==================================================================================== # # this file has been created for the Lame patcher program available for both *nix # and Windows platforms. # You need this program for continuing the patching of your files: # # http://aluigi.org/mytoolz.htm#lpatch # # Quick step-by-step for Windows: # - launch lpatch.exe # - select this csdosfix.lpatch file # - read the message windows and click yes # - select the file (usually executables or dlls) to patch # - read the message windows to know if everything has been patched correctly # - test your game # # Quick step-by-step for Linux: # - compile lpatch: gcc -c md5.c ; gcc -o lpatch lpatch.c md5.o # - launch ./lpatch csdosfix.lpatch # - read the text messages # - specify the name of the file to patch # - read the text messages to know if everything has been patched correctly # - test your game TITLE Half-Life x.1.1.1e (Windows and Linux) hlfreeze/hl-headnut/csdos/btbp fix 0.1.1 by Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org INTRO This patch is referred to the so called hlfreeze/hl-headnut and csdos.pl vulnerabilities: . . http://aluigi.org/adv/csdos.txt . My solution is very simple, if Info_ValueForKey returns "" (value not found) we stop the loop. This work-around has only one side effect: a player could use this technique through the modification of its game client and will appear nameless in the server. Anyway this is not a problem since is still possible to see him and kick/ban him through the nickname "" and its client number (kick #number)... just the same as usual. . IMPORTANT: for the moment the "Born to be pig" fix is available only for Windows and NOT for Linux! . This patch has been created only for the latest known patches for the dedicated server 4.1.1.1e/3.1.1.1e of both Windows and Linux (engine* amd, i486 and i686), older versions will be NOT supported by me so don't ask. FILE swds.dll;engine*.so ONLY_ONE ; Windows BYTES_ORIGINAL 68 84 36 E4 01 ; push 01E43684 "name" 56 ; push esi E8 1E F5 FB FF ; call 01D417A0 83 C4 30 ; add esp, 030 C7 45 FC 01 00 00 00 ; mov dword[ebp-04], 00000001 E9 47 FF FF FF ; jmp 01D821D8 90 90 90 90 90 90 90 90 ; nops 90 90 90 90 90 90 90 ; nops BYTES_PATCH E8 24 F5 75 FE ; call 01D417A0 (less 00 00 86 01 !!!) 83 C4 28 ; add esp, 28 FF 45 FC ; inc dword[ebp-04] 80 38 00 ; cmp byte[eax], 00 74 91 ; je 01D82218 (quit) 68 E4 85 69 03 ; push 01E385E8 ".." 50 ; push eax E8 CE FB F9 FF ; call 01D21E60 85 C0 ; test eax, eax 58 ; pop eax 5b ; pop ebx 75 80 ; jne 01D82218 (quit) E9 3B FF FF FF ; jmp 01D821D8 (continue) ; Linux AMD BYTES_ORIGINAL 50 ; push eax e8 ?? ?? ?? ?? ; call 33c34 89 c7 ; mov edi,eax c7 44 24 38 01 00 00 00 ; mov DWORD PTR [esp+56],0x1 83 c4 20 ; add esp,0x20 e9 34 ff ff ff ; jmp 7fc70 8d 74 26 00 ; lea esi,[esi] 8b 44 24 18 ; mov eax,DWORD PTR [esp+24] BYTES_PATCH 50 ; push eax e8 ?? ?? ?? ?? ; call 33c34 89 c7 ; mov edi,eax c7 44 24 38 01 00 00 00 ; mov DWORD PTR [esp+56],0x1 83 c4 20 ; add esp,0x20 80 38 00 ; cmp BYTE PTR [eax], 0x0 0F 85 30 FF FF FF ; jnz 7fc70 8b 44 24 18 ; mov eax,DWORD PTR [esp+24] ; Linux i486 BYTES_ORIGINAL 50 ; push eax e8 ?? ?? ?? ?? ; call 33e64 89 c7 ; mov edi,eax c7 45 d4 01 00 00 00 ; mov DWORD PTR [ebp-44],0x1 83 c4 20 ; add esp,0x20 e9 2d ff ff ff ; jmp 81a50 8d b6 00 00 00 00 ; lea esi,[esi] 8d bc 27 00 00 00 00 ; lea edi,[edi] 8b 45 d4 ; mov eax,DWORD PTR [ebp-44] BYTES_PATCH 50 ; push eax e8 ?? ?? ?? ?? ; call 33e64 89 c7 ; mov edi,eax c7 45 d4 01 00 00 00 ; mov DWORD PTR [ebp-44],0x1 83 c4 20 ; add esp,0x20 80 38 00 ; cmp BYTE PTR [eax], 0x0 0F 85 29 FF FF FF ; jnz 81a50 90 90 8d bc 27 00 00 00 00 ; lea edi,[edi] 8b 45 d4 ; mov eax,DWORD PTR [ebp-44] ; Linux i686 BYTES_ORIGINAL 50 ; push eax e8 ?? ?? ?? ?? ; call 33e04 89 c7 ; mov edi,eax c7 44 24 38 01 00 00 00 ; mov DWORD PTR [esp+56],0x1 83 c4 20 ; add esp,0x20 e9 33 ff ff ff ; jmp 80510 8d 76 00 ; lea esi,[esi] 8b 44 24 18 ; mov eax,DWORD PTR [esp+24] BYTES_PATCH 50 ; push eax e8 ?? ?? ?? ?? ; call 33e04 89 c7 ; mov edi,eax c6 44 24 38 01 ; mov BYTE PTR [esp+56],0x1 // don't worry it's bool 83 c4 20 ; add esp,0x20 80 38 00 ; cmp BYTE PTR [eax], 0x0 0f 85 32 ff ff ff ; jnz 80510 90 90 8b 44 24 18 ; mov eax,DWORD PTR [esp+24] ====================================================================================