Localhost Workshop

[Hendi48]

BMS v8 added.

Question:
Has anyone tried any of the clients yet? I'm curious about the Windows 10 invalid parameter issue that people seem to be having at times. I haven't encountered it once in this whole process (I'm on W10 21H1). I haven't done anything special to counter it either. So I'm wondering if it could be caused by fuckery Nexon is doing that isn't patched out in other localhosts. Stuff such as patching around in loaded modules in an attempt to hide them.

hi i'd like TMS 0.72 can you make it?
i hope you can try make it
setup:

You must be registered to see links

Doesn't TMS require some Asian code page to run? We'll see how annoyed I am by that and if I can get around it, because I'm not going to switch my main system. I have some ideas, though.

can you do v83 but make it work on wine? wine is close but it crashes around 30 seconds into the game. prior to wine 6.15 it would quit and after 6.16.

I can check what can be done. As long as you're on Linux it shouldn't present a problem.

 

[qwertyxvkld]

dope if this is the same Hendi from back in the day

saw you did a higher version of EMS. what about v107, 108, any noticeable client changes?

 

[KryptoniteD]

Hey Hendi. It's been a long while since we've last seen you. Thank you so much for doing this! Could you do GMS v95? You can find the download for it here:

You must be registered to see links

 

[CCasusensa]

Doesn't TMS require some Asian code page to run? We'll see how annoyed I am by that and if I can get around it, because I'm not going to switch my main system. I have some ideas, though.

TMS it's require chinese traditional code page to run
but i think it can jmp from a certain address or use locale emulator run it

 

[Hendi48]

dope if this is the same Hendi from back in the day

saw you did a higher version of EMS. what about v107, 108, any noticeable client changes?

Those versions have VMProtect unfortunately. I don't know when exactly EMS started using it, but I checked v101 and it also has it.

Hey Hendi. It's been a long while since we've last seen you. Thank you so much for doing this! Could you do GMS v95? You can find the download for it here:

You must be registered to see links

It was already requested above. I'll do it when I run out of other versions.

TMS it's require chinese traditional code page to run
but i think it can jmp from a certain address or use locale emulator run it

TMS v72 done. I only tested it up to character selection, but should be fine ingame as well. I patched the code page jmp, so if anyone runs this client with the wrong code page and sees weird symbols at places, that's their own fault : . I also took the liberty to patch out an annoying EULA (?) thing that popped up on the title screen every single time.

 

[CCasusensa]

TMS v72 done. I only tested it up to character selection, but should be fine ingame as well. I patched the code page jmp, so if anyone runs this client with the wrong code page and sees weird symbols at places, that's their own fault : . I also took the liberty to patch out an annoying EULA (?) thing that popped up on the title screen every single time.

yes it's annoying EULA at login screen

anyway thank you

 

[KryptoniteD]

Those versions have VMProtect unfortunately. I don't know when exactly EMS started using it, but I checked v101 and it also has it.


It was already requested above. I'll do it when I run out of other versions.


TMS v72 done. I only tested it up to character selection, but should be fine ingame as well. I patched the code page jmp, so if anyone runs this client with the wrong code page and sees weird symbols at places, that's their own fault : . I also took the liberty to patch out an annoying EULA (?) thing that popped up on the title screen every single time.

My bad. Can you do JMS v186? The link can be found

You must be registered to see links

 

[oung]

can u skip the code page(without unpacket)?

BMS v8 added.

Question:
Has anyone tried any of the clients yet? I'm curious about the Windows 10 invalid parameter issue that people seem to be having at times. I haven't encountered it once in this whole process (I'm on W10 21H1). I haven't done anything special to counter it either. So I'm wondering if it could be caused by fuckery Nexon is doing that isn't patched out in other localhosts. Stuff such as patching around in loaded modules in an attempt to hide them.



Doesn't TMS require some Asian code page to run? We'll see how annoyed I am by that and if I can get around it, because I'm not going to switch my main system. I have some ideas, though.


I can check what can be done. As long as you're on Linux it shouldn't present a problem.

 

[9sin]

sdgvxcvxbx

 

[qwertyxvkld]

BMS v8 added.

Question:
Has anyone tried any of the clients yet? I'm curious about the Windows 10 invalid parameter issue that people seem to be having at times. I haven't encountered it once in this whole process (I'm on W10 21H1). I haven't done anything special to counter it either. So I'm wondering if it could be caused by fuckery Nexon is doing that isn't patched out in other localhosts. Stuff such as patching around in loaded modules in an attempt to hide them.



Doesn't TMS require some Asian code page to run? We'll see how annoyed I am by that and if I can get around it, because I'm not going to switch my main system. I have some ideas, though.


I can check what can be done. As long as you're on Linux it shouldn't present a problem.

I tried one of your GMS clients (92.1) and it first hangs with STATUS_STACK_BUFFER_OVERRUN, upon running the unhandled exception, EXCEPTION_ACCESS_VIOLATION.

It seems if I break on any unexpected exceptions, I can hear the game music but hangs.. I'll continue debugging..

i.imgur.com/Zhl2ACv.png

 

[Hendi48]

can u skip the code page(without unpacket)?

I'm not sure I understand what you mean. If you want to skip the code page check in a client that is not unpacked, you'll have to inject a DLL that hooks GetACP and returns the value the client wants to see (0x3B6 in case of TMS).

I tried one of your GMS clients (92.1) and it first hangs with STATUS_STACK_BUFFER_OVERRUN, upon running the unhandled exception, EXCEPTION_ACCESS_VIOLATION.

It seems if I break on any unexpected exceptions, I can hear the game music but hangs.. I'll continue debugging..

i.imgur.com/Zhl2ACv.png

My bad, I forgot a check at the end of CWvsContext::OnEnterField that wasn't part of older versions. The crash is non-deterministic so I didn't catch it during testing. I assume this happened to you after character selection? I've uploaded a fixed version, please try again.

 

[qwertyxvkld]

I'm not sure I understand what you mean. If you want to skip the code page check in a client that is not unpacked, you'll have to inject a DLL that hooks GetACP and returns the value the client wants to see (0x3B6 in case of TMS).



My bad, I forgot a check at the end of CWvsContext::OnEnterField that wasn't part of older versions. The crash is non-deterministic so I didn't catch it during testing. I assume this happened to you after character selection? I've uploaded a fixed version, please try again.

Got you, yes it happened after character selection. I can also confirm your GMS/EMS clients work as intended!

Also, would you mine sharing that check? I noticed that I will randomly get it only on specific client versions and its hindered a ton of my client research.

Edit: Depending on the VMProtect/Themida used, I can 100% strip VMProtect 2.x to LLVM -> LLVM IR so that its original native instructions get executed normally.. but that's only if you care to do newer versions.

 

[Hendi48]

Got you, yes it happened after character selection. I can also confirm your GMS/EMS clients work as intended!

Glad to hear that.

Also, would you mine sharing that check? I noticed that I will randomly get it only on specific client versions and its hindered a ton of my client research.

It's the last protected chunk of code in CWvsContext::OnEnterField. The address is 9B1A02 in v92. What's weird is that I looked at it again and technically it shouldn't even have crashed. Because the stack var it is checking is set to 1 at 9B1907, which is executed unconditionally. I thought it was being set to 1 in some protection code I skip at the beginning of the method (where they placed Themida's CHECK_PROTECTION macro), but it's not the case.

If you encounter a crash such as yours where all registers except ESP are 0, search for 64 A1 18 00 00 00 8B 48 08 8B 40 04 and set breakpoints on all occurrences (assuming you have an unpacked & fully unvirtualized client). This is Nexon's "clear stack" code that they use when a check was tripped and its goal is to make it impossible to figure out where the check was.

Edit: Depending on the VMProtect/Themida used, I can 100% strip VMProtect 2.x to LLVM -> LLVM IR so that its original native instructions get executed normally.. but that's only if you care to do newer versions.

Yes, Nexon only ever used VMP 2.x. This sounds interesting, is the tooling you mentioned public? And is the generated code so perfect that it fits into its original space (in terms of size) in every case?

 

[qwertyxvkld]

Yes, Nexon only ever used VMP 2.x. This sounds interesting, is the tooling you mentioned public? And is the generated code so perfect that it fits into its original space (in terms of size) in every case?

The tooling is released open source under us along with a paper! Check out your messages.

 

[oung]

thx,I will try it.



LoginScreen have bug when you type in username box at the fixed edition(GMS 095)

 

[Hendi48]

can you do v83 but make it work on wine? wine is close but it crashes around 30 seconds into the game. prior to wine 6.15 it would quit and after 6.16.

I have good news and bad news. I made the client and in principle it seems to be running fine under Wine, HOWEVER it depends on what version of Wine. Under 6.21 it consistently crashes for me after 2-5 minutes while decoding MP3 sound in a background thread. I saw that the Wine devs did some changes to that subsystem recently, and apparently they botched it. I downgraded to 6.10 and have yet to crash after 15+ minutes. So it seems this is a regression that was either introduced in 6.11 or 6.20.

Edit: Confirmed the faulty changeset to be 6.20.

 

[DSG]

I have good news and bad news. I made the client and in principle it seems to be running fine under Wine, HOWEVER it depends on what version of Wine. Under 6.21 it consistently crashes for me after 2-5 minutes while decoding MP3 sound in a background thread. I saw that the Wine devs did some changes to that subsystem recently, and apparently they botched it. I downgraded to 6.10 and have yet to crash after 15+ minutes. So it seems this is a regression that was either introduced in 6.11 or 6.20.

Edit: Confirmed the faulty changeset to be 6.20.

It appears to work perfectly (Debian/Wine 6.16 under Lutris). I'll report back if I find there's any issues.
The only "issue" I think is with wine, you can no longer hold down ctrl/alt as spam/turbo (it's not the window/session manager, as I tested on a blank x display without running any window/session manager).

How did you do it man?

 

[Hendi48]

My bad. Can you do JMS v186? The link can be found

You must be registered to see links

JMS v186 done. I didn't test it much, I hope it works properly.

It appears to work perfectly (Debian/Wine 6.16 under Lutris). I'll report back if I find there's any issues.
The only "issue" I think is with wine, you can no longer hold down ctrl/alt as spam/turbo (it's not the window/session manager, as I tested on a blank x display without running any window/session manager).

How did you do it man?

Nice. I've filed bug tickets with Wine and libmpg123 for 6.20+ to ensure it'll keep working in the future.

I've noticed the key issue as well. It's hard to even search for it, so no clue.

Technically all my clients should run under Wine, because the game itself is pretty compatible. The problem with other localhosts is all the extra crap Nexon is doing that wasn't patched out there. It's mostly harmless on Windows, but some of the checks include assumptions that don't hold on Wine.

 

[thepack]

@Hendi48 this is some amazing work. I was able to run your version 62 client on the latest dev build of wine (6.23), but I'm also coming across an audio problem, albeit not related to libmpg. There's no sound at all the the logs are telling me it's related to pulseaudio. I find this weird because pulseaudio works just fine for other applications on wine. I assume you guys testing wine are also on Linux rocking pulseaudio?

 

[DSG]

@Hendi48 this is some amazing work. I was able to run your version 62 client on the latest dev build of wine (6.23), but I'm also coming across an audio problem, albeit not related to libmpg. There's no sound at all the the logs are telling me it's related to pulseaudio. I find this weird because pulseaudio works just fine for other applications on wine. I assume you guys testing wine are also on Linux rocking pulseaudio?

When I tested his v83 I was using pulseaudio. I run all the standard stuff in Debian, nothing interesting at the system level.
If you haven't try running Lutris to change to a different wine. I've found Lutris to be the easiest way to manage wine.

Hendi, would you mind recording yourself unpacking the next client? You don't need to talk or explain anything but it'd be great to watch how it's done. Would be very educational for a lot of people here.