Q3: JK2: Source code help

Some Guy Named Dave · **Joined:** 24 Oct 2007 00:44 **Posts:** 26

Yeah, we need to be able to use the jk2 1.03 dedicated server for 1.02, so that we can use the 1.03 source code in 1.02.

Oh and, server side lol, since not everyones gonna download it..

aluigi · **Posted:** 04 Nov 2007 22:54

Exactly was I meant, in fact the check is server side.
Do you need the modification for teh Linux or Windows executable?

Some Guy Named Dave · **Joined:** 24 Oct 2007 00:44 **Posts:** 26

Windows, and Linux lol

aluigi · **Posted:** 04 Nov 2007 23:36

For Windows 1.02c go at offset 0x26EE2, you should find the byte 0x74, substituite it with 0xeb
For Linux, wait tomorrow ih ih ih

Some Guy Named Dave · **Joined:** 24 Oct 2007 00:44 **Posts:** 26

Well I edited 1.03a dedicated exe, but now I get a client side error:
CL_ParsePacktEntities: End of message
So I set sv_pure to 0, then I get a bad animation number: 1100 error.

evan1715 · **Posted:** 05 Nov 2007 02:12

what!??! ok totally confused lol

1. i did not find offset 0x36ee2

2. we're trying to let 1.02 people connect to 1.03a, so don't know why u said to look in 1.02c

3. err what?

4. how do u know where to put it?

aluigi · **Posted:** 05 Nov 2007 11:25

Windows 1.03: 28A12 - 74 -> EB
Linux 1.03a: 1b0f - 74 -> EB

evan1715 · **Posted:** 05 Nov 2007 21:48

err what? what do we do with that, it couldnt find those

(1.03a jk2ded windows)

aluigi · **Posted:** 05 Nov 2007 22:27

the offsets to change with your hex editor:
hexadecimal offset - old byte -> new byte

Some Guy Named Dave · **Joined:** 24 Oct 2007 00:44 **Posts:** 26

aluigi wrote:

Windows 1.03: 28A12 - 74 -> EB

Are you sure? There isnt a 74 there, but a 40.

evan1715 · **Posted:** 05 Nov 2007 22:48

yeah definitly only a 40, no 74 there

aluigi · **Posted:** 05 Nov 2007 23:07

jk2ded.exe v1.03, the offset is right

Some Guy Named Dave · **Joined:** 24 Oct 2007 00:44 **Posts:** 26

Ok, I thought you ment 1.03a lol. I patched the exe, and I still get the client errors.
Bad Animation number: 1100.

evan1715 · **Posted:** 06 Nov 2007 01:06

eh my error was

Cl_ParsePacketEntities

evan1715 · **Posted:** 06 Nov 2007 01:17

blarg

aluigi · **Posted:** 06 Nov 2007 17:20

Dave:
"Bad Animation number: 1100" is normal since allowing an old client to join doesn't mean that it's compatible with the server. Trying is never bad but you must be prepared to compatibility issues.

evan:
the "blah blah" is just the confirmation of the 1.03a patch when I told you that the bug is NOT the q3msgboom bug, the fact that my PoC can be used to exploit this other server-side bug means only that you need to send a lot of data to the server. stop.

Now the patch:
the main difference between the two executables is just in the "Netchan_Process" message which has been removed, but I have not checked if have been implemented other optimized functions (for giving an example of what I mean: snprintf instead of sprintf).

You can try to modify the following bytes in jk2ded.exe 1.02c:
offset 11B5D, from byte 7E to EB

If this doesn't work, I repeat that "I don't support old versions" so I don't have desire to spend other time on it.

evan1715 · **Posted:** 06 Nov 2007 22:09

blarg

evan1715 · **Posted:** 08 Nov 2007 22:23

blarg

evan1715 · **Posted:** 10 Nov 2007 02:47

blarg

aluigi · **Posted:** 10 Nov 2007 11:40

The function is ConcatArgs located in game\g_cmds.c
This function is used for rebuilding the command sent by the client as an unique string instead of the various argv[0], argv[1] and so on.

evan1715 · **Posted:** 10 Nov 2007 15:46

blarg

aluigi · **Posted:** 10 Nov 2007 15:56

1024 is MAX_STRING_CHARS
the modification I did was from:

if ( len + tlen >= MAX_STRING_CHARS - 1 ) {

to:

if ( len + tlen >= 896 ) {

evan1715 · **Posted:** 10 Nov 2007 21:26

blarg

aluigi · **Posted:** 10 Nov 2007 22:34

Take a look to ClientUserinfoChanged in game/g_client.c
all the changes of nicknames and other options of the clients pass from this function (which as you can see is called also by ClientConnect which is the first function called when a client joins).
Info_ValueForKey is used for getting the cvars sent by the client and "name" contains its name.

aluigi · **Posted:** 10 Nov 2007 22:34

Take a look to ClientUserinfoChanged in game/g_client.c
all the changes of nicknames and other options of the clients pass from this function (which as you can see is called also by ClientConnect which is the first function called when a client joins).
Info_ValueForKey is used for getting the cvars sent by the client and "name" contains its name.

aluigi · **Posted:** 11 Nov 2007 14:45

I don't know if this works but try the attached patch for jk2 1.02c about the netchan bug

evan1715 · **Posted:** 11 Nov 2007 21:22

no that didn't work

and i had to download a new one because i tried it on my already patched jk2ded, patched from multircon, infoboom and q3dirtrav, and it said "there are no bytes to be patched"

aluigi · **Posted:** 11 Nov 2007 22:24

the bytes searched by this experimental patch are not modified by the other patches and I have rechecked it with version 1.02c of jk2ded for Windows.
Anyway, in short, it's just the removing of the Netchan error and the setting of the string size to 0x3fff if is longer or equal to 0x4000.
You can try it manually with a disassembler and a hex editor

evan1715 · **Posted:** 13 Nov 2007 04:02

blarg

aluigi · **Posted:** 13 Nov 2007 11:30

I already compared that Netchan function between 1.03 and 1.03a and the only difference is just the complete removing of the Netchan error.
It's natural that there are other differences but having the full source code is one thing, spending hours comparing 2 executables is another.
Anyway the experimental modification I posted was my last tentative, if you want to fix these bugs upgrade to 1.04 or ask to someone else.

Luigi Auriemma

Q3: JK2: Source code help