SOURCE CODE d3d8thk.dll

Okay, I have started taking a look at this mysterious d3d8thk.dll. pwet99 was kind enough to send me a package of a whole bunch of them. I also looked at the source code linked at the top of this thread.

First thing I did was ran network monitor on it. Interestingly enough, the version of d3d8thk.dll that is included with the AL 4.0 1 click start v2.1 package is talking with some IP over in Mountain View, California. The IPs it's talking with are in the 74.125.225.xxx range. (74.125.225.115, 74.125.225.78 are some of the ones I've seen). oscp.verisgn.net also came up.

I can say that this is completely unnecessary traffic, and quite suspicious, because I unplugged my network cable and tried running the client and it worked fine. As to what exactly that dll is doing to fix the 'No game server is available to the authorization server. (6)', I haven't been able to figure out yet.

However, the text of that error made me think of something that I had to do to get my L2 server up and running. There was a batch file in the loginserver for L2 that you had to run to register a game server. It displayed a list of all possible game servers, you chose an ID and it would generate a hexid.txt file that had a big Hex number in it to identify which game server the login server was connected to. That text file was then copied in to the config folder for the game server.

This seems like the same problem, and having setup both L2 and Aion now, the servers are very similar. I don't know how they got the hex list for each server in L2 or how they load it with the server. I will need to do some more digging.

oscp? Is the dll using some sort of certificate verification? Sounds weird.

As far as I remember the dll coming with the 1 click AL 4.0 repack is the "localhost dll". Also I said something which is wrong, the localhost dll and notaion dll aren't the same but they have both been packed the same way.

Those dlls have a lot of stuff in it and I doubt it's all useful and safe for a no ip. Do you also get the same traffic with the unpacked ones?

Quote:

---

Originally Posted by pwet99

oscp? Is the dll using some sort of certificate verification? Sounds weird.

---

I've tried it a number of times now and I only saw the oscp.verisign.net once. I will probably try it again, going further than the race selection screen as that may trigger it.

Quote:

---

Originally Posted by pwet99

As far as I remember the dll coming with the 1 click AL 4.0 repack is the "localhost dll". Also I said something which is wrong, the localhost dll and notaion dll aren't the same but they have both been packed the same way.

Those dlls have a lot of stuff in it and I doubt it's all useful and safe for a no ip. Do you also get the same traffic with the unpacked ones?

---

I tried all of the unpacked ones you gave me (120k)

aionsea
conquestaion
eternalaion
evolutionfr
gamezaion
justaion
unforgotten

None of those ones had any network traffic, but none of them worked either. All of them generated the 'No game server is available to the authorization server. (6)' error. The net traffic on the 'localhost' version only begins after you get to the race selection screen. (In my case, I haven't created any characters yet, so that's where I end up after server selection.)

I haven't tried the other ones yet.

Well, they are not supposed to work since they are ip bind to the corresponding server so you will get "No game server is available to the authorization server. (6)" if you are trying to connect to an address different than the one supported by the dll.

Actually if you try to diff some 120k dlls you will see there is often only 14 bytes changing and you can see in IDA those are used in a part that takes those bytes and a static number which must be the length of that data.
I don't know much what's happening from here but it seems that function is trying to decrypt the data and that data is then passed to getaddrinfo.

Everything what is needed to get around that check is already posted here.

@OldTimeDev you are right there is a list of "valid" ip's that get checked by game.dll. those IP's are from the official servers.

@pwet99 Your guess with the just some changing bytes + getaddrinfo are also right

On a sidenote if you know the place where those bytes are + how they are generated then we could use a HEX Editor to change them to anything.

I know where they are, the hard part is the generating thing.
But if I can figure out how it works and change the bind it will only be a temporary solution since a tutorial would be necessary and not convenient for most peoples.
I don't know yet if we can do like fyyre did for the older versions and unrestrict it so there is no block anymore or fake it.

Thanks for the guideline though.

Manually Unpacking a Morphine-Packed DLL with OllyDbg

I picked a few more from the program if you manage to figure dll operation
where you can edit or rewrite ip etc.
The problem is that I'm looking for any way, or encoded to the area or who knows
but even so I can not figure out to find the origin, and where lies the part where I need to enter ip
dll which must be connected to an ip
I ran and requests, but has been accompanying the ceiling scratching
me looking the visual studio microsoft and use Dev c++ program, not searching the ip data

Does anyone have any contacts with the devs/admins over at any of the existing free servers, especially the ones using the unpacked versions of the dll? They had to have had their dll made for them somehow, so they either know how to hex edit it, or have the full source and can recompile it.

As per qwertzpaul and pwet99, if those 14 bytes that are different between any two of the unpacked dlls are in fact the sa_data member of a sockaddr, it certainly has been mangled and/or encrypted and figuring out how to undo that poses quite the challenge. Has anyone managed to unpack the localhost one so we could do a comparison?

not if you've been and where we need to be rewritten, have been described here, as we seek filmed

Quote:

---

Originally Posted by OldTimeDev

Does anyone have any contacts with the devs/admins over at any of the existing free servers, especially the ones using the unpacked versions of the dll? They had to have had their dll made for them somehow, so they either know how to hex edit it, or have the full source and can recompile it.

As per qwertzpaul and pwet99, if those 14 bytes that are different between any two of the unpacked dlls are in fact the sa_data member of a sockaddr, it certainly has been mangled and/or encrypted and figuring out how to undo that poses quite the challenge. Has anyone managed to unpack the localhost one so we could do a comparison?

---

I don't know any of them but I guess most did buy their dll. I heard notaion worked on their own so it can also support x64 but I doubt they will give any informations.

I confirm those 14 bytes are a part of the sa_data and reversing the way it's been encrypted or whatever has been the main problem since few weeks, though it's only a solution if you want to bind another address to the dll which is not really "open source friendly" unless someone makes a tool for it.

Quote:

---

Originally Posted by pwet99

I confirm those 14 bytes are a part of the sa_data and reversing the way it's been encrypted or whatever has been the main problem since few weeks, though it's only a solution if you want to bind another address to the dll which is not really "open source friendly" unless someone makes a tool for it.

---

If we know how to set them correctly, making a tool is easy.

True, but we don't atm :/

I'm getting tired XDDDDDDD
have been trying to decrypt / encrypt the dll file
I looked Visual C + +
compressed / decompress program
So my hair is that you can burn to decrypt an encrypted dll as
and in order to get somewhere, it should default to a normal original source dll

I wish I knew people who could make the DLL other than NotAion, Fyyre or Swig. Hopefully someone will help us.

I heard that Windows XP can run Aion 4.0 using battleping + old no-ip dll from fyyre..