====================================================================================
#
# this file has been created for the Lame patcher program available for both *nix
# and Windows platforms.
# You need this program for continuing the patching of your files:
#
#   http://aluigi.org/mytoolz.htm#lpatch
#
# Quick step-by-step for Windows:
# - launch lpatch.exe
# - select this bfloop.lpatch file
# - read the message windows and click yes
# - select the file (usually executables or dlls) to patch
# - read the message windows to know if everything has been patched correctly
# - test your game

TITLE
    Battlefield 2/2142 1.4*/1.5* bfloop fix 0.2 (Windows)
    by Luigi Auriemma
    e-mail: aluigi@autistici.org
    web:    aluigi.org

INTRO
    This unofficial patch for Battlefield 2 and 2142 is a work-around for a
    bug found by Francis Lavoie-Renaud and which will be disclosed in future:
    .
    . http://aluigi.freeforums.org/battlefield-2-crash-t927.html
    .
    The effect of this vulnerability is the freezing of the server and the
    CPU at 100% in a partial endless loop.
    (note that the 1.5 beta patch of Battlefield 2 should fix this bug)
    .
    The patch is available only for the Windows servers of both the latest
    official versions (non-beta, so 1.41 for bf2 and 1.50 for bf2142) of the
    games but I have included also the work-around of the first part of the
    bug for the Linux servers so it's possible to apply this patch also on
    them.
    Older versions will be NOT supported by me so don't ask

FILE
    bf*ded*

#ONLY_ONE # multiple fixes

    # windows bf1942/2/2142 (bfloop)
BYTES_ORIGINAL
    8B 48 ??            ; MOV ECX,DWORD PTR DS:[EAX+14]
    8B 50 ??            ; MOV EDX,DWORD PTR DS:[EAX+4]
    66 8B 0C 11         ; MOV CX,WORD PTR DS:[ECX+EDX]
    66 85 C9            ; TEST CX,CX  ; in the bug CX is zero and the function returns 9
    76 ??               ; JBE SHORT bf2_w32d.00682F14

BYTES_PATCH
    ?? ?? ??
    ?? ?? ??
    ?? ?? ?? ??
    90 90 90            ; skip
    90 90               ; skip

    # windows bf2/2142 (null pointer)
BYTES_ORIGINAL
    CC CC CC CC
    CC CC CC CC
    55                  ; push ebp
    8B EC               ; mov ebp, esp
    51                  ; push ecx
    53                  ; push ebx
    8B 5D 08            ; mov ebx, dword ptr [ebp+08]
    85 DB               ; test ebx, ebx
    57                  ; push edi
    8B F9               ; mov edi, ecx
    75 0A               ; jne 00606519
    5F                  ; pop edi
    32 C0               ; xor al, al
    5B                  ; pop ebx
    8B E5               ; mov esp, ebp
    5D                  ; pop ebp
    C2 04 00            ; ret 0004
    8B 8F 84 00 00 00   ; mov ecx, dword ptr [edi+00000084]
    8B 01               ; mov eax, dword ptr [ecx]
    FF 90 ?? 00 00 00   ; call dword ptr [eax+000000A8]

BYTES_PATCH
    85 C9               ; TEST ECX,ECX
    74 13               ; JE SHORT bf2_w32d.006195EF
    8B 01               ; MOV EAX,DWORD PTR DS:[ECX]
    EB 21               ; JMP SHORT bf2_w32d.00619601
    ??
    ?? ??
    ??
    ??
    ?? ?? ??
    ?? ??
    ??
    ?? ??
    ?? ??
    ??
    ?? ??
    ??
    ?? ??
    ??
    ?? ?? ??
    ?? ?? ?? ?? ?? ??
    eb d7               ; jmp work-around

    # linux bf2/2142 (only the first problem, no fix for the null pointer)
BYTES_ORIGINAL
    8B 41 ??            ; mov eax, dword ptr [ecx+04]
    8B 51 ??            ; mov edx, dword ptr [ecx+14]
    0F B7 1C 10         ; movzx ebx, word ptr [eax+edx]
    B8 09 00 00 00      ; mov eax, 00000009
    66 85 DB            ; test bx, bx
    74 ??               ; je 00000033

BYTES_PATCH
    ?? ?? ??
    ?? ?? ??
    ?? ?? ?? ??
    ?? ?? ?? ?? ??
    90 90 90            ; skip
    90 90               ; skip

====================================================================================