ValveSoftware
[TF2] Exploit: Fake-Lag / Fake-ViewAngles ( Patch ) | Source
Fake-Lag / Fake-ViewAngles
As of recently ( with the issues pertaining to "bot" accounts ), I'm considering donating a few methods on how to achieve this feature to the developer(s) in hopes that it gets patched ( like in Counter-Strike : Global Offensive ) on Valve Official Matchmaking Servers.
Summary:
By abusing the base pointer register, you can explicitly manipulate your current stack frame. When making "fake angles," it's necessary to perform this measure by allocating a small segment of data such as an unsigned int, and then storing a value on the stack to be moved into the base register.
Method: 1
unsigned int _bp;
__asm mov _bp, ebp;
bool* foo = reinterpret_cast< bool* >( ***( unsigned int*** )_bp - 0x1 );
By making an inline assembly move instruction, you can set the frame pointer to your stack data. This allows the user to create a boolean ( globally ) based on that function alone's stored data like so:
Method: 2
auto address = reinterpret_cast< unsigned int >( _AddressOfReturnAddress( ) ) - sizeof( unsigned int );
bool& foo = *( ***reinterpret_cast< bool**** >( address ) - 0x1 );
These both work uniform to each other, so there's no need to delve into the summation.
ViewAngleFunc:
In this function, we're going to pass the user command function pointer and the bSendPacket boolean. This will allow us to set angles based on the viewangles.
void ViewAngleFunc( c_user_command* command, bool &foo )
{
if ( *foo )
{
command->viewangles.y += 90.0f;
}
}
Now, you may be wondering how the user sets the angles? Well, it's very simple. Once we have set our boolean globally, we can setup our CreateMove hook and abuse the user command variable "viewangles" to create a user command pointer which hijacks the current client view angle.
CreateMove Hook:
bool __fastcall CreateMove( void* ecx, void* edx, float input_time, c_user_command* command )
{
// Note: Include the bSendPacket code provided above after the original function has been called.
OriginalCreateMove( ecx, edx, input_time, command );
// Note: We're going to only focus on our data to run which encompasses the function:
if ( !command->number )
return false;
ViewAngleFunc( command, *foo );
return false;
}
As far as I am aware, this issue has been resolved on Counter-Strike : Global Offensive's officially hosted servers. Granted, the method to achieve the same result was slightly different, however, I'm certain that this can be patched with ease, granting users the ability to make connected reliable shots once more.
~ Fox.
i don't think anyone cares
@Enzic1 if you are not a fake account, you could elaborate
