For Programmers: Free Programming Magazines  


Home > Archive > A86 Assembler > December 2004 > Re: Exploit for Return To Castle Wolfenstein Multiplayer Demo









You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

 

Author Re: Exploit for Return To Castle Wolfenstein Multiplayer Demo
Skybuck Flying

2004-12-25, 8:55 am

Well

I am now one step closer ;)

Thanks to this program: W32DSM89.EXE

The WolfMPDemo.exe can completely be disassembled and reassembled (?) ;) <-
that means it can be run and even paused and breakpointed etc... and god
knows what else :D

Pretty funny and interesting.

So now I think I have to find out in what routine the buffer overrun
happens.

Here is a little tutorial to set things up:

1. Start W32DSM89.EXE

2. Disassembler -> 'Open file to disassemble' ( select the wolfmpdemo.exe
from the game's folder )

3. Disassembler -> 'Save Disassembly Text File and Create Project File' (
save the project file in the game's folder next to where the wolfmpdemo.exe
is ;) )

Now the disassembled stuff can be run again (?) or maybe it just runs the
original executable and breaks into (?) I am not sure ;)

First we turn off display program exceptions since apperently wolfmpdemo can
throw internal exceptions or something... and we just want it to run nicely
etc.

4. Debug -> Debugger Options -> Uncheck Display Program Generated Exceptions

5. Click ok.

6. Debug -> Load Process

Now the progam will ask for command line parameters... for some reason it
will crash if we try both parameters like so:

+set dedicated 1 +exec server.cfg

Fortunately we don't need the server.cfg so just type in this:

+set dedicated 1

On my pc this works :)

Now the local game server gets loaded and the "debugger" goes to the first
instruction :) program entry point.

Now to let it run do this:

7. Debug -> Run Process (or press F9)

If you have zone alarm firewall with high security settings and no
permissions then wait for the to pop up's and answer yes ;) just in case ;)

Now the rest is the same

8. In the console type:

map mp_beach

9. The debugging starts ;)

Well now you are on your own hehehehe since I also dont know what to do yet
:)

Space will make it pause, with F8 you can go through the
progam/instsructions without going deeper into routines I believe. If you
want to go into it... you have to use F7 when you are over an CALL
instruction :D

The debugger also has some search options... maybe I can search for the say
command or something.

I dont know :)

Well so far this little debugging tutorial :P :)

P.S.: Any tips are welcome =D

Bye,
Skybuck.


Sponsored Links







Also available: Server administration forum archive | Web Design forum archive | Software forum archive | Hardware reviews archive

Copyright 2008 codecomments.com