IInput_New* pInput = reinterpret_cast< IInput_New* >( GInput );
CUserCmd* pCmd = pInput->GetUserCmd( sequence_number );
Msg("--------------\n");
Msg("pCmd: [0x%.8X]\n", (DWORD)pCmd);
Msg("sequence_number: %i\n", sequence_number);
Msg("--------------\n");

if( pCmd )
{
Msg( "passed if" );
// Modify the CUserCmd here, aimbots, triggerbots, spinbots, etc

if ( GEngine->IsInGame() )
{
if ( pCmd->buttons & IN_ATTACK )
{
aimbot *aim;
aim->runaim( pCmd );
Msg( "aim is running" );
}
}

CVerifiedUserCmd* pVerified = pInput->GetVerifiedUserCmd( sequence_number );

if( pVerified )
{
memcpy( &pVerified->m_cmd, pCmd, sizeof( CUserCmd ) );

pVerified->m_crc = pCmd->GetChecksum();
}

}


The above was found in s0beit's css base hook (for ob engine). I just added aimbot to it.
The aimbot works perfectly, the code has been tested on other places.
Now I want to call the aimbot when a button is pressed.
but when I check the console, I see that the pointer pCmd is [0x000000] ( seemed like NULL pointer) and sequence_number was 1(is this normal?).
Can anyone tell me what is wrong? (also it doesn't pass pCmd in the "if".)
Please help me, first time coding a hack, however I've been coding for mods and games.

Try this (Look at the disasm of GetUserCmd and you'll see the offset of 0xB4 stores a pointer to an array of CUserCmds, then look at the header files and you notice the array of verified being declared right below it, so it must be at offset 0xB8)

CUserCmd* pUserCmd = *reinterpret_cast<CUserCmd**>((size_t)pInput + 0xB4) + (sequence_number%MULTIPLAYER_BACKUP);
CVerifiedUserCmd* pVerified = *reinterpret_cast<CVerifiedUserCmd**>((size_t)pInput + 0xB8) + (sequence_number%MULTIPLAYER_BACKUP);


Not sure what this line is good for:

IInput_New* pInput = reinterpret_cast< IInput_New* >( GInput );

void __stdcall new_CreateMove( int sequence_number, float input_sample_frametime, bool active )
{
GClient_VTable.CreateMove( sequence_number, input_sample_frametime, active );


CUserCmd* pUserCmd = *reinterpret_cast<CUserCmd**>((size_t)GInput + 0xB4) + (sequence_number%MULTIPLAYER_BACKUP);


if (pUserCmd)
{
if ( GEngine->IsInGame() )
{
if ( pUserCmd->buttons & IN_ATTACK )
{
Msg( "button pressed." );
}
}
}


CVerifiedUserCmd* pVerified = *reinterpret_cast<CVerifiedUserCmd**>((size_t)GInput + 0xB8) + (sequence_number%MULTIPLAYER_BACKUP);
}

This is my create move function right now, the game just crashes when I press a button in game.
(GInput is an direct pointer to CInput, and "IInput_New" seemed to be a struct containing CUserCmd, CVerifiedCommands pointers:


struct IInput_New
{
IInput_VTable* VTable;
unsigned char Unknown001[0xB0];
CUserCmd* m_pCommands;
CVerifiedUserCmd* m_pVerifiedCommands;

__forceinline CUserCmd* GetUserCmd( int sequence_number )
{
if( m_pCommands == NULL ) return NULL;

return &m_pCommands[ sequence_number % 90 ];
};

__forceinline CVerifiedUserCmd* GetVerifiedUserCmd( int sequence_number )
{
if( m_pVerifiedCommands == NULL ) return NULL;

return &m_pVerifiedCommands[ sequence_number % 90 ];
};
}; )

Thanks for the help anyways.

Oh IC, yeah just use your IInput_New (although calling it CMyInput would make more sense), makes things easier for ya :P

Well, the only reason why that code would fail is if your pInput ptr is wrong, how do you get it?

Another note: CreateMove is only ran when you're actually ingame (makes GEngine->IsInGame() redundant) as well as pUserCmd will ALWAYS be valid.

I can confirm that is it working using the IInput_new, I've been struggling with this myself, just got it working :)

Edit: It only partially works, it seems I can check if I'm shooting, but not make me shoot :S

In your first post it shows that you are properly veryfing the CUserCmd (assuming that GetChecksum is correct), it should just work really :P

For me it crashes when it is copying it to the verified usercmd...

Oh wait you're a different person...

Uhm idk, it should work really...

I can confirm that is it working using the IInput_new, I've been struggling with this myself, just got it working :)

Edit: It only partially works, it seems I can check if I'm shooting, but not make me shoot :S


Can you please share the code on how you got the check working?

Oh IC, yeah just use your IInput_New (although calling it CMyInput would make more sense), makes things easier for ya :P

Well, the only reason why that code would fail is if your pInput ptr is wrong, how do you get it?

Another note: CreateMove is only ran when you're actually ingame (makes GEngine->IsInGame() redundant) as well as pUserCmd will ALWAYS be valid.

help.

DWORD *pdwLevel = reinterpret_cast< DWORD* >( reinterpret_cast< DWORD >( GClient_VTable.LevelInitPreEntity ) + 0xF );

GInput = reinterpret_cast< CInput* >( *pdwLevel );

GApp.AddToLogFileA( "hook.log", "(CInput) 0x%X", GInput );

// test
PDWORD *pdwInput = reinterpret_cast< PDWORD* >( GInput );

if( pdwInput == NULL )
return false;

if( *pdwInput == NULL )
return false;

GInput_VTable_Hook = reinterpret_cast< IInput_VTable* >( *pdwInput );

memcpy( &GInput_VTable, reinterpret_cast< void* >( *pdwInput ), sizeof( IInput_VTable ) );

this is how I get the GInput pointer, in HookAttempt function (as from the name, gets called when attempting to hook)

It that correct? I get a null pointer everytime... also sequence_number is 1 everytime, I'm pretty sure that that's not it.

g_pinput->craetemove @ vtable[3] = win

I now got no problem getting the usercmd, but it's crashing when I try to verify it... Any help?
I use the exact same method as ileekor uses.

I now got no problem getting the usercmd, but it's crashing when I try to verify it... Any help?
I use the exact same method as ileekor uses.

well, cuz it's a null pointer thats why. I think it's hooking the wrong thing, I don't get correct sequence_number

well, cuz it's a null pointer thats why. I think it's hooking the wrong thing, I don't get correct sequence_number

No, my usercmd pointer is not null, it's the verified that is causing the crash, I can read from the usercmd, just not write...

It sounds like not using CUserCmd was a good idea for me =D
I've managed to make my aimbot without having to use it at all, but I'm afraid I'll have to use it for no spread.

So back on topic, I know that some of the vtable stuff in css is off, so if you are using some vtable function to verify the pointer it may just be the function itself that does that. If you're just trying to get the addy/value of the pointer then I have no idea why it's crashing.

~lilneo