diff options
-rw-r--r-- | NorthstarDedicatedTest/miscserverfixes.cpp | 13 | ||||
-rw-r--r-- | NorthstarDedicatedTest/securitypatches.cpp | 6 |
2 files changed, 19 insertions, 0 deletions
diff --git a/NorthstarDedicatedTest/miscserverfixes.cpp b/NorthstarDedicatedTest/miscserverfixes.cpp index 334c5fa3..fca9c169 100644 --- a/NorthstarDedicatedTest/miscserverfixes.cpp +++ b/NorthstarDedicatedTest/miscserverfixes.cpp @@ -21,4 +21,17 @@ void InitialiseMiscServerFixes(HMODULE baseAddress) *(ptr++) = 0x90; // nop *ptr = 0x90; // nop } + + // ret at the start of CServerGameClients::ClientCommandKeyValues as it has no benefit and is forwarded to client (i.e. security issue) + // this prevents the attack vector of client=>server=>client, however server=>client also has clientside patches + { + char* ptr = reinterpret_cast<char*>(baseAddress) + 0x153920; + TempReadWrite rw(ptr); + *ptr = 0xC3; + } +} + +void InitialiseMiscEngineServerFixes(HMODULE baseAddress) +{ + }
\ No newline at end of file diff --git a/NorthstarDedicatedTest/securitypatches.cpp b/NorthstarDedicatedTest/securitypatches.cpp index ee16593b..9352559a 100644 --- a/NorthstarDedicatedTest/securitypatches.cpp +++ b/NorthstarDedicatedTest/securitypatches.cpp @@ -16,12 +16,18 @@ bool IsValveModHook() return !CommandLine()->CheckParm("-norestrictservercommands"); } +typedef bool (*SVC_CmdKeyValues__ReadFromBufferType)(void* a1, void* a2); +SVC_CmdKeyValues__ReadFromBufferType SVC_CmdKeyValues__ReadFromBuffer; +// never parse server=>client keyvalues for clientcommandkeyvalues +bool SVC_CmdKeyValues__ReadFromBufferHook(void* a1, void* a2) { return false; } + void InitialiseClientEngineSecurityPatches(HMODULE baseAddress) { HookEnabler hook; // note: this could break some things ENABLER_CREATEHOOK(hook, (char*)baseAddress + 0x1C6360, &IsValveModHook, reinterpret_cast<LPVOID*>(&IsValveMod)); + ENABLER_CREATEHOOK(hook, (char*)baseAddress + 0x222E70, &SVC_CmdKeyValues__ReadFromBufferHook, reinterpret_cast<LPVOID*>(&SVC_CmdKeyValues__ReadFromBuffer)); // patches to make commands run from client/ui script still work // note: this is likely preventable in a nicer way? test prolly |