Jump to content

[CODE][TF2] Obtain appSystemFactory, clientFactory and pGlobals on the fly


Recommended Posts

Posted

bool CTF2::Init(HMODULE hEngine)
{
        DWORD dwClientDLL_Init = NULL;
        char szClientDLL_InitSig[] = "\x56\xE8\xFA\x71\x01\x00\x83\x3D\x5C\x99\x22\x0D\x00\x8B\x35\x64\xA5\x11\x0D\x0F\x84\x93\x01\x00\x00\x68\xDC\x8C\x13\x0D\xFF\xD6";
        char szClientDLL_InitMsk[] = "xx????xx????xxx????xx????x????xx";

        dwClientDLL_Init = gMem.FindPattern(((DWORD)hEngine + 0xBA340), 0x00617000, (PBYTE)szClientDLL_InitSig, szClientDLL_InitMsk);
        if(dwClientDLL_Init == NULL) return FALSE;

        CreateInterfaceFn appSystemFactory = NULL;
        appSystemFactory = (CreateInterfaceFn)*(DWORD*)*(DWORD*)(dwClientDLL_Init + 0x21);
        if(appSystemFactory == NULL) return FALSE;

        DWORD ppClient = *(DWORD*)(dwClientDLL_Init + 0x27);
        if(ppClient == NULL) return FALSE;
        pClient = (IBaseClientDLL*)*(DWORD*)ppClient;
        if(pClient == NULL) return FALSE;

        CreateInterfaceFn clientFactory = NULL;
        clientFactory = (CreateInterfaceFn)*(DWORD*)(ppClient - 0x8);

        DWORD ppGlobals = *(DWORD*)(*(DWORD*)*(DWORD*)pClient + 0x39);

        return TRUE;
}

 

 

 

 

 

 

 

 

 

 

 

 

CreateInterfaceFn GetAppSystemFactory()
{
BYTE* sig = (BYTE*)"\x8B\x44\x24\x04\x8B\x08\x8B\x50\x04\x89\x0D\x00\x00\x00\x00\x89\x15\x00\x00\x00\x00\xC3";
char* mask = "xxxxxxxxxxx????xx????x";
DWORD func = gMemory.dwFindPattern( (DWORD)GetModuleHandle("client.dll"), 0x62b000, sig, mask );
CreateInterfaceFn* address = (CreateInterfaceFn*) func + 0xB;
return *address;
}

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...

Important Information

This community uses essential cookies to function properly. Non-essential cookies and third-party services are used only with your consent. Read our Privacy Policy and We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue..