ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Tue Dec 12, 2017 7:59 pm

All times are UTC




Post new topic  Reply to topic  [ 6 posts ] 
Author Message
 Post subject: q3cbufexec question
PostPosted: Sat Apr 29, 2017 9:00 pm 

Joined: Sat Apr 29, 2017 8:21 pm
Posts: 3
Hello zenhax community,

i hope this is the right forum to start this thread.

Some days ago i stumbled over the old zenhax forum and read about q3cbufexec.
So i wanted to try it out with Call of Duty and Call of Duty United Offensive, since this are the only QEngine-Games i own.

But when i start the programms, they crash with a message like: "Microsoft Visual C++ - Buffer Overrun detected"

Just for explanation: q3cbufexec writes a jump into the games code and adds a small code at the end, which overwrites some 00h.
So i also tried to write the code in some other caves; overwrote some CCh. (I hope and think the code i copied was complete and right, because i controled it more than one time ;).)
But this error still appears. I also cant determine, where this error gets triggered, since i sometimes reach a set breakpoint in the debugger and sometimes the debugger already halts before it. In other words, it seems to stop more or less randomly.

Im not very sure what exactly causes this behavior. I just recently started to dig into programming and code-reversing and dont have much knowledge about PE, Segments, Heap and such stuff so far.
So it would be nice if you could give me some hints about the cause and how to work around this error.
Please in a way, a noob can understand ;) .


Top
   
 Post subject: Re: q3cbufexec question
PostPosted: Sun Apr 30, 2017 7:39 am 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 7232
The patched executables of the game listed in the main screen (quake3.exe, ioquake3.x86.exe, tremulous.exe, CoDMP.exe) worked perfectly on Windows XP in 2009 but had problems on Windows 7.
Probably it's DEP that brings the crash when you execute the patched executables so try one of these solutions:
  • temporary disable DEP
  • Properties->Compatibility->Windows XP (probably it doesn't work)
  • run the game from a Windows XP virtual machine


Top
   
 Post subject: Re: q3cbufexec question
PostPosted: Sun Apr 30, 2017 1:15 pm 

Joined: Sat Apr 29, 2017 8:21 pm
Posts: 3
Thank you. I am going to try it.

And what why exactly gets the DEP triggered to prevent the executions of the modified CoDMP executable?


Top
   
 Post subject: Re: q3cbufexec question
PostPosted: Sun Apr 30, 2017 2:21 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 7232
I don't remember, probably something related to the write-flag of a memory region where the data was written.


Top
   
 Post subject: Re: q3cbufexec question
PostPosted: Sun Apr 30, 2017 4:39 pm 

Joined: Sat Apr 29, 2017 8:21 pm
Posts: 3
Ok. Thank you anyway.

__
Handling it as an DEP exception threw the same error message.

But as you said, works with XP.


__
I tested it with two versions of CoD: 1.1 and 1.4

Works with 1.1.
In 1.4 it says: The server does'nt have this map.

So I guess, they eventually just edited the vote function.


Top
   
 Post subject: Re: q3cbufexec question
PostPosted: Mon May 01, 2017 7:03 am 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 7232
I made a quick search but I have found no information about it on my old forum http://old.zenhax.com so I don't know, but I'm sure to have tested the latest CoDMP.exe available in 2009 (1.5b) and the lack of notes and posts means it worked and was vulnerable.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 6 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited