[Nican]

I can't get the right way to do it

I alredy tried:

PHP Code:

playeroffset = FindSendPropOffs("CTFPlayerResource", "m_iPlayerClass");
GetEntData(entity, playeroffset + ((client-1) * 4), 4); 


and

PHP Code:

playeroffset = FindSendPropOffs("CTFPlayer", "m_iClass");
GetEntData(entity, playeroffset, 4); 


But they only return me 0's, any idea how do I have to do it?


one more thing:
Where can I find TF2 list of events?

[Nican]

I found it out!

I will be releasing it in My tf tools plugins soon

[Nican]

New problem:
I do this to get player class:

PHP Code:

public GetPlayerClass(client){
    return GetEntData(ResourceEnt, TF_offsets[RESOURCES][RESOURCES_CLASS] + (client*4), 4);
} 


It works perfectly...

But, when I do this:

PHP Code:

public SetPlayerClass(client, class){
     if(class < 1 || class > 9)
         return false;
    SetEntData(ResourceEnt, TF_offsets[RESOURCES][RESOURCES_CLASS] + (client*4), class, 4, true);
    return true;
} 


Nothing happens, and if I check the value again, it still as the old one

[BAILOPAN]

I am pretty sure that the resource table is "get" only. If you set it, it will get overwritten next frame. The resource table polls its data from other sources.

As an aside, why are those functions public?

[Nican]

I never really got the difference between public, stock, notihng...

What should they be?

[BAILOPAN]

public is exported as a callback.
stock is meant for include files where the function can be left uncompiled if unused.

[Nican]

Ok... I am out of ideas

I already tried
-Changing the Resource table
-Hooking the "player_changeclass" event at pre, and stoping it
-Firing "player_changeclass" to change player class
-Chaging m_iClass and m_iDesiredPlayerClass

None seem to work in any way, the only thing left now is SigScan, but I don't know how D:

[BAILOPAN]

I disassembled the joinclass command and these are my notes:

- It fires player_changeclass.
- It calls virtual function CTFPlayer::ForceRespawn (279 on windows)

It changed a few netprops as well but I couldn't tell which (was too lazy), so you probably indeed need to change m_iClass in there somewhere.

Easy way out is to just fire the joinclass command.

[Nican]

Where can I learn to disassemble things?

I want to take a deeper look into that...

[BAILOPAN]

To really learn how to disassemble you have to get familiar with how the machine architecture works and how to debug native code. Usually, it's not something you can fully pick up overnight or from a tutorial.

Specifically, I used IDA Pro to open the server_i486.so binary and looked for symbols containing "class." I found _ZN9CTFPlayer23HandleCommand_JoinClassEPKc:



Which can also be demangled as:

Code:

dvander@gluttony:~$ c++filt _ZN9CTFPlayer23HandleCommand_JoinClassEPKc
CTFPlayer::HandleCommand_JoinClass(char const*)
dvander@gluttony:~$

I started the server inside GDB, then did:

Code:

(gdb) br _ZN9CTFPlayer23HandleCommand_JoinClassEPKc
Breakpoint 1 at 0xb579d400
(gdb) display/i $pc
1: x/i $pc  0xffffe410 <__kernel_vsyscall+16>:  pop    %ebp
(gdb) set disas intel
(gdb)

I then tried changing classes. I stepped through each instruction of the function with the ni command. If I got to a call instruction, like:

Code:

(gdb) ni
0xb5412051 in CServerGameDLL::GameFrame ()
   from /home/dvander/srcds/orangebox/tf/bin/server_i486.so
1: x/i $pc  0xb5412051 <_ZN14CServerGameDLL9GameFrameEb+145>:
    call   DWORD PTR [ecx+16]
(gdb)

I printed the call address and dumped its symbol, for example:

Code:

(gdb) print *(void **)($ecx + 16)
$1 = (void *) 0xb54a0660
(gdb) info sy $1
CNavMesh::Update() in section .text
(gdb)

Thus, GameFrame() calls CNavMesh::Update() from something. It's a rather time consuming endeavor.