- Status
- Offline
- Joined
- Mar 3, 2026
- Messages
- 122
- Reaction score
- 7
Anyone else grinding through the Rust codebase lately? Found a weird bottleneck while messing with the ConsoleSystem.
I am looking for a clean way to block serverside console commands from executing locally, but I want to avoid the usual suspects. I have already ruled out setting allowRunFromServer to false, as it's too obvious and triggers too many flags. I am also trying to steer clear of a standard detour hook on ConsoleSystem.Run because that is just begging for a manual ban or a flagged module detection in any decent environment.
Has anyone tried patching the internal command dispatching logic directly, or are you guys sticking to VTable hooking for this? I feel like there has to be a cleaner way to filter the command list before it hits the execution stage without messing with the Run() method itself.
Tech-wise:
If anyone has a better handle on the command processing flow or a different hook point that is less "noisy" than the standard console system hooks, drop a hint. Are you guys just sanitizing the input stream or finding a way to nullify the command ID internally?
Let me know if you have tested any alternative bypasses for this, or if you've found a better way to handle the command validation loop without getting flagged. Curious to see how you're handling this in your current builds.
I am looking for a clean way to block serverside console commands from executing locally, but I want to avoid the usual suspects. I have already ruled out setting allowRunFromServer to false, as it's too obvious and triggers too many flags. I am also trying to steer clear of a standard detour hook on ConsoleSystem.Run because that is just begging for a manual ban or a flagged module detection in any decent environment.
Has anyone tried patching the internal command dispatching logic directly, or are you guys sticking to VTable hooking for this? I feel like there has to be a cleaner way to filter the command list before it hits the execution stage without messing with the Run() method itself.
Tech-wise:
- Approach: Looking to intercept before the command hits the buffer.
- Constraint: Needs to be stealthy; no broad detours that look like obvious patches in memory.
- Context: Avoiding global settings that get picked up by integrity checks.
If anyone has a better handle on the command processing flow or a different hook point that is less "noisy" than the standard console system hooks, drop a hint. Are you guys just sanitizing the input stream or finding a way to nullify the command ID internally?
Let me know if you have tested any alternative bypasses for this, or if you've found a better way to handle the command validation loop without getting flagged. Curious to see how you're handling this in your current builds.
