hxuanyu/cs2-dumper
1
0
Fork 0
mirror of https://github.com/a2x/cs2-dumper.git synced 2025-10-08 05:10:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

Follow CreateInterface export instead of pattern scanning

Browse Source
This commit is contained in:
a2x
2024-06-18 16:44:09 +10:00
parent 13836dd019
commit 2fa116a6c4
6 changed files with 553 additions and 544 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
src/analysis/interfaces.rs
View File

@@ -4,7 +4,7 @@ use log::debug;
use memflow::prelude::v1::*;
use pelite::pattern;
use pelite::pe64::exports::Export;
use pelite::pe64::{Pe, PeView};
use serde::{Deserialize, Serialize};
@@ -29,19 +29,27 @@ pub fn interfaces(process: &mut IntoProcessInstanceArcBox<'_>) -> Result<Interfa
let view = PeView::from_bytes(&buf).ok()?;
let mut save = [0; 2];
let ci_export = view
.exports()
.ok()?
.by()
.ok()?
.name("CreateInterface")
.ok()?;
if !view
.scanner()
.finds_code(pattern!("4c8b0d${'} 4c8bd2 4c8bd9"), &mut save)
{
return None;
if let Export::Symbol(symbol) = ci_export {
let list_addr = process
.read_addr64_rip(module.base + symbol)
.data_part()
.ok()?;
return read_interfaces(process, module, list_addr)
.ok()
.filter(|ifaces| !ifaces.is_empty())
.map(|ifaces| Ok((module.name.to_string(), ifaces)));
}
read_interfaces(process, module, module.base + save[1])
.ok()
.filter(|ifaces| !ifaces.is_empty())
.map(|ifaces| Ok((module.name.to_string(), ifaces)))
None
})
.collect()
}
@@ -58,8 +66,9 @@ fn read_interfaces(
while !cur_reg.is_null() {
let reg = cur_reg.read(process)?;
let name = reg.name.read_string(process)?.to_string();
let instance = process.read_addr64_rip(reg.create_fn.address())?;
let value = (reg.create_fn.address() - module.base) as u32;
let value = (instance - module.base) as u32;
debug!(
"found interface: {} @ {:#X} ({} + {:#X})",