Sigh, if you dont know what the problem is, don't post.
The problem happens when you enter format strings in the chatroom's name.
for example: %s
The server will attempt to log the name of the chatroom you created, something like this:
(or, lets take it straight from the source, exactly like this:)
Code:
LOG(LOG_PROG, "ChatRoom Created : '%s' ", pszChatRoomName);
Typing /chatmake %s%s will probably crash your server if this exploit wasnt patched.
How MAIET fixed the exploit:
Code:
// LOG(LOG_PROG, "ChatRoom Created : '%s' ", pszChatRoomName);
Yes, they made the line a comment, removing it from the actual code.
And that's what we're gonna do, we're gonna skip this specific call to the log function.
TL;DR:
Open Matchserver.exe in Ollydbg.
2008:
Code:
Press Ctrl+G go to 421B24.
Double click 421B24 and type "JMP 00421B35", hit assemble.
2007:
Code:
Press Ctrl+G go to 4126F4.
Double click 4126F4 and type "JMP 00412705", hit assemble.
Right click anywhere in the CPU window, select Copy to executeable > All modifications, then hit "Copy all".
A smaller window will appear.
Right click that window and hit "Save file", change the file name and you're good to go.
Note: I haven't tested this, so if anyone tests it and it works feel free to say so.
Should work though.