DoS patch

DoS.c

// gcc -c DoS.c -Wall -std=c99 -Os -fno-omit-frame-pointer -S -masm=intel -m32
#include <stdint.h>
struct fixedsize {
	uint16_t len;
	uint8_t  type;
	uint16_t os;
	uint8_t  version;
	uint8_t  rsazero;
	uint32_t xtea[4];
	uint8_t  gmbyte;
	uint32_t accnum;
} __attribute__((packed));

typedef int32_t rsa_decrypter(uint8_t*, uint32_t);
static rsa_decrypter * const otserv_rsa_decrypt = (rsa_decrypter *)0x4b719c;
rsa_decrypter check_hwdebug;

int32_t check_hwdebug(uint8_t *p, uint32_t arg2) {
	int32_t ret = otserv_rsa_decrypt(p, arg2);
	if (ret == 0) return 0; 
	/* packet starts at offset 8 */
	p += 8;
	
	uint8_t *lastbyte = &p[2 + *(uint16_t*)p];
	p += sizeof (struct fixedsize);
	
	p += 2 + *(uint16_t*)p;
	if (p > lastbyte) return ret;
	p += 2 + *(uint16_t*)p;
	if (p > lastbyte) return ret;
	// now we are at the padding
	for (uint8_t *pad = p; pad < lastbyte; pad++)
		if (*pad != '\0') return ret;
	
	return 0;
}

DoS.S

<00603F80>
@_check_hwdebug:
 push ebp
 mov ebp, esp
 push esi
 push ebx
 sub esp, 16
 mov eax, DWORD PTR [ebp+12]
 mov ebx, DWORD PTR [ebp+8]
 mov DWORD PTR [esp+4], eax
 mov DWORD PTR [esp], ebx
 mov eax, 0x4b719c
 call eax
 xor edx, edx
 test eax, eax
 je @L2
 movzx edx, WORD PTR [ebx+8]
 lea esi, [ebx+10+edx]
 movzx edx, WORD PTR [ebx+40]
 lea ecx, [ebx+42+edx]
 mov edx, eax
 cmp ecx, esi
 ja @L2
 movzx edx, WORD PTR [ecx]
 lea ecx, [ecx+2+edx]
 mov edx, eax
 cmp ecx, esi
 ja @L2
@L3:
 cmp ecx, esi
 je @L12
 cmp BYTE PTR [ecx], 0
 jne @L8
 inc ecx
 jmp @L3
@L12:
 xor edx, edx
 jmp @L2
@L8:
 mov edx, eax
@L2:
 add esp, 16
 mov eax, edx
 pop ebx
 pop esi
 pop ebp
 ret

patch_DoS.1337

000BDC80:84->50
000BDC81:C0->90
00203F79:55->90
00203F7A:83->90
00203F7B:EC->90
00203F7C:08->90
00203F7D:8B->90
00203F7E:45->90
00203F7F:08->90
00203F81:40->45
00203F82:20->08
00203F83:0F->55
00203F84:B7->8B
00203F85:10->40
00203F86:0F->20
00203F87:B7->0F
00203F88:48->B7
00203F89:20->10
00203F8A:8D->0F
00203F8B:54->B7
00203F8C:10->48
00203F8D:02->20
00203F8F:44->54
00203F90:08->10
00203F91:22->02
00203F92:39->8D
00203F93:D0->44
00203F94:0F->08
00203F95:87->22
00203F96:9E->39
00203F97:C0->D0
00203F98:9F->0F
00203F99:FF->87
00203F9A:0F->90
00203F9B:B7->C0
00203F9C:08->9F
00203F9D:8D->FF
00203F9E:44->0F
00203F9F:08->B7
00203FA0:02->08
00203FA1:39->8D
00203FA2:D0->44
00203FA3:0F->08
00203FA4:87->02
00203FA5:8F->39
00203FA6:C0->D0
00203FA7:9F->0F
00203FA8:FF->87
00203FA9:39->81
00203FAA:D0->C0
00203FAB:0F->9F
00203FAC:83->FF
00203FAD:82->39
00203FAE:C0->D0
00203FAF:9F->0F
00203FB0:FF->83
00203FB2:38->C0
00203FB3:00->9F
00203FB4:0F->FF
00203FB5:84->80
00203FB6:6E->38
00203FB7:C0->00
00203FB8:9F->0F
00203FB9:FF->84
00203FBA:E9->67
00203FBB:79->C0
00203FBC:C0->9F
00203FBD:9F->FF
00203FBE:FF->83
00203FBF:E8->7C
00203FC0:74->24
00203FC1:C0->08
00203FC2:9F->00
00203FC3:FF->0F
00203FC4:83->85
00203FC5:7C->73
00203FC6:24->C0
00203FC7:10->9F
00203FC8:00->FF
00203FC9:0F->B8
00203FCA:85->67
00203FCB:77->F9
00203FCC:C0->4B
00203FCD:9F->00
00203FCF:B8->E0
00203FD0:67->5D
00203FD1:F9->C3
00203FD2:4B->90
00203FD3:00->90