UNLOZE/sm-ext-GiveNamedItemTracker
10
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

initial readme

Browse Source
This commit is contained in:
jenz 2024-09-23 19:05:10 +01:00
parent 62fa8e3192
commit 8c58b35501
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
README.md Normal file
View File

@ -0,0 +1,14 @@
# GiveNamedItemTracker
### CBaseEntity *CCSPlayer::GiveNamedItem( const char *pszName, int iSubType )
#### File: game/server/cstrike/cs_player.cpp
##### Line 6679:
###### This extension serves the purpose of detouring GiveNamedItem so that each invocation of it may be logged and potentially blocked.
###### Zacade, Madness (null138) and me (jenz) oberserved since march 2024 how malicious players are capable of crashing the zombie escape server.
###### Our observations lead us to believe that its related to the malicious users spawning weapons that do not exist and hence crash the server.
###### Originally we tried to observe GiveNamedItem through DhookDetour using sourcepawn but what happened was that when a malicious user would use the exploit the sourcepawn implementation could not keep up, instead of directly crashing the server it would instead just freeze forever. Hence tracking it from sourcepawn appears infeasible and therefore this extension seems neccesary.
###### When the exploit is performed it also leaves us without any accelerator crash report despite the server crashing.
###### We furthermore concluded that the exploit must be useable by malicious users due to critical flaws in plugins that we run.
###### We never discovered the flaw that enables the exploit to crash the server but the extension will hopefully suffice instead.