====================================================================================
#
# this file has been created for the Lame patcher program available for both *nix
# and Windows platforms.
# You need this program for continuing the patching of your files:
#
#   http://aluigi.org/mytoolz.htm#lpatch
#
# Quick step-by-step for Windows:
# - launch lpatch.exe
# - select this swbf2sevenfix.lpatch file
# - read the message windows and click yes
# - select the file (usually executables or dlls) to patch
# - read the message windows to know if everything has been patched correctly
# - test your game

TITLE
    Star Wars Battlefront II 1.1 and PS2 1.07 seven guests fix 0.1.1
    by Luigi Auriemma
    e-mail: aluigi@autistici.org
    web:    aluigi.org

INTRO
    This patch is referred to the vulnerability described here:
    .
    . http://aluigi.org/adv/swbf2seven-adv.txt
    .
    This patch has been created only for the version of the game specified in
    the title for both Windows and PS2 dedicated servers, older versions will
    be NOT supported by me so don't ask.

FILE
    BattlefrontII.exe

MAX_CHANGES 1


    # PC 1.1
BYTES_ORIGINAL
    E8 19 85 CC FF          ; CALL Battlefr.00404462    ; read number of guests
    33 C0                   ; XOR EAX,EAX
    83 7D A8 FF             ; CMP DWORD PTR SS:[EBP-58],-1
    0F 95 C0                ; SETNE AL
    88 85 73 FF FF FF       ; MOV BYTE PTR SS:[EBP-8D],AL
    C7 45 80 00 00 00 00    ; MOV DWORD PTR SS:[EBP-80],0
    EB 09                   ; JMP SHORT Battlefr.0073BF6A
    8B 4D 80                ; MOV ECX,DWORD PTR SS:[EBP-80]
    83 C1 01                ; ADD ECX,1
    89 4D 80                ; MOV DWORD PTR SS:[EBP-80],ECX
    8B 55 80                ; MOV EDX,DWORD PTR SS:[EBP-80]

BYTES_PATCH
    ?? ?? ?? ?? ??
    ?? ??
    ?? ?? ?? ??
    ?? ?? ??
    ?? ?? ?? ?? ?? ??
    33 D2                   ; XOR EDX,EDX
    89 55 80                ; MOV DWORD PTR SS:[EBP-80],EDX
    90                      ; NOP
    90                      ; NOP
    EB 0C                   ; JMP SHORT Battlefr.0073BF6D
    42                      ; INC EDX
    89 55 80                ; MOV DWORD PTR SS:[EBP-80],EDX
    83 FA 06                ; CMP EDX,6
    72 03                   ; JB SHORT Battlefr.0073BF6D
    89 55 88                ; MOV DWORD PTR SS:[EBP-78],EDX


    # PS2 1.07
BYTES_ORIGINAL
    E8 1F 88 CE FF          ; CALL Battlefr.00404327
    33 C9                   ; XOR ECX,ECX
    83 7D A8 FF             ; CMP DWORD PTR SS:[EBP-58],-1
    0F 95 C1                ; SETNE CL
    88 8D 73 FF FF FF       ; MOV BYTE PTR SS:[EBP-8D],CL
    C7 45 80 00 00 00 00    ; MOV DWORD PTR SS:[EBP-80],0
    EB 09                   ; JMP SHORT Battlefr.0071BB29
    8B 55 80                ; MOV EDX,DWORD PTR SS:[EBP-80]
    83 C2 01                ; ADD EDX,1
    89 55 80                ; MOV DWORD PTR SS:[EBP-80],EDX
    8B 45 80                ; MOV EAX,DWORD PTR SS:[EBP-80]

BYTES_PATCH
    ?? ?? ?? ?? ??
    ?? ??
    ?? ?? ?? ??
    ?? ?? ??
    ?? ?? ?? ?? ?? ??
    33 C0                   ; XOR EAX,EAX
    89 45 80                ; MOV DWORD PTR SS:[EBP-80],EAX
    90                      ; NOP
    90                      ; NOP
    EB 0C                   ; JMP SHORT Battlefr.0071BB2C
    40                      ; INC EAX
    89 45 80                ; MOV DWORD PTR SS:[EBP-80],EAX
    83 F8 06                ; CMP EAX,6
    72 03                   ; JB SHORT Battlefr.0071BB2C
    89 45 88                ; MOV DWORD PTR SS:[EBP-78],EAX

====================================================================================