The shutdown patch from commit '48c2401c' created another bug where all inputs get collated, and once drawn, emitted to the ImGui interfaces. The patch has been undone, and the 'ImGui_ImplDX11_Shutdown()' call has been placed before 'ImGui_ImplWin32_Shutdown()', as this was how it was performed according to the official documentation and examples provided by Dear ImGui. The call 'ImGui::DestroyContext()' has also been added (taken from the examples). Removed redundant static global bool.
Fix a rare crash that occurs in AMD driver code, when ImGui shutdown was called. The crash did not occur if the library was shutdown after having rendered one of the ImGui panels for one frame. The fix is to just never call 'ImGui_ImplDX11_NewFrame()', 'ImGui_ImplWin32_NewFrame()' and 'ImGui::NewFrame()', 'ImGui::EndFrame()', 'ImGui::Render()' if none of the windows are visible. code has been tested on a system that would trigger the crash, and after the patch, the crash no longer happened.
Fix several exploitable bugs in the CUserCmd class. Some of these have been used to exploit/cheat in-game. Fixes contain:
- Camera position clamping (the only patch that hasn't been tested yet!)
- Weapon activity exploit, allowing player to infinitely throw ordnances, and perform other 'cheats'.
- Akimbo exploit + server crasher, allowing client to set multiple inventory weapons as active. The active weapon index bounds were also not checked, a properly crafter CUserCmd message would therefore be able to crash the server.
Note that this does not fix all issues related to the UserCmd class; further reversing and testing revealed there is more to be fixed, these fixes will get implemented with a future commit.
Merge: curl/curl@139a54ed0a
Note: protocol compare couldn't be added, as this would require adding a new member in the state structure, and therefore, break compatibility with the structures in the compiled executable (breaking the ability to hook any of its code). This fix should be sufficient however.
Merge: curl/curl@7214288898
Note: The 'CURLU' class does not exist in this particular version of curl, therefore, an alternative approach has been incorporated to mitigate the issue. Code has been tested, and the issue has been fixed.
Merge: curl/curl@69a358f218
Note: due to the many updates between the curl version this has been fixed in, and the one used in the SDK, the function was slightly different. The code has been tested however, after implementing the fix for this particular version of the library, the code appears to work perfectly with the vuln being fixed (tested on an FTP server with 10k files in the directory).
Merge: curl/curl@3c9e021f86
Note: Member order in 'connfind' has been left identical, except for that 'found' (now 'id_tofind') is a long. Code however, should pad it to a 4 byte boundary. Size of 'UrlState' has also remained unchanged, the 'connectdata' member has been renamed to 'lastconnect_id', and its type has been changed to 'long'. Additional padding has been incorporated to make sure the structure's size remains the same as that of the game, may we ever hook compiled code with ours.
This commit significantly reduces output code size, and a noticeable increase in performance. Changes are:
- Removed all extraneous std::string and std::vector copy constructions; use raw pointers instead to boost performance.
- Marked simple getters in CModule inline.
- Marked several functions in CModule const.
- Slightly reordered CModule class.
- 'CMemory::CheckOpCodes' and 'CMemory::Patch' now take a const reference.
Check if the actual message type is 'TextMsg' before printing, since other data is binary and could be read as 'HUD_PRINTCONSOLE', 'HUD_PRINTCENTER', etc.. resulting in printing binary data. This fix permanently solves that problem. The check has also been applied to the 'ShouldReplayMessage' function.
The if statement comparing 'nLen' with 'nMaxLen' increments 'nLen' first at all times, but the statement below that checks the delimiters seeks -1 from current pos, causing a desync. This could result in reading arbitrary memory on certain strings. This fix also fixes the useless need to 'snag' the delimiters from tokens.
Must be normalized, bad values (NAN or FLT_MAX) will crash the game. There is more that needs to be clamped, but before we can do this CUserCmd has to be reversed more.
This ConVar's name was set to its helpstring. This patch solves it by assigning the name field to an existing string that makes sense, and moving the helpstring into the actual helpstring field. An additional instruction has been inserted to load the NULL string address into RAX, which required light instruction shifting. After performing this patch, the ConVar now could be ser in the console.
