Fix negativeAck exploit (crash DOS)

2023-04-17 19:56:32 -06:00 · 2023-04-17 19:56:32 -06:00 · ddb63bc5d2
commit ddb63bc5d2
parent 7f908163ca
2 changed files with 28 additions and 4 deletions
--- a/src/client/component/patches.cpp
+++ b/src/client/component/patches.cpp
@ -12,6 +12,19 @@ namespace patches
 {
 	namespace
 	{
+		utils::hook::detour sv_executeclientmessages_hook;
+
+		void sv_executeclientmessages_stub(game::client_s* cl, game::msg_t* msg)
+		{
+			if (cl->reliableAcknowledge < 0)
+			{
+				cl->reliableAcknowledge = cl->reliableSequence;
+				return;
+			}
+
+			sv_executeclientmessages_hook.invoke<void>(cl, msg);
+		}
+
 		void script_errors_stub(const char* file, int line, unsigned int code, const char* fmt, ...)
 		{
 			char buffer[0x1000];
@ -39,6 +52,9 @@ namespace patches
 			utils::hook::set<uint8_t>(game::select(0x14224DBB4, 0x1405312A8), 3);
 			utils::hook::set<uint8_t>(game::select(0x14224DF8C, 0x1405316DC), 3);

+			// make sure client's reliableAck are not negative
+			sv_executeclientmessages_hook.create(game::select(0x14224A460, 0x14052F840), sv_executeclientmessages_stub);
+
 			scheduler::once([]
 			{
 				game::register_dvar_string("password", "", game::DVAR_USERINFO, "password");
--- a/src/client/game/structs.hpp
+++ b/src/client/game/structs.hpp
@ -1583,15 +1583,23 @@ namespace game
 		int client_state;
 		char __pad0[0x28];
 		netadr_t address;
-		char __pad1[0x5588];
+		char gap_3C[20468];
+		int reliableSequence;
+		int reliableAcknowledge;
+		char gap_5038[4];
+		int messageAcknowledge;
+		char gap_5040[1416];
 		uint64_t xuid;
 		char __pad2[0xB5D84];
 		int guid;
 		char __pad3[0x8];
 		bool bIsTestClient;
-		char __pad4[0x29DAC];
+		char gap_BB361[3];
+		int serverId;
+		char gap_BB368[171432];
 	};

+
 #ifdef __cplusplus
 	static_assert(sizeof(client_s) == 0xE5110);