aha ok i will re-analyze it right now
|
Вопрос I wanna understand what is the C_DOTAGamerules ?
- Автор темы Un1xCr3w
- Дата начала
-
- Теги
- c_dotagamerules dota
ok i got it correctly but to understand the CGCLIENT correct
tis CGClient has something called lobby manager
and this lobby manager the StartFindingMatch and accpet match etc .... right ?
and the CDOTA_DB_Play is global singleton right ?
or did i get it wrong?
tis CGClient has something called lobby manager
and this lobby manager the StartFindingMatch and accpet match etc .... right ?
and the CDOTA_DB_Play is global singleton right ?
or did i get it wrong?
Последнее редактирование:
Участник
Участник
- Статус
- Оффлайн
- Регистрация
- 23 Май 2019
- Сообщения
- 934
- Реакции
- 337
forget about the fucking game coordinator client, it's a low-level interface, it will be too difficult for you to figure out.
just CDOTA_DB_Play is enough(and yes there are global pointers to CDOTA_DB_Play), it uses the game coordinator client internally. it's literally the PLAY button in the main menu.
chill dude i know that i have asked too many questions regarding this but i was just trying to understand the structure nothing more
right now the StartFindingMatch method is taking the CDOTA_DB_Play as argument and iam trying to reverse it to get figure out how can i send the object that has the game mode and region etc..... to be sent to the StartFindingMatching method
Последнее редактирование:
Участник
Участник
- Статус
- Оффлайн
- Регистрация
- 23 Май 2019
- Сообщения
- 934
- Реакции
- 337
there are global/static pointers to it in client.dll(green addresses in cheat engine)
you can get the CDOTA_DB_Play* from the rcx from the breakpoint at StartFindingMatch, then use cheat engine to search for pointers to that value, you'll find one green address and a bunch of uninteresting stuff, then check xrefs to that green address(x64dbg/ida); here's an example:
Код:
00007FFAE4E8D155 | 48:899E B8020000 | mov qword ptr ds:[rsi+2B8],rbx |
00007FFAE4E8D15C | 48:C786 C0020000 FFFFFFFF | mov qword ptr ds:[rsi+2C0],FFFFFFFFFFFFFFFF |
00007FFAE4E8D167 | 48:8935 EA654103 | mov qword ptr ds:[7FFAE82A3758],rsi | <--- CDOTA_DB_Play**
00007FFAE4E8D16E | E8 BD074AFF | call client.7FFAE432D930 |
00007FFAE4E8D173 | 48:85C0 | test rax,rax |
00007FFAE4E8D176 | 74 0A | je client.7FFAE4E8D182 |
00007FFAE4E8D178 | 48:8BC8 | mov rcx,rax |
00007FFAE4E8D17B | E8 60717AFF | call client.7FFAE46342E0 |
00007FFAE4E8D180 | EB 03 | jmp client.7FFAE4E8D185 |
00007FFAE4E8D182 | 48:8BC3 | mov rax,rbx |
00007FFAE4E8D185 | 48:8BC8 | mov rcx,rax |
00007FFAE4E8D188 | 48:8905 21963403 | mov qword ptr ds:[7FFAE81D67B0],rax |
00007FFAE4E8D18F | E8 0CC77CFF | call client.7FFAE46598A0 |
00007FFAE4E8D194 | 45:33C0 | xor r8d,r8d |
00007FFAE4E8D197 | 48:8D15 1ADE1B02 | lea rdx,qword ptr ds:[7FFAE704AFB8] | 00007FFAE704AFB8:"file://{resources}/layout/play.xml"
00007FFAE4E8D19E | 48:8BCE | mov rcx,rsi |
00007FFAE4E8D1A1 | E8 0AB6CEFF | call client.7FFAE4B787B0 |
00007FFAE4E8D1A6 | B2 01 | mov dl,1 |
00007FFAE4E8D1A8 | 48:8BCE | mov rcx,rsi |ok thanks a lot 1 more thing how can i accept match when the match is recieved
i think in a prespective of programming i can subscribe to the dashboard messages then when the game is ready with certine message i can do something upon that right?
i got the signature for the accept match which is: 40 57 48 83 EC? 83 79 ? ? 48 8D 51 ? 75? 83 7A ? ? 74? 48 8B 0D ? ? ? ? 48 85 C9 0F 84 ? ? ? ? 48 8B 01 FF 90 ? ? ? ? 48 8B C8 48 85 C0 74 ? 48 8B 00 FF 50 ? 48 8B F8 EB ? 33 FF 48 89 74 24 ? 48 8B 35 ? ? ? ? 48 85 F6 0F 84 ? ? ? ? 48 8B 06 B9 ? ? ? ? 48 89 5C 24 ? 4C 89 74 24 ? 4C 8B B0 ? ? ? ? E8? ? ? ? 48 8B D8 48 85 C0 74 ? 0F B7 0D ? ? ? ? 48 8D 05 ? ? ? ? 48 89 6C 24 ? 48 BD? ? ? ? ? ? ? ? 48 89 03 66 89 4B ? 48 85 FF 74 ? 48 8B 17 48 8B CF FF 12 48 89 6B ? 48 85 C0 74 ? 48 8B 0D ? ? ? ? 4C 8B C0 48 8B 11 4C 8B 8A ? ? ? ? 48 8D 54 24 ? 41 FF D1 48 8B 28 48 89 6B ? 48 8D 05 ? ? ? ? 48 8B 6C 24 ? 48 89 03 EB ? 33 DB 48 8D 54 24 ? 48 89 5C 24 ? 48 8B CE 41 FF D6 4C 8B 74 24 ? 48 8B 5C 24 ? 48 8B 74 24 ? E8? ? ? ? BA? ? ? ? 48 8B C8 E8 ? ? ? ? 41 B0 ? 48 8D 15 ? ? ? ? 48 8D 4C 24 ? E8? ? ? ? B0 ? 48 83 C4 ? 5F C3 CC CC CC CC B0
it is super long but what the hell: D
i just wanna know if iam correct and how to listen to game is ready
Последнее редактирование:
Участник
Участник
- Статус
- Оффлайн
- Регистрация
- 23 Май 2019
- Сообщения
- 934
- Реакции
- 337
the signature is unacceptably long(the longer it is, the more brittle it will be and the faster it will break between updates). they need to be long enough to be unique, but if they're too long then that means you're taking the wrong approach. it shouldn't take more than 1-2 lines in your code. try extracting from xrefs:
Код:
00007FFA62B1D5EC | 4C:8BAC24 18020000 | mov r13,qword ptr ss:[rsp+218] |
00007FFA62B1D5F4 | 4C:8BA424 10020000 | mov r12,qword ptr ss:[rsp+210] |
00007FFA62B1D5FC | 48:8D05 29481802 | lea rax,qword ptr ds:[7FFA64CA1E2C] | 00007FFA64CA1E2C:"accept"
00007FFA62B1D603 | C74424 20 5122C3B4 | mov dword ptr ss:[rsp+20],B4C32251 |
00007FFA62B1D60B | 4C:8D05 FE471802 | lea r8,qword ptr ds:[7FFA64CA1E10] | 00007FFA64CA1E10:"#dota_accept_match_accept"
00007FFA62B1D612 | 48:894424 28 | mov qword ptr ss:[rsp+28],rax |
00007FFA62B1D617 | 48:8D5424 20 | lea rdx,qword ptr ss:[rsp+20] |
00007FFA62B1D61C | 48:8BCF | mov rcx,rdi |
00007FFA62B1D61F | E8 9C1CDB00 | call client.7FFA638CF2C0 |
00007FFA62B1D624 | 48:8B0D 4D0B4C03 | mov rcx,qword ptr ds:[7FFA65FDE178] |
00007FFA62B1D62B | 48:85C9 | test rcx,rcx |
00007FFA62B1D62E | 0F84 3E010000 | je client.7FFA62B1D772 |
00007FFA62B1D634 | 48:8B01 | mov rax,qword ptr ds:[rcx] |
00007FFA62B1D637 | 48:8D15 523E0200 | lea rdx,qword ptr ds:[7FFA62B41490] | <--- the function
00007FFA62B1D63E | 48:895424 28 | mov qword ptr ss:[rsp+28],rdx |
00007FFA62B1D643 | 4C:8D4C24 20 | lea r9,qword ptr ss:[rsp+20] |
00007FFA62B1D648 | 0FB715 2D52E302 | movzx edx,word ptr ds:[7FFA6595287C] |
00007FFA62B1D64F | 4C:8BC7 | mov r8,rdi |
00007FFA62B1D652 | 48:897C24 20 | mov qword ptr ss:[rsp+20],rdi |
00007FFA62B1D657 | FF90 30010000 | call qword ptr ds:[rax+130] |
00007FFA62B1D65D | 48:8B0D 140B4C03 | mov rcx,qword ptr ds:[7FFA65FDE178] |OR you can just sig the end of the function(it's unique), e.g. ba 01 00 00 00 48 8b c8 e8 ?? ?? ?? ?? 41 b0, and then add the offset to the beginning from that place(it's -0x113 bytes for that sig). and to be safe, also double check that the beginning(that you obtained by subtracting 0x113) matches the expected pattern of the beginning, e.g. 40 57 48 83 ec ?? 83 79 ?? ?? 48 8d 51 - just in case the offset changes(because the function changed in the middle) (and throw an error if it doesn't match)
there are many ways to check if the match is found, you can either check for lobby updates, or hook popup panel(CDOTA_DB_Popup_AcceptMatch) creation, or simply check for the presence of the popup panel. get creative.
C++:
#include <Windows.h>
#include <string>
template<class T>
struct CUtlVector
{
int size;
T* data;
int capacity;
T const* begin() const
{
return data;
}
T* begin()
{
return data;
}
T const* end() const
{
return data + size;
}
T* end()
{
return data + size;
}
};
struct CPanel2D;
struct CUIPanel
{
auto panel2d()
{
return *(CPanel2D**)((std::uintptr_t)this + 0x8);
}
auto& children()
{
return *(CUtlVector<CUIPanel*>*)((std::uintptr_t)this + 0x28);
}
std::string_view id()
{
auto const result = *(char const**)((std::uintptr_t)this + 0x10);
if (result)
{
return std::string_view{ result };
}
return {};
}
CUIPanel* FindDirectChild(std::string_view el_id)
{
for (auto e : children())
{
if (e && e->id() == el_id)
{
return e;
}
}
return nullptr;
}
CUIPanel* FindDFS(std::string_view el_id)
{
if (id() == el_id)
{
return this;
}
for (auto e : children())
{
if (e)
{
if (auto result = e->FindDFS(el_id); result)
{
return result;
}
}
}
return nullptr;
}
//see eponymous string xref in client.dll
bool BHasClass(std::uint16_t symbol)
{
using fn = bool(*)(CUIPanel*, std::uint16_t);
return ((fn)((*(void***)(this))[155]))(this, symbol);
}
};
struct CPanel2D
{
auto uipanel()
{
return *(CUIPanel**)((std::uintptr_t)this + 0x8);
}
};
int __stdcall DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
if (ul_reason_for_call == DLL_PROCESS_ATTACH)
{
char* client = (char*)GetModuleHandleA("client.dll");
if (!client)
{
OutputDebugStringA("failed to get client.dll!");
return TRUE;
}
char* panorama = (char*)GetModuleHandleA("panorama.dll");
if (!panorama)
{
OutputDebugStringA("failed to get panorama.dll!");
return TRUE;
}
/*
00007FFA6339F228 | 48:0F45F9 | cmovne rdi,rcx |
00007FFA6339F22C | 48:8D0D 251AB202 | lea rcx,qword ptr ds:[7FFA65EC0C58] | 00007FFA65EC0C58:"Mismatch addon %s CRC date: Client=%llu Server=%llu\n"
00007FFA6339F233 | 48:8BD7 | mov rdx,rdi |
00007FFA6339F236 | FF15 74D3FD01 | call qword ptr ds:[<&Warning>] |
00007FFA6339F23C | 48:8B0D 653D3004 | mov rcx,qword ptr ds:[7FFA676A2FA8] | <--- dashboard
00007FFA6339F243 | 48:85C9 | test rcx,rcx |
00007FFA6339F246 | 74 1C | je client.7FFA6339F264 |
00007FFA6339F248 | 48:8B49 30 | mov rcx,qword ptr ds:[rcx+30] |
00007FFA6339F24C | 48:85C9 | test rcx,rcx |
00007FFA6339F24F | 74 13 | je client.7FFA6339F264 |
00007FFA6339F251 | 4C:8D05 381AB202 | lea r8,qword ptr ds:[7FFA65EC0C90] | 00007FFA65EC0C90:"#custom_game_mismatch_desc"
00007FFA6339F258 | 48:8D15 511AB202 | lea rdx,qword ptr ds:[7FFA65EC0CB0] | 00007FFA65EC0CB0:"#custom_game_mismatch_title"
00007FFA6339F25F | E8 EC1430FF | call client.7FFA626A0750 |
00007FFA6339F264 | 48:837C24 50 00 | cmp qword ptr ss:[rsp+50],0 |
*/
auto dashboard = *(CPanel2D**)(client + 0x54a2fa8);
if (!dashboard)
{
OutputDebugStringA("failed to get dashboard");
}
auto dashboard_ui = dashboard->uipanel();
if (!dashboard)
{
OutputDebugStringA("failed to get dashboard_ui");
}
auto dashboard_center = dashboard_ui->FindDirectChild("DashboardCenter");
if (!dashboard)
{
OutputDebugStringA("failed to get DashboardCenter");
}
auto popup_manager = dashboard_center->FindDirectChild("DashboardPopupManager");
if (!dashboard)
{
OutputDebugStringA("failed to get DashboardPopupManager");
}
for (auto child : popup_manager->children())
{
auto const id = child->id();
if (id != "SettingsReborn" && id != "BlurBackground" && id != "DimBackground")
{
auto const match_popup = child->FindDFS("PopupAcceptDeclineMatchPanel");
if (match_popup != nullptr)
{
//inside is string xref "Panorama Symbol table %d filled, couldn't add new symbol '%s'"
auto MakeSymbol = (std::uint16_t(*)(void*, char const*))(panorama + 0x956e0);
if (
!child->BHasClass(MakeSymbol(nullptr, "ReadyUpPlayersVisible"))
&& !child->BHasClass(MakeSymbol(nullptr, "MatchAcceptedClicked"))
&& !child->BHasClass(MakeSymbol(nullptr, "Hidden"))
)
{
OutputDebugStringA("found PopupAcceptDeclineMatchPanel!");
struct unk_
{
CPanel2D* panel;
void* fn;
};
unk_ unk{ child->panel2d(), client + 0x2101490 };
//inside is string xref "ui.matchmaking_accept"
((void(*)(CPanel2D*, unk_*))(client + 0x2101490))(child->panel2d(), &unk);
return TRUE;
}
}
}
}
OutputDebugStringA("didn't find PopupAcceptDeclineMatchPanel");
}
return TRUE;
}is there a simpler solution? i know that u have pasted the C++ code but i found another approach here comes the solution i found
and i have made quick research about the accept event i found out that i can use the SteamGC to listen on the
hkRetrieveMessage and if the msgId is equal to k_EMsgGCReadyUpStatus that means that the game is found and we can then use the
hkSendMessage to send k_EMsgGCReadyUp is that correct or did i get it incorrect like i always do ? :D
Участник
Участник
- Статус
- Оффлайн
- Регистрация
- 23 Май 2019
- Сообщения
- 934
- Реакции
- 337
and that seems simpler to you? if so(it's not), go for it...
the solution i provided from coding perspective you are right its not simple but as structure and listeners to listen on all messages sent to u by the server and map it in enum EDOTAGCMsg and reply with the same enum events i think it gonna be helping in cases like accept match , party invites , guild invites , etc ...
but is it going to work fine though ? iam trying to collect ur insight about it cuz u are the expert here , also i dont know how can i test it because i need the accept the game to appear more than one to test things
Участник
Участник
- Статус
- Оффлайн
- Регистрация
- 23 Май 2019
- Сообщения
- 934
- Реакции
- 337
gamecoordinator is tenfold more complicated than wrappers(and other high-level things) over it, and if you're already having trouble with high-level constructs, then you're going to have 10x more trouble with lower-level constructs
try creating a localhost custom game lobby(with a password so that random people don't get in the way of your testing) - when you click "start game" in the lobby the accept-or-decline-match-popup will appear, you can test with that, as many times as you want without penalties
thanks a lot dude i really appreciate the time and effort u put in this forum i swear dude i was in really rough place but u put me on the correct path , again thanks a lot.