1 files changed, 51 insertions, 0 deletions

diff --git a/NorthstarDedicatedTest/securitypatches.cpp b/NorthstarDedicatedTest/securitypatches.cpp
new file mode 100644
index 00000000..23c96520
--- /dev/null
+++ b/NorthstarDedicatedTest/securitypatches.cpp
@@ -0,0 +1,51 @@
+#include "pch.h"
+#include "securitypatches.h"
+#include "hookutils.h"
+#include "concommand.h"
+
+typedef bool(*IsValveModType)();
+IsValveModType IsValveMod;
+
+bool IsValveModHook()
+{
+	// basically: by default r2 isn't set as a valve mod, meaning that m_bRestrictServerCommands is false
+	// this is HORRIBLE for security, because it means servers can run arbitrary concommands on clients
+	// especially since we have script commands this could theoretically be awful
+
+	// todo: possibly have a commandline arg to disable this
+	return true;
+}
+
+void InitialiseClientEngineSecurityPatches(HMODULE baseAddress)
+{
+	HookEnabler hook;
+
+	// note: this could break some things
+	ENABLER_CREATEHOOK(hook, (char*)baseAddress + 0x1C6360, &IsValveModHook, reinterpret_cast<LPVOID*>(&IsValveMod));
+	
+	// patches to make commands run from client/ui script still work
+	{
+		void* ptr = (char*)baseAddress + 0x4FB65;
+		TempReadWrite rw(ptr);
+
+		*((char*)ptr) = (char)0xEB;
+		*((char*)ptr + 1) = (char)0x11;
+	}
+
+	{
+		void* ptr = (char*)baseAddress + 0x4FBAC;
+		TempReadWrite rw(ptr);
+
+		*((char*)ptr) = (char)0xEB;
+		*((char*)ptr + 1) = (char)0x16;
+	}
+
+	// byte patches to patch concommands that this messes up that we need
+	{
+		// disconnect concommand
+		void* ptr = (char*)baseAddress + 0x5ADA2D;
+		TempReadWrite rw(ptr);
+	
+		*((int*)ptr) |= FCVAR_SERVER_CAN_EXECUTE;
+	}
+}
\ No newline at end of file