prediction redesignment (details in description)

my plan to use constant buffering to instantize actions (as healing, reviving) turned out ill-fated:
- many things are using server relative timing: rock stuns, lagcompensation and many of interactables (they're all getting delayed by 150*(1/30) seconds)
- there's always undefined behaviour no matter whether i'm constantly buffering or periodically
- implementing logic that prevents buffering on when you're about to get hit by rock or to use something would adjust weapon timings (they're all getting delayed by 150*(1/30) seconds)
thus i've removed some of things i've worked on (as exploits, viewmodel timing correction)

mostly same thing about extra commands up to 21 while exploiting (my old trick doesn't works anymore): it's either undefined behaviour or feature cuttage

but on good note:
- prediction got hardened against timing fluctations
- prediction now respects network timing updates
- speedhacking issued undefined behaviour is significantly mitigated (not completely but i'd prefer to not bloat my code over such rare cases)

i'll be working on features from now, here's potential list (anything that involves guessing is very low priority):
rock prediction (involves guessing, it's not lagcompensated)
tongue cutter (involves guessing)
tongue aimbot/triggerbot (i've actually forgot to adjust lagcompensation for it but i'm not playing versus anyway)
animation cycles prediction (involves guessing, u-rates are synced already so it's just about latency adjustments now)
minigun aimbot (i'd like to work on it but just one thing that it's angle is limited thus impossibility to compensate spread accurately ruins it for me)
visual improvements (such as visually removing m_duckUntilOnGround)
This commit is contained in:
explorer 2024-10-24 12:39:44 +03:00
parent f26e099d55
commit 338a781f22
5 changed files with 469 additions and 490 deletions

View File

@ -33,9 +33,7 @@ void* Original_Copy_Command_Caller;
void __thiscall Redirected_Copy_Command(void* Unknown_Parameter, Command_Structure* Command) void __thiscall Redirected_Copy_Command(void* Unknown_Parameter, Command_Structure* Command)
{ {
Command->Frame_Number = Command->Command_Number % 150; Extended_Command_Structure* Extended_Command = &Extended_Commands[Command->Command_Number % 150];
Extended_Command_Structure* Extended_Command = &Extended_Commands[Command->Frame_Number];
Extended_Command->Extra_Commands = 0; Extended_Command->Extra_Commands = 0;
@ -45,17 +43,17 @@ void __thiscall Redirected_Copy_Command(void* Unknown_Parameter, Command_Structu
Global_Variables_Structure* Global_Variables = *(Global_Variables_Structure**)((unsigned __int32)Client_Module + 7096744); Global_Variables_Structure* Global_Variables = *(Global_Variables_Structure**)((unsigned __int32)Client_Module + 7096744);
__int8 First_Command = Extra_Commands == -1;
if (Extra_Commands == -1) if (Extra_Commands == -1)
{ {
*(__int32*)((unsigned __int32)Local_Player + 20) = Command->Command_Number;
void* Prediction_Frame = *(void**)((unsigned __int32)Local_Player + 1500); void* Prediction_Frame = *(void**)((unsigned __int32)Local_Player + 1500);
if (Prediction_Frame != nullptr) if (Prediction_Frame != nullptr)
{ {
if ((Command->Buttons & 524288) == 524288) if ((Command->Buttons & 524288) == 524288)
{ {
Extended_Command->Extra_Commands = max(0, Extra_Commands = std::clamp(Interface_Extra_Commands.Integer, (__int32)(0.06f / Global_Variables->Interval_Per_Tick + 0.5f), 21)); Extended_Command->Extra_Commands = max(0, Extra_Commands = std::clamp(Interface_Extra_Commands.Integer, (__int32)(0.06f / Global_Variables->Interval_Per_Tick + 0.5f), 14));
*(__int32*)Prediction_Frame = min(*(__int32*)Prediction_Frame + 1, Extended_Command->Extra_Commands * Interface_Interpolate_Extra_Commands.Integer); *(__int32*)Prediction_Frame = min(*(__int32*)Prediction_Frame + 1, Extended_Command->Extra_Commands * Interface_Interpolate_Extra_Commands.Integer);
} }
@ -184,11 +182,7 @@ void __thiscall Redirected_Copy_Command(void* Unknown_Parameter, Command_Structu
auto Sequence_Shift = [&](__int32 Reserve) auto Sequence_Shift = [&](__int32 Reserve)
{ {
if (First_Command == 0) if (Extended_Commands[*(__int32*)((unsigned __int32)Local_Player + 20) % 150].Sequence_Shift == 0)
{
Extended_Command->Sequence_Shift = Extended_Commands[((Command->Frame_Number - 1) % 150 + 150) % 150].Sequence_Shift;
}
else
{ {
__int32 Sequence_Shift = (*(__int32*)((unsigned __int32)Local_Player + 5324) + ~-150) / 150 * 150 + (Reserve * 150); __int32 Sequence_Shift = (*(__int32*)((unsigned __int32)Local_Player + 5324) + ~-150) / 150 * 150 + (Reserve * 150);
@ -196,21 +190,25 @@ void __thiscall Redirected_Copy_Command(void* Unknown_Parameter, Command_Structu
{ {
*(__int32*)((unsigned __int32)Network_Channel + 8) += Sequence_Shift; *(__int32*)((unsigned __int32)Network_Channel + 8) += Sequence_Shift;
Extended_Command->Sequence_Shift = Sequence_Shift; Extended_Command->Sequence_Shift += Sequence_Shift;
__int32 Command_Number = Command->Command_Number - 1;
Traverse_Command_Batch_Label:
{
if (Command_Number >= *(__int32*)((unsigned __int32)Local_Player + 20))
{
Extended_Commands[Command_Number % 150].Sequence_Shift = Extended_Command->Sequence_Shift;
Command_Number -= 1;
goto Traverse_Command_Batch_Label;
}
}
} }
} }
}; };
if (GetKeyState(VK_INSERT) < 0)
{
Sequence_Shift(2);
}
if (GetKeyState(VK_HOME) < 0)
{
Sequence_Shift(-2);
}
if (*(__int32*)((unsigned __int32)Local_Player + 228) == 3) if (*(__int32*)((unsigned __int32)Local_Player + 228) == 3)
{ {
if (*(__int8*)((unsigned __int32)Local_Player + 7322) == 1) if (*(__int8*)((unsigned __int32)Local_Player + 7322) == 1)
@ -227,6 +225,8 @@ void __thiscall Redirected_Copy_Command(void* Unknown_Parameter, Command_Structu
Sequence_Shift(2); Sequence_Shift(2);
} }
} }
Extended_Command->Sequence_Shift = Extended_Commands[*(__int32*)((unsigned __int32)Local_Player + 20) % 150].Sequence_Shift;
} }
else else
{ {
@ -234,13 +234,9 @@ void __thiscall Redirected_Copy_Command(void* Unknown_Parameter, Command_Structu
{ {
Sequence_Shift(2); Sequence_Shift(2);
} }
else
{ Extended_Command->Sequence_Shift = Extended_Commands[*(__int32*)((unsigned __int32)Local_Player + 20) % 150].Sequence_Shift;
//will be used later for reprediction
auto Predict = [&]() -> void
{
Run_Prediction();
{
void* Prediction = (void*)((unsigned __int32)Client_Module + 8072728); void* Prediction = (void*)((unsigned __int32)Client_Module + 8072728);
*(__int8*)((unsigned __int32)Prediction + 8) = 1; *(__int8*)((unsigned __int32)Prediction + 8) = 1;
@ -256,10 +252,6 @@ void __thiscall Redirected_Copy_Command(void* Unknown_Parameter, Command_Structu
Set_Host_Type((unsigned __int32)Client_Module + 1331184)((void*)((unsigned __int32)Client_Module + 7174888), nullptr); Set_Host_Type((unsigned __int32)Client_Module + 1331184)((void*)((unsigned __int32)Client_Module + 7174888), nullptr);
*(__int8*)((unsigned __int32)Prediction + 8) = 0; *(__int8*)((unsigned __int32)Prediction + 8) = 0;
}
};
Predict();
__int32 Block_Buttons = 2049; __int32 Block_Buttons = 2049;
@ -384,8 +376,6 @@ void __thiscall Redirected_Copy_Command(void* Unknown_Parameter, Command_Structu
__int8 Is_Melee = *(__int32*)((unsigned __int32)Weapon_Data + 352) * (*(__int32*)((unsigned __int32)Weapon_Data + 348) ^ 1) <= 1; __int8 Is_Melee = *(__int32*)((unsigned __int32)Weapon_Data + 352) * (*(__int32*)((unsigned __int32)Weapon_Data + 348) ^ 1) <= 1;
__int8 Reloading = *(__int8*)((unsigned __int32)Weapon + 2493);
__int32 Action = *(__int32*)((unsigned __int32)Local_Player + 7080); __int32 Action = *(__int32*)((unsigned __int32)Local_Player + 7080);
__int8 Reviving = *(void**)((unsigned __int32)Local_Player + 8076) != INVALID_HANDLE_VALUE; __int8 Reviving = *(void**)((unsigned __int32)Local_Player + 8076) != INVALID_HANDLE_VALUE;
@ -412,7 +402,7 @@ void __thiscall Redirected_Copy_Command(void* Unknown_Parameter, Command_Structu
__int8 Forced = 0; __int8 Forced = 0;
if ((Is_Melee + Reloading) * (Action + Reviving ^ 1) != 0) if ((*(__int8*)((unsigned __int32)Weapon + 2493) + Is_Melee) * (Action + Reviving ^ 1) != 0)
{ {
if ((Target->Identifier ^ 72) % 348 >= 72) if ((Target->Identifier ^ 72) % 348 >= 72)
{ {
@ -776,7 +766,6 @@ void __thiscall Redirected_Copy_Command(void* Unknown_Parameter, Command_Structu
Byte_Manager::Copy_Bytes(0, Command->Move, sizeof(Previous_Move), Previous_Move); Byte_Manager::Copy_Bytes(0, Command->Move, sizeof(Previous_Move), Previous_Move);
Correct_Movement(); Correct_Movement();
}
*(__int8*)((unsigned __int32)__builtin_frame_address(0) + 235) = Extra_Commands <= 0; *(__int8*)((unsigned __int32)__builtin_frame_address(0) + 235) = Extra_Commands <= 0;
} }

View File

@ -291,9 +291,6 @@ __int32 __stdcall DllMain(HMODULE This_Module, unsigned __int32 Call_Reason, voi
Byte_Manager::Set_Bytes(1, (void*)((unsigned __int32)Client_Module + 2655546), 1, 216); Byte_Manager::Set_Bytes(1, (void*)((unsigned __int32)Client_Module + 2655546), 1, 216);
*(void**)((unsigned __int32)Client_Module + 8115120) = (void*)((unsigned __int32)Client_Module + 955708); *(void**)((unsigned __int32)Client_Module + 8115120) = (void*)((unsigned __int32)Client_Module + 955708);
//rem: there is annoying "power bounce" effect (extremely noticeable with broken lerp)
//actually it's m_duckUntilOnGround
} }
_putws(L"[ + ] Paint"); _putws(L"[ + ] Paint");

View File

@ -1,21 +1,16 @@
void Run_Prediction()
{
using Run_Prediction_Type = void(__cdecl*)();
Run_Prediction_Type((unsigned __int32)Engine_Module + 527776)();
}
__int32 Extra_Commands; __int32 Extra_Commands;
void* Original_Move_Caller; void* Original_Move_Caller;
void Redirected_Move(float Unknown_Parameter, __int8 Final) void Redirected_Move(float Unknown_Parameter, __int8 Final)
{ {
using Run_Prediction_Type = void(__cdecl*)();
if (*(void**)((unsigned __int32)Client_Module + 7498712) != nullptr) if (*(void**)((unsigned __int32)Client_Module + 7498712) != nullptr)
{ {
Redirected_Read_Packets(Final); Redirected_Read_Packets(Final);
Run_Prediction(); Run_Prediction_Type((unsigned __int32)Engine_Module + 527776)();
using Update_Animations_Type = void(__cdecl*)(); using Update_Animations_Type = void(__cdecl*)();
@ -40,7 +35,7 @@ void Redirected_Move(float Unknown_Parameter, __int8 Final)
{ {
(decltype(&Redirected_Move)(Original_Move_Caller))(Unknown_Parameter, Final); (decltype(&Redirected_Move)(Original_Move_Caller))(Unknown_Parameter, Final);
Run_Prediction(); Run_Prediction_Type((unsigned __int32)Engine_Module + 527776)();
if (Extra_Commands > 0) if (Extra_Commands > 0)
{ {

View File

@ -8,9 +8,7 @@ struct Command_Structure
float Angles[3]; float Angles[3];
float Move[2]; float Move[3];
__int32 Frame_Number;
__int32 Buttons; __int32 Buttons;
@ -30,13 +28,13 @@ Extended_Command_Structure Extended_Commands[150];
void* Original_Run_Command_Caller; void* Original_Run_Command_Caller;
void __thiscall Redirected_Run_Command(void* Prediction, void* Player, Command_Structure* Command, void* Unknown_Parameter) void __thiscall Redirected_Run_Command(void* Prediction, void* Player, Command_Structure* Command, void* Move_Helper)
{ {
Extended_Command_Structure* Extended_Command = &Extended_Commands[Command->Frame_Number]; Extended_Command_Structure* Extended_Command = &Extended_Commands[*(__int32*)((unsigned __int32)Player + 5620) % 150];
*(__int32*)((unsigned __int32)Player + 5324) -= Extended_Command->Extra_Commands + Extended_Command->Sequence_Shift; *(__int32*)((unsigned __int32)Player + 5324) -= Extended_Command->Extra_Commands + Extended_Command->Sequence_Shift;
(decltype(&Redirected_Run_Command)(Original_Run_Command_Caller))(Prediction, Player, Command, Unknown_Parameter); (decltype(&Redirected_Run_Command)(Original_Run_Command_Caller))(Prediction, Player, Command, Move_Helper);
if (__builtin_return_address(0) == (void*)((unsigned __int32)Client_Module + 423107)) if (__builtin_return_address(0) == (void*)((unsigned __int32)Client_Module + 423107))
{ {

View File

@ -62,7 +62,7 @@ void Redirected_Send_Move()
void* Network_Channel = *(void**)(*(unsigned __int32*)((unsigned __int32)Engine_Module + 4352236) + 24); void* Network_Channel = *(void**)(*(unsigned __int32*)((unsigned __int32)Engine_Module + 4352236) + 24);
*(__int32*)((unsigned __int32)Network_Channel + 28) -= Extra_Commands_Queue; //td: should do same thing i'm doing in v34 instead *(__int32*)((unsigned __int32)Network_Channel + 28) -= Extra_Commands_Queue;
using Send_Network_Message_Type = void(__thiscall**)(void* Network_Channel, void* Message, void* Unknown_Parameter_1, void* Unknown_Parameter_2); using Send_Network_Message_Type = void(__thiscall**)(void* Network_Channel, void* Message, void* Unknown_Parameter_1, void* Unknown_Parameter_2);