From 29901739a2506999955e1fdd5a2f8f7b2140b089 Mon Sep 17 00:00:00 2001 From: Ladislav Zezula Date: Mon, 15 Apr 2024 23:30:36 +0200 Subject: Work in progress: New MPQ protector --- src/SBaseFileTable.cpp | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'src/SBaseFileTable.cpp') diff --git a/src/SBaseFileTable.cpp b/src/SBaseFileTable.cpp index fa388fc..a222ac5 100644 --- a/src/SBaseFileTable.cpp +++ b/src/SBaseFileTable.cpp @@ -479,8 +479,16 @@ DWORD ConvertMpqHeaderToFormat4( { case MPQ_FORMAT_VERSION_1: - // Check for malformed MPQ header version 1.0 + // Make sure that the MPQ Header is properly swapped BSWAP_TMPQHEADER(pHeader, MPQ_FORMAT_VERSION_1); + + // Check for blatantly wrong MPQ header by the hash table position + if(((ByteOffset + pHeader->dwHashTablePos) & 0xFFFFFFFF) > FileSize) + return ERROR_FAKE_MPQ_HEADER; + if(((ByteOffset + pHeader->dwBlockTablePos) & 0xFFFFFFFF) > FileSize) + return ERROR_FAKE_MPQ_HEADER; + + // Check for malformed MPQ header version 1.0 if(pHeader->wFormatVersion != MPQ_FORMAT_VERSION_1 || pHeader->dwHeaderSize != MPQ_HEADER_SIZE_V1) { pHeader->wFormatVersion = MPQ_FORMAT_VERSION_1; -- cgit v1.2.3