搜索
 找回密码
 加入

[1.298, 1.310/1.351] "Countdown" attack patch

ctgwglzc 2014-12-14 23:15:39 1572
Finally dug this patch up again!

An attacker can basically fill up all the sockets and crash the server. This patch ensures sockets don't get bugged (causing the crash), so it can withstand attacks better (and like I said, doesn't crash).

1.298
  1. 00445896 |. EB 38 JMP SHORT 004458D0 // jump to code cave
  2. 00445898 | 90 NOP
  3. 00445899 | 90 NOP
  4. 0044589A | 90 NOP

  5. 004458D0 |> 80BE 55800000 >CMP BYTE PTR DS:[ESI+8055],1 // code cave starts check if m_State == STATE_CONNECTED
  6. 004458D7 |. 74 0B JE SHORT 004458E4 // if its equal go to normal code.
  7. 004458D9 |. 80BE 55800000 >CMP BYTE PTR DS:[ESI+8055],3 // if m_State == STATE_GAMESTART
  8. 004458E0 |. 74 02 JE SHORT 004458E4 // if its equal go to normal code.
  9. 004458E2 |.^EB B9 JMP SHORT 0044589D // jump to close_routine
  10. 004458E4 |> 66:837E 08 02 CMP WORD PTR DS:[ESI+8],2 // if m_nSocketErr == 2
  11. 004458E9 \.^EB B0 JMP SHORT 0044589B // jmp to code cave
复制代码
1.310/1.351
  1. 00437C25 E9 D1AF0C00 JMP 00502BFB

  2. 00502BFB 80BE 55800000 >CMP BYTE PTR DS:[ESI+8055],1
  3. 00502C02 74 0E JE SHORT 00502C12
  4. 00502C04 80BE 55800000 >CMP BYTE PTR DS:[ESI+8055],3
  5. 00502C0B 74 05 JE SHORT 00502C12
  6. 00502C0D ^E9 1A50F3FF JMP 00437C2C
  7. 00502C12 66:837E 08 02 CMP WORD PTR DS:[ESI+8],2
  8. 00502C17 ^E9 0E50F3FF JMP 00437C2A
复制代码
随机推荐

3 回复

龙王
2014-10-19 06:50:12
点击查看详情
这是什么代码?
ctgwglzc
2014-10-22 00:27:56
楼主
龙王 发表于 2014-10-19 06:50
这是什么代码?

od反汇编
14791223344
2014-12-14 23:15:39
路过不懂哈哈
高级模式
游客