Buffer Overrun again, wtf?

[V_o_o_d_o_o]

MLog:

Code:

GUNZ 1,0,0,290 launched. build (Jun 13 2007 10:25:37) 
Log time (12/12/09 11:19:10)
NON-Skip XTrapPatch
CPU ID = GenuineIntel ( family = 15 , model = 6 , stepping = 5 ) @ 3000 MHz
Display Device = Intel(R) 82945G Express Chipset Family ( vendor=8086 device=2772 subsys=2a57103c revision=2 )
Display Driver Version = 7.14.0010.1461
Windows = 6.0 Build 6002 , Service Pack 2 (2087564KB) :  ..
Load XML from memory : system/locale.xml- SUCCESS
Country : (BRZ), Language : (BRZ)
Load XML from memory : system/gametypecfg.xml 
Load Config from file : config.xml- FAIL
Load XML from memory : system/system.xml- SUCCESS
Load XML from memory : system/strings.xml(0x0016) - SUCCESS
Load XML from memory : system/cserror.xml(0x0016) - SUCCESS
Load XML from memory : system/messages.xml(0x0016) - SUCCESS
InitializeNotify ok.
WFog Enabled Device.
Vertex Shader isn't supported
device created.
Video memory 124.000000 
main : RGetLenzFlare()->Initialize() 
InitialLoading success.
interface Initialize success
ZApplication::OnCreate : begin
0(Primary Sound Driver): Hardware Mixing Not Supported
1(Speakers (Realtek High Definition Audio)): Hardware Mixing Not Supported
[[[getMaxChannel32]]]]
LoadWave: Unknown file format
LoadWave: Unknown file format
LoadWave: Unknown file format
LoadWave: Unknown file format

-------------------> Sound Engine Create : 1.805000 

sound engine create.
Load XML from memory : System/tips.xml(0x0016)- SUCCESS
start log bipmap
end of load bitmaps2
loading pictures : 1.084000 
warning : bitmap btn_chk.png not found.
warning : bitmap btn_chk.png not found.
warning : bitmap frame_b.png not found.
warning : bitmap frame_t.png not found.
warning : bitmap tooltip_edge01.png not found.
warning : bitmap gunz_logo_hq.png not found.
warning : bitmap no_emblem.png not found.
warning : bitmap gunz_logo_hq.png not found.
warning : bitmap slot_head.tga not found.
warning : bitmap slot_head.tga not found.
warning : bitmap gunz_logo_hq.png not found.
warning : bitmap gunz_logo_hq.png not found.
warning : bitmap icon_gameroom.tga not found.
warning : bitmap icon_gameroom_s.tga not found.
warning : bitmap icon_gameroom_s.tga not found.
warning : bitmap icon_gameroom_s.tga not found.
warning : bitmap icon_gameroom_s.tga not found.
warning : bitmap icon_gameroom_s.tga not found.
warning : bitmap icon_gameroom_s.tga not found.
warning : bitmap icon_gameroom_s.tga not found.
warning : bitmap icon_gameroom_s.tga not found.
warning : bitmap icon_gameroom_s.tga not found.
warning : bitmap icon_gameroom_s.tga not found.
warning : bitmap icon_gameroom_s.tga not found.
warning : bitmap icon_gameroom_s.tga not found.
warning : bitmap icon_gameroom_s.tga not found.
warning : bitmap icon_gameroom_s.tga not found.
warning : bitmap icon_gameroom_s.tga not found.
warning : bitmap icon_gameroom_s.tga not found.
warning : bitmap icon_gameroom_s.tga not found.
warning : bitmap icon_gameroom_s.tga not found.
warning : bitmap icon_gameroom_s.tga not found.
warning : bitmap icon_gameroom_s.tga not found.
warning : bitmap icon_gameroom_s.tga not found.
warning : bitmap icon_gameroom_s.tga not found.
warning : bitmap icon_gameroom_s.tga not found.
warning : bitmap icon_gameroom_s.tga not found.
warning : bitmap gunz_logo_hq.png not found.
IDLResource Loading Success!!
IDL resources : 0.342000 
start InitInterface option
Number of Display mode : 27
Number of Display mode : 27
end of InitInterface option ok
Init maps : no Current ChannelRule 
Screen Effect Manager Create : 0.165000 
Screen effect manager create success.
Effect manager create success.
Client create success.
game interface create success.

-------------------> GameInterface Create : 6.954000 

Load character.xml success,

-------------------> Character Loading : 2.447000

It worked fine until I uploaded to the VPS, then it downloaded a new one even though I already had the same one and it doesn't work now.

Is there a damn virus on my VPS changing the runnable?

[MentaL]

[V_o_o_d_o_o]

We really need this fixed...

Bump.

[Linear88]

It worked fine until I uploaded to the VPS, then it downloaded a new one even though I already had the same one and it doesn't work now.

Is there a damn virus on my VPS changing the runnable?

You might want to scan the runnable.

[V_o_o_d_o_o]

You might want to scan the runnable.

Done. Nothing.

Sality Deleter removed a worm from the launcher; my fear is that it got to the VPS. The VPS is 64bit, we can't run the Win32 Sality Deleter.

[Guy]

Done. Nothing.

Sality Deleter removed a worm from the launcher; my fear is that it got to the VPS. The VPS is 64bit, we can't run the Win32 Sality Deleter.

The launcher is frequently mislabeled as malware; this whole "Sality infected our files" bullshit seems like one huge false positive.

If the VPS is x64, and the files it uses are x64, why would an x86 piece of malware be able to infect x64 files? Theoretically, different arch, it wouldn't be able to identify the new files to infect.

Regardless, it sounds like you may have "broken" the launcher by trying to falsely repair it, unless the "repair" process ultimately did nothing.

In either case, use the original files, or the most recent ones you have. I would guess using the Sality "remover" ended up corrupting some client files, fixing nothing.

Malware isn't always perfect, most malware suspects don't have 500 ways to propagate over hundreds of protocols such as RDP, SSH, FTP, etc; most I've seen spread via the Windows home network file sharing setup, removable devices, etc.

In short, it sounds like you have nothing to worry about.

[V_o_o_d_o_o]

The launcher is frequently mislabeled as malware; this whole "Sality infected our files" bullshit seems like one huge false positive.

If the VPS is x64, and the files it uses are x64, why would an x86 piece of malware be able to infect x64 files? Theoretically, different arch, it wouldn't be able to identify the new files to infect.

Regardless, it sounds like you may have "broken" the launcher by trying to falsely repair it, unless the "repair" process ultimately did nothing.

In either case, use the original files, or the most recent ones you have. I would guess using the Sality "remover" ended up corrupting some client files, fixing nothing.

Malware isn't always perfect, most malware suspects don't have 500 ways to propagate over hundreds of protocols such as RDP, SSH, FTP, etc; most I've seen spread via the Windows home network file sharing setup, removable devices, etc.

In short, it sounds like you have nothing to worry about.

It's completely random, half the time it works 100%, half the time it crashes at mesh and says buffer overrun.

I doubt it has anything to do with the launcher, though our launcher really screwed up.

For me it downloads needed updates after I use the installer, for other people it downloads every file in the update folder.

Makes no sense.

But back to buffer overrun...

I had a theory that it was our custom fmod.dll; config.dll so I replace fmod.dll (which injects config.dll) with a plain one. The client worked fine running the executable, not a single problem. Though, I couldn't run the launcher to see if it has something to do with that because it would replace the different fmod, and I didn't want to put it in the updates without a confirmation that it was indeed the problem.

Sadly, I put the old fmod.dll back in the client and the client has worked fine ever since. My current theory is that the client needs to run once with the plain fmod.dll, then put our new one in. Or just drop the new one altogether.

Ironically, config.dll which fmod.dll was injecting was supposed to prevent hackers from giving buffer overruns to everyone in the current room.

I did try to remove config.dll and see if it would work; it did a few times, other times it didn't.

I still think it's that damn new fmod.dll, but without 100% confirmation I don't want to make it official.