Что нового?



  • MONEY за подписку! Ничего делать не надо совсем, всего-то подписаться на тг одмена и нажать кнопку "Принять участие" в розыгрыше: https://t.me/govthing/7650

Вопрос Is convar callback structure changed?

  • Автор темы Автор темы Trna
  • Дата начала Дата начала
Trna
Начинающий
T
Начинающий
Статус
Оффлайн
Регистрация
16 Авг 2022
Сообщения
51
Реакции
4
I tried to follow this post

Конвары и конкомманды

(микротуториал) все квары и комманды(и прочие плюхи) есть тут(дамп от 08.09.2022) https://www.upload.ee/files/14483749/Dota2Dumper.rar.html с новой обновой очень сильно реворкнули квары. 1) находим сами квары: Берем интерфейс(CreateInterface)(https://aixxe.net/2017/03/walking-interface-list)...
yougame.biz yougame.biz

But I found different structure at 0x80:


Is the callback system changed?
 

Вложения

  • differentstructure.png
    differentstructure.png
    76.2 KB · Просмотры: 39
Trna написал(а):
I tried to follow this post

Конвары и конкомманды

(микротуториал) все квары и комманды(и прочие плюхи) есть тут(дамп от 08.09.2022) https://www.upload.ee/files/14483749/Dota2Dumper.rar.html с новой обновой очень сильно реворкнули квары. 1) находим сами квары: Берем интерфейс(CreateInterface)(https://aixxe.net/2017/03/walking-interface-list)...
yougame.biz yougame.biz

But I found different structure at 0x80:


Is the callback system changed?
Нажмите для раскрытия...
only slightly; the same principle still applies(hwbp on cvar's callback index and check who reads from it and what they do with that index).
callback table entry is now obtained via shl, 5(which is * 32)
callback_table_entry = [ICvar + 0x80] + cvar.callback_index * 0x20;
callback_dispatcher = [callback_table_entry + 0x0]
callback = [callback_table_entry + 0x8]
callback_dispatcher(&cvar_id, 0, &new_val, &old_val, callback)
1731265908809.png

1731265622869.png
 
Liberalist написал(а):
only slightly; the same principle still applies(hwbp on cvar's callback index and check who reads from it and what they do with that index).
callback table entry is now obtained via shl, 5(which is * 32)
callback_table_entry = [ICvar + 0x80] + cvar.callback_index * 0x20;
callback_dispatcher = [callback_table_entry + 0x0]
callback = [callback_table_entry + 0x8]
callback_dispatcher(&cvar_id, 0, &new_val, &old_val, callback)
Посмотреть вложение 290137
Посмотреть вложение 290136
Нажмите для раскрытия...
Thanks. I can't use like button I guess.
 
Liberalist написал(а):
only slightly; the same principle still applies(hwbp on cvar's callback index and check who reads from it and what they do with that index).
callback table entry is now obtained via shl, 5(which is * 32)
callback_table_entry = [ICvar + 0x80] + cvar.callback_index * 0x20;
callback_dispatcher = [callback_table_entry + 0x0]
callback = [callback_table_entry + 0x8]
callback_dispatcher(&cvar_id, 0, &new_val, &old_val, callback)
Посмотреть вложение 290137
Посмотреть вложение 290136
Нажмите для раскрытия...

Can you how did you figure out all of these?

C++:
Expand Collapse Copy 
void CCVar::TriggerCallback(const CVarID& id)
{
    auto cvar = id.m_pVar;
    void* callback_table_entry = (void*)(Member<uintptr_t>(0x80) + 0x20 * cvar->m_iCallbackIndex);
    auto callback_dispatcher = *(CVarCallbackFn*)(reinterpret_cast<uintptr_t>(callback_table_entry) + 0x0);
    auto callback = *(void**)(reinterpret_cast<uintptr_t>(callback_table_entry) + 0x8);
    callback_dispatcher(id, 0, &cvar->value, &cvar->value, callback);
}

My trigger callback is crashing again and I want to figure out what changed. also cvar structure is changed too. Thanks

Also one last thing, in your tutorial you are using union CVarValue. union size would be the size of the largest element (16byte) here.
So here when we define:
Код:
Expand Collapse Copy 
CVarValue value{};
CVarValue defaultValue{};
Wouldn't defaultValue get padded to much? for example for dota_camera_instance with cheat engine I checked that value is in 0x48 and default value is in 0x50
 
Последнее редактирование:
Trna написал(а):
Can you how did you figure out all of these?

C++:
Expand Collapse Copy 
void CCVar::TriggerCallback(const CVarID& id)
{
    auto cvar = id.m_pVar;
    void* callback_table_entry = (void*)(Member<uintptr_t>(0x80) + 0x20 * cvar->m_iCallbackIndex);
    auto callback_dispatcher = *(CVarCallbackFn*)(reinterpret_cast<uintptr_t>(callback_table_entry) + 0x0);
    auto callback = *(void**)(reinterpret_cast<uintptr_t>(callback_table_entry) + 0x8);
    callback_dispatcher(id, 0, &cvar->value, &cvar->value, callback);
}

My trigger callback is crashing again and I want to figure out what changed. also cvar structure is changed too. Thanks

Also one last thing, in your tutorial you are using union CVarValue. union size would be the size of the largest element (16byte) here.
So here when we define:
Код:
Expand Collapse Copy 
CVarValue value{};
CVarValue defaultValue{};
Wouldn't defaultValue get padded to much? for example for dota_camera_instance with cheat engine I checked that value is in 0x48 and default value is in 0x50
Нажмите для раскрытия...
figured it out by observing what changes when you interact with convars(when you change value in the console for example), and by changing stuff myself(like convar's type, for example) and observing how the game reacts to that, also by just visually looking at things, and by observing how the game interacts with cvars;
about the default value - there's actually a pointer to the default value. it's at 0x8. you(and the game) read from that ptr to obtain the default value. it's not touched directly, only via pointer.
the structure should be something along these lines(didn't test. test it yourself)
C++:
Expand Collapse Copy 
enum class EConvarType : std::uint8_t
{
    BOOL = 0,
    UNK_LOL,
    UNK_LOL_,
    INT32,//1
    UINT32,//2
    INT64,//3
    UINT64,//4
    FLOAT,//7
    DOUBLE,//8
    STRING,//=9
    COLOR_RGBA,
    UNK_SOME_TWO_FLOATS,
    UNK_SOME_THREE_FLOATS,
    UNK_SOME_FOUR_FLOATS,
    UNK_SOME_THREE_FLOATS_AGAIN,
};

union ConVarValue
{
    bool boolean{};
    std::uint64_t u64;
    std::int64_t i64;
    std::uint32_t u32;
    std::int32_t i32;
    float flt;
    double dbl;
    const char* str;
    std::uint32_t clr_rgba;
    std::array<float, 2> two_floats;
    std::array<float, 3> three_floats;
    std::array<float, 4> four_floats;
};

struct ConVariable
{
    const char* name{};
    void* ptr_to_default_value{};
    void* unk1{};
    void* unk2{};
    const char* help{};
    EConvarType type{};
    int unk_maybe_number_of_times_changed{};
    std::uint64_t flags{};
    int CALLBACK_INDEX{};
    int unk5{};
    int unk6{};
    int probably_pad{};
    ConVarValue value{};
};
if you're crashing attach a debugger. it was literally made for these situations.
if you want to observe how the game invokes the callback, set a hwbp on the callback index and change the cvar from the console.
the params for the callback should be something along these lines(didn't test. test it yourself)
callback_dispatcher(&cvar_id, 0, &old_cvar_value, &new_cvar_value, nullptr, callback)
1748376169104.png
 
Войдите или зарегистрируйтесь для ответа.

Похожие темы

T
Вопрос Skill Issue
Ответы
7
Просмотры
378
Trna
T
U
Вопрос Hey guys i have been trying to get the existedgit cheat to run
Ответы
0
Просмотры
326
Un1xCr3w
U
U
Вопрос Issues with getting items and abilities
Ответы
1
Просмотры
104
Liberalist
L
I'm a weeb
Гайд Cs2 How to Find CreateMove & Check Signature Validity? Let's Discuss
Ответы
4
Просмотры
304
minionpilot
minionpilot
U
Вопрос HkPostReceivedNetMessage always giving me invalid message id
Ответы
12
Просмотры
319
Un1xCr3w
U
Немного о главном
Полезные мелочи
О нас

Проект предоставляет различный материал, относящийся к сфере киберспорта, программирования, ПО для игр, а также позволяет его участникам общаться на многие другие темы. Почта для жалоб: admin@yougame.biz

Поделиться страницей
Назад
Сверху Снизу