Hello once again gentlemen of the forum, I believe you have all heard of the newest installment of COD aka Mw2. Well I wanted to see how well the game was put together and so I researched and looked for vulnerability's. Well after running the game executable through IDA Pro v5 Disassembler. Well the results were very disturbing. I'm just glad it is not a gamespy game :D. basically I went to the error list (which was very long)! and went down a little ways to see the "badstack" error for a long column of text. the rest of the errors seemed engine related. well I'm going to release the list of BADSTACKS taken from the original error's with. Feel free to keep it for future use and referance. I guess badstacks could cause Stack Overflows which are really nasty. I reported this to VALVe and they were very kind and said that I should direct this to the publisher as well. A Happy almost ending.
Here is the Trouble Ticket I sent to VALVe:
Hello Valve support team, I have discovered a few very critical errors within the Call of Duty Modern Warfare 2 Game Executable, which can lead to a permenant game crash or worse. I am going to upload a log that contains the list of errors. The ones that concern me the most are BADSTACKS within the executable, this can cause Stack Overflows, which of course is a serious and fatal error. Also note the log is from a disassembler, I know I was breaking the Steam TOS and am sorry for breaking the said TOS, But I believe it is for the greater good, seeing as the errors I found were critical. I hope you do not get angry with me by banning me or filing a law suit of some sort, I have not exploited this and Am a truely concerned user. Please take this into account before taking any action upon me. I also am aware this might not be in your field to fix, but Maybe you a powerful game hosting/making company could report this to those who made the game so they can fix it!
My best wishes
VALVe's response:
Hello *name*, Thank you for contacting Steam Support. Support for Modern Warfare 2 is handled by the publisher - please follow the link below for instructions to contact Activision support:
https://activision.custhelp.com/cgi-bin ... er/ask.php If you have any further questions, please let us know - we will be happy to assist you.
heres a non txt file version of the badstacks
Code:
.text:00401000 BADSTACK mov eax, dword_9DB674
.text:004017B0 BADSTACK push 1 ; uPeriod
.text:00403420 BADSTACK mov eax, 2044h
.text:004048F0 BADSTACK mov eax, [esp+arg_0]
.text:00406320 BADSTACK mov eax, 1000h
.text:00409220 BADSTACK mov eax, 38DCh
.text:00409910 BADSTACK mov eax, 4008h
.text:00409EB0 BADSTACK push esi
.text:0040C340 BADSTACK mov eax, dword_D37810
.text:0040E420 BADSTACK mov eax, 1000h
.text:00410A00 BADSTACK mov eax, 202Ch
.text:00414390 BADSTACK mov eax, 2040h
.text:004149E0 BADSTACK mov eax, 2000h
.text:004153D0 BADSTACK mov eax, 2044h
.text:00417090 BADSTACK mov eax, 2028h
.text:004180E0 BADSTACK mov eax, 20F0h
.text:0041BD20 BADSTACK mov eax, 1000h
.text:0041C6A0 BADSTACK mov eax, 2010h
.text:0041E680 BADSTACK mov eax, 0A07Ch
.text:00423E90 BADSTACK sub esp, 68h
.text:00424154 BADSTACK fxch st(2)
.text:00427570 BADSTACK mov eax, 201Ch
.text:00429F90 BADSTACK mov eax, 1090h
.text:0042A760 BADSTACK push esi
.text:0042B1F0 BADSTACK mov eax, 1000h
.text:00434544 BADSTACK push edi
.text:004350B0 BADSTACK mov eax, 2020h
.text:0043C790 BADSTACK push esi
.text:0043DC10 BADSTACK mov eax, [esp+arg_4]
.text:0043EBF0 BADSTACK push esi
.text:004427D0 BADSTACK mov eax, 2008h
.text:00446900 BADSTACK mov eax, 8040h
.text:004478F0 BADSTACK push ebp
.text:0044B390 BADSTACK mov eax, 4000h
.text:0044BA80 BADSTACK mov eax, 300Ch
.text:0044EE10 BADSTACK mov eax, 1E04h
.text:004572F0 BADSTACK push ebx
.text:0045B450 BADSTACK push esi
.text:0045DAA0 BADSTACK mov eax, 4420h
.text:0045E620 BADSTACK mov eax, 2044h
.text:00463D90 BADSTACK mov eax, 2044h
.text:00464050 BADSTACK push ebx
.text:00468180 BADSTACK mov eax, 2000h
.text:00468D50 BADSTACK mov eax, 4430h
.text:0046C840 BADSTACK cmp byte_1BEE1BC, 0
.text:0046CD90 BADSTACK mov eax, 2000h
.text:0046DB00 BADSTACK mov eax, 1424h
.text:004722C0 BADSTACK push esi
.text:00476380 BADSTACK push ebx
.text:0047AC70 BADSTACK mov eax, 2000h
.text:0047B400 BADSTACK mov eax, 1000h
.text:0047C940 BADSTACK sub esp, 74h
.text:0047E910 BADSTACK call sub_5E01A0
.text:00481CB0 BADSTACK mov eax, 2028h
.text:00482A00 BADSTACK mov eax, 1070h
.text:004830A0 BADSTACK mov eax, 1000h
.text:00489160 BADSTACK mov eax, 6008h
.text:00490440 BADSTACK mov eax, 2000h
.text:00491170 BADSTACK push esi
.text:004918F0 BADSTACK mov eax, 204Ch
.text:00494F90 BADSTACK mov eax, 1000h
.text:00495F50 BADSTACK mov eax, 2018h
.text:0049A890 BADSTACK mov eax, 1000h
.text:0049C480 BADSTACK push edi
.text:0049E140 BADSTACK mov eax, 28C4h
.text:004A8E40 BADSTACK push ebx
.text:004AACC0 BADSTACK push ebx
.text:004ACBB0 BADSTACK mov eax, [esp+arg_20]
.text:004AFB20 BADSTACK mov eax, dword_D37810
.text:004B47E0 BADSTACK mov eax, 1034h
.text:004B9480 BADSTACK push ebx
.text:004BB740 BADSTACK mov eax, 2000h
.text:004C1460 BADSTACK mov eax, 2000h
.text:004C1DA0 BADSTACK push esi
.text:004C5F00 BADSTACK mov eax, 400Ch
.text:004C6980 BADSTACK mov eax, 1000h
.text:004C8A30 BADSTACK mov eax, 4004h
.text:004CA2F0 BADSTACK sub esp, 20h
.text:004CC9C0 BADSTACK mov eax, 6028h
.text:004CD560 BADSTACK push esi
.text:004CEC30 BADSTACK mov eax, 2018h
.text:004D6AC0 BADSTACK mov eax, 1818h
.text:004D85B0 BADSTACK mov eax, 390Ch
.text:004DBF40 BADSTACK mov eax, 1000h
.text:004DC490 BADSTACK mov eax, 2000h
.text:004E1DE0 BADSTACK mov eax, 200Ch
.text:004E3F30 BADSTACK push ebx
.text:004F0C60 BADSTACK mov eax, 0A034h
.text:004F32D0 BADSTACK mov eax, 8000h
.text:004F4120 BADSTACK push ebx
.text:004F5140 BADSTACK mov eax, 8E10h
.text:004F5B30 BADSTACK sub esp, 0Ch
.text:004F7710 BADSTACK mov eax, 2028h
.text:004FF4E0 BADSTACK mov eax, 2000h
.text:0050C6F0 BADSTACK push ebx
.text:0050FF20 BADSTACK push ebp
.text:005191B0 BADSTACK mov eax, 3F70h
.text:005194E0 BADSTACK mov eax, dword_1F1CA98
.text:0052FD70 BADSTACK mov eax, dword_1C91ADC
.text:00530B60 BADSTACK mov eax, 48A8h
.text:0053C040 BADSTACK mov edx, dword_1C95EB8
.text:0053D970 BADSTACK mov eax, 5320h
.text:0053DCF0 BADSTACK mov eax, 2314h
.text:0053E100 BADSTACK mov eax, 2310h
.text:0053E480 BADSTACK mov eax, 3318h
.text:00545C50 BADSTACK mov eax, 2000h
.text:00547760 BADSTACK push ebx
.text:00555640 BADSTACK mov eax, 1118h
.text:00555740 BADSTACK mov eax, 1118h
.text:0055FF90 BADSTACK mov eax, 2058h
.text:005635C0 BADSTACK push esi
.text:0056DA10 BADSTACK sub esp, 24h
.text:0056F4F0 BADSTACK mov eax, 1A94h
.text:0057DA50 BADSTACK push esi
.text:00581180 BADSTACK push esi
.text:00582350 BADSTACK cmp dword_A40454, 20h
.text:005844E0 BADSTACK mov eax, 8010h
.text:005890B0 BADSTACK mov eax, 2018h
.text:0058EAB0 BADSTACK mov eax, 2840h
.text:0058EE80 BADSTACK mov eax, 1110h
.text:00596430 BADSTACK mov eax, 4514h
.text:005CC880 BADSTACK push esi
.text:005D3940 BADSTACK mov eax, [esp+arg_0]
.text:005DCF20 BADSTACK sub esp, 804h
.text:005DF110 BADSTACK mov eax, 2048h
.text:005E1500 BADSTACK mov eax, 20BCh
.text:005E91E0 BADSTACK mov eax, 38A8h
.text:005EE480 BADSTACK mov eax, 68ECh
.text:005F1660 BADSTACK sub esp, 0BCh
.text:005F3280 BADSTACK mov eax, 20A4h
.text:00602720 BADSTACK mov eax, 1000h
.text:00602AF0 BADSTACK mov eax, 1000h
.text:00603F00 BADSTACK mov eax, 1000h
.text:00603FF0 BADSTACK sub esp, 8
.text:006044D0 BADSTACK mov eax, 1000h
.text:00616380 BADSTACK push ebp
.text:0061A430 BADSTACK mov eax, 2000h
.text:0061F1F0 BADSTACK mov eax, 14B0h
.text:00621C60 BADSTACK mov eax, 1040h
.text:00627560 BADSTACK sub esp, 8
.text:0062BA80 BADSTACK mov eax, 5544h
.text:0062BDC0 BADSTACK mov eax, 1810h
.text:0062BFC0 BADSTACK mov eax, 1B34h
.text:00630DB0 BADSTACK mov eax, 1114h
.text:006321F0 BADSTACK mov eax, 4000h
.text:00633300 BADSTACK mov eax, 2048h
.text:00638930 BADSTACK mov eax, 2004h
.text:0063C210 BADSTACK mov eax, 4014h
.text:0063C880 BADSTACK mov eax, 3010h
.text:0063CA60 BADSTACK mov eax, 3020h
.text:0063CC40 BADSTACK mov eax, 100Ch
.text:0063CD60 BADSTACK mov eax, 5020h
.text:0063D170 BADSTACK mov eax, 1000h
.text:00658230 BADSTACK mov eax, 181Ch
.text:00659820 BADSTACK mov eax, 3A98h
.text:00659B40 BADSTACK mov eax, 0B0CCh
.text:00659CD0 BADSTACK mov eax, 2074h
.text:0065EEF0 BADSTACK push ebx
.text:00660C70 BADSTACK mov eax, 206Ch
.text:0066666F BADSTACK enter 0FFFFC1DEh, 0D9h
.text:00666890 BADSTACK sub esp, 1Ch
.text:00670C40 BADSTACK mov eax, 2008h
.text:00675827 BADSTACK push ebp
.text:00678E10 BADSTACK push ebp
.text:00678EAA BADSTACK pop eax
.text:0067B4C9 BADSTACK sub esp, 8
.text:0067B58E BADSTACK pextrw eax, xmm0, 3
.text:0067D310 BADSTACK push offset sub_67D370
.text:0067D52E BADSTACK pextrw eax, xmm0, 3
.text:0067D71C BADSTACK fabs
.text:0067D853 BADSTACK and byte ptr [ebp-2C8h], 0FEh
.text:0067FA1E BADSTACK pextrw eax, xmm0, 3
.text:00681F4E BADSTACK fld st
.text:00683227 BADSTACK push 20h
.text:006833AA BADSTACK push ebx
.text:00683788 BADSTACK push ebp
.text:00688625 BADSTACK push 0Ch
.text:00688F97 BADSTACK push 8
.text:0068AD44 BADSTACK fdiv st, st
.text:0068AD4F BADSTACK fdivr st, st
.text:0068AD5A BADSTACK fdiv st, st
.text:0068AD60 BADSTACK fdivp st, st
.text:0068AD66 BADSTACK fdivr st, st
.text:0068AD6C BADSTACK fdivrp st, st
.text:0068AD72 BADSTACK fstp [esp+arg_8]
.text:0068AD93 BADSTACK fstp tbyte ptr [esp+0]
.text:0068ADAE BADSTACK fxch st(1)
.text:0068ADCA BADSTACK fstp tbyte ptr [esp+0]
.text:0068ADDA BADSTACK fstp [esp+arg_8]
.text:0068ADEE BADSTACK fstp [esp+arg_8]
.text:0068ADFE BADSTACK fstp [esp+arg_8]
.text:0068AE23 BADSTACK fstp tbyte ptr [esp+0]
.text:0068AE42 BADSTACK fxch st(2)
.text:0068AE62 BADSTACK fstp tbyte ptr [esp+0]
.text:0068AE76 BADSTACK fstp [esp+arg_8]
.text:0068AE8E BADSTACK fstp [esp+arg_8]
.text:0068AEA2 BADSTACK fstp [esp+arg_8]
.text:0068AEC7 BADSTACK fstp tbyte ptr [esp+0]
.text:0068AEE6 BADSTACK fxch st(3)
.text:0068AF06 BADSTACK fstp tbyte ptr [esp+0]
.text:0068AF1A BADSTACK fstp [esp+arg_8]
.text:0068AF32 BADSTACK fstp [esp+arg_8]
.text:0068AF46 BADSTACK fstp [esp+arg_8]
.text:0068AF6B BADSTACK fstp tbyte ptr [esp+0]
.text:0068AF8A BADSTACK fxch st(4)
.text:0068AFAA BADSTACK fstp tbyte ptr [esp+0]
.text:0068AFBE BADSTACK fstp [esp+arg_8]
.text:0068AFD6 BADSTACK fstp [esp+arg_8]
.text:0068AFEA BADSTACK fstp [esp+arg_8]
.text:0068B00F BADSTACK fstp tbyte ptr [esp+0]
.text:0068B02E BADSTACK fxch st(5)
.text:0068B04E BADSTACK fstp tbyte ptr [esp+0]
.text:0068B062 BADSTACK fstp [esp+arg_8]
.text:0068B07A BADSTACK fstp [esp+arg_8]
.text:0068B08E BADSTACK fstp [esp+arg_8]
.text:0068B0B3 BADSTACK fstp tbyte ptr [esp+0]
.text:0068B0D2 BADSTACK fxch st(6)
.text:0068B0F2 BADSTACK fstp tbyte ptr [esp+0]
.text:0068B106 BADSTACK fstp [esp+arg_8]
.text:0068B11E BADSTACK fstp [esp+arg_8]
.text:0068B132 BADSTACK fstp [esp+arg_8]
.text:0068B157 BADSTACK fstp tbyte ptr [esp+0]
.text:0068B176 BADSTACK fxch st(7)
.text:0068B196 BADSTACK fstp tbyte ptr [esp+0]
.text:0068B1AA BADSTACK fstp [esp+arg_8]
.text:0068B1C2 BADSTACK fstp [esp+arg_8]
.text:0068CB4C BADSTACK push eax
.text:0068CB7F BADSTACK push eax
.text:0068EA01 BADSTACK push 44h
.text:0068EA40 BADSTACK push 4
.text:0068EA92 BADSTACK push 44h
