[L. Duke]

I'm trying to get a pointer to the eventqueue in my extension using the same method SM uses to get the entitylist (I've already done that one).

The offset that is moved into ECX as the 'this' pointer is different though. The binary at the address moved into ECX looks like this

Code:

.data:1040AF98 unk_1040AF98    db 0FFh                 ; DATA XREF: sub_100A3290+278o

instead of

Code:

.data:1040AF94 off_1040AF94    dd offset off_10333FEC  ; DATA XREF: .data:off_1040AD1Co

which is more like the entitylist example.

Is this an offset I have to add or subtract from something to get the actual location in memory of the eventqueue???

What do the dd and db mean? I assume they are just the size of the data, like dword and byte?

[L. Duke]

I think it's because the entity list is a pointer [gEntityList->func()] and the eventqueue is the actual instance of the class [gEventQueue.func()].

Anyone have any experience with this or know how I can get the address for my eventqueue* ?

[AzuiSleet]

#define LETSSTEALGEVENTQUEUE "\x6A\x00\xD8\xB6\x30\x05\x00\x00\x56\x56\x51 \xB9"
#define LETSSTEALGEVENTQUEUEMASK "xxxxxxxxxxxx"
#define LETSSTEALGEVENTQUEUELEN 12

CSigScan LETSSTEALGEVENTQUEUE_Sig;

CEventQueue *g_eventQueue_f;



LETSSTEALGEVENTQUEUE_Sig.Init((unsigned char *)LETSSTEALGEVENTQUEUE, LETSSTEALGEVENTQUEUEMASK, LETSSTEALGEVENTQUEUELEN);

unsigned char *addr = (unsigned char *)LETSSTEALGEVENTQUEUE_Sig.sig_addr;

g_eventQueue_f = *((CEventQueue **)(addr + LETSSTEALGEVENTQUEUELEN));

[L. Duke]

Thanks AzuiSleet.

I did find my problem and got my stuff working. There was a function that was similar to the one I was scanning so I was copying the wrong pointer.

I had 32 bytes in my sig and it still matched!