Fix NTA's exploit

2016-05-15 16:47:57 +02:00 · 2016-05-15 16:47:57 +02:00 · 8305115b39
commit 8305115b39
parent 70ff5e23ab
5 changed files with 24 additions and 1 deletions
--- a/deps/json11
+++ b/deps/json11
@ -1 +1 @@
-Subproject commit 8452587160c5e767cbc2cd49453f03a2e38c50d2
+Subproject commit df1fdbfd7951a33ae376eade9ec67046cf50fb19
--- a/src/Components/Modules/QuickPatch.cpp
+++ b/src/Components/Modules/QuickPatch.cpp
@ -80,6 +80,18 @@ namespace Components
 		}
 	}

+	int QuickPatch::MsgReadBitsCompressCheckSV(const char *from, char *to, int size)
+	{
+		if (size > 0x800) return 0;
+		return Game::MSG_ReadBitsCompress(from, to, size);
+	}
+
+	int QuickPatch::MsgReadBitsCompressCheckCL(const char *from, char *to, int size)
+	{
+		if (size > 0x20000) return 0;
+		return Game::MSG_ReadBitsCompress(from, to, size);
+	}
+
 	QuickPatch::QuickPatch()
 	{
 		// protocol version (workaround for hacks)
@ -286,6 +298,10 @@ namespace Components
 		Utils::Hook(0x682EBF, QuickPatch::GetStatsID, HOOK_CALL).Install()->Quick();
 		Utils::Hook(0x6830B1, QuickPatch::GetStatsID, HOOK_CALL).Install()->Quick();

+		// Exploit fixes
+		Utils::Hook(0x414D92, QuickPatch::MsgReadBitsCompressCheckSV, HOOK_CALL).Install()->Quick();
+		Utils::Hook(0x4A9F56, QuickPatch::MsgReadBitsCompressCheckCL, HOOK_CALL).Install()->Quick();
+
 		Command::Add("unlockstats", [] (Command::Params params)
 		{
 			QuickPatch::UnlockStats();
--- a/src/Components/Modules/QuickPatch.hpp
+++ b/src/Components/Modules/QuickPatch.hpp
@ -20,5 +20,8 @@ namespace Components

 		static int64_t* GetStatsID();
 		static void ShutdownStub(int channel, const char* message);
+
+		static int MsgReadBitsCompressCheckSV(const char *from, char *to, int size);
+		static int MsgReadBitsCompressCheckCL(const char *from, char *to, int size);
 	};
 }
--- a/src/Game/Functions.cpp
+++ b/src/Game/Functions.cpp
@ -86,6 +86,7 @@ namespace Game
 	MSG_WriteLong_t MSG_WriteLong = (MSG_WriteLong_t)0x41CA20;
 	MSG_WriteBitsCompress_t MSG_WriteBitsCompress = (MSG_WriteBitsCompress_t)0x4319D0;
 	MSG_ReadByte_t MSG_ReadByte = (MSG_ReadByte_t)0x4C1C20;
+	MSG_ReadBitsCompress_t MSG_ReadBitsCompress = (MSG_ReadBitsCompress_t)0x4DCC30;

 	NET_AdrToString_t NET_AdrToString = (NET_AdrToString_t)0x469880;
 	NET_CompareAdr_t NET_CompareAdr = (NET_CompareAdr_t)0x4D0AA0;
--- a/src/Game/Functions.hpp
+++ b/src/Game/Functions.hpp
@ -197,6 +197,9 @@ namespace Game
 	typedef int(__cdecl * MSG_ReadByte_t)(msg_t* msg);
 	extern MSG_ReadByte_t MSG_ReadByte;

+	typedef int(__cdecl * MSG_ReadBitsCompress_t)(const char *from, char *to, int size);
+	extern MSG_ReadBitsCompress_t MSG_ReadBitsCompress;
+
 	typedef void(__cdecl * MSG_WriteByte_t)(msg_t* msg, unsigned char c);
 	extern MSG_WriteByte_t MSG_WriteByte;