Leaderboard

M2 Download Center Download Here ( Internal ) @Tatsumaru photo DOWNLOAD

M2 Download Center Download Here ( Internal ) Hi, here I publish my edit of the public Render Target System. I hate it, when people earn money with public systems. Preview: [Hidden Content] DL: [Hidden Content] Original Thread [Hidden Content]

M2 Download Center Download Here ( Internal ) Introduction Hey, since I'm often asked if I can make an example for this or that in Python, I just post some of these examples in this thread from time to time. Usually they just end up in my trash (that's why the collection is small for now) but maybe it will help some of you to learn something. You are also welcome to post examples here and I will add them to the startpost. You have a wish for a certain example? Then write it in here. PS: These examples are designed very simple, so that they can be understood. Examples ui.ComoBox() ui.ScrollBar() with text ui.AniImageBox() as loading bar ui.ListBox() ui.ToggleButton() ui.RadioButtonGroup() ui.DragButton() ui.Bar(), ui.Box(), ui.Line() ui.Gauge(), ui.SliderBar() ui.TextLine(), ui.EditLine() Pagination Tabs DropDown Tree Category Navigation ListBox Search TextLineScrollable Class Collapsible window

It's very simple, I suppose some must already have FIX but most do not. When you give Guild War Under Map if an Observer from your guild enters War and the enemy kills it, the counter will count it causing you to lose the war if they are many observers., although it can only kill you once, it continues to be an advantage. Search in battle.cpp bool battle_is_attackable(LPCHARACTER ch, LPCHARACTER victim) { if (victim->IsDead()) return false; after this add: if (victim->IsObserverMode()) return false; Now its fixed.

I can't figure out what this fixes, you keep putting pseudo-random numbers on your fix ?. If it's a function to reset new "nice", but I think what you want is to eliminate the fact that some characters are reset and change the values with some in 10k and others in 13k even if they are of the same race. The problem is that since you create the character for the first time Metin2 will always place one stronger than another regardless of whether they are of the same race, that is to say that a character will always be lucky among 5 others to be the winner with more attributes "Forcing forced reset to stabilize." . You have two options more eaasy: Remove all RANDOM functions or MINMAX and set your conditions, but you are going to change all the ones that contain the array or data structure and this is very boring. Go to constants.cpp and replace the "Global Data Structure": TJobInitialPoints JobInitialPoints[JOB_MAX_NUM] = /* { int st, ht, dx, iq; int max_hp, max_sp; int hp_per_ht, sp_per_iq; int hp_per_lv_begin, hp_per_lv_end; int sp_per_lv_begin, sp_per_lv_end; int max_stamina; int stamina_per_con; int stamina_per_lv_begin, stamina_per_lv_end; } */ { // str con dex int 초기HP 초기SP CON/HP INT/SP HP랜덤/lv MP랜덤/lv 초기stam stam/con stam/lv { 6, 4, 3, 3, 600, 200, 40, 20, 36, 44, 18, 22, 800, 5, 1, 3 }, // JOB_WARRIOR 16 { 4, 3, 6, 3, 650, 200, 40, 20, 36, 44, 18, 22, 800, 5, 1, 3 }, // JOB_ASSASSIN 16 { 5, 3, 3, 5, 650, 200, 40, 20, 36, 44, 18, 22, 800, 5, 1, 3 }, // JOB_SURA 16 { 3, 4, 3, 6, 700, 200, 40, 20, 36, 44, 18, 22, 800, 5, 1, 3 }, // JOB_SHAMANa 16 #ifdef ENABLE_WOLFMAN_CHARACTER { 2, 6, 6, 2, 600, 200, 40, 20, 36, 44, 18, 22, 800, 5, 1, 3 }, // JOB_WOLFMAN 16 // TODO: 4개능력치 초기값 외에 다른 스탯 필요 (기획자한테 요청) #endif }; for: TJobInitialPoints JobInitialPoints[JOB_MAX_NUM] = /* { int st, ht, dx, iq; int max_hp, max_sp; int hp_per_ht, sp_per_iq; int hp_per_lv_begin, hp_per_lv_end; int sp_per_lv_begin, sp_per_lv_end; int max_stamina; int stamina_per_con; int stamina_per_lv_begin, stamina_per_lv_end; } */ { // str con dex int 초기HP 초기SP CON/HP INT/SP HP랜덤/lv MP랜덤/lv 초기stam stam/con stam/lv { 6, 4, 3, 3, 600, 200, 40, 20, 44, 44, 22, 22, 800, 5, 3, 3 }, // JOB_WARRIOR 16 { 4, 3, 6, 3, 650, 200, 40, 20, 44, 44, 22, 22, 800, 5, 3, 3 }, // JOB_ASSASSIN 16 { 5, 3, 3, 5, 650, 200, 40, 20, 44, 44, 22, 22, 800, 5, 3, 3 }, // JOB_SURA 16 { 3, 4, 3, 6, 700, 200, 40, 20, 44, 44, 22, 22, 800, 5, 3, 3 }, // JOB_SHAMANa 16 #ifdef ENABLE_WOLFMAN_CHARACTER { 2, 6, 6, 2, 600, 200, 40, 20, 44, 44, 22, 22, 800, 5, 3, 3 }, // JOB_WOLFMAN 16 // TODO: 4개능력치 초기값 외에 다른 스탯 필요 (기획자한테 요청) #endif }; That's it.

He's trying to call some API functions for making a DLL injectable to metin2 client = cheat/hack. @ledi12 We don't support this here, topic closed.

Hello guys. I'm Narvikz, I've been in the Metin2 scene since forever, actually I feel like I'm kind of the furniture already and unluckily full of dust by now This will actually be one of the slight amount of contributes I've given to metin2dev, I've jumped off ship a while back since this game died but apparently some troll still support it, anyway that's not related to this thread so let's keep it out of here. As there's still demand for some reason so is there a supply of game hacks, it's the basics of games, the more players there are the bigger the market for payhax and so the more profitable they are. I was contacted by a friend of mine (Runah Services) which told me that he wasn't unable to detect m2bob in any way, he also said that there are very few people who are doing it and those who are able to detect were keeping it private, he did not find anyone providing a satisfactory service to protect against these tools. What I have to say about this? You fools, you clueless fools. So, let's face it, you guys just don't have a clue about what you are doing. Right off the bat I could enumerate dozens of ways to systematically detect that m2bob is running on some system and think of its basic architecture. But first, let's talk about its architecture and how we can defeat it. Architecture M2Bob - Patcher.exe: This is the start up process when you first start using M2bob, this will generate a 128-bit Digest (probably md5) for each file that is to be checked on disk, send it through a POST HTML request to an API that will compare the client side files to the server side up-to-date files, if any file's digest is any different it will download the most up to date file using the HTTP protocol and replace it at disk. This patcher will connect to a web server hosted at the subdomain ni220471_1.vweb02.nitrado.net and as you can see in the spoiler, little reservations has Slait as to what's hosted there. Once everything is updated it will open M2Bob.exe which we'll talk about next. M2Bob.exe This file when opened from outside the Program Files will create a randomly named (yet with constant size - 10 characters) folder inside of the Program Files folder of your computer and then another one with the same template. After that it will spawn a copy of itself with a random name (yet same size once again) and do the same for the M2Bob_Dll.dll changing its extension to ".e" instead of "dll". After that it will open that randomly named executable and execute from there. Once you press the button to start the game it will spawn a metin2client instance, it will inject its module into the process memory. After that it doesn't close the open HANDLE to the game which leaves us a HUGE detection vector to take advantage of. M2Bob_Dll.dll This module once injected into metin2client will run a few Signature Scans to find the game's subroutines it needs to call in order to simulate game actions. If you take a look into the module's memory you can see those patterns and its masks quite easily, this uses a standard FindPattern function that's been around since the very start of the cheating scene. It will then automate the actions of the player using complex algorithms which are not relevant for what we care about. Security wise all M2Bob does is hooking Module32Next and whenever at your iteration through the module list you hit the m2bob random named module it jumps it to the next one, successfully hiding its module from the simplest of all module enumeration techniques. Good job Slait, always work for the minimal standards and do not think out of the box The hooking method used is the BIGGEST PILE OF CRAP I'VE EVER SEEN being done on a Windows NT based Operative System This is still a detour with a trampoline hook at function start but instead of replacing the first 5 bytes with a JMP + 32 bit absolute memory address he does THE MOST RETARDED SHIT I'VE SEEN IN A WHILE. Trust me guys, I've seen so much retarded shit lately, but Slait takes the crown on this one, he really deserves it since he's put a lot of effort into this. Instead of copying the first five bytes of this function, replacing it by a simple JMP to a memory region where it has these first five bytes followed by his detour function and then a trampoline JMP back to where it all started, he managed to do a 8 FUCKING BYTE LONG in-line hook, when literally every Windows API function is compatible with Hotpatching (easy first 5 bytes hooks). System Overview The whole system is really weak, it circumvents the protection mechanisms that is supposed to which are a PILE OF CRAP like Hackshield and GameGuard or whatever the fuck GameForge is using nowadays, but it doesn't really think out of the box when it comes to protection and obfuscation. Slait wouldn't stand a chance if GameForge purchased an actual decent service from someone who has a single clue about what they're doing (lol, even fucking Bastian Suter would perform better) instead of this pile of crap. There's no solid DRM and the system is overall really weak and shouldn't take much longer than a few hours to crack to a talented reverse engineer. Detection Vectors Well, I don't even know where to start, the whole system is flawed and weak, there's holes everywhere so I'll enumerate some quick detection vectors I can think off, and yes, I HAVE TESTED MOST OF THOSE AND THEY WORK Method #1 - Hidden Memory Pages (TESTED & WORKING) Iterate through memory pages and using VirtualQuery find those which are 4096 byte long (size of the PE Header) and being used, for those check if you can get a DOS MZ executable signature, and if you do then you most probably have a PE Header memory page. Interpret cast that memory address to NT Header and check the TimeDateStamp and or SizeOfCode or other parameters that are constant (there's tons of them) and allow you to uniquely identify m2bob. Method #2 - Open HANDLEs to game process (TESTED & WORKING) You're gonna have to use the Native API and some Undocumented structures and functions to get this done, it's really easy to do so though, shouldn't take you longer than an hour to being able to enumerate all you need to do this. Calling NtQuerySystemInformation with SystemHandleInformation as first parameter while the return value of this function is different than STATUS_INFO_LENGTH_MISMATCH or STATUS_BUFFER_OVERFLOW you are able to populate a SYSTEM_HANDLE_INFORMATION object which will have the first 4 bytes as the count of SYSTEM_HANDLE objects present in an array that follows it. This list once populated will contain a list that contains all the HANDLEs opened in your environment, this means all the File, Registry Keys, Processes, Threads, etc, HANDLEs will be enumerated and will be in that list. But to know the type of HANDLE you're dealing with you have to first call QueryObject on that HANDLE with ObjectTypeInformation to know more about it. This will get you a UNICODE string that will contain the HANDLE type, you only want the ones that are "Process" so you can filter the irrelevant ones out. Then you can check if the HANDLE is targeting your game's process id (you can get your process id at the PEB of your process), if it is you're gonna want to run some checks on that process to check whether if it's a legit one or a blacklisted one. You can do this by opening a HANDLE to it with OpenProcess and PROCESS_QUERY_LIMITED_INFORMATION as parameter. Then you're gonna want to get the executable path in disk using QueryFullProcessImageName, from there you can just read the first 4096 bytes of that file, cast them to NT Header and do the same checks as mentioned above. Alternatively you could just open the handle with PROCESS_VM_READ privileges, and use ReadProcessMemory to get the PE Header, but PROCESS_QUERY_LIMITED_INFORMATION never fails, even if the process is run as administrator or it is a system process and since m2bob doesn't use any Dynamic Forking technique it is pointless to use anything more than that. Method #3 - Integrity checks at Module32Next (TESTED & WORKING) Okay, this might sound retarded because there's malware that will spread to every process in the target system and hide itself using a user-mode rootkit that might hook Module32Next, thing is, Slait's kind of hooking is so retarded there is no actual way this would raise a false positive. This is his retarded hook: The 1st byte will always be FF, the 2nd will always be 25, the 7th will always be E4 and the 8th stays at a constant F8 as well. Check those and insert a huge dildo in Slait's ass, seriously, isn't that hard really. Do you think that's even hard? Please...... Method #4 - DNS Cache (Untested But Will Work) So, now we're jumping to the shitty methods that are only here to fill the thread just so you can be proven wrong when you say it can't be done. Basically whenever you resolve a domain name a UDP request is sent to your DNS Server asking for the resolution of a certain domain or subdomain, it will answer with some records for that domain, these records contain the IP Address it resolves to, and that IP address will be the one you'll connect using the Internet Protocol version 4. Your operative system will cache those resolutions so that each time you need to have that domain solved it doesn't bother your DNS Server with requests each time and there is a faster resolution, you can use this to beat M2Bob once again. You don't wanna look for m2bob.net since that could flag players that just crawled around that website, but if you flag their patch server subdomain, you can actually accurately flag players that have been using m2bob. Remember ni220471_1.vweb02.nitrado.net? Yup, flag the shit out of it. Method #5 - USN Journal (Untested But Will Work) The USN Journal is a system in the NTFS that keeps track of changes to files in the user's system. It will contain the timestamp of the said change, the file name and the reason for the log. The first two need no explanation, as to the third it could range from Opening the file, deleting, moving, renaming, creating, etc, etc. How's this useful? Remember how opening M2Bob.exe spawns a different executable in the Program Files folder and opens it? Well, you don't access that executable directly, you still open M2Bob.exe, this means that you could just look for entries in the USN Journal in the last 15 minutes or so that contain the name M2Bob.exe and are followed by some program in the Program Files folder a few milliseconds after (or even skip the latter) that has been opened and just kick the player from the game whenever you detect it. Aditional Methods Detection Vectors, detection vectors everywhere, I laugh at all the incompetents that for months tried to do it and failed systematically, you fools, how can you be so clueless? Even though Module32Next is hooked Module32NextW is not, which means that if you use the UNICODE alternative of the kernel32 library you will get unfiltered results - Good fucking job Slait, Incompetence at its fittest (inb4 every incompetent out there edits a public anti cheat source to use Module32NextW LOL) Haven't checked it, but even though Windows API module enumeration modules are hooked to spoof the results, you should be able to use the InInitializationOrderModuleList, InLoadOrderModuleList or the InMemoryOrderModuleList to find its module. Just be h4rdc0r3 and use Syscalls. Since you're incompetent you won't do this, hell you couldn't even get the indexes for your own operative system version let alone do it for 20 different versions per each function you wanna call. Anyway just implement the native API functions without actually calling them, this can be done really easy and WITH LITTLE INLINE ASM CODE using naked hooks, that will make sure that you don't break the stack inside of the function. You can look into this HERE. Your function call will be done within the kernel, meaning that this would bypass any placed hooks by Slait. Why the hell would your metin2 game process own 2 windows bruh? Doesn't make sense to me, just kick them dude. Signature Scans, this is pointless because his system is all flawed but could be a nice backup resort if he ever decides to use his brain. Pretty sure m2bob has some exported shit in their PE Header, just scan for it using the hidden PE Header detection shown above. As I'm really fucking tired already of writing a long ass thread incomparable to anything ever seen before here or anywhere released publicly online I won't even write down any more detection vectors, the system is filled with holes, I think I've proven my point already and it's pointless to keep doing this. This is a rant thread because you guys that own a metin2 server to make a quick buck should be ashamed of how unskilled you actually are, you are complete incompetents that keep leeching public releases and stealing other people's/servers' work, claiming it as your own or often not even mentioning it since people just don't even care any more. You provide public PAID services on an area you don't have a clue about, you're just scamming customers and selling them dreams. It is really frustrating for me since I left the scene when I was still a kid, I barely knew English and I stayed mostly on my local country's forums, my contributes back then were merely in the translation area, I've put a lot of effort into it now that I think about it, after that I limited my contributes to helping people with general Linux/BSD issues, but then it seemed that owning a Metin2 Private Servers built with pieces and pieces of stolen or leaked work was a trend, and I got really really pissed at the whole scene, I just started trolling all the retards asking for assistance with BSD issues that are from 101 classes, obvious errors that even my grandfather could solve and other retarded threads. Have Fun guys, I know most of you won't use this for anything since even being spoonfed all the methods you're so clueless you can't write this down on code, but maybe there's some one out there that will actually use some nice tips like this, and since I gave them to one guy privately on skype I might as well post them publicly for everyone to see. I've been contacted by SandMann016 to work with him, and to be honest it kind of makes me sad that I am releasing this, I never managed to proceed with those plans but still, he seemed to be a decent guy back when I first met him, but oh well, here it is now. /rant

Version of Files : XXX Hi 1. Description of the problem / Question : How to start rubinum serverfiles? 2. SysErr ( Client / Server ) / SysLog ( Server ) 3. How to reproduce it ? - 4. Screenshots ? - Thanks

NextUpdate will include Hair [Hidden Content] UiToolTip-Fix_2.0.txt UiToolTip-Fix_3.0.txt 2.0 -> Rüstung Costüme/Waffen 3.0 -> Hair bug Fix + On/Off Render Target on Gameoptions

Ignore him. He's just iratm shitposting again. 1) A peer can be null, and it's used when we send something without caring for an answer from db. 2) BlockCountry return type isn't handled, so even if it fails, it doesn't exit. Avenuetm didn't reply to Dr3am3r when he asked whether or not a db.core has been generated (in the thread title, it says "db crash", so we expect he got one), but he ended up giving some random likes and nothing more If he doesn't reply, mods should close this thread then. EDIT: how to read a core dump: [Hidden Content] Enjoy.

M2 Download Center Download Here ( Internal )

M2 Download Center Download Here ( Internal ) Hey guys, since i needed a few MySQL Hashes in the last few days i wrote a little tool to convert normal text to a MySQL5 hash. I'd thought I'd share it, maybe you can need it. You should need it for account passwords since those are hashed. Just start the program, type in your password/text to hash, click the button and it will be hashed and also copied to your clipboard. You just need to paste it then. Virustotal: [Hidden Content]

NOT FOR SALE ! Dont write to me about this costumes. Just only shows

Are you crazy? You lost the guild skills points..

It depends how you want to do it, mixed with items you want to place for sale and some items for showcase only, or all the items are just for showcase. Both ways are possible, but you can wait until 2038 that somebody will code it for you especially for free ?. The principle of operation can be simple or complex, depends how you code it. Basically the best option is when you set an extra variable for every each item, that it is sellable or not, then block the buy function on those items where that flag has been set. Also you can mark those items on clientside, to let the players see those items are not for sale. For a last word, hire a dev if you can't code this for yourself.

Version of Files :zeta v3 Hello guys, I'm having a problem with the compile Source Cline after adding the color skills system I have attached the system files for the editing + my files after the editing in the link below download [Hidden Content] VirusTotal : [Hidden Content]

Can you give me function for this fix bro? And if you can say me where to put it ? Function for check inventory space when buying from npc shop,thank you!