hClientDLL not found after 25th anniversary update

[8dcc]

After the update of 17/10/2023, the cheat cannot inject with the following error message:

hl-cheat: Injected.
hl-cheat: globals_init: Can't find hClientDLL
hl-cheat: load: Error loading globals, aborting

This is of course caused by:

hl-cheat/src/globals.c

Lines 43 to 53 in c6f9e38

	hw = dlopen("hw.so", RTLD_LAZY | RTLD_NOLOAD);
	if (!hw) {
	ERR("Can't open hw.so");
	return false;
	}
	h_client = (void**)dlsym(hw, "hClientDLL");
	if (!h_client) {
	ERR("Can't find hClientDLL");
	return false;
	}

If we look at the output of readelf (Thanks to @UnkwUsr) and we compare the old vs. new hw.so files, we see:

$ readelf -a hw.so.new | grep hClientDLL
  1434: 007fe6a8     4 OBJECT  LOCAL  DEFAULT   24 hClientDLL
$ readelf -a hw.so.prev | grep hClientDLL
001aec9d  00004801 R_386_32          0081b4a0   hClientDLL
001aed2f  00004801 R_386_32          0081b4a0   hClientDLL
...
001b07b5  00004801 R_386_32          0081b4a0   hClientDLL
0020cf1e  00004801 R_386_32          0081b4a0   hClientDLL
    72: 0081b4a0     4 OBJECT  GLOBAL DEFAULT   22 hClientDLL
  1392: 0081b4a0     4 OBJECT  GLOBAL DEFAULT   22 hClientDLL

I am not sure if the problem is caused by this GLOBAL to LOCAL change, but the disassembly of ClientDLL_Init was pretty similar in both .so files:

Note
IDA couldn't successfully disassembly the new or the old functions, so I used rizin instead, which worked perfectly.

Since Counter-Strike 1.6 is broken as well, and I imagine it will get fixed in a couple of days, I am going to wait until everything is stable before spending more time into this.

[8dcc]

This is also the case with CL_Move:

$ readelf -s hw.so.new | grep -w CL_Move
  3088: 001391f0  2086 FUNC    LOCAL  DEFAULT   11 CL_Move
$ readelf -s hw.so.prev | grep -w CL_Move
  1765: 00192090  1990 FUNC    GLOBAL DEFAULT   10 CL_Move
  3085: 00192090  1990 FUNC    GLOBAL DEFAULT   10 CL_Move

Which we get in hooks_init():

hl-cheat/src/hooks.c

Lines 38 to 45 in c6f9e38

	/* Detour hooks */
	void* clmove_ptr = dlsym(hw, "CL_Move");
	if (!clmove_ptr)
	return false;
	/* Initialize detour_data_clmove struct for detour, and add the hook */
	detour_init(&detour_data_clmove, clmove_ptr, (void*)h_CL_Move);
	detour_add(&detour_data_clmove);

[Omega172]

Now this is for windows, I was using your source as a reference for my own project but...

/*
.data:003276B8 ?IEngineStudio@@3Uengine_studio_api_s@@A engine_studio_api_s <?>
.data:003510B8 _pmove          dd 
.data:00309730 ?gEngfuncs@@3Ucl_enginefuncs_s@@A cl_enginefuncs_s <?>
*/
const HMODULE hClient = GetModuleHandleA("client.dll");

uintptr_t uiModuleBase = reinterpret_cast<uintptr_t>(hClient);
pEngineFuncs = reinterpret_cast<cl_enginefunc_t*>(uiModuleBase + 0x309730);
pClient = reinterpret_cast<cl_clientfunc_t*>(GetProcAddress(hClient, "F"));
pPlayerMove = *reinterpret_cast<playermove_t**>(uiModuleBase + 0x3510B8);
pEngineStudio = reinterpret_cast<engine_studio_api_t*>(uiModuleBase + 0x3276B8);

I have gotten almost everything working based on your source.

Pretty much everything you used to access that was exported by the dynamic library is still stored in memory at a static offset, all you have to do is grab it. I would get you the offsets for the linux libs but I don't have them.

In regard to your hooks on CreateMove, PostRunCmd, and CalcRefDef

void* pCreateMove = GetProcAddress(hClient, "CL_CreateMove");
void* pHUD_PostRunCmd = GetProcAddress(hClient, "HUD_PostRunCmd");
void* pV_CalcRefDef = GetProcAddress(hClient, "V_CalcRefdef");

[liberteryen]

Any update?

[Omega172]

I now have a Linux machine to test with, I may at some point see if I can get it working on hl again

[liberteryen]

I now have a Linux machine to test with, I may at some point see if I can get it working on hl again

This is much needed because Half-Life's Steam Legacy mode no longer works on Linux. Good Luck 💟