Last active
September 7, 2016 00:56
-
-
Save wulfboy-95/46057e1ba046905f338e083a914e2763 to your computer and use it in GitHub Desktop.
Fix buffer overflows TH06.exe Fixes bug that causes buffer overflows caused by copying a string argument to a local variable limited to 64 bytes by removing the copy function, and simply passing the pointer to the original text data. Opcodes source: https://www.thpatch.net/wiki/Th06/Binary_hacks#Bugs Script by: Nicholas Lau Kheng Seng Copyright:…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Fix buffer overflows in TH06.exe (Touhou 6: Embodiment of Scarlet Devil) | |
| Fixes a bug that causes buffer overflows caused by copying a string argument | |
| to a local variable limited to 64 bytes by removing the copy function, | |
| and simply passing the pointer to the original text data. | |
| Opcodes source: https://www.thpatch.net/wiki/Th06/Binary_hacks#Bugs | |
| Script by: Nicholas Lau Kheng Seng AKA alphawulfboy-95 | |
| Copyright: CC Attribution-ShareAlike 4.0 | |
| https://creativecommons.org/licenses/by-sa/4.0/ | |
| """ | |
| addr0 = [0x34b85, 0x34c83, 0x34e63] | |
| fix0 = b"\xeb\x19\x90" # jmp short +0x19 nop | |
| addr1 = [0x34ba0, 0x34d8e, 0x34f74] | |
| fix1 = b"\x8b\x45\x18" # mov eax, [ebp + 0x18] | |
| addr2 = [0x34d17, 0x34ef7] | |
| fix2 = b"\x8b\x4d\x18" # mov ecx, [ebp + 0x18] | |
| addrs = [addr0, addr1, addr2] | |
| fixs = [fix0, fix1, fix2] | |
| exe = open("th06.exe","r+b") | |
| for i in range(3): | |
| for addr in addrs[i]: | |
| exe.seek(addr) | |
| exe.write(fixs[i]) | |
| exe.close() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment