Originally Posted by L. Duke
Anyone have any ideas on how I could go about finding CTFGameStats::IncrementStat(CTFPlayer *, TFStatType_t, int) ???
I think this is another unsiggable function because each time I get to a function that references it, I get:
v11 = 684 * (*(int (__stdcall **)(_DWORD))(*(_DWORD *)dword_1047E1B8 + 72))(*(_DWORD *)(v3 + 24));
++*(_DWORD *)(v11 + v4 + 156);
++*(_DWORD *)(v11 + v4 + 248);
++*(_DWORD *)(v11 + v4 + 340);
return v11 + v4 + 148;
It doesn't look like it's being directly called :S
What you can probably do is use this:
Which is the (untested) signature for CTFGameStats_Event_PlayerFiredWeapon which calls
CTFGameStats::IncrementStats. From there....
void* pfnIncStats = NULL;
void* pfnFireWeaponFunc = gSigMngr.findsignature(laddr, the_sig_above, length_of_above_sig);
typedef void (*IncrementStatsFunc)( void* /* this */, int /* TFStat Type */, int /* Some random integer :S */);
//Not sure if this is right. Very low level and only for windows :/
memcpy( pfnIncStats, ((char *)pfnFireWeaponFunc + 0x65), sizeof(char *) );
//Call the function :D
This should rip the pointer to CTFGameStats__IncStats directly from eax (assuming I did the hex right
Let me know if it works for you.