aboutsummaryrefslogtreecommitdiff
path: root/NorthstarDedicatedTest/ExploitFixes.cpp
diff options
context:
space:
mode:
authorKawe Mazidjatari <48657826+Mauler125@users.noreply.github.com>2022-06-16 19:22:48 +0200
committerGitHub <noreply@github.com>2022-06-16 19:22:48 +0200
commit8e5b7802fb013fac614268809f03885454998d30 (patch)
treeffc844d2836831c5e538df2df82551753bf67dd9 /NorthstarDedicatedTest/ExploitFixes.cpp
parent57e071fdd9c6b7e7d0172b68435a42be78074f86 (diff)
parent4487becdb849125d0161b0269070de7f395f688d (diff)
downloadNorthstarLauncher-8e5b7802fb013fac614268809f03885454998d30.tar.gz
NorthstarLauncher-8e5b7802fb013fac614268809f03885454998d30.zip
Merge branch 'main' into NetCon
Diffstat (limited to 'NorthstarDedicatedTest/ExploitFixes.cpp')
-rw-r--r--NorthstarDedicatedTest/ExploitFixes.cpp41
1 files changed, 39 insertions, 2 deletions
diff --git a/NorthstarDedicatedTest/ExploitFixes.cpp b/NorthstarDedicatedTest/ExploitFixes.cpp
index db754ad5..af7d48ac 100644
--- a/NorthstarDedicatedTest/ExploitFixes.cpp
+++ b/NorthstarDedicatedTest/ExploitFixes.cpp
@@ -5,6 +5,9 @@
#include "NSMem.h"
#include "cvar.h"
+typedef char(__fastcall* function_containing_emit_t)(uint64_t a1, uint64_t a2);
+function_containing_emit_t function_containing_emit;
+ConVar* sv_cheats;
ConVar* ns_exploitfixes_log;
#define SHOULD_LOG (ns_exploitfixes_log->m_Value.m_nValue > 0)
#define BLOCKED_INFO(s) \
@@ -347,6 +350,21 @@ KHOOK(
return oCrashFunc_ParseUTF8(a1, a2, strData);
}
+// GetEntByIndex (called by ScriptGetEntByIndex) doesn't check for the index being out of bounds when it's
+// above the max entity count. This allows it to be used to crash servers.
+typedef void*(__fastcall* GetEntByIndexType)(int idx);
+GetEntByIndexType GetEntByIndex;
+
+static void* GetEntByIndexHook(int idx)
+{
+ if (idx >= 0x4000)
+ {
+ spdlog::info("GetEntByIndex {} is out of bounds", idx);
+ return nullptr;
+ }
+ return GetEntByIndex(idx);
+}
+
//////////////////////////////////////////////////
void DoBytePatches()
@@ -394,7 +412,19 @@ void DoBytePatches()
}
}
-void ExploitFixes::LoadCallback(HMODULE unused)
+char function_containing_emit_hook(uint64_t unknown_value, uint64_t command_ptr)
+{
+ char* command_string = *(char**)(command_ptr + 1040); // From decompile
+
+ if (!sv_cheats->m_Value.m_nValue && !_strnicmp(command_string, "emit", 5))
+ {
+ spdlog::info("Blocking command \"emit\" because sv_cheats was 0");
+ return 1;
+ }
+ return function_containing_emit(unknown_value, command_ptr);
+}
+
+void ExploitFixes::LoadCallback(HMODULE baseAddress)
{
spdlog::info("ExploitFixes::LoadCallback ...");
@@ -416,4 +446,11 @@ void ExploitFixes::LoadCallback(HMODULE unused)
ns_exploitfixes_log =
new ConVar("ns_exploitfixes_log", "1", FCVAR_GAMEDLL, "Whether to log whenever ExploitFixes.cpp blocks/corrects something");
-} \ No newline at end of file
+
+ HookEnabler hook;
+
+ sv_cheats = g_pCVar->FindVar("sv_cheats");
+ ENABLER_CREATEHOOK(
+ hook, (char*)baseAddress + 0x5889A0, &function_containing_emit_hook, reinterpret_cast<LPVOID*>(&function_containing_emit));
+ ENABLER_CREATEHOOK(hook, (char*)baseAddress + 0x2a8a50, &GetEntByIndexHook, reinterpret_cast<LPVOID*>(&GetEntByIndex));
+}