My matchserver closes?

**qet123** · 13-12-11

You need to disable the chatmake command!

**jewness12** · 15-12-11

Sigh, if you dont know what the problem is, don't post.
The problem happens when you enter format strings in the chatroom's name.
for example: %s
The server will attempt to log the name of the chatroom you created, something like this:
(or, lets take it straight from the source, exactly like this:)

Code:

LOG(LOG_PROG, "ChatRoom Created : '%s' ", pszChatRoomName);

Typing /chatmake %s%s will probably crash your server if this exploit wasnt patched.
How MAIET fixed the exploit:

Code:

//		LOG(LOG_PROG, "ChatRoom Created : '%s' ", pszChatRoomName);

Yes, they made the line a comment, removing it from the actual code.
And that's what we're gonna do, we're gonna skip this specific call to the log function.

TL;DR:

Open Matchserver.exe in Ollydbg.

2008:

Code:

Press Ctrl+G go to 421B24.
Double click 421B24 and type "JMP 00421B35", hit assemble.

2007:

Code:

Press Ctrl+G go to 4126F4.
Double click 4126F4 and type "JMP 00412705", hit assemble.

Right click anywhere in the CPU window, select Copy to executeable > All modifications, then hit "Copy all".
A smaller window will appear.
Right click that window and hit "Save file", change the file name and you're good to go.

Note: I haven't tested this, so if anyone tests it and it works feel free to say so.
Should work though.

**flyffhelper** · 15-12-11

Originally Posted by jewness12

Sigh, if you dont know what the problem is, don't post.
The problem happens when you enter format strings in the chatroom's name.
for example: %s
The server will attempt to log the name of the chatroom you created, something like this:
(or, lets take it straight from the source, exactly like this:)

Code:

LOG(LOG_PROG, "ChatRoom Created : '%s' ", pszChatRoomName);

Typing /chatmake %s%s will probably crash your server if this exploit wasnt patched.
How MAIET fixed the exploit:

Code:

//		LOG(LOG_PROG, "ChatRoom Created : '%s' ", pszChatRoomName);

Yes, they made the line a comment, removing it from the actual code.
And that's what we're gonna do, we're gonna skip this specific call to the log function.

TL;DR:

Open Matchserver.exe in Ollydbg.

2008:

Code:

Press Ctrl+G go to 421B24.
Double click 421B24 and type "JMP 00421B35", hit assemble.

2007:

Code:

Press Ctrl+G go to 4126F4.
Double click 4126F4 and type "JMP 00412705", hit assemble.

Right click anywhere in the CPU window, select Copy to executeable > All modifications, then hit "Copy all".
A smaller window will appear.
Right click that window and hit "Save file", change the file name and you're good to go.

Note: I haven't tested this, so if anyone tests it and it works feel free to say so.
Should work though.

thanks u save my life!

**flyffhelper** · 04-01-12

i add % still chatmake crash how?

**sahar042** · 05-01-12

Originally Posted by flyffhelper

i add % still chatmake crash how?

ollydbg :

2008:
Code:

Press Ctrl+G go to 421B24.
Double click 421B24 and type "JMP 00421B35", hit assemble.

2007:
Code:

Press Ctrl+G go to 4126F4.
Double click 4126F4 and type "JMP 00412705", hit assemble.

My matchserver closes?

Thread Tools

Re: My matchserver closes?

Re: My matchserver closes?

Re: My matchserver closes?

Re: My matchserver closes?

Re: My matchserver closes?

Advertisement