12-29-2016, 10:38 AM
This can mean one of two things:
1) Your version of Colobot is different. Make sure it's the same one as available in our download (MD5 of colobot.exe is 83e54ee377bcdf9f4930e0892952c4ab)
2) The stack layout is slightly different between versions of Windows. This is kinda what I expected to happen, but I didn't manage to write this exploit without hardcoding an address on the stack. The best I could do would be to add a lot of NOPs all around it and hope we jump somewhere close.
Do you perhaps have any way of providing a backtrace and possibly registers and stack at the time of a crash? gdb should work (start with 'handle SIGTRAP nostop' before running because one element of the exploit generates a debugger break and try some of these commands: 'info registers', 'info stack', 'info frame', 'x/128xw $esp')
1) Your version of Colobot is different. Make sure it's the same one as available in our download (MD5 of colobot.exe is 83e54ee377bcdf9f4930e0892952c4ab)
2) The stack layout is slightly different between versions of Windows. This is kinda what I expected to happen, but I didn't manage to write this exploit without hardcoding an address on the stack. The best I could do would be to add a lot of NOPs all around it and hope we jump somewhere close.
Do you perhaps have any way of providing a backtrace and possibly registers and stack at the time of a crash? gdb should work (start with 'handle SIGTRAP nostop' before running because one element of the exploit generates a debugger break and try some of these commands: 'info registers', 'info stack', 'info frame', 'x/128xw $esp')