SoF2 1.03 Guidfix

#######################################################################

Title:  Soldier of Fortune II 1.03 cl_guid crash fix 0.1
Author: Luigi Auriemma
e-mail: [email protected]
web:    http://aluigi.altervista.org

#######################################################################


1) Introduction
2) How to apply the patch on Windows
3) Manual patch (Windows)


#######################################################################

===============
1) Introduction
===============

This patch is referred to the in-game crash bug affecting all the
versions <= 1.03 GOLD of Soldier of Fortune II (both clients and
servers, Win32, MacOS and Linux):

  http://aluigi.altervista.org/adv/sof2guidboom-adv.txt

The purpose of the patch is to fix the bug avoiding the remote crash of
the game.
ONLY the Windows version 1.03 is supported by this patch.

If you have already applied fixes to your SoF2MP.exe file (like the
recent q3infofix or any other) your file's checksum naturally will not
be the original so you must force the patching clicking on YES when the
patcher will ask you if you want to continue also if your file is not
the original.

If you have applied the patch but your server continues to crash means
the var sv_banFilter in your sof2mp.cfg file is disabled.
However this is almost impossible because it is enabled by default and
nobody is so mad to have it disabled, in which case is enough to set it
to &quot;1&quot;.


#######################################################################

====================================
2) How to apply the patch on Windows
====================================

- copy lpatch.exe and lpatch.dat in the folder of the game
- launch lpatch.exe
- click on YES
- if your file is correct you will see a success message
- if you get an error message be sure to have the version of the game
  specified in the header of this document

If the patch has been successfully applied is possible to restore the
original executable simply relaunching lpatch.exe and choosing NO
instead of YES.


#######################################################################

=========================
3) Manual patch (Windows)
=========================

File:   SoF2MP.exe
MD5:    0263922b67e3474f9e77e769f217f53a

  Offset   Original Patched
---------------------------
0006E171   5F       C6
0006E172   C6       46
0006E173   46       0C
0006E174   0C       01
0006E175   01       33
0006E176   5E       C0
0006E177   33       5F
0006E178   C0       5E
0006E17C   5F       8B
0006E17D   8B       C6
0006E17E   C6       EB
0006E17F   5E       F7
0006E180   5B       8B
0006E181   59       F8
0006E182   C3       32
0006E183   90       C0
0006E184   90       83
0006E185   90       C9
0006E186   90       FF
0006E187   90       F2
0006E188   90       AE
0006E189   90       83
0006E18A   90       F9
0006E18B   90       C0
0006E18C   90       7C
0006E18D   90       6F
0006E18E   90       EB
0006E18F   90       20
0006E1AE   85       EB
0006E1AF   F6       D0
0006E1B0   8B       85
0006E1B1   F8       F6


The bytes I have added are a check made on the cl_guid value to know if
it is bigger than 64 bytes (its total buffer size).
This check has been inserted in the function that reads the cl_guid and
verifies if it is a banned guid, so the attacker will receive the
&quot;Banned&quot; error message if sends a cl_guid bigger than 64 bytes.
The other bytes (at the beginning) instead are needed to gain space for
placing my fix.


#######################################################################