Finally dug this patch up again!

An attacker can basically fill up all the sockets and crash the server. This patch ensures sockets don't get bugged (causing the crash), so it can withstand attacks better (and like I said, doesn't crash).

1.298

1. 00445896 |. EB 38 JMP SHORT 004458D0 // jump to code cave
   
2. 00445898 | 90 NOP
   
3. 00445899 | 90 NOP
   
4. 0044589A | 90 NOP
   
5. 
   
6. 004458D0 |> 80BE 55800000 >CMP BYTE PTR DS:[ESI+8055],1 // code cave starts check if m_State == STATE_CONNECTED
   
7. 004458D7 |. 74 0B JE SHORT 004458E4 // if its equal go to normal code.
   
8. 004458D9 |. 80BE 55800000 >CMP BYTE PTR DS:[ESI+8055],3 // if m_State == STATE_GAMESTART
   
9. 004458E0 |. 74 02 JE SHORT 004458E4 // if its equal go to normal code.
   
10. 004458E2 |.^EB B9 JMP SHORT 0044589D // jump to close_routine
    
11. 004458E4 |> 66:837E 08 02 CMP WORD PTR DS:[ESI+8],2 // if m_nSocketErr == 2
    
12. 004458E9 \.^EB B0 JMP SHORT 0044589B // jmp to code cave

复制代码

1.310/1.351

1. 00437C25 E9 D1AF0C00 JMP 00502BFB
   
2. 
   
3. 00502BFB 80BE 55800000 >CMP BYTE PTR DS:[ESI+8055],1
   
4. 00502C02 74 0E JE SHORT 00502C12
   
5. 00502C04 80BE 55800000 >CMP BYTE PTR DS:[ESI+8055],3
   
6. 00502C0B 74 05 JE SHORT 00502C12
   
7. 00502C0D ^E9 1A50F3FF JMP 00437C2C
   
8. 00502C12 66:837E 08 02 CMP WORD PTR DS:[ESI+8],2
   
9. 00502C17 ^E9 0E50F3FF JMP 00437C2A

复制代码

这是什么代码？

龙王 发表于 2014-10-19 06:50
这是什么代码？

od反汇编

路过不懂哈哈