====================================================================================
#
# this file has been created for the Lame patcher program available for both *nix
# and Windows platforms.
# You need this program for continuing the patching of your files:
#
#   http://aluigi.org/mytoolz.htm#lpatch
#
# Quick step-by-step for Windows:
# - launch lpatch.exe
# - select this chaserfix.lpatch file
# - read the message windows and click yes
# - select the file Chaser.exe to patch
# - read the message windows to know if everything has been patched correctly
# - test your game

TITLE
    Chaser 1.50 (and other versions) various crash fixes 0.1
    by Luigi Auriemma
    e-mail: aluigi@autistici.org
    web:    aluigi.org

INTRO
    This unofficial patch is referred to the bugs described here:
    .
    . http://aluigi.org/adv/chaser-adv.txt
    . http://aluigi.org/adv/chasercool-adv.txt
    .
    If you are unsure if your server is vulnerable please use the proof-of-concept
    provided there.
    This patch should work with the dedicated server, the retail game and the demo
    too (although the main target is only the first one).

FILE
    Chaser.exe


; chaser-adv.txt
; 0050C88E
BYTES_ORIGINAL
    66 8B 4E 06             ; mov cx, word ptr [esi+06]
    8B 7C 24 10             ; mov edi, dword ptr [esp+10]
    83 C1 0E                ; add ecx, 0000000E
    8B C1                   ; mov eax, ecx
    C1 E9 02                ; shr ecx, 02
    F3                      ; repz
    A5                      ; movsd
    8B C8                   ; mov ecx, eax
    83 E1 03                ; and ecx, 00000003
    F3                      ; repz
    A4                      ; movsb
    8B 45 08                ; mov eax, dword ptr [ebp+08]
    5F                      ; pop edi
    85 C0                   ; test eax, eax
    0F 84 ?? ?? ?? ??       ; je 0050C94A

BYTES_PATCH
    66 8B 4E 06             ; mov cx, word ptr [esi+06]
    66 81 F9 78 05          ; cmp cx, 0578      ; max packet size
    72 02                   ; jb
    33 C9                   ; xor ecx, ecx
    8B 7C 24 10             ; mov edi, dword ptr [esp+10]
    83 C1 0E                ; add ecx, 0000000E
    90 90 90


; chasercool-adv.txt
; 005675CA
BYTES_ORIGINAL
    8A 43 12                ; mov al, byte ptr [ebx+12]
    84 C0                   ; test al, al
    74 20                   ; je 005675F1
    8B C8                   ; mov ecx, eax
    8D 73 13                ; lea esi, dword ptr [ebx+13]
    81 E1 FF 00 00 00       ; and ecx, 000000FF
    8D 7C 24 34             ; lea edi, dword ptr [esp+34]
    8B D1                   ; mov edx, ecx
    C1 E9 02                ; shr ecx, 02
    F3                      ; repz
    A5                      ; movsd
    8B CA                   ; mov ecx, edx
    83 E1 03                ; and ecx, 00000003
    F3                      ; repz
    A4                      ; movsb
    83 CF FF                ; or edi, FFFFFFFF

BYTES_PATCH
    8A 43 12                ; mov al, byte ptr [ebx+12]
    84 C0                   ; test al, al
    74 20                   ; je 005675F1
    8B C8                   ; mov ecx, eax
    8D 73 13                ; lea esi, dword ptr [ebx+13]
    81 E1 1F 00 00 00       ; and ecx, 0000001F
                            ; max 31 chars

====================================================================================