From ddb63bc5d29d97bebb96edf5226a4a66b528c42f Mon Sep 17 00:00:00 2001 From: ineed bots Date: Mon, 17 Apr 2023 19:56:32 -0600 Subject: [PATCH 1/2] Fix negativeAck exploit (crash DOS) --- src/client/component/patches.cpp | 20 ++++++++++++++++++-- src/client/game/structs.hpp | 12 ++++++++++-- 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/src/client/component/patches.cpp b/src/client/component/patches.cpp index 0900b5a8..6a2b59e5 100644 --- a/src/client/component/patches.cpp +++ b/src/client/component/patches.cpp @@ -11,7 +11,20 @@ namespace patches { namespace - { + { + utils::hook::detour sv_executeclientmessages_hook; + + void sv_executeclientmessages_stub(game::client_s* cl, game::msg_t* msg) + { + if (cl->reliableAcknowledge < 0) + { + cl->reliableAcknowledge = cl->reliableSequence; + return; + } + + sv_executeclientmessages_hook.invoke(cl, msg); + } + void script_errors_stub(const char* file, int line, unsigned int code, const char* fmt, ...) { char buffer[0x1000]; @@ -37,7 +50,10 @@ namespace patches // Change 4 character name limit to 3 characters utils::hook::set(game::select(0x14224DA53, 0x140531143), 3); utils::hook::set(game::select(0x14224DBB4, 0x1405312A8), 3); - utils::hook::set(game::select(0x14224DF8C, 0x1405316DC), 3); + utils::hook::set(game::select(0x14224DF8C, 0x1405316DC), 3); + + // make sure client's reliableAck are not negative + sv_executeclientmessages_hook.create(game::select(0x14224A460, 0x14052F840), sv_executeclientmessages_stub); scheduler::once([] { diff --git a/src/client/game/structs.hpp b/src/client/game/structs.hpp index 424c59ac..696a33c5 100644 --- a/src/client/game/structs.hpp +++ b/src/client/game/structs.hpp @@ -1583,15 +1583,23 @@ namespace game int client_state; char __pad0[0x28]; netadr_t address; - char __pad1[0x5588]; + char gap_3C[20468]; + int reliableSequence; + int reliableAcknowledge; + char gap_5038[4]; + int messageAcknowledge; + char gap_5040[1416]; uint64_t xuid; char __pad2[0xB5D84]; int guid; char __pad3[0x8]; bool bIsTestClient; - char __pad4[0x29DAC]; + char gap_BB361[3]; + int serverId; + char gap_BB368[171432]; }; + #ifdef __cplusplus static_assert(sizeof(client_s) == 0xE5110); From b891d25b8729967b9072df5c06a1de6a10259cf5 Mon Sep 17 00:00:00 2001 From: ineed bots Date: Mon, 17 Apr 2023 22:04:57 -0600 Subject: [PATCH 2/2] Fix `cl` warning --- src/client/component/patches.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/client/component/patches.cpp b/src/client/component/patches.cpp index 6a2b59e5..ea4812a9 100644 --- a/src/client/component/patches.cpp +++ b/src/client/component/patches.cpp @@ -14,15 +14,15 @@ namespace patches { utils::hook::detour sv_executeclientmessages_hook; - void sv_executeclientmessages_stub(game::client_s* cl, game::msg_t* msg) + void sv_executeclientmessages_stub(game::client_s* client, game::msg_t* msg) { - if (cl->reliableAcknowledge < 0) + if (client->reliableAcknowledge < 0) { - cl->reliableAcknowledge = cl->reliableSequence; + client->reliableAcknowledge = client->reliableSequence; return; } - sv_executeclientmessages_hook.invoke(cl, msg); + sv_executeclientmessages_hook.invoke(client, msg); } void script_errors_stub(const char* file, int line, unsigned int code, const char* fmt, ...)