[Arkshine]

Why posting now and not when I've asked you 2 times before and where you have ignored me ? I really want to know.
You could have saved time by sharing your method. Now I say I'm going to post the module, you post, seriously ? -_-

Anyway, It's what I've done except I have not thought of hooking MSG_WriteBits() to change the max number of items, and I had to rewrite SV_SendResources(), which is a small function, I could avoid some signatures this way for sure but I don't like this way of hooking, so will keep what I've done.

[201724]

Looks like a server attack the use of resources to download
AddResourcesList or SizeOfResourceList? Repair before I SizeOfResourceList

for windows
I will not Linux

Code:

/*
 
035A5394 <>|> /8B50 48            /mov     edx, dword ptr [eax+48]         ;  loc_1D35394
 
035A5397   |. |8B48 40            |mov     ecx, dword ptr [eax+40]
 
035A539A   |. |03FA               |add     edi, edx
 
035A539C   |. |83F9 02            |cmp     ecx, 2
 
035A539F   |. |75 0B              |jnz     short <loc_1D353AC>
 
035A53A1   |. |8378 44 01         |cmp     dword ptr [eax+44], 1
 
035A53A5   |. |75 05              |jnz     short <loc_1D353AC>
 
035A53A7   |. |0156 18            |add     dword ptr [esi+18], edx
 
035A53AA   |. |EB 03              |jmp     short <loc_1D353AF>
 
035A53AC <>|> |01148E             |add     dword ptr [esi+ecx*4], edx      ;  loc_1D353AC
 
035A53AF <>|> |8B80 80000000      |mov     eax, dword ptr [eax+80]         ;  loc_1D353AF
 
035A53B5   |. |3BC3               |cmp     eax, ebx
 
035A53B7   |.^\75 DB              \jnz     short <loc_1D35394>
 
*/
 
__declspec(naked)void Safe_SizeofResourceList()
 
{
 
        __asm{
 
                CMP ECX,7
 
                JA _IsOverflow
 
                ADD DWORD PTR [ESI+ECX*4],EDX
 
_IsOverflow:
 
                MOV EAX,[EAX+0x80]
 
                RET
 
        }
 
}
 
//
 
bool PatchSizeofResourceList(void *BaseAddr, DWORD BaseSize)
 
{
 
        DWORD OldProtect;
 
        const char *SizeofResourceList = "\xEB\x03\x01\x14\x8E\x8B\x80\x80\x00\x00\x00\x3B\xC3\x75\xDB";
 
        BYTE *Offset;
 
        Offset = (BYTE*)FindMemory((char*)BaseAddr, (char*)BaseAddr+BaseSize-1, SizeofResourceList, 15);
 
        if(Offset)
 
        {
 
                Offset++;
 
                Offset++;
 
                VirtualProtect((void*)(Offset),9,PAGE_EXECUTE_READWRITE,&OldProtect);
 
                *Offset = 0xBA; //MOV EDX,XXX
 
                *(DWORD*)(Offset+1) = (DWORD)&Safe_SizeofResourceList;
 
                *(Offset+5) = 0xFF; //CALL EDX
 
                *(Offset+6) = 0xD2;
 
                *(Offset+7) = 0x90; //NOP
 
                *(Offset+8) = 0x90; //NOP
 
                return true;
 
        }
 
        return false;
 
}

[Arkshine]

I've found the function which seems something specific on the client, where it loops over all the resources, saving the download size in an array of size 32 and depending the type, then returning the total download size.

It seems you check before if the resource type has the value of 7 (which is an invalid type), you ignore.
I think I understand it could overflow the array where the size is saved.

But that's said, it's a client problem ; not something you can fix from server.

[dFF]

Quote:

Originally Posted by Arkshine Just to say what I've done so far works, client downloads well custom resources out of the normal process. I need to do more checks, making some configuration file, and cleaning the code, then I will post it as new module but for now, it needs some more work on it. Btw, someone gives me a name for this module, I'm not inspired at all.

Nice work!
When you going to release it? Sounds interesting.

[Arkshine]

For a first version, it's finished, but I've still to test under linux before and maybe I will add Bos93's fix for the client issue, then releasing.

[Bos93]

Arkshine,we will wait @}-->----

[joropito]

Arkshine rules...

[Arkshine]

You mean, like your library CHooker I've decided to use and we had so much trouble to debug it because someone did not test at all under windows, and was full of issues ?

[joropito]

Quote:

Originally Posted by Arkshine You mean, like your library CHooker I've decided to use and we had so much trouble to debug it because someone did not test at all under windows, and was full of issues ?

No!

I just say you rule the world. You take something seriously until you finish it...

[Arkshine]

Just to say I'm going to write the post for releasing the module. Sorry for the wait, the part of avoiding the limit of 1280 was ready for a long time, but since the day I've decided to integrate the fix for the sv_download issue and the CHooker library by joropito, I've got a massive massive bunch of trouble, especially under linux, and also understanding/searching another method for the download issue took time.