This topic was archived here:

https://web.archive.org/web/20230000000000fw_/https://www.zenhax.com/viewtopic.php?t=4150

sozimanoob, posted Sat Apr 29, 2017 9:00 pm (22731)

---

Hello zenhax community,

i hope this is the right forum to start this thread.

Some days ago i stumbled over the old zenhax forum and read about q3cbufexec.
So i wanted to try it out with Call of Duty and Call of Duty United Offensive, since this are the only QEngine-Games i own.

But when i start the programms, they crash with a message like: "Microsoft Visual C - Buffer Overrun detected"

Just for explanation: q3cbufexec writes a jump into the games code and adds a small code at the end, which overwrites some 00h.
So i also tried to write the code in some other caves; overwrote some CCh. (I hope and think the code i copied was complete and right, because i controled it more than one time .)
But this error still appears. I also cant determine, where this error gets triggered, since i sometimes reach a set breakpoint in the debugger and sometimes the debugger already halts before it. In other words, it seems to stop more or less randomly.

Im not very sure what exactly causes this behavior. I just recently started to dig into programming and code-reversing and dont have much knowledge about PE, Segments, Heap and such stuff so far.
So it would be nice if you could give me some hints about the cause and how to work around this error.
Please in a way, a noob can understand .

aluigi, posted Sun Apr 30, 2017 7:39 am (22741)

---

The patched executables of the game listed in the main screen (quake3.exe, ioquake3.x86.exe, tremulous.exe, CoDMP.exe) worked perfectly on Windows XP in 2009 but had problems on Windows 7.
Probably it's DEP that brings the crash when you execute the patched executables so try one of these solutions:

• temporary disable DEP
• Properties->Compatibility->Windows XP (probably it doesn't work)
• run the game from a Windows XP virtual machine

sozimanoob, posted Sun Apr 30, 2017 1:15 pm (22744)

---

Thank you. I am going to try it.

And what why exactly gets the DEP triggered to prevent the executions of the modified CoDMP executable?

aluigi, posted Sun Apr 30, 2017 2:21 pm (22752)

---

I don't remember, probably something related to the write-flag of a memory region where the data was written.

sozimanoob, posted Sun Apr 30, 2017 4:39 pm (22761)

---

Ok. Thank you anyway.

__
Handling it as an DEP exception threw the same error message.

But as you said, works with XP.


__
I tested it with two versions of CoD: 1.1 and 1.4

Works with 1.1.
In 1.4 it says: The server does'nt have this map.

So I guess, they eventually just edited the vote function.

aluigi, posted Mon May 01, 2017 7:03 am (22771)

---

I made a quick search but I have found no information about it on my old forum http://old.zenhax.com so I don't know, but I'm sure to have tested the latest CoDMP.exe available in 2009 (1.5b) and the lack of notes and posts means it worked and was vulnerable.