diff options
| -rw-r--r-- | NorthstarDedicatedTest/ExploitFixes.cpp | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/NorthstarDedicatedTest/ExploitFixes.cpp b/NorthstarDedicatedTest/ExploitFixes.cpp index db754ad5..277475f6 100644 --- a/NorthstarDedicatedTest/ExploitFixes.cpp +++ b/NorthstarDedicatedTest/ExploitFixes.cpp @@ -347,6 +347,21 @@ KHOOK( return oCrashFunc_ParseUTF8(a1, a2, strData); } +// GetEntByIndex (called by ScriptGetEntByIndex) doesn't check for the index being out of bounds when it's +// above the max entity count. This allows it to be used to crash servers. +typedef void*(__fastcall* GetEntByIndexType)(int idx); +GetEntByIndexType GetEntByIndex; + +static void* GetEntByIndexHook(int idx) +{ + if (idx >= 0x4000) + { + spdlog::info("GetEntByIndex {} is out of bounds", idx); + return nullptr; + } + return GetEntByIndex(idx); +} + ////////////////////////////////////////////////// void DoBytePatches() @@ -394,7 +409,7 @@ void DoBytePatches() } } -void ExploitFixes::LoadCallback(HMODULE unused) +void ExploitFixes::LoadCallback(HMODULE baseAddress) { spdlog::info("ExploitFixes::LoadCallback ..."); @@ -416,4 +431,7 @@ void ExploitFixes::LoadCallback(HMODULE unused) ns_exploitfixes_log = new ConVar("ns_exploitfixes_log", "1", FCVAR_GAMEDLL, "Whether to log whenever ExploitFixes.cpp blocks/corrects something"); -}
\ No newline at end of file + + HookEnabler hook; + ENABLER_CREATEHOOK(hook, (char*)baseAddress + 0x2a8a50, &GetEntByIndexHook, reinterpret_cast<LPVOID*>(&GetEntByIndex)); +} |