Undetected airstuck method

[verideth_01]

today I present a p100 exploit found by me and its airstuck without using tickcount.

no this wont get you untrusted, its a completely different way of doing it

Code:

typedef void(__thiscall* o_proc_movement)(void*, CBaseEntity*, CMoveData*);

theres the original

Code:

void __stdcall procmovement_hk(CBaseEntity* ply, CMoveData* mv)
{
	while (GetAsyncKeyState(VK_INSERT))
	{		
		mv->m_outStepHeight = -1.0; // stop movement of player, stepheight is how far a player steps,
									// set it to neg, and we get airstuck ;) (credits to Verideth for all the reversing done)
	}

	procmovement_original(movement, ply, mv);
}

theres the hook

Code:

CGameMovement* movement = (CGameMovement*)interface_tools->get_interface("client.dll", "GameMovement001");

theres the interface.

hf

all credits goes to me for reversing, and finding this exploit.

it might get patched, idk, we'll find out

add me on steam if you have any questions. /id/verideth_x

[affe2626]

today I present a p100 exploit found by me and its airstuck without using tickcount.

no this wont get you untrusted, its a completely different way of doing it

Code:

typedef void(__thiscall* o_proc_movement)(void*, CBaseEntity*, CMoveData*);

theres the original

Code:

void __stdcall procmovement_hk(CBaseEntity* ply, CMoveData* mv)
{
	while (GetAsyncKeyState(VK_INSERT))
	{		
		mv->m_outStepHeight = -1.0; // stop movement of player, stepheight is how far a player steps,
									// set it to neg, and we get airstuck ;) (credits to Verideth for all the reversing done)
	}

	procmovement_original(movement, ply, mv);
}

theres the hook

Code:

CGameMovement* movement = (CGameMovement*)interface_tools->get_interface("client.dll", "GameMovement001");

theres the interface.

hf

all credits goes to me for reversing, and finding this exploit.

it might get patched, idk, we'll find out

add me on steam if you have any questions. /id/verideth_x

What's different from the tick_count method?

[verideth_01]

What's different from the tick_count method?

The difference is one is smooth and ones not.

and this is a actually a non retarded way of doing it, and true airstuck.

while with tickcount you risk getting untrusted, and you fall slowly to the ground. this method doesnt do any of that.

[affe2626]

The difference is one is smooth and ones not.

and this is a actually a non retarded way of doing it, and true airstuck.

while with tickcount you risk getting untrusted, and you fall slowly to the ground. this method doesnt do any of that.

Okay, btw what index is ProcessMovement at? Tried IGameMovement's first function and it did work a bit. The while loop froze my game obviously and gave me some kinda laggy slowmo effect (my friend looked at me). An if statement didn't do anything. Also tried index 7 & 8 & 9, nothing happened.

Code:

typedef void(__thiscall* ProcessMovementFn)(void*, CEntity*, CMoveData*);
		void __fastcall ProcessMovement_Hooked(void* ecx, void* edx, CEntity* pEntity, CMoveData* pMoveData)
		{
			while (MenuObjects::AirStuckEnabled.Get() && GetAsyncKeyState('C'))
				pMoveData->m_outStepHeight = -1;
			pGameMovementHook->GetOriginal<ProcessMovementFn>(1)(ecx, pEntity, pMoveData);
		}

[verideth_01]

Okay, btw what index is ProcessMovement at? Tried IGameMovement's first function and it did work a bit. The while loop froze my game obviously and gave me some kinda laggy slowmo effect (my friend looked at me). An if statement didn't do anything. Also tried index 7 & 8 & 9, nothing happened.

Code:

typedef void(__thiscall* ProcessMovementFn)(void*, CEntity*, CMoveData*);
		void __fastcall ProcessMovement_Hooked(void* ecx, void* edx, CEntity* pEntity, CMoveData* pMoveData)
		{
			while (MenuObjects::AirStuckEnabled.Get() && GetAsyncKeyState('C'))
				pMoveData->m_outStepHeight = -1;
			pGameMovementHook->GetOriginal<ProcessMovementFn>(1)(ecx, pEntity, pMoveData);
		}

Its 1 in CGameMovement. should've specified. my bad.

[affe2626]

Its 1 in CGameMovement. should've specified. my bad.

Yeah but CGameMovement inherits from IGameMovement so CGameMovement's ProcessMovement should be index 7 if I have the correct classes (which I should because GameMovement001 interface is the first I'd assume).

What's the definition of CMoveData for you? I use AlliedModders Source SDK (Source SDK but some things are updated.)

Code:

class CMoveData
{
public:
	bool			m_bFirstRunOfFunctions : 1;
	bool			m_bGameCodeMovedPlayer : 1;

	EntityHandle_t	m_nPlayerHandle;	// edict index on server, client entity handle on client

	int				m_nImpulseCommand;	// Impulse command issued.
	QAngle			m_vecViewAngles;	// Command view angles (local space)
	QAngle			m_vecAbsViewAngles;	// Command view angles (world space)
	int				m_nButtons;			// Attack buttons.
	int				m_nOldButtons;		// From host_client->oldbuttons;
	float			m_flForwardMove;
	float			m_flSideMove;
	float			m_flUpMove;
	
	float			m_flMaxSpeed;
	float			m_flClientMaxSpeed;

	// Variables from the player edict (sv_player) or entvars on the client.
	// These are copied in here before calling and copied out after calling.
	Vector			m_vecVelocity;		// edict::velocity		// Current movement direction.
	QAngle			m_vecAngles;		// edict::angles
	QAngle			m_vecOldAngles;
	
// Output only
	float			m_outStepHeight;	// how much you climbed this move
	Vector			m_outWishVel;		// This is where you tried 
	Vector			m_outJumpVel;		// This is your jump velocity

	// Movement constraints	(radius 0 means no constraint)
	Vector			m_vecConstraintCenter;
	float			m_flConstraintRadius;
	float			m_flConstraintWidth;
	float			m_flConstraintSpeedFactor;

	void			SetAbsOrigin( const Vector &vec );
	const Vector	&GetAbsOrigin() const;

private:
	Vector			m_vecAbsOrigin;		// edict::origin
};

EDIT: Got it to work with index 1 and setting the step height to FLT_MIN. Btw, if I do it with an if statement it doesn't work. The while just freezes the thread lol

[verideth_01]

Yeah but CGameMovement inherits from IGameMovement so CGameMovement's ProcessMovement should be index 7 if I have the correct classes (which I should because GameMovement001 interface is the first I'd assume).

What's the definition of CMoveData for you? I use AlliedModders Source SDK (Source SDK but some things are updated.)

Code:

class CMoveData
{
public:
	bool			m_bFirstRunOfFunctions : 1;
	bool			m_bGameCodeMovedPlayer : 1;

	EntityHandle_t	m_nPlayerHandle;	// edict index on server, client entity handle on client

	int				m_nImpulseCommand;	// Impulse command issued.
	QAngle			m_vecViewAngles;	// Command view angles (local space)
	QAngle			m_vecAbsViewAngles;	// Command view angles (world space)
	int				m_nButtons;			// Attack buttons.
	int				m_nOldButtons;		// From host_client->oldbuttons;
	float			m_flForwardMove;
	float			m_flSideMove;
	float			m_flUpMove;
	
	float			m_flMaxSpeed;
	float			m_flClientMaxSpeed;

	// Variables from the player edict (sv_player) or entvars on the client.
	// These are copied in here before calling and copied out after calling.
	Vector			m_vecVelocity;		// edict::velocity		// Current movement direction.
	QAngle			m_vecAngles;		// edict::angles
	QAngle			m_vecOldAngles;
	
// Output only
	float			m_outStepHeight;	// how much you climbed this move
	Vector			m_outWishVel;		// This is where you tried 
	Vector			m_outJumpVel;		// This is your jump velocity

	// Movement constraints	(radius 0 means no constraint)
	Vector			m_vecConstraintCenter;
	float			m_flConstraintRadius;
	float			m_flConstraintWidth;
	float			m_flConstraintSpeedFactor;

	void			SetAbsOrigin( const Vector &vec );
	const Vector	&GetAbsOrigin() const;

private:
	Vector			m_vecAbsOrigin;		// edict::origin
};

EDIT: Got it to work with index 1 and setting the step height to FLT_MIN. Btw, if I do it with an if statement it doesn't work. The while just freezes the thread lol

haha glad you got it to work.

yup, this is a shitty way to do it. I just released it so people have another way to know of it.

however, the main reason I released this is because this isnt all you can do

you can actually freeze the thread FOR ALL THE FUCKING PLAYERS if done right, and me and a fellow reverser were theorizing how we'd do that.

sorry, i might've wasted your time lol.

i'll report back when I do some more reversing

[certmemer]

while with tickcount you risk getting untrusted, and you fall slowly to the ground. this method doesnt do any of that.

so youre saying you can shoot with this method?

[affe2626]

so youre saying you can shoot with this method?

Nah, that while-loop freezes the game so you obviously can't shoot. Btw, shooting while tickcount airstucking, does that even trigger untrusted?

[certmemer]

Nah, that while-loop freezes the game so you obviously can't shoot. Btw, shooting while tickcount airstucking, does that even trigger untrusted?

idk, for some reason everyone checks for the IN_ATTACK flag so i guess it is

[WildAssassinz]

theres nothing useful about airstuck afaik

[affe2626]

theres nothing useful about airstuck afaik

??? flying above shit like A main in Cache, landing on T's and knifing them is useful af xD.

idk, for some reason everyone checks for the IN_ATTACK flag so i guess it is

Yeah, tried it without and I didn't get banned. The reason is because if you wanna shoot then you'll shoot but fall instead of not being able to shoot at all.

[WildAssassinz]

??? flying above shit like A main in Cache, landing on T's and knifing them is useful af xD.


Yeah, tried it without and I didn't get banned. The reason is because if you wanna shoot then you'll shoot but fall instead of not being able to shoot at all.

hmm maybe because i dont play mm much