ps_game.exe crash

[ntkhang1409vt]

hi.
im having problem with my server.

there have been this kind of unfair competition with this guy going around crashing all the server so his own server can stay on top.

i think he do some kind of packet attack.

at first we encounter some weird bug like item switching all over the place.
like lapis icon on helm. armor.
wrong itemcount all over the place too.
and then after sometimes the ps_game crash.

here is the log.
i applied the enchant bug fix but sadly this is not the case.
mine was a ep4.5 ps_game.

Quote:

2021-10-07 23:51:57 PS_GAME__system log start (Game01) [KR]

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/sorp1

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/croco1

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/croco2

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/Troll1

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/Spink1

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/GoldenPig

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/Sorp3

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/SorpNamed1

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/SorpNamed2

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/Sorp2

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/CrocoNamed1

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/CrocoNamed2

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/CrocoNamed3

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/OrcNamed1

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/OrcNamed2

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/OrcNamed3

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/TrollNamed1

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/HellTouthNamed1

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/Deinos

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/Parridalis

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/Alcarian

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/ZinAlcaria

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/Belizabeth

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/Kirhiross

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/CrypticOne

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/Haruhion

2021-10-07 23:51:57 Loaded Behavior In Factory : data/ai/Freezing

2021-10-07 23:52:34 <Console input> /nprotectoff

2021-10-07 23:52:34 <Console output> cmd NProtect off ok

2021-10-07 23:52:59 connect mgr 820

2021-10-07 23:52:59 connect dbagent 1208

2021-10-07 23:52:59 connect dbagent2 1212

2021-10-07 23:52:59 connect gamelog 1228

2021-10-07 23:53:00 Market End -----------------------

2021-10-07 23:53:01 Load Shaiya.SData 25

2021-10-08 02:20:07 Error Item Count : Char=bbb, Bag=1, Slot=2, Type=9, TypeID=2, OldCount=255, FixedCount=1

2021-10-08 02:20:34 discon client: (104, 1236) T=002:23:00:000, RC=849,RCS=0, RB=9465,RBS=1, SC=9169,SCS=1, SB=185115,SBS=21

2021-10-08 02:21:06 Error Item Count : Char=bbb, Bag=1, Slot=0, Type=9, TypeID=2, OldCount=3, FixedCount=1

2021-10-08 02:21:30 discon client: (104, 1236) T=001:48:00:000, RC=10804,RCS=1, RB=139680,RBS=21, SC=139374,SCS=21, SB=2326794,SBS=358

2021-10-08 02:24:17 1 1 PacketOver nSendCount=786440, MaxOverSize=786432, m_nSendProcessing=192, m_nMaxSendProcessing=192

2021-10-08 02:24:17 discon client: ( 15, 64) T=000:01:00:000, RC=239,RCS=2, RB=2974,RBS=24, SC=4996,SCS=41, SB=52186,SBS=438





=== GenerateExceptionHandler ========================================

2021-10-08 02:24:33 Exception !!!, code=0x00000000, address=0x004DB32D

Minidump write end.....................

0x004DB32D ps_game.exe: <unknown symbol>

0x00405360 ps_game.exe: <unknown symbol>

Stack trace end.....................



Stack trace(all thread) begin.....................



Module list:

C:\ShaiyaServer\PSM_Client\bin\ps_game.exe, loaded at 0x00400000 - 09/07/15 12:22:00

WARNING: ps_game.exe is not accessible
Symbol search path is: ps_game.pdb
WARNING: ps_game.pdb is not accessible
WARNING: ps_game.pdb is not accessible

Microsoft (R) Windows Debugger Version 6.3.0017.0
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\ShaiyaServer\PSM_Client\bin\Log\20211007_235157 _ps_game.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available

Windows Longhorn Version 9200 MP (4 procs) Free x86 compatible
Product: Server, suite: TerminalServer DataCenter SingleUserTS
Debug session time: Fri Oct 08 02:24:33 2021
System Uptime: not available
Process Uptime: 0 days 2:32:36.000
Symbol search path is: ps_game.pdb
Executable search path is: ps_game.exe
.................................................. .
The call to LoadLibrary(ext) failed, Win32 error 2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(exts) failed, Win32 error 2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(uext) failed, Win32 error 2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(ntsdexts) failed, Win32 error 2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.
(1c74.ad4): Unknown exception - code 00000000 (!!! second chance !!!)

thread count = 24
thread 0(4356)

0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12

0x751C61D2 KERNELBASE.dll: WaitForSingleObject + 18

0x74FCB312 sechost.dll: RegisterServiceCtrlHandlerExW + 818

0x74FDCF21 sechost.dll: RpcClientCapabilityCheck + 2145

0x74FDC4A7 sechost.dll: StartServiceCtrlDispatcherA + 87

0x004E427D ps_game.exe: <unknown symbol>

0x00540640 ps_game.exe: <unknown symbol>

0x004CCB90 ps_game.exe: <unknown symbol>

0x95E90000 <unknown module>: <unknown symbol>


thread 1(7912)

0x770CF04C ntdll.dll: ZwWaitForMultipleObjects + 12

0x751D3828 KERNELBASE.dll: WaitForMultipleObjects + 24

0x004E2B99 ps_game.exe: <unknown symbol>

0xCCCC747E <unknown module>: <unknown symbol>


thread 2(7984)

0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12

0x751C61D2 KERNELBASE.dll: WaitForSingleObject + 18

0x004D5738 ps_game.exe: <unknown symbol>

0x747762C4 KERNEL32.DLL: BaseThreadInitThunk + 36

0x770C1B69 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1081

0x770C1B34 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1028


thread 3(7864)

0x770CF04C ntdll.dll: ZwWaitForMultipleObjects + 12

0x747762C4 KERNEL32.DLL: BaseThreadInitThunk + 36

0x770C1B69 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1081

0x770C1B34 ntdll.dll: RtlSubscribeWnfStateChangeNotification + 1028


thread 4(2772)

0x770CF8FC ntdll.dll: NtGetContextThread + 12

0x04680A50 dbghelp.dll: SymGetModuleBase

0x52990C45 <unknown module>: <unknown symbol>

0x52990C45 <unknown module>: <unknown symbol>


thread 5(4804)

0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12

0x73A3AE46 MSWSOCK.dll: sethostname + 13750

0x7504B37D WS2_32.dll: WSAAccept + 173

0x004D7ECE ps_game.exe: <unknown symbol>


thread 6(5052)

0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12

0x751C61D2 KERNELBASE.dll: WaitForSingleObject + 18

0x004D9E2B ps_game.exe: <unknown symbol>

0xCCCC747E <unknown module>: <unknown symbol>


thread 7(7536)

0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12

0x751C61D2 KERNELBASE.dll: WaitForSingleObject + 18

0x004D9E2B ps_game.exe: <unknown symbol>

0xCCCC747E <unknown module>: <unknown symbol>


thread 8(5032)

0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12

0x751C61D2 KERNELBASE.dll: WaitForSingleObject + 18

0x004D9E2B ps_game.exe: <unknown symbol>

0xCCCC747E <unknown module>: <unknown symbol>


thread 9(5296)

0x770D065C ntdll.dll: ZwWaitForAlertByThreadId + 12

0x770B88ED ntdll.dll: RtlWaitOnAddress + 477

0x770B87DF ntdll.dll: RtlWaitOnAddress + 207

0x7709E0A5 ntdll.dll: RtlEnterCriticalSection + 293

0x7709DFC5 ntdll.dll: RtlEnterCriticalSection + 69

0x0040CA38 ps_game.exe: <unknown symbol>

0x4D8B51EC <unknown module>: <unknown symbol>


thread 10(1148)

0x770CEB0C ntdll.dll: NtRemoveIoCompletion + 12

0x004DCB92 ps_game.exe: <unknown symbol>


thread 11(6696)

0x770CEB0C ntdll.dll: NtRemoveIoCompletion + 12

0x004DCB92 ps_game.exe: <unknown symbol>


thread 12(6888)

0x770CEB0C ntdll.dll: NtRemoveIoCompletion + 12

0x004DCB92 ps_game.exe: <unknown symbol>


thread 13(8176)

0x770CEB0C ntdll.dll: NtRemoveIoCompletion + 12

0x004DCB92 ps_game.exe: <unknown symbol>


thread 14(7932)

0x770CEB0C ntdll.dll: NtRemoveIoCompletion + 12

0x004DCB92 ps_game.exe: <unknown symbol>


thread 15(5972)

0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12

0x751C61D2 KERNELBASE.dll: WaitForSingleObject + 18

0x004D9E2B ps_game.exe: <unknown symbol>

0xCCCC747E <unknown module>: <unknown symbol>


thread 16(4924)

0x770D065C ntdll.dll: ZwWaitForAlertByThreadId + 12

0x770B88ED ntdll.dll: RtlWaitOnAddress + 477

0x770B87DF ntdll.dll: RtlWaitOnAddress + 207

0x7709E0A5 ntdll.dll: RtlEnterCriticalSection + 293

0x7709DFC5 ntdll.dll: RtlEnterCriticalSection + 69

0x004218BA ps_game.exe: <unknown symbol>

0x4D8B51EC <unknown module>: <unknown symbol>


thread 17(7440)

0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12

0x751C61D2 KERNELBASE.dll: WaitForSingleObject + 18

0x00406FEC ps_game.exe: <unknown symbol>


thread 18(4232)

0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12

0x751C61D2 KERNELBASE.dll: WaitForSingleObject + 18

0x0040734B ps_game.exe: <unknown symbol>


thread 19(8068)

0x00424303 ps_game.exe: <unknown symbol>

0x25870008 <unknown module>: <unknown symbol>

0x00409610 ps_game.exe: <unknown symbol>

0x00409610 ps_game.exe: <unknown symbol>

0x5754BB80 <unknown module>: <unknown symbol>


thread 20(7392)

0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12

0x751C61D2 KERNELBASE.dll: WaitForSingleObject + 18

0x0040734B ps_game.exe: <unknown symbol>


thread 21(4040)

0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12

0x751C61D2 KERNELBASE.dll: WaitForSingleObject + 18

0x0040734B ps_game.exe: <unknown symbol>


thread 22(6868)

0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12

0x751C61D2 KERNELBASE.dll: WaitForSingleObject + 18

0x0040734B ps_game.exe: <unknown symbol>


thread 23(3068)

0x770CEABC ntdll.dll: ZwWaitForSingleObject + 12

0x751C61D2 KERNELBASE.dll: WaitForSingleObject + 18

0x004D9E2B ps_game.exe: <unknown symbol>

0xCCCC747E <unknown module>: <unknown symbol>



Stack trace(all thread) end.....................

=== GenerateExceptionHandler End ================================================



2021-10-08 02:24:33 DeadLock[ConnectError] Occur : WorldDB

2021-10-08 02:24:43 DeadLock[ConnectError] Occur : WorldDB

2021-10-08 02:24:53 DeadLock[ConnectError] Occur : WorldDB

2021-10-08 02:25:03 DeadLock[ConnectError] Occur : WorldDB

2021-10-08 02:25:13 DeadLock[ConnectError] Occur : WorldDB

2021-10-08 02:25:23 DeadLock[ConnectError] Occur : WorldDB

2021-10-08 02:25:33 DeadLock[ConnectError] Occur : WorldDB

2021-10-08 02:25:43 DeadLock[ConnectError] Occur : WorldDB

2021-10-08 02:25:53 DeadLock[ConnectError] Occur : WorldDB

2021-10-08 02:26:03 DeadLock[ConnectError] Occur : WorldDB

2021-10-08 02:26:13 DeadLock[ConnectError] Occur : WorldDB

i trimmed only the lines causing issue.
can anyone please help me to address this exploit?

well after checking the other threads i found another server facing the same issue as me.

i guess this kind of attack must be very popular these day.
pls point me in the right direction.

edit: my discord
8BitGentleMan#2327

your help would be much appreciated.

[nick4ever]

It seems like you got packet injection cause to crash. There are 2 options I can recommend:

1. Server side: Edit your ps_game.exe to drop the invalid merge item packets.
2. Client side: Attach an anti-cheat to your game.exe to prevent injection from running.

The #2 just a "buy-time" solution, if the "mental-guy" who did it to your server can bypass your anti-cheat system, then it will be crashed again, so it is better to have the fix on the server side. Of course, if you can deliver these 2 options, it will be more secure.

In additional, there was SQL Deadlock you need to check too.

[ntkhang1409vt]

Quote:

Originally Posted by nick4ever

It seems like you got packet injection cause to crash. There are 2 options I can recommend:

1. Server side: Edit your ps_game.exe to drop the invalid merge item packets.
2. Client side: Attach an anti-cheat to your game.exe to prevent injection from running.

The #2 just a "buy-time" solution, if the "mental-guy" who did it to your server can bypass your anti-cheat system, then it will be crashed again, so it is better to have the fix on the server side. Of course, if you can deliver these 2 options, it will be more secure.

In additional, there was SQL Deadlock you need to check too.

hi there,

thank you for pointing that out for me.

unfortunately, i'm not familiar much with assembly and packet editing.
the server need to be up and running asap.

i'm willing to pay for the fix if you can do it.
in the meanwhile, i'll learn reverse engineering to better secure my server.


again, thank you for your reply

[nick4ever]

Yeah I know, I know you need the server is back up as soon as possible.

However, my advice is if you can not completely kill this exploit, do not re-open it, it will destroy your reputation in gamer's eyes, that is exactly the purpose of the "psycho-guy". Or you can think about upgrading your EP to 5.4 or above.

[ntkhang1409vt]

that's what i thought too.
upgrading was not an option since our home country "official shaiya" was dead at 5.3, so we stuck with the latest client which support our language (utf-8) at 5.3.

guess i'll stuck w 5.3 and waiting for someone who can fix this

[ntkhang1409vt]

hi, i'm still waiting and willing to pay for someone who can patch the ps_game to drop the attack packets.

my discord
8BitGentleMan#2327

[[ADM]Beno™]

I can help you if you still need it. Check your discord

[carlos233]

Quote:

Originally Posted by ntkhang1409vt

hi, i'm still waiting and willing to pay for someone who can patch the ps_game to drop the attack packets.

my discord
8BitGentleMan#2327

I can help you. call me discord