The server can exploit the client with these netmessages, therefore, sv_cheats shouldn't be used to toggle it. Create a cvar that the server and client have to enable individually to enable the system.
Use CUtlVector, and remove every copy caused by passing vectors by value. CUtlVector does not support copying. Also removed all extraneous std::string copies caused by calling itoa instead of std::to_string, or std::stoll, etc. All features have been tested and work as designed.
- Make sure cmdTime is never lower than last.
- Make sure delta doesn't exceed maxUnlag.
- Make sure latency gets clamped to maxUnlag (clamp appears to be missing in the engine).
- Only check for cmdTime if we are not discarding the cmd; previously, already processed queued cmd's got checked before being discarded.
Temporary lag compensation exploit fix by clamping the difference. Exploiter could carefully control the detonation time of a grenade, or alter the ability cool downs by altering the 'CUserCmd::command_time' field before sending it up.
The implementation in the engine always took/returned signed 64bit size types, but I made a mistake when reversing the virtual function table. All types have been changed to what they should be (mostly signed 64bit, very few unsigned), and usage in-SDK has been adjusted accordingly.
Removed for:
* base_tickinterval_sp
* base_tickinterval_mp
* sv_updaterate_sp
* sv_updaterate_mp
* cl_updaterate_mp
Cvar 'cl_cmdrate' is deprecated in the engine and SDK since the CL_Move rebuild, and therefore has been removed entirely.
Nice to implement at some point, but its not a priority. The current system just disables itself if its under attack (requires action from server owner to re-enable).
This member was in the class when RCON was added to the r5sdk, but it was never utilized. Now, each netconsole can toggle whether they are input only or not, the server only sends logs to netconsoles that are not input only. This patch also contains a fix in which the listen server sends logs to the client of its own process, causing an infinite recursive call to DevMsg.
Added public interface to ICVarIteratorInternal, this class also deals with the deletion of the iterator. This fixes the problem of cvars not showing up that have been registered after 'CModAppSystemGroup::Create()' has been called. Currently, no cvar is registered after it. This will/could change when the plugin system is utilized.
Additional changes:
- Cvar 'con_suggestion_flags_realtime' has been removed, as we no longer keep an early copy anymore; real time flags are always shows from now on.
- Fixed a bug in 'CConsole::FindFromPartial()' where we would return in the loop when 'm_vSuggest.size() >= con_suggestion_limit->GetInt()', instead of breaking out, which skips the element sorting process.
The initialization crash has been fixed in commit '15244bf2', where if the 'platform/mods' folder didn't exist, an exception would be raised and the process would be aborted. Now, when that folder is absent, the mod system won't initialize.
Only block 'CLC_SetPlaylistVarOverride' messages when cheats are disabled. The server still needs to be able to override client playlist vars (using 'SVC_PlaylistOverrides'). This isn't a problem, as on any disconnect, the client will reload its own bundled copy.
Find regex pattern:
inline auto ([a-zA-Z0-9_]+) = ([a-zA-Z0-9_]+)\.RCast<([a-zA-Z0-9_:<>*]+) *\(\*\)\(([^)]*)\)>\(\);
Replace regex pattern:
inline $3(*$1)($4);
This commit also removes the unnecessary initialization (which was required to type the auto variables),
and therefore removed 6kb of unnecessary dynamic initialization code.
Rebuild of the 'CServerGameClients::ProcessUserCmds' and 'CPlayer::ProcessUserCmds' methods. The rebuild is pretty much identical to the original implementation, but with additional checks for the number of commands, and total commands in 'CServerGameClients::ProcessUserCmds'. In the future, additional clamps and checks between CPlayer and the recv'd UserCMD should be incorporated in these functions.
Global 'direct' usage of 'MemAllocSingleton()' has been jettisoned. Where possible, smart pointers were used instead. During the refactor, the following bugs were addressed and fixed:
- The virtual destructor of 'CCVarIteratorInternal' was NOT called on destruction.
- Class function 'KeyValues::MakeCopy' did NOT calculate the buffer size of the wide string correctly, the original calculation was 'len+1*sizeof(wchar_t)', but should've been '(len+1)*sizeof(wchar_t)'.
Some other code changes include:
- Tier0 include 'memstd.h' has been moved above all thirdparty includes, to make sure the memalloc functions get shadowed with ours in third party libraries as well.
- RPak file paths string literals are now defines.
- 'DestroyOverlay' has been refactored to match the assembly of the game.
The ban commands have the 'sv_' prefix removed. CBaseEntity::InputKill expects 'kickid' to be present, it uses this to kick the player once the entity has been destroyed. Not doing so could lead into a crash or other undesired behavior.
Reason parameters are optional. For scripts, to use the default message, pass in an empty string. The function for the script system should be centralized soon to avoid more duplicate code.
The 'DirectX_Init()' call was performed late in code, shortly after the window has been created (at this point all device objects and window handles are valid), but the 'DirectX_Shutdown()' call was performed on DLL_DETACH, which was way too late, as the objects were already destroyed at this point. This wasn't an issue before, as we created our own objects in the old DX code. But due to optimizations, we were using the same pointers as the game (noticeable performance boost), but did not adjust the shutdown to accommodate the changes. The shutdown is now performed while the device objects and window handles are valid. Code has been tested on Nvidia and AMD systems, and has confirmed to fix the aforementioned issues.
Fix several exploitable bugs in the CUserCmd class. Some of these have been used to exploit/cheat in-game. Fixes contain:
- Camera position clamping (the only patch that hasn't been tested yet!)
- Weapon activity exploit, allowing player to infinitely throw ordnances, and perform other 'cheats'.
- Akimbo exploit + server crasher, allowing client to set multiple inventory weapons as active. The active weapon index bounds were also not checked, a properly crafter CUserCmd message would therefore be able to crash the server.
Note that this does not fix all issues related to the UserCmd class; further reversing and testing revealed there is more to be fixed, these fixes will get implemented with a future commit.
This commit significantly reduces output code size, and a noticeable increase in performance. Changes are:
- Removed all extraneous std::string and std::vector copy constructions; use raw pointers instead to boost performance.
- Marked simple getters in CModule inline.
- Marked several functions in CModule const.
- Slightly reordered CModule class.
- 'CMemory::CheckOpCodes' and 'CMemory::Patch' now take a const reference.
Check if the actual message type is 'TextMsg' before printing, since other data is binary and could be read as 'HUD_PRINTCONSOLE', 'HUD_PRINTCENTER', etc.. resulting in printing binary data. This fix permanently solves that problem. The check has also been applied to the 'ShouldReplayMessage' function.
Ported the logic from the more recent builds into the SDK rebuild. Note that this isn't all that has changed in the live builds, but were the only things worth porting back. Frame times are now properly clamped on the client. Some testing revealed that the movement now feels identical to the live version of the game, which was the target. This commit also fixes a bug in CL_Move were the datagram was not send, and the next cmd time wasn't set if the client was NOT active, while it should have.
