BF1942 Demo Server Crashes

moodiscreet
Posts: 2
Joined: Mon Aug 01, 2011 10:53 pm

Re: BF1942 Demo Server Crashes

Post by moodiscreet »

Hello everyone, we runs windows 2003 version of BF 1.6 (its 1.619) is there eventually patch for our version ?

Thanks people and greetz to BF community !
dierighty
Posts: 11
Joined: Fri Jul 29, 2011 5:38 pm

Re: BF1942 Demo Server Crashes

Post by dierighty »

Here is the modification of the patch for the older 1.6v windows version of BF1942_w32ded.exe.

Detour:
Original:

Code: Select all

Virtual_Addr File_Offset Bytes  Instruction
0045A50F     0005A50F    8B 10  mov edx,[eax]
Modified
Virtual_Addr File_Offset Bytes  Instruction
0045A50f     0005A50f    EB 82  jmp
Comparison:
Original:

Code: Select all

Virtual_Addr File_Offset Bytes                                  Instruction
0045A493     0005A493    90 90 90 90 90 90 90 90 90 90 90 90    nop
Modified:
Virtual_Addr File_Offset Bytes    Instruction
0045A493     0005A493    8B 10    mov edx,[eax]
0045A495     0005A495    8B 4F 04 mov ecx,[edi+4] ;get the event sequence
0045A498     0005A498    83 F9 01 cmp ecx,1
0045A49B     0005A49B    74 74    je 0045a511
0045A49D     0005A49D    EB 4C    jmp 0045a4eb
//The offsets are just off by 0x20 from later versions of the .exe
motoko
Posts: 217
Joined: Sun Nov 21, 2010 8:43 pm
Location: Dante's 6th Pit of Hell

Re: BF1942 Demo Server Crashes

Post by motoko »

Sorry to be a bother, but how would Battlefield Vietnam look like? And also, what is the difference from Linux to Windows?
ldrhavoc
Posts: 3
Joined: Sat Nov 06, 2010 6:01 pm

Re: BF1942 Demo Server Crashes

Post by ldrhavoc »

I will pay someone to code me a nam 1.2 fix and a 1.6 windows 2008 fix will someone out there help?
dierighty
Posts: 11
Joined: Fri Jul 29, 2011 5:38 pm

Re: BF1942 Demo Server Crashes

Post by dierighty »

The .text section for the dynamic 1.61 is different, as indicated by the result from the readelf command:
From readelf -S bf1942_lnxded.dynamic:

Code: Select all

Section Headers:
  [Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf Al
  [12] .text             PROGBITS        08052ab0 00aab0 611480 00  AX  0   0 16
Here are the modifications to be made for the dynamic executable:
detour, original bytes:

Code: Select all

VirtualAddr FileOffset Original_Instruction_Bytes     Instructions
0813cd87    F4D87   B8 00 00 00 00                 mov eax,0                   
0813cd8c    F4D8C   8B 5D 10                       mov ebx,[ebp+0x10]     ;get address of the game event obj
detour, modified bytes:

Code: Select all

VirtualAddr FileOffset Modified_Instruction_Bytes     Instructions
0813cd87    F4D87   8B 5D 10                       mov ebx,[ebp+0x10]    ;get address of the game event obj
0813cd8a    F4D8A   EB 89                          jmp 0813cd15          ;jump to the comparison
0813cd8c    F4D8C   31 C0                          xor eax,eax
0813cd8e    F4D8E   90                               nop
Comparison, original bytes:

Code: Select all

VirtualAddr FileOffset Original_Instruction_Bytes     Instructions
0813cd15    F4D15   00 00 00 00 8D BC 27 00 00 00  ;padding
Comparison, modified bytes:

Code: Select all

VirtualAddr FileOffset Modified_Instruction_Bytes     Instructions
0813cd15    F4D15       8B 73 04  mov esi,dword ptr[ebx+4]
0813cd18    F4D18       83 fe 01  cmp esi,1
0813cd1b    F4D1B       74 6F     je 0813cd8c
0813cd1d    F4D1D       EB 5B     jmp 0813cd7a
User avatar
Senshi
Posts: 697
Joined: Sun Oct 18, 2009 1:14 pm
Location: Germany
Contact:

Re: BF1942 Demo Server Crashes

Post by Senshi »

Once again, a huge thank you for your effort. If you or someone else could provide a "fixed exe" for WIN OS as well, we'd have the complete set available and could spread that pack to server admins. Maybe even get it posted on some of the BF news sites (I'd go and file it with bfgames.net, largest german BF news site).
Android
Posts: 5
Joined: Fri Aug 06, 2010 3:30 am

Re: BF1942 Demo Server Crashes

Post by Android »

Could someone please post the modifications, or better, the premodded .static file for Battlefield 1942 v1.6 Full Server [Linux] RC2

Or did I miss the link for that one somewhere above?

Thanks again you guys, you do excellent work that will help keep this game alive.
User avatar
Senshi
Posts: 697
Joined: Sun Oct 18, 2009 1:14 pm
Location: Germany
Contact:

Re: BF1942 Demo Server Crashes

Post by Senshi »

First of all, welcome :) .

The problem is that there is no fixed executable for the Wake demo? Maybe dierighty can take a look that the exec there as well and figure out the correct hex parts to change as well.
Jeronimo
Posts: 196
Joined: Sun Dec 27, 2009 8:55 pm
Location: Germany
Contact:

Re: BF1942 Demo Server Crashes

Post by Jeronimo »

Like Senshi said, let's hope dierighty can come up with another fix for the wake demo, too.
Apart from that, I think that this community isn't the right place to discuss these "disagreements" there are between you guys. It's a fact that this exploit has been used by many people out there, on many different servers, and I think everybody here is able to decide for himself what to do against it and who to "blame", which makes this discussion unnecessary.
Image
dierighty
Posts: 11
Joined: Fri Jul 29, 2011 5:38 pm

Re: BF1942 Demo Server Crashes

Post by dierighty »

Modification for the BF1942Demo.exe version 1.0

1. Modify before func.00485583

Code: Select all

Offset Original      Modified Instructions               comments
85583  90 90 90      8B 45 04 mov eax,dword ptr[ebp+0x4] ;get the event #
85586  90 90 90      83 F8 01 cmp eax,1                  ;is this createPlayer event at the expected event #? 
85589  90 90	      74 05    je 00485590
8558B  90 90         EB 29    jmp 004855b6
2. Modify after func.00485583

Code: Select all

Offset Original            Modified    Instructions comments
855b6  90 90 90 90 90      68 A0DB6200 push 0062dba0
855bb  90 90 90            c2 0800     retn 8 
3. Modify func.00485583

Code: Select all

Offset Original_Bytes      Modified_Bytes Instructions comments
22d4cb E8 c0 80 E5 FF      E8 B380E5FF    call func.00485583 
/*
The padding of byte 90's between the functions in the demo was too small to fit the comparison instructions. A new way was needed
to check the event sequence #.
There was however enough room for a comparison around the call to func.00485583 in the handleGameEventManagerEvent() function.
*/
Post Reply