From 8165ac1381d6b0054563c67f15853449d4894c61 Mon Sep 17 00:00:00 2001 From: Miran Date: Fri, 1 Mar 2024 16:34:41 +0100 Subject: [PATCH 1/2] 0AA6 pointer validation relaxed for legacy scripts --- cleo_plugins/MemoryOperations/MemoryOperations.cpp | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/cleo_plugins/MemoryOperations/MemoryOperations.cpp b/cleo_plugins/MemoryOperations/MemoryOperations.cpp index 02a9160f..71d6df5f 100644 --- a/cleo_plugins/MemoryOperations/MemoryOperations.cpp +++ b/cleo_plugins/MemoryOperations/MemoryOperations.cpp @@ -419,7 +419,17 @@ class MemoryOperations static OpcodeResult __stdcall opcode_0AA6(CLEO::CRunningScript* thread) { auto func = OPCODE_READ_PARAM_PTR(); - auto obj = OPCODE_READ_PARAM_PTR(); + + void* obj = nullptr; + if (!IsLegacyScript(thread)) + { + obj = OPCODE_READ_PARAM_PTR(); + } + else + { + obj = (void*)OPCODE_READ_PARAM_INT(); // at least one mod used 0AA6 with 0 as struct argument (effectivly turning it into 0AA5 opcode...) + } + auto numArgs = OPCODE_READ_PARAM_INT(); auto numPop = OPCODE_READ_PARAM_INT(); From 72a5b5a60be138829b26f5e662971429a65f603f Mon Sep 17 00:00:00 2001 From: Miran Date: Fri, 1 Mar 2024 17:03:08 +0100 Subject: [PATCH 2/2] fixup! 0AA6 pointer validation relaxed for legacy scripts --- cleo_plugins/MemoryOperations/MemoryOperations.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cleo_plugins/MemoryOperations/MemoryOperations.cpp b/cleo_plugins/MemoryOperations/MemoryOperations.cpp index 71d6df5f..b43179ac 100644 --- a/cleo_plugins/MemoryOperations/MemoryOperations.cpp +++ b/cleo_plugins/MemoryOperations/MemoryOperations.cpp @@ -427,7 +427,7 @@ class MemoryOperations } else { - obj = (void*)OPCODE_READ_PARAM_INT(); // at least one mod used 0AA6 with 0 as struct argument (effectivly turning it into 0AA5 opcode...) + obj = (void*)OPCODE_READ_PARAM_INT(); // at least one mod used 0AA6 with 0 as struct argument (effectively turning it into 0AA5 opcode...) } auto numArgs = OPCODE_READ_PARAM_INT();