Windows 8/10 Client Support Fix

Page 4 of 4 FirstFirst 1234
Results 46 to 51 of 51
  1. #46
    Hardcore Member Fenomenoide is offline
    MemberRank
    May 2016 Join Date
    VenezuelaLocation
    130Posts

    Re: Windows 8/10 Client Support Fix

    for v62, v75 and v83 there are clients with compatibility for windows 8/10
    there are clients with compatibility for windows 8/10there are clients with compatibility for windows 8/10there are clients with compatibility for windows 8/10
    MapleStory v75 Developer.

  2. #47
    Member MechAviv is offline
    MemberRank
    Aug 2015 Join Date
    83Posts

    Re: Windows 8/10 Client Support Fix

    I tried to make it work with v97 and it didn’t work..
    I putted the .dll inside MS folder then I had the error message, after that I JMP’d and it bypassed this error message but nothing happening after clicking the localhost, any solution?


    Sent from my iPhone using Tapatalk

  3. #48
    Registered Virtu is offline
    MemberRank
    Apr 2015 Join Date
    10Posts

    Re: Windows 8/10 Client Support Fix

    Quote Originally Posted by Eric View Post
    <fantastic writeup>
    Holy moly @Eric, that was a delightful read! This was the push I needed to go and try to fire up my old server-thing that has been collecting dust for a couple years now. So many memories crafting messy custom code for it!

    Unfortunately for me, I'm not getting the incorrect parameter error... or any error message for that matter. No issues in JMPing the validation, but I don't think I'm even getting to DirectInput8Create with my client. This is a clean v111 install with the localhost from this post (thanks @sunnyboy for providing the idb!). When I place the patched dinput8.dll in the game's folder with the unmodified client I do get the korean message, but upon editing (or when the dll is not there and the game loads the system's default one) the game's process stays in the background indefinitely and requires manual termination.

    I scoured each and every post in this thread and every other I could find, tried every imaginable solution with no success. Unlike the parameter error, this one isn't of the kind that eventually works if you keep trying... unless I've been terribly unlucky for the past 30+ attempts. At this point I knew I had to get off my ass and do some work to figure out what exactly is going on here.

    Naturally, I tried to make some sense out of IDA's trace and debug output...

    The debug output didn't look too interesting... but here it is anyways. It was fairly consistent between attempts: DEVOBJ.dll was always the last thing it successfully loaded, and from there it would start a couple threads that would live on forever.

    Spoiler:
    400000: process D:\MapleStory\maplestory_111.1_local.exe has started (pid=1892)77CF0000: loaded ntdll.dllUnloaded Unloaded Unloaded 76610000: loaded C:\WINDOWS\SysWOW64\KERNEL32.DLL763A0000: loaded C:\WINDOWS\SysWOW64\KERNELBASE.dll73A40000: loaded C:\WINDOWS\SysWOW64\apphelp.dll72A80000: loaded C:\WINDOWS\SysWOW64\AcLayers.DLL74B80000: loaded C:\WINDOWS\SysWOW64\msvcrt.dll76760000: loaded C:\WINDOWS\SysWOW64\USER32.dll74B30000: loaded C:\WINDOWS\SysWOW64\win32u.dll77260000: loaded C:\WINDOWS\SysWOW64\GDI32.dll74730000: loaded C:\WINDOWS\SysWOW64\gdi32full.dll766E0000: loaded C:\WINDOWS\SysWOW64\msvcp_win.dll74DF0000: loaded C:\WINDOWS\SysWOW64\ucrtbase.dll75060000: loaded C:\WINDOWS\SysWOW64\SHELL32.dll76C80000: loaded C:\WINDOWS\SysWOW64\cfgmgr32.dll76580000: loaded C:\WINDOWS\SysWOW64\shcore.dll74A00000: loaded C:\WINDOWS\SysWOW64\RPCRT4.dll74710000: loaded C:\WINDOWS\SysWOW64\SspiCli.dll74700000: loaded C:\WINDOWS\SysWOW64\CRYPTBASE.dll771E0000: loaded C:\WINDOWS\SysWOW64\bcryptPrimitives.dll77290000: loaded C:\WINDOWS\SysWOW64\sechost.dll768E0000: loaded C:\WINDOWS\SysWOW64\combase.dll77710000: loaded C:\WINDOWS\SysWOW64\windows.storage.dll74890000: loaded C:\WINDOWS\SysWOW64\advapi32.dll770F0000: loaded C:\WINDOWS\SysWOW64\shlwapi.dll77CE0000: loaded C:\WINDOWS\SysWOW64\kernel.appcore.dll74DA0000: loaded C:\WINDOWS\SysWOW64\powrprof.dll76E30000: loaded C:\WINDOWS\SysWOW64\profapi.dll74910000: loaded C:\WINDOWS\SysWOW64\OLEAUT32.dll772E0000: loaded C:\WINDOWS\SysWOW64\SETUPAPI.dll73040000: loaded C:\WINDOWS\SysWOW64\MPR.dll66680000: loaded C:\WINDOWS\SysWOW64\sfc.dll73060000: loaded C:\WINDOWS\SysWOW64\WINSPOOL.DRV74010000: loaded C:\WINDOWS\SysWOW64\IPHLPAPI.DLL745D0000: loaded C:\WINDOWS\SysWOW64\bcrypt.dll72A60000: loaded C:\WINDOWS\SysWOW64\sfc_os.DLLFTH: (1892): *** Fault tolerant heap shim applied to current process. This is usually due to previous crashes. ***6EF40000: loaded C:\WINDOWS\SysWOW64\SortServer2003Compat.dll74B50000: loaded C:\WINDOWS\SysWOW64\IMM32.DLL77D23880: thread has started (tid=8908)77D23880: thread has started (tid=1212)77D23880: thread has started (tid=9652)74C40000: loaded C:\WINDOWS\SysWOW64\psapi.dll6E6E0000: loaded D:\MapleStory\nexonguard.aes74AC0000: loaded C:\WINDOWS\SysWOW64\ws2_32.dll6D3A0000: loaded C:\WINDOWS\SysWOW64\dinput8.dll70020000: loaded C:\WINDOWS\SysWOW64\netapi32.dll76E50000: loaded C:\WINDOWS\SysWOW64\ole32.dll74100000: loaded C:\WINDOWS\SysWOW64\version.dll726B0000: loaded C:\WINDOWS\SysWOW64\wininet.dll74040000: loaded C:\WINDOWS\SysWOW64\winmm.dll60000000: loaded D:\MapleStory\ijl15.dll10000000: loaded D:\MapleStory\nmcogame.dll21100000: loaded D:\MapleStory\mss32.dll73AE0000: loaded C:\WINDOWS\SysWOW64\WINMMBASE.dll1D0000: loaded C:\WINDOWS\SysWOW64\winmmbase.dllUnloaded C:\WINDOWS\SysWOW64\winmmbase.dll73160000: loaded C:\WINDOWS\SysWOW64\SHFOLDER.dll54D0000: loaded C:\WINDOWS\SysWOW64\winmmbase.dllUnloaded C:\WINDOWS\SysWOW64\winmmbase.dllPDBSRC: loading symbols for 'D:\MapleStory\maplestory_111.1_local.exe'...74680000: loaded C:\WINDOWS\SysWOW64\uxtheme.dll733A0000: loaded C:\WINDOWS\SysWOW64\dwmapi.dll5EE0000: loaded D:\MapleStory\nmconew.dllUnloaded D:\MapleStory\nmconew.dll5EE0000: loaded D:\MapleStory\nmconew.dll76F50000: loaded C:\WINDOWS\SysWOW64\NSI.dll72D10000: loaded C:\WINDOWS\SysWOW64\dhcpcsvc.DLL601C8BF: thread has started (tid=2168)601C8BF: thread has started (tid=14088)601C8BF: thread has started (tid=9692)745A0000: loaded C:\WINDOWS\SysWOW64\ntmarta.dllEnable Low Fragmentation Heap Failure(0x57)6BAE0000: loaded C:\Users\Virtu\AppData\Local\Temp\drc7207.tmp6E620000: loaded C:\Users\Virtu\AppData\Local\Temp\nst7227.tmp6D900000: loaded C:\Users\Virtu\AppData\Local\Temp\nst7238.tmp6C180000: loaded C:\Users\Virtu\AppData\Local\Temp\nst7248.tmp6C110000: loaded C:\Users\Virtu\AppData\Local\Temp\nst7269.tmp6C0A0000: loaded C:\Users\Virtu\AppData\Local\Temp\nst7279.tmp6BA00000: loaded C:\Users\Virtu\AppData\Local\Temp\nst728A.tmp6B990000: loaded C:\Users\Virtu\AppData\Local\Temp\nst729B.tmp6B920000: loaded C:\Users\Virtu\AppData\Local\Temp\nst72BB.tmp6B8B0000: loaded C:\Users\Virtu\AppData\Local\Temp\nst72CB.tmp6B730000: loaded C:\Users\Virtu\AppData\Local\Temp\nst72DC.tmp50C00000: loaded D:\MapleStory\PCOM.DLL74330000: loaded C:\WINDOWS\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\MSVCR90.dll76B30000: loaded C:\WINDOWS\SysWOW64\MSCTF.dll729D0000: loaded C:\WINDOWS\SysWOW64\DEVOBJ.dll77D9A630: thread has started (tid=11056)


    In the instruction trace, however, one can clearly pinpoint the infinite loop: it lies within C048F0 as it calls 4DA820 repeatedly as some integer v4 never becomes equal to 18. I've been staring at C048F0 for a while now and I'm at a loss, couldn't even name any of the variables yet. Has anyone had to face this bad boy already? Here's the relevant instruction trace as well.

    Spoiler:



    I don't intend on giving up just yet, and should this end up working, I'd gladly share the resulting client for all 3 of you out there that still use v111 and are stuck with Windows 8 / 10. Literally any advice will be immensely appreciated!
    Last edited by Virtu; 6 Days Ago at 08:10 AM. Reason: output looks better in a spoiler tag

  4. #49
    Moderator Eric is online now
    ModeratorRank
    Jan 2010 Join Date
    DEV CityLocation
    2,993Posts

    Re: Windows 8/10 Client Support Fix

    @Virtu hmm, assuming it's the same process hang bug that I think it is, you may want to try finding HideDll and force return it at the functions entry point. With earlier big-bang clients at least, the issue was caused due to the *.nst temp file hiding done in CWvsApp::SetUp. Since that function is vmed to hell, you could at least access the HideDll function and return it at entry so that it doesn't affect the files.

    You're probably right, you aren't getting to DirectInput8Create because you got stuck mid-way while executing CWvsApp::SetUp and are stuck. This is what used to happen for me as well and that's what I did to fix it, so I hope that helps.

  5. #50
    Registered Virtu is offline
    MemberRank
    Apr 2015 Join Date
    10Posts

    Re: Windows 8/10 Client Support Fix

    Quote Originally Posted by Eric View Post
    @Virtu hmm, assuming it's the same process hang bug that I think it is, you may want to try finding HideDll and force return it at the functions entry point. With earlier big-bang clients at least, the issue was caused due to the *.nst temp file hiding done in CWvsApp::SetUp. Since that function is vmed to hell, you could at least access the HideDll function and return it at entry so that it doesn't affect the files.

    You're probably right, you aren't getting to DirectInput8Create because you got stuck mid-way while executing CWvsApp::SetUp and are stuck. This is what used to happen for me as well and that's what I did to fix it, so I hope that helps.
    @Eric Thanks so much for the reply! Upon inspecting a little, I'm pretty confident this is the function we want:


    Spoiler:


    I see it loads the copied dlls on return as well - so I believe we can't just force return any value and instead must load the file from the original path, is that correct?

    EDIT: After some asm mumbo jumbo I got the function to look like this

    Spoiler:





    Buuut I think I'm forgetting something important, as this modified function ends up not loading anything at all and crashing shortly after. Looking at the stack view in OllyDBG reveals that GetSystemDirectoryA does exactly as advertised, so ExistingFileName got assigned to "C:\WINDOWS\system32". Indeed I can't expect to be able to load a directory as a library. :P

    Now to find out what sort of cryptic shenanigans are performed in the original function body to insert the filename part into the path... but gotta get some sleep first. I'll look into that soon.

    I wonder why these nst files would cause so much trouble though? It seems they usually get loaded correctly in the vanilla client, and the infinite loop pops up somewhere after that. But it might just be me not seeing the big picture correctly.


    EDIT2: Didn't have as much time to work on this as I wanted. I've just realized that they're just hiding away ws2_32.dll over and over with this function though. What the heck? oO

    What's even more intriguing to me is that they do load the original ws2_32.dll to memory at some point before this function is called, so I shouldn't need to perform any additional loading and just force return like you said. Unfortunately it didn't behave as well as I wanted, and crashed with an invalid memory read exception on another subroutine after all the function calls were done. I'll see what I can do.


    EDIT3: It's failing in somewhere related to WSAStartup, which seems to be how Windows Sockets initializes. Both the call to (what I'm assuming to be) HideDLL and the offending function are inside a long-ass subroutine that could perhaps be CWvsApp::SetUp? I don't have that one named yet. It contains the strings "Start Client Set Up.\r\n" and "\r\nClose This Window After 10Second...\r\n" near the end.

    This is where they're being called:
    Spoiler:

    And ThisCrashes doesn't look very pretty either. It's called multiple times after that one, for other libraries other than WS, I'm assuming. Here's the beginning of it.
    Spoiler:


    Last edited by Virtu; 4 Days Ago at 05:54 AM.

  6. #51
    Newbie OnePunchMan99 is offline
    MemberRank
    Apr 2018 Join Date
    3Posts

    Re: Windows 8/10 Client Support Fix

    Most of the information in here is a bit above my head. I'm getting that -2xxxxxxxxxx error.

    Any working fixes for this on Win10 1703?



Page 4 of 4 FirstFirst 1234

Advertisement