In the engine, m_query gets memset to size '0x58', and it passes this field as reference to other functions which then access the 3 pointers. Moving the 3 pointers there made the struct size 0x58, and showed a much better disassembly. Moved these type here to reflect the changes made in the engine.
Enabling LTCG caused the emplacement order to be different, which is most likely due to additional optimizations for the binary search logic. Reverted to fix this bug.
- Use std::map for mapping vtables to interface objects, previously done with a set and a vector.
- Objects are no longer inline, which significantly reduced output code size as all redundant dynamic initializers (created for each translation unit) have been pruned.
The game's memalloc does not support memory expansion, the base expansion function couldn't be shadowed properly without linker errors. However we want to make sure no instances of it get compiled into the module, ever. Therefore, the duplicate symbol is kept in memoverride (_expand_base), and the only usage has been removed from LZHAM's 'lzham_mem'. If a linkage is attempted to anything utilizing '_expand', a linker error will be emitted and no image will be generated.
- Disable function inlining entirely, this allows for much easier hooking between engine and SDK code (the compiled code is now identical between engine and SDK, except that the SDK has all relevant security problems patched as per https://curl.se/docs/vuln-7.54.0.html).
- Enable buffer security checks to avoid potential remote attacks.
Previously, it was all controlled from the global init (applied to all projects), but some projects need different options. With these changes, you can disable the common options applied in the 'add_module' macro, and set your own if desired.
Merge: curl/curl@139a54ed0a
Note: protocol compare couldn't be added, as this would require adding a new member in the state structure, and therefore, break compatibility with the structures in the compiled executable (breaking the ability to hook any of its code). This fix should be sufficient however.
Merge: curl/curl@7214288898
Note: The 'CURLU' class does not exist in this particular version of curl, therefore, an alternative approach has been incorporated to mitigate the issue. Code has been tested, and the issue has been fixed.
Merge: curl/curl@69a358f218
Note: due to the many updates between the curl version this has been fixed in, and the one used in the SDK, the function was slightly different. The code has been tested however, after implementing the fix for this particular version of the library, the code appears to work perfectly with the vuln being fixed (tested on an FTP server with 10k files in the directory).
Merge: curl/curl@3c9e021f86
Note: Member order in 'connfind' has been left identical, except for that 'found' (now 'id_tofind') is a long. Code however, should pad it to a 4 byte boundary. Size of 'UrlState' has also remained unchanged, the 'connectdata' member has been renamed to 'lastconnect_id', and its type has been changed to 'long'. Additional padding has been incorporated to make sure the structure's size remains the same as that of the game, may we ever hook compiled code with ours.
