diff options
Diffstat (limited to 'NorthstarDedicatedTest/ExploitFixes.cpp')
| -rw-r--r-- | NorthstarDedicatedTest/ExploitFixes.cpp | 41 |
1 files changed, 39 insertions, 2 deletions
diff --git a/NorthstarDedicatedTest/ExploitFixes.cpp b/NorthstarDedicatedTest/ExploitFixes.cpp index db754ad5..af7d48ac 100644 --- a/NorthstarDedicatedTest/ExploitFixes.cpp +++ b/NorthstarDedicatedTest/ExploitFixes.cpp @@ -5,6 +5,9 @@ #include "NSMem.h" #include "cvar.h" +typedef char(__fastcall* function_containing_emit_t)(uint64_t a1, uint64_t a2); +function_containing_emit_t function_containing_emit; +ConVar* sv_cheats; ConVar* ns_exploitfixes_log; #define SHOULD_LOG (ns_exploitfixes_log->m_Value.m_nValue > 0) #define BLOCKED_INFO(s) \ @@ -347,6 +350,21 @@ KHOOK( return oCrashFunc_ParseUTF8(a1, a2, strData); } +// GetEntByIndex (called by ScriptGetEntByIndex) doesn't check for the index being out of bounds when it's +// above the max entity count. This allows it to be used to crash servers. +typedef void*(__fastcall* GetEntByIndexType)(int idx); +GetEntByIndexType GetEntByIndex; + +static void* GetEntByIndexHook(int idx) +{ + if (idx >= 0x4000) + { + spdlog::info("GetEntByIndex {} is out of bounds", idx); + return nullptr; + } + return GetEntByIndex(idx); +} + ////////////////////////////////////////////////// void DoBytePatches() @@ -394,7 +412,19 @@ void DoBytePatches() } } -void ExploitFixes::LoadCallback(HMODULE unused) +char function_containing_emit_hook(uint64_t unknown_value, uint64_t command_ptr) +{ + char* command_string = *(char**)(command_ptr + 1040); // From decompile + + if (!sv_cheats->m_Value.m_nValue && !_strnicmp(command_string, "emit", 5)) + { + spdlog::info("Blocking command \"emit\" because sv_cheats was 0"); + return 1; + } + return function_containing_emit(unknown_value, command_ptr); +} + +void ExploitFixes::LoadCallback(HMODULE baseAddress) { spdlog::info("ExploitFixes::LoadCallback ..."); @@ -416,4 +446,11 @@ void ExploitFixes::LoadCallback(HMODULE unused) ns_exploitfixes_log = new ConVar("ns_exploitfixes_log", "1", FCVAR_GAMEDLL, "Whether to log whenever ExploitFixes.cpp blocks/corrects something"); -}
\ No newline at end of file + + HookEnabler hook; + + sv_cheats = g_pCVar->FindVar("sv_cheats"); + ENABLER_CREATEHOOK( + hook, (char*)baseAddress + 0x5889A0, &function_containing_emit_hook, reinterpret_cast<LPVOID*>(&function_containing_emit)); + ENABLER_CREATEHOOK(hook, (char*)baseAddress + 0x2a8a50, &GetEntByIndexHook, reinterpret_cast<LPVOID*>(&GetEntByIndex)); +} |