diff options
author | Tom Barham <me@cpdt.dev> | 2022-06-15 06:07:04 +1000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-06-14 22:07:04 +0200 |
commit | b84cd76f671e44a686df6f2b36be6642b0bd24a5 (patch) | |
tree | 84e78e621bea89dbc7921d3e5c5aef1c207a549c /NorthstarDedicatedTest/ExploitFixes.cpp | |
parent | acedd15c538977a2b58a0ce4f5ba52a8584a9340 (diff) | |
download | NorthstarLauncher-b84cd76f671e44a686df6f2b36be6642b0bd24a5.tar.gz NorthstarLauncher-b84cd76f671e44a686df6f2b36be6642b0bd24a5.zip |
Guard against GetEntByIndex read out of bounds (#191)
* Guard against GetEntByIndex read out of bounds
* Move to ExploitFixes.cpp
* format
* Log out of bounds access
Diffstat (limited to 'NorthstarDedicatedTest/ExploitFixes.cpp')
-rw-r--r-- | NorthstarDedicatedTest/ExploitFixes.cpp | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/NorthstarDedicatedTest/ExploitFixes.cpp b/NorthstarDedicatedTest/ExploitFixes.cpp index db754ad5..277475f6 100644 --- a/NorthstarDedicatedTest/ExploitFixes.cpp +++ b/NorthstarDedicatedTest/ExploitFixes.cpp @@ -347,6 +347,21 @@ KHOOK( return oCrashFunc_ParseUTF8(a1, a2, strData); } +// GetEntByIndex (called by ScriptGetEntByIndex) doesn't check for the index being out of bounds when it's +// above the max entity count. This allows it to be used to crash servers. +typedef void*(__fastcall* GetEntByIndexType)(int idx); +GetEntByIndexType GetEntByIndex; + +static void* GetEntByIndexHook(int idx) +{ + if (idx >= 0x4000) + { + spdlog::info("GetEntByIndex {} is out of bounds", idx); + return nullptr; + } + return GetEntByIndex(idx); +} + ////////////////////////////////////////////////// void DoBytePatches() @@ -394,7 +409,7 @@ void DoBytePatches() } } -void ExploitFixes::LoadCallback(HMODULE unused) +void ExploitFixes::LoadCallback(HMODULE baseAddress) { spdlog::info("ExploitFixes::LoadCallback ..."); @@ -416,4 +431,7 @@ void ExploitFixes::LoadCallback(HMODULE unused) ns_exploitfixes_log = new ConVar("ns_exploitfixes_log", "1", FCVAR_GAMEDLL, "Whether to log whenever ExploitFixes.cpp blocks/corrects something"); -}
\ No newline at end of file + + HookEnabler hook; + ENABLER_CREATEHOOK(hook, (char*)baseAddress + 0x2a8a50, &GetEntByIndexHook, reinterpret_cast<LPVOID*>(&GetEntByIndex)); +} |