|
CL_SendMove_Rebuilt
- Автор темы dalkr
- Дата начала
Пользователь
Пользователь
- Статус
- Оффлайн
- Регистрация
- 27 Июл 2019
- Сообщения
- 59
- Реакции
- 402
Пожалуйста, авторизуйтесь для просмотра ссылки.
location: 0x100D30B0 in engine.dll
signature: \x55\x8B\xEC\xA1\x00\x00\x00\x00\x81\xEC\x00\x00\x00\x00\xB9\x00\x00\x00\x00\x53\x8B\x98
mask: xxxx????xx????x????xxx
C:
int sendMove()
{
int v0; // esi
int v1; // ebx
int result; // eax
bool v3; // sf
int v4; // esi
int *v5; // ecx
signed int v6; // edx
signed int v7; // edi
bool v8; // al
int v9; // esi
char *v10; // edi
size_t v11; // esi
int v12; // eax
int *v13; // ecx
int v14; // eax
char v15; // [esp+10h] [ebp-FF8h]
void **v16; // [esp+FB0h] [ebp-58h]
void **v17; // [esp+FB4h] [ebp-54h]
char v18; // [esp+FB8h] [ebp-50h]
int v19; // [esp+FBCh] [ebp-4Ch]
int v20; // [esp+FC0h] [ebp-48h]
int *v21; // [esp+FC4h] [ebp-44h]
int v22; // [esp+FC8h] [ebp-40h]
int v23; // [esp+FCCh] [ebp-3Ch]
char v24; // [esp+FD0h] [ebp-38h]
char v25; // [esp+FD4h] [ebp-34h]
int v26; // [esp+FE4h] [ebp-24h]
int v27; // [esp+FE8h] [ebp-20h]
void *v28[4]; // [esp+FECh] [ebp-1Ch]
__int16 v29; // [esp+FFCh] [ebp-Ch]
int v30; // [esp+1000h] [ebp-8h]
int v31; // [esp+1004h] [ebp-4h]
v0 = *(_DWORD *)(dword_10588DC4[0] + 19752);
v1 = v0 + *(_DWORD *)(dword_10588DC4[0] + 19748) + 1;
result = ((int (__thiscall *)(int (*(**)[2])(), _DWORD))(*off_10588DC0)[13])(&off_10588DC0, 0);
if ( !(_BYTE)result )
{
*(_OWORD *)v28 = xmmword_104DCE80;
v29 = 256;
v30 = 0;
__crt_strtox::big_integer::big_integer((__crt_strtox::big_integer *)&v18);
v22 = 0;
v3 = v0 + 1 < 0;
v4 = v0 + 1;
v16 = &CNetMessagePB<9,CCLCMsg_Move,11,0>::`vftable';
v5 = &dword_105B9C9C;
v17 = &CNetMessagePB<9,CCLCMsg_Move,11,0>::`vftable';
v21 = &dword_105B9C9C;
v24 = 0;
v27 = 15;
v26 = 0;
v25 = 0;
v28[0] = &v15;
v28[1] = (void *)4000;
v28[2] = (void *)32000;
v28[3] = 0;
LOBYTE(v29) = 0;
if ( v3 )
{
v4 = 0;
}
else if ( v4 > 15 )
{
v4 = 15;
}
v31 = v1 - v4;
v6 = 3;
v20 = v4;
v7 = -1;
v8 = 1;
v9 = v1 - v4 - 1;
v19 = 2;
v23 = 3;
if ( v9 > v1 )
{
v10 = &v15;
}
else
{
do
{
v8 = v8
&& (*(unsigned __int8 (__stdcall **)(_DWORD, void **, signed int, int, bool))(*(_DWORD *)dword_10895E88 + 96))(
0,
v28,
v7,
v9,
v9 >= v31 + 1);
v7 = v9++;
}
while ( v9 <= v1 );
if ( !v8 )
goto LABEL_21;
v10 = (char *)v28[0];
v6 = v23;
v5 = v21;
}
v23 = v6 | 4;
v11 = (_DWORD)((_DWORD)v28[3] + 7) >> 3;
if ( v5 == &dword_105B9C9C )
{
v12 = (*(int (__stdcall **)(signed int))(*g_pMemAlloc + 4))(24);
v13 = (int *)v12;
if ( v12 )
{
*(_DWORD *)(v12 + 20) = 15;
*(_DWORD *)(v12 + 16) = 0;
*(_BYTE *)v12 = 0;
}
else
{
v13 = 0;
}
v21 = v13;
}
sub_100A3030(v10, v11);
v14 = ((int (__thiscall *)(int (*(**)[2])()))(*off_10588DC0)[5])(&off_10588DC0);
(*(void (__stdcall **)(void ***, _DWORD, _DWORD))(**(_DWORD **)(dword_10588DC4[v14] + 156) + 160))(&v16, 0, 0);
LABEL_21:
result = sub_100D4B70(&v16);
}
return result;
}you can define this function for calling like this:
C++:
using CL_SendMove_t = void( __fastcall* )( void ); // function template, it takes void as argument
static CL_SendMove_t CL_SendMove = ( CL_SendMove_t ) FindPattern( "engine.dll" , "55 8B EC A1 ? ? ? ? 81 EC ? ? ? ? B9 ? ? ? ? 53 8B 98" );
// our function
// now you can call function like CL_SendMove( ), bcoz 'void' argument means that func doesn't take any args
CL_SendMove( ); // this is how can you call this function'Rebuilt' means that you can reverse pseudo and call this function from your cheat instead of parsing function by signature
Have a good day ?
Последнее редактирование:
Yes but i dont know what to rebuild here
Код:
void CL_SendMove( void )
{
byte data[ MAX_CMD_BUFFER ];
int nextcommandnr = cl.lastoutgoingcommand + cl.chokedcommands + 1;
// send the client update packet
CLC_Move moveMsg;
moveMsg.m_DataOut.StartWriting( data, sizeof( data ) );
// Determine number of backup commands to send along
int cl_cmdbackup = 2;
moveMsg.m_nBackupCommands = clamp( cl_cmdbackup, 0, MAX_BACKUP_COMMANDS );
// How many real new commands have queued up
moveMsg.m_nNewCommands = 1 + cl.chokedcommands;
moveMsg.m_nNewCommands = clamp( moveMsg.m_nNewCommands, 0, MAX_NEW_COMMANDS );
int numcmds = moveMsg.m_nNewCommands + moveMsg.m_nBackupCommands;
int from = -1; // first command is deltaed against zeros
bool bOK = true;
for ( int to = nextcommandnr - numcmds + 1; to <= nextcommandnr; to++ )
{
bool isnewcmd = to >= (nextcommandnr - moveMsg.m_nNewCommands + 1);
// first valid command number is 1
bOK = bOK && g_ClientDLL->WriteUsercmdDeltaToBuffer( &moveMsg.m_DataOut, from, to, isnewcmd );
from = to;
}
if ( bOK )
{
// only write message if all usercmds were written correctly, otherwise parsing would fail
cl.m_NetChannel->SendNetMsg( moveMsg );
}
}Пользователь
Пользователь
- Статус
- Оффлайн
- Регистрация
- 27 Июл 2019
- Сообщения
- 59
- Реакции
- 402
First of all, you should use this only in WriteUsercmdDeltaToBuffer hook ( according to this -
Пожалуйста, авторизуйтесь для просмотра ссылки.
)Secondly, according to
Пожалуйста, авторизуйтесь для просмотра ссылки.
, you need to hook virtual function SendNetMsg from NetChannel -
Пожалуйста, авторизуйтесь для просмотра ссылки.
( probably its index is 42, bcoz it's 7 lines above Transmit, which is 49, but i'm not 100% sure tbh )And also take a look at global vars like cl in source sdk, which is probably g_pClientState in your pasta
Have a good day
Последнее редактирование:
