Quote:
Originally Posted by L. Duke
Anyone have any ideas on how I could go about finding CTFGameStats::IncrementStat(CTFPlayer *, TFStatType_t, int) ???
|
I think this is another unsiggable function because each time I get to a function that references it, I get:
Code:
v11 = 684 * (*(int (__stdcall **)(_DWORD))(*(_DWORD *)dword_1047E1B8 + 72))(*(_DWORD *)(v3 + 24));
++*(_DWORD *)(v11 + v4 + 156);
++*(_DWORD *)(v11 + v4 + 248);
++*(_DWORD *)(v11 + v4 + 340);
return v11 + v4 + 148;
It doesn't look like it's being directly called :S
What you can probably do is use this:
Code:
\x2A\x2A\x2A\x2A\x2A\x83\xB8\x18\x03\x00\x00\x04\x53\x2A\x2A\x2A\x2A\x56\x57\x8B\xF1\xBF\x01\x00\x00\x00\x75\x39
Which is the (untested) signature for CTFGameStats_Event_PlayerFiredWeapon which
calls CTFGameStats::IncrementStats. From there....
Code:
void* pfnIncStats = NULL;
void* pfnFireWeaponFunc = gSigMngr.findsignature(laddr, the_sig_above, length_of_above_sig);
typedef void (*IncrementStatsFunc)( void* /* this */, int /* TFStat Type */, int /* Some random integer :S */);
IncrementStatsFunc pStatsFunc;
//Not sure if this is right. Very low level and only for windows :/
memcpy( pfnIncStats, ((char *)pfnFireWeaponFunc + 0x65), sizeof(char *) );
//Call the function :D
//....
This should rip the pointer to CTFGameStats__IncStats directly from eax (assuming I did the hex right
)
Let me know if it works for you.