Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(gta-streaming-five): sanitize ragdoll component based in attach bone #3186

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(gta-streaming-five): sanitize ragdoll component based in attach bone #3186

wants to merge 1 commit into from
+36 −0

Conversation

DaniGP17
Copy link
Contributor

@DaniGP17 DaniGP17 commented Feb 22, 2025
edited
Loading

Goal of this PR

Validate that the component obtained from the attachment index is not -1, which represents an invalid position in the component array.

There are some peds that don't have the same attachment bones as the common ones and when the ragdoll is activated with a weapon it causes it to crash near people.

How is this PR achieving the goal

Patching a part of the CPedWeaponManager::SwitchToRagdoll function to validate that the r13 register representing the component value is not -1.

This PR applies to the following area(s)

FiveM

Successfully tested on

Game builds: 1, 1604, 3407

Platforms: Windows

Checklist

  • Code compiles and has been tested successfully.
  • Code explains itself well and/or is documented.
  • My commit message explains what the changes do and what they are for.
  • No extra compilation warnings are added by these changes.

Fixes issues

fixes #3185

@github-actions github-actions bot added the invalid Requires changes before it's considered valid and can be (re)triaged label Feb 22, 2025
@iridium-cfx
Copy link
Contributor

The index is used a few times before this in the same function.
Would it be better to just return from the function if it's -1, right after getting the index?

@DaniGP17
Copy link
Contributor Author

The index is used a few times before this in the same function. Would it be better to just return from the function if it's -1, right after getting the index?

I assume you mean jumping directly here, right?
image
Is it better to calculate that position with an offset from the current pattern or to get a new pattern for that location?

@iridium-cfx
Copy link
Contributor

The index is used a few times before this in the same function. Would it be better to just return from the function if it's -1, right after getting the index?

I assume you mean jumping directly here, right? image Is it better to calculate that position with an offset from the current pattern or to get a new pattern for that location?

Yeah, and uh, it's quite a large function, so maybe sig scan with an assert that the distance is vaguely correct.

@DaniGP17
Copy link
Contributor Author

Yeah, and uh, it's quite a large function, so maybe sig scan with an assert that the distance is vaguely correct.

This is the code looking for the pattern of the fail location:

auto location = hook::get_pattern("48 8B 91 ? ? ? ? 48 8D 8D");
hook::nop(location, 7);
const auto successPtr = reinterpret_cast<intptr_t>(location) + 7;
const auto failPtr = reinterpret_cast<intptr_t>(hook::get_pattern("4C 8D 85 ? ? ? ? E8 ? ? ? ? 4C 8D 9C 24 ? ? ? ? 49 8B 5B ? 41 0F 28 73", 12));
trace("CPedWeaponManager::SwitchToRagdoll: %lld\n", static_cast<long long>(failPtr - reinterpret_cast<intptr_t>(location))); // 1375
patchStub.Init(successPtr, failPtr);
hook::jump(location, patchStub.GetCode());

But I didn't understand the assert, do you mean something like this?

assert((failPtr - reinterpret_cast<intptr_t>(location)) < 2000);

@iridium-cfx
Copy link
Contributor

Yeah, and uh, it's quite a large function, so maybe sig scan with an assert that the distance is vaguely correct.

This is the code looking for the pattern of the fail location:

auto location = hook::get_pattern("48 8B 91 ? ? ? ? 48 8D 8D");
hook::nop(location, 7);
const auto successPtr = reinterpret_cast<intptr_t>(location) + 7;
const auto failPtr = reinterpret_cast<intptr_t>(hook::get_pattern("4C 8D 85 ? ? ? ? E8 ? ? ? ? 4C 8D 9C 24 ? ? ? ? 49 8B 5B ? 41 0F 28 73", 12));
trace("CPedWeaponManager::SwitchToRagdoll: %lld\n", static_cast<long long>(failPtr - reinterpret_cast<intptr_t>(location))); // 1375
patchStub.Init(successPtr, failPtr);
hook::jump(location, patchStub.GetCode());

But I didn't understand the assert, do you mean something like this?

assert((failPtr - reinterpret_cast<intptr_t>(location)) < 2000);

Yeah, that's fine.

@DaniGP17
Copy link
Contributor Author

I think it's better to leave it as it was before because now it seems to skip some function in charge of cleaning the weapon, and it stays floating when I get run over.
image

@iridium-cfx
Copy link
Contributor

Oh right, I mean return right after reading the index, 4C 63 2C 88 48 8B 82, hopefully it won't break with that?

@DaniGP17 DaniGP17 force-pushed the fix/weapon-ragdoll-bone branch from bea5663 to 457519b Compare February 24, 2025 14:58
@github-actions github-actions bot added triage Needs a preliminary assessment to determine the urgency and required action and removed invalid Requires changes before it's considered valid and can be (re)triaged labels Feb 24, 2025
@DaniGP17
Copy link
Contributor Author

It should be good now, tested and seems to be working as expected

@github-actions github-actions bot added invalid Requires changes before it's considered valid and can be (re)triaged and removed triage Needs a preliminary assessment to determine the urgency and required action labels Feb 24, 2025
@what11-ctrl
Copy link

what11-ctrl commented Feb 24, 2025
edited
Loading

When will it be updated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
invalid Requires changes before it's considered valid and can be (re)triaged
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

GTA5_b3258.exe!sub_141066CFC(0x5c5) Crash
3 participants
@DaniGP17 @iridium-cfx @what11-ctrl