| View previous topic :: View next topic |
| Author |
Message |
DB_Bucephalus
Joined: 23 Jun 2012
Posts: 2
|
 Posted: Sat Jun 23, 2012 12:51 Post subject: |
 |
|
Hey this the other admin from dalelands and I slept on it..
Without a BIC file we can't find out if a player has too many spells, in order to have one in the server vault the server will crash at least once but here is how we can slow down those who are malicious and or force those just ignorant into contacting staff..and what we could use a plug in for.
**one of our scriptors already wrote a plug in that can detect BIC's with too many spells so it's possible
1. Server crashes due to issue
2. Server restarts and fires new plug in (this runs on any launch not just due to crash)
3. new plug in does several things
3a. sorts through all bics detects any with too many spells (if none detected it finishes no issue-we can do this by creation time to lesson server load because some servers have alot of bics-no need to check old ones only recent ones)
3b. if one is detected it goes on to fetch player name from server vault that correlates to that bic
3c. it cross references against the database to get ip and cdkey
3d. (we know this is possible due to a current nwnx admin plug in)-it then writes the cdkey and player login to ini. file
3e. it generates a report so the info can be shared with other pw's on the player if they are malicious
4. server finishes loading hacker has to get new cdkeys and login that is not associated with someone else. |
|
| Back to top |
|
 |
Arpl
Joined: 22 Jul 2011
Posts: 5
|
| Posted: Mon Jun 25, 2012 5:35 Post subject: |
|
|
| DB_Bucephalus wrote: | | Without a BIC file we can't find out if a player has too many spells |
| Code: | __declspec(naked)
unsigned int __stdcall GetNumberKnownSpellsOfClass(int creatureId, int classPosition)
{
_asm
{
/* Grab the ServerApp instance. */
MOV ECX, DWORD PTR [0x0086442C]
MOV ECX, DWORD PTR [ECX + 0x04]
/* Call ServerApp::GetCreatureByGameObjectID([ESP+4] = Creature Id) */
PUSH DWORD PTR [ESP + 0x04]
MOV EAX, 0x0054A1B0
CALL EAX
OR EAX, EAX
JZ __Error
/* creatureStats = creatureObject->m_pStats */
MOV ECX, [EAX + 0x1FC4]
/* Call CreatureStats::GetClassInfo([ESP+8] = Class position) */
PUSH DWORD PTR [ESP + 0x08]
MOV EAX, 0x059AA30
CALL EAX
OR EAX, EAX
JZ __Error
PUSH ESI
PUSH EDI
SUB EDI, EDI
MOV ESI, EAX
PUSH EBP
MOV EBP, 9
__AddNextSpellLevel:
MOV ECX, ESI
/* Call ClassInfo::GetNumberKnownSpells(EBP = Spell level) */
PUSH EBP
MOV EAX, 0x00755450
CALL EAX
AND EAX, 0xFFFF
ADD EDI, EAX
DEC EBP
JNS __AddNextSpellLevel
POP EBP
MOV EAX, EDI
POP EDI
POP ESI
__Error:
RET 0x04
}
} |
This is not exactly pretty and it's far from a solution to the actual problem, but it seems to work somewhat reliably as a detection method so long as no single spell level has more than 255 spells known, which should be enough for most people. I've only tested it up to 278 spells known so far and while it should be stable I can't actually guarantee it, so try not to use it unless you're already having this problem.
So, uh, to get rid of the worst symptoms of this problem, clean out the bad BICs from your vault and set up the On Client Leave script to check the spells of every player that logs off. If a player is caught having too many spells, archive its (newly?) saved BIC, and ban his/her IP and CD key. If you want to kick currently-online players you'll likely have to use the heartbeat script, or a pre/post-scribe event if you have one. |
|
| Back to top |
|
|
luna
Joined: 20 Jan 2012
Posts: 28
|
| Posted: Mon Jun 25, 2012 7:54 Post subject: |
|
|
Arpl, where do you run that code?
In a nwn2 script or as a nwnx4 plugin? |
|
| Back to top |
|
|
Arpl
Joined: 22 Jul 2011
Posts: 5
|
| Posted: Mon Jun 25, 2012 15:32 Post subject: |
|
|
Put it in an NWNX plugin and make it usable through NWNXGetInt. Note that this is intended as a quick hacky workaround and not something permanent -- that would require fixing ReadSpellsFromGff (May have a fix later tonight) or examining the BICs before loading (Could probably be done in that "no corrupted files" check that Skywing's excellent server vault plugin does), though I suppose it would still work for punk busting even with something like that in place, or just be used as a regular scripting function in case someone would like to limit Wizards' spellbooks like in PnP.
Edit; the following seems to fix the crash entirely by pre-empting the AddKnownSpell function and just doing nothing if the player already has 240 spells or more in the relevant spell list. It's hardly pretty but it seems to work just fine.
| Code: | /* Jump to here from offset 0x59FFE0 */
PUSHAD
/* Call CreatureStats::GetClassInfo([ESP+8] = Class position) */
PUSH [ESP + 0x20 + 0x04]
MOV EAX, 0x059AA30
CALL EAX
OR EAX, EAX
JZ __NoSuchClass
PUSH ESI
PUSH EDI
SUB EDI, EDI
MOV ESI, EAX
PUSH EBP
MOV EBP, 9
__AddNextSpellLevel:
MOV ECX, ESI
/* Call ClassInfo::GetNumberKnownSpells(EBP = Spell level) */
PUSH EBP
MOV EAX, 0x00755450
CALL EAX
AND EAX, 0xFFFF
ADD EDI, EAX
DEC EBP
JNS __AddNextSpellLevel
POP EBP
MOV EAX, EDI
POP EDI
POP ESI
__NoSuchClass:
CMP EAX, 240
JB __AddSpellKnown
/* Perform punkbusting here, if any */
POPAD
RET 0x08
__AddSpellKnown:
POPAD
/* Execute the instructions that the jump replaced, and jump back to the regular add spell function. */
PUSH ECX
PUSH EBX
MOV EBX, DWORD PTR [ESP + 0x0C]
PUSH ESI
MOV ESI, ECX
PUSH 0x59FFE9
RET |
|
|
| Back to top |
|
|
DB_Bucephalus
Joined: 23 Jun 2012
Posts: 2
|
| Posted: Thu Jun 28, 2012 6:46 Post subject: |
|
|
| Thanks I think you gave one of our developers some ideas. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
