R5Reloaded/r5sdk
1
0
Fork 0
mirror of https://github.com/Mauler125/r5sdk.git synced 2025-02-09 19:15:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
r5sdk/r5dev/game/shared/usercmd.h
Kawe Mazidjatari 51ea9c7c4f CUserCmd hardening 
Fix several exploitable bugs in the CUserCmd class. Some of these have been used to exploit/cheat in-game. Fixes contain:
- Camera position clamping (the only patch that hasn't been tested yet!)
- Weapon activity exploit, allowing player to infinitely throw ordnances, and perform other 'cheats'.
- Akimbo exploit + server crasher, allowing client to set multiple inventory weapons as active. The active weapon index bounds were also not checked, a properly crafter CUserCmd message would therefore be able to crash the server.

Note that this does not fix all issues related to the UserCmd class; further reversing and testing revealed there is more to be fixed, these fixes will get implemented with a future commit.
2023-06-13 17:43:32 +02:00

120 lines
3.6 KiB
C++
Raw Blame History

//====== Copyright <20> 1996-2005, Valve Corporation, All rights reserved. =======//
//
// Purpose:
//
// $NoKeywords: $
//
//=============================================================================//
#if !defined( USERCMD_H )
#define USERCMD_H
#ifdef _WIN32
#pragma once
#endif
#include "tier1/bitbuf.h"
#include "mathlib/vector.h"
//-------------------------------------------------------------------------------------
// Forward declarations
//-------------------------------------------------------------------------------------
class CUserCmd;
inline CMemory p_CUserCmd__Reset;
inline auto v_CUserCmd__Reset = p_CUserCmd__Reset.RCast<void(*)(CUserCmd* pUserCmd)>();
inline CMemory p_CUserCmd__Copy;
inline auto v_CUserCmd__Copy = p_CUserCmd__Copy.RCast<CUserCmd*(*)(CUserCmd* pDest, CUserCmd* pSource)>();
inline CMemory p_ReadUserCmd;
inline auto v_ReadUserCmd = p_ReadUserCmd.RCast<int (*)(bf_read* buf, CUserCmd* move, CUserCmd* from)>();
//-------------------------------------------------------------------------------------
#pragma pack(push, 1)
//-------------------------------------------------------------------------------------
class CUserCmd
{
public:
CUserCmd() // Cannot be constructed during DLL init.
{
Reset();
}
inline CUserCmd* Copy(CUserCmd* pSource) { return v_CUserCmd__Copy(this, pSource); }
inline void Reset() { v_CUserCmd__Reset(this); }
int32_t command_number;
int32_t tick_count;
float_t command_time;
QAngle viewangles;
char pad_0x0018[12];
float_t forwardmove;
float_t sidemove;
float_t upmove;
int32_t buttons;
byte impulse;
byte cycleslot;
byte weaponindex;
__int16 weaponselect;
bool bUnk39;
__int16 weaponactivity;
int nUnk3C;
bool controllermode;
bool fixangles;
bool setlastcycleslot;
char pad_0x0034[157];
QAngle renderangles; // IDK what this is used for.
QAngle renderangles_copy; // IDK what this is used for.
float fUnkF8;
QAngle another_renderangles_copy; // IDK what this is used for.
QAngle yet_another_renderangles_copy; // IDK what this is used for.
char pad_0x00114[112];
int32_t randomseed;
byte bUnk188;
bool bUnk189;
bool normalizepitch;
__int16 nUnk18B;
char pad_0x0188[3];
Vector3D headposition;
float_t maxpitch;
char pad_0x01A0[24];
bool trace_camera;
char pad_1B9[3];
Vector3D camerapos;
int world_angle_tick;
int nUnk1D4;
int predicted_server_event_ack;
int nUnk1D8;
float frametime;
};
#pragma pack(pop)
static_assert(sizeof(CUserCmd) == 0x1DC);
///////////////////////////////////////////////////////////////////////////////
class VUserCmd : public IDetour
{
virtual void GetAdr(void) const
{
LogFunAdr("CUserCmd::Reset", p_CUserCmd__Reset.GetPtr());
LogFunAdr("CUserCmd::Copy", p_CUserCmd__Copy.GetPtr());
LogFunAdr("ReadUserCmd", p_ReadUserCmd.GetPtr());
}
virtual void GetFun(void) const
{
p_CUserCmd__Reset = g_GameDll.FindPatternSIMD("E8 ?? ?? ?? ?? 48 8B DF 66 83 FE FF").FollowNearCallSelf();
v_CUserCmd__Reset = p_CUserCmd__Reset.RCast<void(*)(CUserCmd*)>();
p_CUserCmd__Copy = g_GameDll.FindPatternSIMD("E8 ?? ?? ?? ?? 4C 8B 9B ?? ?? ?? ??").FollowNearCallSelf();
v_CUserCmd__Copy = p_CUserCmd__Copy.RCast<CUserCmd* (*)(CUserCmd*, CUserCmd*)>();
p_ReadUserCmd = g_GameDll.FindPatternSIMD("E8 ?? ?? ?? ?? 4C 8B C6 48 81 C6 ?? ?? ?? ??").FollowNearCallSelf();
v_ReadUserCmd = p_ReadUserCmd.RCast<int (*)(bf_read*, CUserCmd*, CUserCmd*)>();
}
virtual void GetVar(void) const { }
virtual void GetCon(void) const { }
virtual void Attach(void) const;
virtual void Detach(void) const;
};
///////////////////////////////////////////////////////////////////////////////
#endif // USERCMD_H
Reference in New Issue View Git Blame Copy Permalink