UNLOZE/sm-ext-GiveNamedItemTracker
10
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
5 Commits 1 Branch 0 Tags 48 KiB
Python 46.2%
C++ 28.3%
Makefile 17.2%
C 8.3%
master
Go to file
jenz e8b7eeef56 extending buffers a bit. some extra checks. not reseting players that disconnected. initializing all indexes as -1 on loading
2024-10-04 12:12:19 +01:00
.gitignore initial release of GiveNamedItemTracker 2024-09-23 18:11:46 +01:00
AMBuilder initial release of GiveNamedItemTracker 2024-09-23 18:11:46 +01:00
AMBuildScript initial release of GiveNamedItemTracker 2024-09-23 18:11:46 +01:00
configure.py initial release of GiveNamedItemTracker 2024-09-23 18:11:46 +01:00
extension.cpp extending buffers a bit. some extra checks. not reseting players that disconnected. initializing all indexes as -1 on loading 2024-10-04 12:12:19 +01:00
extension.h initial release of GiveNamedItemTracker 2024-09-23 18:11:46 +01:00
Makefile initial release of GiveNamedItemTracker 2024-09-23 18:11:46 +01:00
PackageScript initial release of GiveNamedItemTracker 2024-09-23 18:11:46 +01:00
README.md initial readme 2024-09-23 19:05:10 +01:00
smsdk_config.h initial release of GiveNamedItemTracker 2024-09-23 18:11:46 +01:00

README.md

GiveNamedItemTracker

CBaseEntity *CCSPlayer::GiveNamedItem( const char *pszName, int iSubType )

File: game/server/cstrike/cs_player.cpp

Line 6679:
This extension serves the purpose of detouring GiveNamedItem so that each invocation of it may be logged and potentially blocked.
Zacade, Madness (null138) and me (jenz) oberserved since march 2024 how malicious players are capable of crashing the zombie escape server.
Our observations lead us to believe that its related to the malicious users spawning weapons that do not exist and hence crash the server.
Originally we tried to observe GiveNamedItem through DhookDetour using sourcepawn but what happened was that when a malicious user would use the exploit the sourcepawn implementation could not keep up, instead of directly crashing the server it would instead just freeze forever. Hence tracking it from sourcepawn appears infeasible and therefore this extension seems neccesary.
When the exploit is performed it also leaves us without any accelerator crash report despite the server crashing.
We furthermore concluded that the exploit must be useable by malicious users due to critical flaws in plugins that we run.
We never discovered the flaw that enables the exploit to crash the server but the extension will hopefully suffice instead.