make a fix yourself. Good luck.

Ohh boy ohh boy
Danco closed Nemesis due to his rl job!!!! And have nothing to do with me !!! coz last time i remember we ware working together agains "Mohamed" Guy if u still remember him and Taz
Like i said : what i did in my pst doenst have anything to do now, the simply accusation that anton is behind of this is for simply fact there are some logs of connection of his IP direcly to the Login IP when login got crashed!
Aka : 89.148.228.3
If i made some things 3 and 4 years ago is my own problemn, ofc doenst change anything reason i said thinking to get back to my old services,
Cups relased an fix ? poor guy can release everyday something time there is another guy who finde way to exploit it

ppl start gets PM "Hey u need my login Fix ? 200 $ ? when u never had prob before and when u say NO boom Login down ?
Just trying to open your guys eyes
Idc enough about Shaiya to add again time and effort !