Exploit fixes, some sources and stuff [im done.]

Jul 23, 2011
Reaction score
Hello there. It've been a time since I posted anything here. Anyhow, here is the deal. Since some people I trusted disappoited me (selling my work, calling meh a scammer, and such sh!t), I've decided to take some pretty serious step. The point is you sell MY work = it gets released to public for free. Probably, this thread is the last one in which I release my stuff to public (free). That means most of my stuff will become private / for sale. . I'm going to drop my old skype / email addresses and such stuff. Basically, kinda going underground. Still, those who bought any stuff from me should pm me @ RZ and get my new infos.

So, lets start. I wont post whole source code of module runtime patcher, but will give enough for you to do assembly fixes or simply a program that does the same stuff. All the offsets are there. Those fixes are relatively old, but still has to be useful for you guys.

Some exploit fixes [c#]

using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.IO;

namespace ModuleFixesRuntime.Memory
    sealed class CMemoryPatcher
        private static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);

        [DllImport("kernel32.dll", SetLastError = true)]
        private static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseaddress_1005, byte[] lpBuffer, uint nSize, out int lpNumberOfBytesWritten);

        [DllImport("kernel32.dll", SetLastError = true)]
        static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseaddress_1005, [Out] byte[] lpBuffer, int dwSize, out int lpNumberOfBytesRead);

        static extern bool VirtualProtect(IntPtr lpAddress, uint dwSize, MemoryProtectionConsts flNewProtect, out MemoryProtectionConsts lpflOldProtect);
        public enum MemoryProtectionConsts : uint
            EXECUTE = 0x10,
            EXECUTE_READ = 0x20,
            EXECUTE_READWRITE = 0x40,
            NOACCESS = 0x01,
            READONLY = 0x02,
            READWRITE = 0x04

        public enum ProcessAccessFlags : uint
            All = 0x001F0FFF,
            Terminate = 0x00000001,
            CreateThread = 0x00000002,
            VMOperation = 0x00000008,
            VMRead = 0x00000010,
            VMWrite = 0x00000020,
            DupHandle = 0x00000040,
            SetInformation = 0x00000200,
            QueryInformation = 0x00000400,
            Synchronize = 0x00100000

        static bool WriteMemory(Process process, int addr, byte[] data, out int bytesWritten)
            IntPtr hProc = OpenProcess(ProcessAccessFlags.All, false, process.Id);
            bool worked = WriteProcessMemory(hProc, new IntPtr(addr), data, (UInt32)data.LongLength, out bytesWritten);
            return worked;
        const byte ASM_NOP = 0x90;

        public void ApplyGameServerFixes(string ProcName)
            Process GameProcess = null;

            bool flag = false;
                GameProcess = Process.GetProcessesByName(ProcName)[0];
                flag = true;
            catch { }

            if (!flag)
                Console.WriteLine("Could not find [{0}] process", ProcName);

            int AddrExHandler_1 = 0x00521765;
            int AddrExHandler_2 = 0x00521768;
            byte[] Patch_ExHandler_1 = new byte[] { 0x90, 0x90 };
            byte[] Patch_ExHandler_2 = new byte[] { 0xEB };

            Console.WriteLine("Starting game server patch sequence");

            string Msg = string.Empty;


            int WritenBytes_ExHandler_1 = 0;
            WriteMemory(GameProcess, AddrExHandler_1, Patch_ExHandler_1, out WritenBytes_ExHandler_1);

            Msg = (WritenBytes_ExHandler_1 == Patch_ExHandler_1.Length)
              string.Format("Patching exception handler step #1 success [{0}] bytes", WritenBytes_ExHandler_1)
              string.Format("Pathing exception handler step #1 failed [{0}] bytes", WritenBytes_ExHandler_1);



            int WritenBytes_ExHandler_2 = 0;
            WriteMemory(GameProcess, AddrExHandler_2, Patch_ExHandler_2, out WritenBytes_ExHandler_2);

            Msg = (WritenBytes_ExHandler_2 == Patch_ExHandler_2.Length)
              string.Format("Patching exception handler step #2 success [{0}] bytes", WritenBytes_ExHandler_2)
              string.Format("Pathing exception handler step #2 failed [{0}] bytes", WritenBytes_ExHandler_2);


        public void ApplyShardManagerFixes(string ProcName)
            Process ShardProcess = null;

            bool flag = false;
                ShardProcess = Process.GetProcessesByName(ProcName)[0];
                flag = true;
            catch { }

            if (!flag)
                Console.WriteLine("Could not find [{0}] process", ProcName);

            int AddrExHandler_1 = 0x00402B05;
            int AddrExHandler_2 = 0x00402B08;

            int AddrExHandler_3 = 0x007998D6;
            int AddrExHandler_4 = 0x007998EE;
            int AddrExHandler_5 = 0x007999C2;

            byte[] Patch_ExHandler_1 = new byte[] { 0x90, 0x90 };
            byte[] Patch_ExHandler_2 = new byte[] { 0xEB };
            byte[] Patch_ExHandler_345 = new byte[] { 0x78 };

            Console.WriteLine("Starting shard manager patch sequence");

            string Msg = string.Empty;

            int WritenBytes_ExHandler_1 = 0;
            WriteMemory(ShardProcess, AddrExHandler_1, Patch_ExHandler_1, out WritenBytes_ExHandler_1);

            Msg = (WritenBytes_ExHandler_1 == Patch_ExHandler_1.Length)
                string.Format("Patching exception handler step #1 success [{0}] bytes", WritenBytes_ExHandler_1)
                string.Format("Pathing exception handler step #1 failed [{0}] bytes", WritenBytes_ExHandler_1);



            int WritenBytes_ExHandler_2 = 0;
            WriteMemory(ShardProcess, AddrExHandler_2, Patch_ExHandler_2, out WritenBytes_ExHandler_2);

            Msg = (WritenBytes_ExHandler_2 == Patch_ExHandler_2.Length)
               string.Format("Patching exception handler step #2 success [{0}] bytes", WritenBytes_ExHandler_2)
               string.Format("Pathing exception handler step #2 failed [{0}] bytes", WritenBytes_ExHandler_2);



            int WritenBytes_ExHandler_3 = 0;
            WriteMemory(ShardProcess, AddrExHandler_3, Patch_ExHandler_345, out WritenBytes_ExHandler_3);
            Msg = (WritenBytes_ExHandler_3 == Patch_ExHandler_345.Length)
               string.Format("Patching exception handler step #3 success [{0}] bytes", WritenBytes_ExHandler_3)
               string.Format("Pathing exception handler step #3 failed [{0}] bytes", WritenBytes_ExHandler_3);



            int WritenBytes_ExHandler_4 = 0;
            WriteMemory(ShardProcess, AddrExHandler_4, Patch_ExHandler_345, out WritenBytes_ExHandler_4);

            Msg = (WritenBytes_ExHandler_4 == Patch_ExHandler_345.Length)
               string.Format("Patching exception handler step #4 success [{0}] bytes", WritenBytes_ExHandler_4)
               string.Format("Pathing exception handler step #4 failed [{0}] bytes", WritenBytes_ExHandler_4);



            int WritenBytes_ExHandler_5 = 0;
            WriteMemory(ShardProcess, AddrExHandler_5, Patch_ExHandler_345, out WritenBytes_ExHandler_5);

            Msg = (WritenBytes_ExHandler_5 == Patch_ExHandler_345.Length)
               string.Format("Patching exception handler step #5 success [{0}] bytes", WritenBytes_ExHandler_5)
               string.Format("Pathing exception handler step #5 failed [{0}] bytes", WritenBytes_ExHandler_5);


        public void ApplyDownloadServerFixes(string ProcName)
            Process DownloadProcess = null;

            bool flag = false;
                DownloadProcess = Process.GetProcessesByName(ProcName)[0];
                flag = true;
            catch { }

            if (!flag)
                Console.WriteLine("Could not find [{0}] process", ProcName);

            int Addr631D = 0x00407544;
            //004B3FCA    83FB 07         CMP EBX,7

            int AddrA003_ToCodecave = 0x0040C522;
            int AddrA003_Codecave = 0x004d5E92;
            byte[] Patch_631D = new byte[19];
            for (int i = 0; i < Patch_631D.Length; i++) Patch_631D[i] = ASM_NOP;
            byte[] Patch_A003_CodeOffset = new byte[] { 0xE9, 0x6B, 0x99, 0x0C, 0x00 };
            byte[] Patch_A003_Codecave =
                new byte[] 
                    //cmp ebx,7
                    0x83, 0xFB, 0x07,
                    //je eip + 3
                    0x74, 0x03,
                    //jmp near dword ptr ds:[eax+5c]
                    0xFF, 0x60, 0x5C,
                    //retn 10
                    0xC2, 0x10, 0x00
            Console.WriteLine("Starting download server patch sequence");

            string Msg = string.Empty;

            int WritenBytes_631D = 0;
            WriteMemory(DownloadProcess, Addr631D, Patch_631D, out WritenBytes_631D);

            Msg = (WritenBytes_631D == Patch_631D.Length)
                string.Format("Patching 0x631D opcode success [{0}] bytes", WritenBytes_631D)
                string.Format("Pathing 0x631D opcode failed [{0}] bytes", WritenBytes_631D);

            int WritenBytes_A003_Codecave = 0;
            WriteMemory(DownloadProcess, AddrA003_Codecave, Patch_A003_Codecave, out WritenBytes_A003_Codecave);

            Msg = (WritenBytes_A003_Codecave == Patch_A003_Codecave.Length)
                string.Format("Writing 0xA003 Codecave success [{0}] bytes", WritenBytes_A003_Codecave)
                string.Format("Writing 0xA003 Codecave failed [{0}] bytes", WritenBytes_A003_Codecave);

            int WritenBytes_A003_CodeOffset = 0;
            WriteMemory(DownloadProcess, AddrA003_ToCodecave, Patch_A003_CodeOffset, out WritenBytes_A003_CodeOffset);

            Msg = (WritenBytes_A003_CodeOffset == Patch_A003_CodeOffset.Length)
                string.Format("Patching 0xA003 Codecave offset success [{0}] bytes", WritenBytes_A003_CodeOffset)
                string.Format("Patching 0xA003 Codecave offset failed [{0}] bytes", WritenBytes_A003_CodeOffset);



        public void ApplyGatewayServerFixes(string ProcName)
            Process GatewayProcess = null;

            bool flag = false;
                GatewayProcess = Process.GetProcessesByName(ProcName)[0];
                flag = true;
            catch { }

            if (!flag)
                Console.WriteLine("Could not find [{0}] process", ProcName);

            int Addr631D = 0x0043F384;
            int AddrA003_ToCodecave = 0x00443c22;
            int AddrA003_Codecave = 0x004d5e92;

            byte[] Patch_631D = new byte[19];
            for (int i = 0; i < Patch_631D.Length; i++) Patch_631D[i] = ASM_NOP;

            byte[] Patch_A003_CodeOffset = new byte[] { 0xE9, 0x6B, 0x22, 0x09, 0x00 };
            byte[] Patch_A003_Codecave = 
                new byte[] 
                    //cmp ebx, 7
                    0x83, 0xFB, 0x07,
                    //je eip + 3
                    0x74, 0x03,
                    //jmp near dword ptr ds:[eax + 0x5c]
                    0xFF, 0x60, 0x5C,
                    //ret 10
                    0xC2, 0x10, 0x00

            Console.WriteLine("Starting gateway patch sequence");
            string Msg = string.Empty;

            int WritenBytes_631D = 0;
            WriteMemory(GatewayProcess, Addr631D, Patch_631D, out WritenBytes_631D);

            Msg = (WritenBytes_631D == Patch_631D.Length)
                string.Format("Patching 0x631D opcode success [{0}] bytes", WritenBytes_631D)
                string.Format("Pathing 0x631D opcode failed [{0}] bytes", WritenBytes_631D);

            int WritenBytes_A003_Codecave = 0;
            WriteMemory(GatewayProcess, AddrA003_Codecave, Patch_A003_Codecave, out WritenBytes_A003_Codecave);

            Msg = (WritenBytes_A003_Codecave == Patch_A003_Codecave.Length)
                string.Format("Writing 0xA003 Codecave success [{0}] bytes", WritenBytes_A003_Codecave)
                string.Format("Writing 0xA003 Codecave failed [{0}] bytes", WritenBytes_A003_Codecave);

            int WritenBytes_A003_CodeOffset = 0;
            WriteMemory(GatewayProcess, AddrA003_ToCodecave, Patch_A003_CodeOffset, out WritenBytes_A003_CodeOffset);

            Msg = (WritenBytes_A003_CodeOffset == Patch_A003_CodeOffset.Length)
                string.Format("Patching 0xA003 Codecave offset success [{0}] bytes", WritenBytes_A003_CodeOffset)
                string.Format("Patching 0xA003 Codecave offset failed [{0}] bytes", WritenBytes_A003_CodeOffset);


        public byte[] GenerateFilterExceptionCodecave()
            byte[] OutputBuffer = new byte[0x1000];
            byte[] ValueBuffer;
            int BufferLen = 0;
            //int JlAddr = 0x00401D36;
            int OkJumpAddr = 0x004c2cac;
            int FailJumpAddr = 0x004c2c96;

            ushort[] Opcodes = new ushort[] 

            byte[] InstructionBuffer = new byte[25];
            byte[] Cmp_Ecx_Prefix = new byte[2] { 0x81, 0xF9 };
            byte[] Nulls = new byte[2] { 0x00, 0x00 };

            byte[] Jl_Opcode_Instruction = new byte[6] { 0x0F, 0x8C, 0x52, 0xF0, 0xF3, 0xFF };
            for (int i = 0; i < Opcodes.Length; i++)
                //2 bytes of instruction opcode
                Buffer.BlockCopy(Cmp_Ecx_Prefix, 0, InstructionBuffer, 0, Cmp_Ecx_Prefix.Length);
                ValueBuffer = BitConverter.GetBytes((int)Opcodes[i]);
                Buffer.BlockCopy(ValueBuffer, 0, InstructionBuffer, 2, 2);
               // Buffer.BlockCopy(Jl_Opcode_Instruction, 0, InstructionBuffer, 6, 6);
               // Buffer.BlockCopy(new byte[]  
                Buffer.BlockCopy(InstructionBuffer, 0, OutputBuffer, BufferLen, 12);
                BufferLen += 12;

            return OutputBuffer;

        public void ApplyAgentServerFixes(string ProcName)
            Process AgentProcess = null;

            bool flag = false;

                AgentProcess = Process.GetProcessesByName(ProcName)[0];
                flag = true;
            catch { }

            if (!flag)
                Console.WriteLine("Could not find [{0}] process", ProcName);

            //actual work

            int Addr1005 = 0x00430444;
            int Addr600D = 0x00430452;
            int AddrFilter = 0x00401D16;
            int AddrCommon_1 = 0x004488C0;
            int Addr631D = 0x0042BEF4;
            int Addr6303_1 = 0x0042D339;
            int Addr6303_2 = 0x0042D36C;
            int Addr6303_3 = 0x0042D374;
            int AddrA003_ToCodecave = 0x00430312;
            int AddrA003_Codecave = 0x004C2FC6;
            int AddrFilterOpcodes_ToCodecave = 0x00401D16;
            int AddrFilterOpcodes_Codecave = 0x004C2CD8;
            int AddrFilterOpcodes_OkCase = 0x004c2cac;
            int AddrFilterOpcodes_FailCase = 0x004c2c96;

            byte[] Patch_1005 = new byte[] { 0x78, 0x00, 0x00, 0x00 };
            byte[] Patch_600D = new byte[] { 0xC2, 0x10, 0x00, 0x90, 0x90, 0x90 };

            byte[] Patch_Filter = new byte[] { 0xEB, 0x1E, 0x90, 0x90, 0x90, 0x90 };

            byte[] Patch_Common_1 = new byte[] { 0xC3, 0x90, 0x90, 0x90, 0x90 };
            byte[] Patch_631D = new byte[19];
            for (int i = 0; i < Patch_631D.Length; i++) Patch_631D[i] = ASM_NOP;

            byte[] Patch_6303_1 = new byte[] { 0x90, 0x90 };
            byte[] Patch_6303_2 = new byte[] { 0x90, 0x90 };
            byte[] Patch_6303_3 = new byte[] { 0xEB };

            byte[] Patch_A003_CodeOffset = new byte[] { 0xE9, 0xAF, 0x2C, 0x09, 0x00 };
            byte[] Patch_A003_Codecave =
                new byte[]
                //cmp ebx,7
                0x83, 0xFB, 0x07,
                //je eip + 3
                0x74, 0x03,
                //jmp near dword ptr ds:[eax+5c]
                0xFF, 0x60, 0x5C,
                //retn 10
                0xC2, 0x10, 0x00
            #region ROFL
            byte[] Patch_A003_Nops =
                new byte[]
                    0x90, 0x90, 0x90, 0x90,
                    0x90, 0x90, 0x90, 0x90,
                    0x90, 0x90, 0x90, 0x90,
                    0x90, 0x90, 0x90, 0x90

            //jmp 0x004c2cd8 + NOP
            byte[] Patch_FilterExceptions_CodeOffset = new byte[]
            { 0xE9, 0xBD, 0x0F, 0x0C, 0x00, 0x90 };

            byte[] Patch_FilterExceptions_Codecave = GenerateFilterExceptionCodecave();
           // byte[] Patch_FilterExceptions_JumpInst
            Console.WriteLine("Starting agent patch sequence");

            string Msg = string.Empty;

            int WritenBytes_1005 = 0;
            WriteMemory(AgentProcess, Addr1005, Patch_1005, out WritenBytes_1005);

            Msg = (WritenBytes_1005 == Patch_1005.Length) 
                string.Format("Patching 0x1005 opcode success [{0}] bytes", WritenBytes_1005)
                string.Format("Patching 0x1005 opcode failed [{0}] bytes", WritenBytes_1005);


            int WritenBytes_600D = 0;
            WriteMemory(AgentProcess, Addr600D, Patch_600D, out WritenBytes_600D);

            Msg = (WritenBytes_600D == Patch_600D.Length)
                string.Format("Patching 0x600D opcode success [{0}] bytes", WritenBytes_600D)
                string.Format("Patching 0x600D opcode failed [{0}] bytes", WritenBytes_600D);

            // temporary disabled
            int WritenBytes_Filter = 0;
            WriteMemory(AgentProcess, AddrFilter, Patch_Filter, out WritenBytes_Filter);

            Msg = (WritenBytes_Filter == Patch_Filter.Length)
                string.Format("Patching filter success [{0}] bytes", WritenBytes_Filter)
                string.Format("Patching filter failed [{0}] bytes", WritenBytes_Filter);
            int WritenBytes_Common_1 = 0;
            WriteMemory(AgentProcess, AddrCommon_1, Patch_Common_1, out WritenBytes_Common_1);

            Msg = (WritenBytes_Common_1 == Patch_Common_1.Length)
                string.Format("Patching common exception handler success [{0}] bytes", WritenBytes_Common_1)
                string.Format("Patching common exception handler failed [{0}] bytes", WritenBytes_Common_1);
            int WritenBytes_631D = 0;
            WriteMemory(AgentProcess, Addr631D, Patch_631D, out WritenBytes_631D);

            Msg = (WritenBytes_631D == Patch_631D.Length)
                string.Format("Patching 0x631D success [{0}] bytes", WritenBytes_631D)
                string.Format("Patching 0x631D failed [{0}] bytes", WritenBytes_631D);
            int WritenBytes_6303_1 = 0;
            WriteMemory(AgentProcess, Addr6303_1, Patch_6303_1, out WritenBytes_6303_1);

            Msg = (WritenBytes_6303_1 == Patch_6303_1.Length)
                string.Format("Patching 0x6303 step #1 success [{0}] bytes", WritenBytes_6303_1)
                string.Format("Patching 0x6303 step #1 failed [{0}] bytes", WritenBytes_6303_1);
            int WritenBytes_6303_2 = 0;
            WriteMemory(AgentProcess, Addr6303_2, Patch_6303_2, out WritenBytes_6303_2);

            Msg = (WritenBytes_6303_2 == Patch_6303_2.Length)
                string.Format("Patching 0x6303 step #2 success [{0}] bytes", WritenBytes_6303_2)
                string.Format("Patching 0x6303 step #2 failed [{0}] bytes", WritenBytes_6303_2);

            int WritenBytes_6303_3 = 0;
            WriteMemory(AgentProcess, Addr6303_3, Patch_6303_3, out WritenBytes_6303_3);

            Msg = (WritenBytes_6303_3 == Patch_6303_3.Length)
                string.Format("Patching 0x6303 step #3 success [{0}] bytes", WritenBytes_6303_3)
                string.Format("Patching 0x6303 step #3 failed [{0}] bytes", WritenBytes_6303_3);

            int WritenBytes_A003_Nops = 0;
            WriteMemory(AgentProcess, AddrA003_Codecave, Patch_A003_Nops, out WritenBytes_A003_Nops);

            Msg = (WritenBytes_A003_Nops == Patch_A003_Nops.Length)
                string.Format("Writing 0xA003 Codecave nops success [{0}] bytes", WritenBytes_A003_Nops)
                string.Format("Writing 0xA003 Codecave nops failed [{0}] bytes", WritenBytes_A003_Nops);

            int WritenBytes_A003_Codecave = 0;
            WriteMemory(AgentProcess, AddrA003_Codecave, Patch_A003_Codecave, out WritenBytes_A003_Codecave);

            Msg = (WritenBytes_A003_Codecave == Patch_A003_Codecave.Length)
                string.Format("Writing 0xA003 Codecave success [{0}] bytes", WritenBytes_A003_Codecave)
                string.Format("Writing 0xA003 Codecave failed [{0}] bytes", WritenBytes_A003_Codecave);

            int WritenBytes_A003_CodeOffset = 0;
            WriteMemory(AgentProcess, AddrA003_ToCodecave, Patch_A003_CodeOffset, out WritenBytes_A003_CodeOffset);

            Msg = (WritenBytes_A003_CodeOffset == Patch_A003_CodeOffset.Length)
                string.Format("Patching 0xA003 Codecave offset success [{0}] bytes", WritenBytes_A003_CodeOffset)
                string.Format("Patching 0xA003 Codecave offset failed [{0}] bytes", WritenBytes_A003_CodeOffset);

            //write cases
            int tmp = 0;
            //ok case
            WriteMemory(AgentProcess, AddrFilterOpcodes_OkCase, new byte[] { 0xE9, 0x2E, 0xF1, 0xF3, 0xFF, 0x90 }, out tmp) ;
            //fail case
            WriteMemory(AgentProcess, AddrFilterOpcodes_FailCase, new byte[] { 0xEB, 0xFE }, out tmp);
            int WritenBytes_FilterException_Codecave = 0;
            WriteMemory(AgentProcess, AddrFilterOpcodes_Codecave, Patch_FilterExceptions_Codecave, out WritenBytes_FilterException_Codecave);

            Msg = (WritenBytes_FilterException_Codecave == Patch_FilterExceptions_Codecave.Length)
                string.Format("Writing filter exception codecave success [{0}] bytes", WritenBytes_FilterException_Codecave)
                string.Format("Writing filter exception codecave failed [{0}] bytes", WritenBytes_FilterException_Codecave);
            int WritenBytes_FilterException_ToCode_Offset = 0;
            WriteMemory(AgentProcess, AddrFilterOpcodes_ToCodecave, Patch_FilterExceptions_CodeOffset, out WritenBytes_FilterException_ToCode_Offset);

            Msg = (WritenBytes_FilterException_ToCode_Offset == Patch_FilterExceptions_CodeOffset.Length)
                string.Format("Patching filter exception codecave offset success [{0}] bytes", WritenBytes_FilterException_ToCode_Offset)
                string.Format("Patching filter exception codecave offset failed [{0}] bytes", WritenBytes_FilterException_ToCode_Offset);
             * */

And here is a squirrel.

This thread will be updated with some more sources / free releases soon.
Last edited:
Newbie Spellweaver
Feb 4, 2014
Reaction score
that's a good thing, old developers share their work.. nvm The perfect game called "Silkroad Online" is died 2 years ago.
Unknown Place
Mar 7, 2013
Reaction score
Sorry to hear this Chern0, but this is not something new really.

After all we are in a captalism world, and everyone want to earn something no matter at which cost (especially when speaking about private gameservers).

Even with you going underground, you will still be seeing the same scenario in a reduced manner.

Good luck in your next approaches
Newbie Spellweaver
Jan 21, 2014
Reaction score
Sorry for my stupid ask. How to add this code?

I just wanna fix some exploits just already done in my server.
Master Summoner
Nov 9, 2009
Reaction score
Sorry for my stupid ask. How to add this code?

I just wanna fix some exploits just already done in my server.

did you seriously register for this question? wow ... okay .. my suggestion on how to solve your problem: try to learn some C# or maybe even better try to learn some programming basics and what to do with code ... just a tip:
Newbie Spellweaver
Jan 21, 2014
Reaction score
If u take a look at my reg. date, u`ll know if i reg for the question or not.

And thnx for the advice.
Experienced Elementalist
Mar 10, 2012
Reaction score
Sorry for my stupid ask. How to add this code?

I just wanna fix some exploits just already done in my server.

To add to what has published chernobyl, you must do so by ollydbg open the .exe file and patch..

public void ApplyGameServerFixes(string ProcName)
            Process GameProcess = null;

            bool flag = false;
                GameProcess = Process.GetProcessesByName(ProcName)[0];
                flag = true;
            catch { }

            if (!flag)
                Console.WriteLine("Could not find [{0}] process", ProcName);

            int AddrExHandler_1 = 0x00521765;
            int AddrExHandler_2 = 0x00521768;
            byte[] Patch_ExHandler_1 = new byte[] { 0x90, 0x90 };
            byte[] Patch_ExHandler_2 = new byte[] { 0xEB };

Target: ApplyGameServerFixes [SR_GameServer.exe]
Open in ollydbg, press CTRL+G and put Offset.

            int AddrExHandler_1 = 0x00521765;
            int AddrExHandler_2 = 0x00521768;
            byte[] Patch_ExHandler_1 = new byte[] { 0x90, 0x90 };
            byte[] Patch_ExHandler_2 = new byte[] { 0xEB };

The AddrExHandler_1 located the Offset 0x00521765 and writes the bytes { 0x90, 0x90 }; --- NOP
The AddrExHandler_2 located the Offset 0x00521768 and writes the bytes { 0xEB }; -- JMP

If you want to implement it in one .DLL you can do it in C++

Examples: Fix.cpp
#include "Fix.h"
#include "Asm.h"
void Fixs()
   SetByte(0x00521765,0xEB); -- JMP
   SetNop(0x00521768,2); -- NOP

void Fixs();

#include "Asm.h"
void SetNop(DWORD dwOffset, int Size){
	for(int n=0; n < Size; n++){
		*(BYTE*)(dwOffset+n) = 0x90;
void SetByte(DWORD dwOffset, BYTE btValue){
	*(BYTE*)(dwOffset) = btValue;

void SetNop(DWORD dwOffset, int Size);
void SetByte(DWORD dwOffset, BYTE btValue);

Have enough
So is that you could use what public Chernobyl.

Good Luck!
Last edited:
Junior Spellweaver
Jul 2, 2012
Reaction score
great release. usefull for ppl which are inside programming.

Any1 here who knows how to use this? PM me, I am working on another tool to avoid exploits I could share it with 1 who knows how to apply chernos sources.

Just pm me for more infos. I am sure u will like it.

Master Summoner
Nov 9, 2009
Reaction score
dafuq .. why change his code and use it in olly or c++ lol .. guys dont you see that this is c# ready-to-use code? xD
cmon he couldnt have done it easier for you guys ... it really is a ready-to-use c# class ... thats as easy as it gets okay he could have released it as a compiled exe but thats way too easy dont you think?
Last edited:
Newbie Spellweaver
Jan 14, 2012
Reaction score
dafuq .. why change his code and use it in olly or c++ lol ..

It's a usable C# code, yes. LoGiN has provided a C++ code incase if someone wanted to use it as a dll, instead of opening the patcher everytime you run your server. Sometimes you might forget to apply the patch and leave it un-attended
Master Summoner
Nov 9, 2009
Reaction score
It's a usable C# code, yes. LoGiN has provided a C++ code incase if someone wanted to use it as a dll, instead of opening the patcher everytime you run your server. Sometimes you might forget to apply the patch and leave it un-attended

you know c# is also capable to compile dlls, do you?
Master Summoner
Nov 9, 2009
Reaction score
Can you compile a .NET dll to work with a C++ executable?

well if you want it to be injected into the C++ executable there are ways to do so but they are a bit more work but can be found by 5 minutes of using google .. for example:

so that being quoted (and tested before) i can proudly say it actually IS possible to load managed dlls on injection to unmanaged executables BUT as you can see is a bit harder than just creating an executable thats working for ALL modules at once unlike a dll which requires 1 dll for every module that has to be injected and i guess having 6 or 7 dlls to be injected its more likely to forget about one.

In my opinion, having a small prog that might also be set to auto start fixing all exploits at once when a module is started is better. And to avoid to forget it you can also write a small batch file that checks if the fix prog is running and if not starts it which is then being started by a cronjob once every 5 minutes.. hell it could even be started by SQL Server Agent once every 5 seconds .. whatever you want

but lets stop arguing about what could be done and what would be better, if you dont want a compiled exe behaving like described above im totally fine with it, then chernos code will stay as he intended it to be: not used by people who dont know how to use it
Last edited:
Junior Spellweaver
Jul 2, 2012
Reaction score
@lemoniscool, I think most of us are looking for a fixed compiled exe.

The main problem is that most of them are not used to read and understand english.
Dunno what so hard to understand in "thank my post for ..." but we all know that.
Experienced Elementalist
Mar 10, 2012
Reaction score
@lemoniscool , no that many laps to repair it .. if you know programming, you'll know that one. scheduled DLL can cause you to read different applications simultaneously, you do not need to compile and make several DLL hook, one does everything.

That is just compiling 1. Dll you manage to make all necessary arrangements ..

Chernobyl public part of the arrangements made ​​in C#
I explained and understood, and how to use it in C++

Guys! have the solution in your eyes, it is a matter of using a little logic.

Master Summoner
Nov 9, 2009
Reaction score

okay true, when i think about it now there are possibilities to combine these into 1 dll, but still it needs to be injected into every process and at least in my opinion its easier to have a little prog that is run hidden and automatically that applies the fixes on its own
but okay, if most of the people want dlls thats totally fine .. less work for me
Jun 16, 2014
Reaction score

thank you so much
Experienced Elementalist
Mar 10, 2012
Reaction score

That's right buddy. and users will know to do!!

1 - Compiling the program released by Chernobyl
2 - Use OllyDbg to patch files on understanding what I said.
3 - Use DLL to repair.

The choice belongs to the community! see if they choose.

Greating! ;-)
Newbie Spellweaver
Sep 27, 2011
Reaction score
Thanks for the fixes, even if they are old, I still found some of them usefull.

About the way to use them, I think is easier to compile the code.
Just make your own


and take care of


Good luck =)