[THUG2] Accessing the QB engine

Tutorials for all THUG+ games goes here.
Forum rules
This forum is only for posting tutorials.
Specify what game it is for, and please take a look at this Template.
Post Reply
CHC
Site Admin
Posts: 54
Joined: Sun Feb 28, 2010 9:43 pm

[THUG2] Accessing the QB engine

Post by CHC » Mon Apr 12, 2010 5:42 am

So a while ago I was messing around with the QB engine from a directx proxy. I've only gotten this to work for SendChatMessage and create_console_message?(might have a different name)
You need to allocate a CStruct pointer if you want to pass any arguments, if you want to use other QB stuff feel free to find out how, I think you need to allocate another class to be passed with most scripts to be executed and thats why its crashing

This only works on THUG2 PC reloaded exe, the code will probably work on THPS3+ but you need to find the addresses for the functions

Code: Select all

void *AllocateCScript() {
	uint32_t retptr=0;
	uint32_t func_alloccscript=0x4738E0;
	__asm {
		mov eax, 0x6F3548
		mov ecx, eax 
		call func_alloccscript
		mov retptr, eax
	}
	return (void *)retptr;
}
void *AllocateCStruct() {
	uint32_t retptr;
	uint32_t func_alloccstruct=0x476410;
	__asm {
		call func_alloccstruct
		mov retptr, eax
	}
	return (void *)retptr;
}
bool ContainsFlag(const char *name, void *cstruct) {
	//Untested
	uint32_t func_containsflag=0x476B40;
	uint32_t checksum=crc32(name);
	bool retval=false;
	__asm {
		push checksum
		mov ecx, cstruct
		call func_containsflag
		mov retval, al
	}
	return retval;
}
void AddString(const char *name, const char *strf, void *cstruct) {
	uint32_t func_addstring=0x4779D0;
	uint32_t checksum=crc32(name);
	__asm {
		push strf
		push checksum
		mov ecx, cstruct
		call func_addstring
	}
}
const char *GetString(const char *name, void *cstruct) {
	const char *ptrret=NULL;
	uint32_t func_getstring=0x476C60;
	uint32_t checksum=crc32(name);
	__asm {
		lea eax, ptrret
		push eax
		push checksum
		mov ecx, cstruct //wasn't in disassemly.. just a guess
		call func_getstring

	}
	return ptrret;
}
float GetFloat(const char *name, void *cstruct) {
	uint32_t checksum=crc32(name);
	uint32_t func_getfloat=0x4766D0;
	//push 0 is because i don't want to tell the script to assert on issues..
	float resfloat=0.0f;
	__asm {
		lea edx, resfloat
		push edx
		push checksum
		mov ecx, cstruct
		call func_getfloat
	}
	return resfloat;
}
void AddFloat(const char *name, float val, void *cstruct) {
	uint32_t checksum=crc32(name);
	uint32_t func_setfloat=0x477C60;
	__asm {
		push val
		push checksum
		mov ecx, cstruct
		call func_setfloat
	}
}
void AddInt(const char *name,uint32_t val, void *cstruct) {
	uint32_t checksum=crc32(name);
	uint32_t func_setint=0x477B80;//0x477D40;
	__asm {
		mov eax, val
		push eax
		push checksum
		mov ecx, cstruct
		call func_setint
	}
	return;
}
uint32_t GetChecksum(const char *name, void *cstruct) {
	uint32_t func_getchecksum=0x476EC0;
	uint32_t checksum=crc32(name);
	uint32_t checksum_r=0;
	__asm {
		lea eax, checksum_r
		push eax
		push checksum
		mov ecx, cstruct
		call func_getchecksum
	}
	return checksum_r;
}
void AddChecksum(const char *name, const char *val, void *cstruct) {
	uint32_t func_addchecksum=0x477D40;
	uint32_t checksum_1=crc32(name);
	uint32_t checksum_2=crc32(val);
	__asm {
		push checksum_2
		push checksum_1
		mov ecx, cstruct
		call func_addchecksum
	}

	return;
}
int GetInt(const char *name, void *cstruct) {
	int final=0;
	uint32_t func_getint=0x476630;
	uint32_t checksum=crc32(name);
	int val=0;
	__asm {
		lea eax, val
		push eax
		push checksum
		mov ecx, cstruct
		call func_getint

	}
	return val;
}
bool ExecuteQBScript(const char *name, void *cstruct) {
	bool bReturn=false;
	uint32_t func_runscript=0x475790;
	uint32_t checksum=crc32(name);
	__asm {
		push 0
		push 0
		push 0
		push cstruct
		push checksum
		call func_runscript
		mov		bReturn, al
	}
	return bReturn;
}
void FreeCStruct(void *cstruct) {
	uint32_t func_freecstruct=0x477130;
	__asm {
		mov ecx, cstruct
		call func_freecstruct
	}
	return ;
}

Zmathue
VIP
Posts: 30
Joined: Tue Mar 02, 2010 8:03 pm

Re: [THUG2] Accessing the QB engine

Post by Zmathue » Mon Apr 12, 2010 9:35 am

Cool, I was looking at the qb engine in the disassembly too, I just never got around to modifying it. Also there is printf qb function that was left in the qb function table, but it was dummied out before release.

Post Reply