19-04-2017, 03:22
Exploit utilisable en cheat interne uniquement (donc désolé pas possible sur cshs cheat 
)
Je viens de découvrir l'exploit, voile le seul code public qui traine, j'ai pas encore regarder mais c'est du grand n'importe quoi !
source: uc-forum
) Je viens de découvrir l'exploit, voile le seul code public qui traine, j'ai pas encore regarder mais c'est du grand n'importe quoi !
Code :
//CHLClient::WriteUsercmdDeltaToBuffer index == 23
bool __stdcall HookedWriteUsercmdDeltaToBuffer(int slot, void* buf, int from, int to, bool isnewcommand)
{
int* pBackupCommands = reinterpret_cast<int*>(reinterpret_cast<uintptr_t>(buf) - 0x30);
int* pNewCommands = reinterpret_cast<int*>(reinterpret_cast<uintptr_t>(buf) - 0x2C);
int cl_cmdbackup = 0;
*pBackupCommands = cl_cmdbackup;
static bool firstcmd = false;
if (from == -1) firstcmd = true;
if (to > g_pClientState->lastoutgoingcommand - cl_cmdbackup)
{
if (firstcmd) from = -1;
firstcmd = false;
CUserCmd nullCmd;
CUserCmd* cmdFrom;
CUserCmd* cmdTo;
if (from == -1)
{
cmdFrom = &nullCmd;
}
else
{
cmdFrom = g_pInput->GetUserCmd(from);
}
if (to == -1)
{
cmdTo = &nullCmd;
}
else
{
cmdTo = g_pInput->GetUserCmd(to);
}
static auto WriteUsercmd = reinterpret_cast<void (__fastcall*)(void* buffer, CUserCmd* from, CUserCmd* to)>((uintptr_t)GetModuleHandleA("client.dll") + 0x34FA10);
__asm
{
mov ecx, buf;
mov edx, cmdTo;
push cmdFrom;
call WriteUsercmd;
add esp, 4h;
}
}
return true;
}Code :
if (bLagExploit)
{
sendpacket = (sequence_number % 10) == 0;
//use multiples of 150 because thats the size of the command-buffer
pCmd->command_number += 3 * 150;
g_pClientState->lastoutgoingcommand += 3 * 150;
g_pClientState->m_NetChannel->m_nOutSequenceNr += 3 * 150;
}