==================================================================================== # # this file has been created for the Lame patcher program available for both *nix # and Windows platforms. # You need this program for continuing the patching of your files: # # http://aluigi.org/mytoolz.htm#lpatch # # Quick step-by-step for Windows: # - launch lpatch.exe # - select this swat4x2fix.lpatch file # - read the message windows and click yes # - select the file (usually executables or dlls) to patch # - read the message windows to know if everything has been patched correctly # - test your game TITLE SWAT 4 1.1 Runtime Error fix 0.1 by Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org INTRO This unofficial patch for SWAT 4 is able to fix the bug B described here: . . http://aluigi.org/adv/swat4x-adv.txt . If you are unsure if your server is vulnerable please use the proof-of-concept provided there. . The patch is available only for version 1.1 of the dedicated server, older versions will be NOT supported by me so don't ask. FILE engine.dll BYTES_ORIGINAL CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC 55 ; PUSH EBP 8B EC ; MOV EBP,ESP 83 EC 58 ; SUB ESP,58 53 ; PUSH EBX 56 ; PUSH ESI 57 ; PUSH EDI 8B 7D 08 ; MOV EDI,DWORD PTR SS:[EBP+8] 6A 09 ; PUSH 9 8D 8F FC 00 00 00 ; LEA ECX,DWORD PTR DS:[EDI+FC] FF 15 ?? ?? ?? ?? ; CALL DWORD PTR DS:[<&Core.??DFString@@QB>; Core.??DFString@@QBEPBGXZ 8B 35 ?? ?? ?? ?? ; MOV ESI,DWORD PTR DS:[<&Core.?winToANSI@>; Core.?winToANSI@@YAPADPADPBGH@Z 50 ; PUSH EAX 8D 45 F4 ; LEA EAX,DWORD PTR SS:[EBP-C] 50 ; PUSH EAX FF D6 ; CALL ESI 8B 4D 0C ; MOV ECX,DWORD PTR SS:[EBP+C] 83 C4 0C ; ADD ESP,0C 6A 49 ; PUSH 49 BYTES_PATCH 8B 41 04 ; MOV EAX,DWORD PTR DS:[ECX+4] 83 F8 49 ; CMP EAX,49 7C 12 ; JL SHORT Engine.0063BA6C B8 01 00 00 00 ; MOV EAX,1 ; 0 could avoid the free (not verified) 89 41 04 ; MOV DWORD PTR DS:[ECX+4],EAX 89 41 08 ; MOV DWORD PTR DS:[ECX+8],EAX 8B 01 ; MOV EAX,DWORD PTR DS:[ECX] 66 C7 00 00 00 ; MOV WORD PTR DS:[EAX],0 6A 49 ; PUSH 49 EB 2F ; JMP SHORT Engine.0063BA9F ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? EB B3 ; JMP SHORT Engine.0063BA5F ====================================================================================