aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBobTheBob <32057864+BobTheBob9@users.noreply.github.com>2022-03-22 19:46:13 +0000
committerBobTheBob <32057864+BobTheBob9@users.noreply.github.com>2022-03-22 19:46:13 +0000
commit2cb92fc902153b0fb50b367271517fbbd0900ace (patch)
treea891560a1924c53af29e682294b8ef3bbf2257d0
parent92f77b231ac324cc1326bef31251fc6b86df1f3b (diff)
downloadNorthstarLauncher-2cb92fc902153b0fb50b367271517fbbd0900ace.tar.gz
NorthstarLauncher-2cb92fc902153b0fb50b367271517fbbd0900ace.zip
remove ClientCommandKeyValues
-rw-r--r--NorthstarDedicatedTest/miscserverfixes.cpp13
-rw-r--r--NorthstarDedicatedTest/securitypatches.cpp6
2 files changed, 19 insertions, 0 deletions
diff --git a/NorthstarDedicatedTest/miscserverfixes.cpp b/NorthstarDedicatedTest/miscserverfixes.cpp
index 334c5fa3..fca9c169 100644
--- a/NorthstarDedicatedTest/miscserverfixes.cpp
+++ b/NorthstarDedicatedTest/miscserverfixes.cpp
@@ -21,4 +21,17 @@ void InitialiseMiscServerFixes(HMODULE baseAddress)
*(ptr++) = 0x90; // nop
*ptr = 0x90; // nop
}
+
+ // ret at the start of CServerGameClients::ClientCommandKeyValues as it has no benefit and is forwarded to client (i.e. security issue)
+ // this prevents the attack vector of client=>server=>client, however server=>client also has clientside patches
+ {
+ char* ptr = reinterpret_cast<char*>(baseAddress) + 0x153920;
+ TempReadWrite rw(ptr);
+ *ptr = 0xC3;
+ }
+}
+
+void InitialiseMiscEngineServerFixes(HMODULE baseAddress)
+{
+
} \ No newline at end of file
diff --git a/NorthstarDedicatedTest/securitypatches.cpp b/NorthstarDedicatedTest/securitypatches.cpp
index ee16593b..9352559a 100644
--- a/NorthstarDedicatedTest/securitypatches.cpp
+++ b/NorthstarDedicatedTest/securitypatches.cpp
@@ -16,12 +16,18 @@ bool IsValveModHook()
return !CommandLine()->CheckParm("-norestrictservercommands");
}
+typedef bool (*SVC_CmdKeyValues__ReadFromBufferType)(void* a1, void* a2);
+SVC_CmdKeyValues__ReadFromBufferType SVC_CmdKeyValues__ReadFromBuffer;
+// never parse server=>client keyvalues for clientcommandkeyvalues
+bool SVC_CmdKeyValues__ReadFromBufferHook(void* a1, void* a2) { return false; }
+
void InitialiseClientEngineSecurityPatches(HMODULE baseAddress)
{
HookEnabler hook;
// note: this could break some things
ENABLER_CREATEHOOK(hook, (char*)baseAddress + 0x1C6360, &IsValveModHook, reinterpret_cast<LPVOID*>(&IsValveMod));
+ ENABLER_CREATEHOOK(hook, (char*)baseAddress + 0x222E70, &SVC_CmdKeyValues__ReadFromBufferHook, reinterpret_cast<LPVOID*>(&SVC_CmdKeyValues__ReadFromBuffer));
// patches to make commands run from client/ui script still work
// note: this is likely preventable in a nicer way? test prolly