Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- int* base = (int*) dlopen("tf/bin/server.so", RTLD_LAZY);
- if(base == 0) {
- Msg("[PLR] Could not find server.so\n");
- return false;
- }
- dlclose((void*)base);
- FILE* output = popen("nm tf/bin/server.so | grep _ZNK18CServerGameClients15GetPlayerLimitsERiS0_S0_", "r");
- if(output == NULL) {
- Msg("[PLR] Could not parse server.so\n");
- return false;
- }
- char line [32];
- if(fgets(line, sizeof(line), output) == NULL) {
- Msg("[PLR] Could not find GetPlayerLimits\n");
- return false;
- }
- fclose(output);
- int offset = strtoul(line, NULL, 16);
- if(offset == 0) {
- Msg("[PLR] Failed to parse GetPlayerLimits address: %s\n", line);
- return false;
- }
- void (*GetPlayerLimits)(void*,int&,int&,int&) = (void(*)(void*,int&,int&,int&)) (*base + offset);
- /*
- mov eax, [esp+8]
- mov dword [eax], 1
- mov eax, [esp+12]
- mov dword [eax], 255
- mov eax, [esp+16]
- mov dword [eax], 24
- ret
- */
- char GetPlayerLimitsReplacement[] =
- "\x8b\x44\x24\x08\xc7\x00\x01\x00\x00\x00"
- "\x8b\x44\x24\x0c\xc7\x00\xff\x00\x00\x00"
- "\x8b\x44\x24\x10\xc7\x00\x18\x00\x00\x00"
- "\xc3";
- unsigned int pagesize = sysconf(_SC_PAGE_SIZE);
- unsigned int pagemask = ~(pagesize-1);
- unsigned int page = (unsigned int)GetPlayerLimits;
- Msg("%i\n", mprotect((void*)(page & pagemask), pagesize, PROT_READ|PROT_WRITE|PROT_EXEC));
- Msg("%x %x %i %i\n", page&pagemask, page, pagesize, sizeof(GetPlayerLimitsReplacement));
- memcpy((void*)GetPlayerLimits, (void*)GetPlayerLimitsReplacement, sizeof(GetPlayerLimitsReplacement));
- int a = -1;
- int b = -2;
- int c = -3;
- GetPlayerLimits(0,a,b,c);
- Msg("Player Limits: %i %i %i\n", a,b,c);
Add Comment
Please, Sign In to add comment
