blob: e5793261a3b58b4fd6231a245d380b12603ce5a1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
//-----------------------------------------------------------------------------
// Some explanation might be needed for this. The crash is caused by
// us calling a pure virtual function in the constructor.
// The order goes like this:
// ctor
// -> vftable = IPureCall::vftable
// -> IPureCall::Ok()
// -> IPureCall::CallMeIDareYou()
// -> purecall_handler
// -> crash :(
class IPureCall
{
public:
IPureCall() { Ok(); }
virtual void CallMeIDareYou() = 0;
void Ok() { CallMeIDareYou(); }
};
class CPureCall : IPureCall
{
virtual void CallMeIDareYou() {}
};
static void (*o_pCC_crash_test_f)(const CCommand& args);
static void h_CC_crash_test_f(const CCommand& args)
{
int crashtype = 0;
int dummy;
if (args.ArgC() > 1)
{
crashtype = atoi(args.Arg(1));
}
switch (crashtype)
{
case 0:
dummy = *((int*)NULL);
spdlog::info("Crashed! {}", dummy);
break;
case 1:
*((int*)NULL) = 24122021;
break;
case 2:
throw std::exception("Crashed!");
break;
case 3:
RaiseException(7, 0, 0, NULL);
break;
case 4:
{
CPureCall PureCall;
break;
}
default:
spdlog::info("Unknown variety of crash. You have now failed to crash. I hope you're happy.");
break;
}
}
ON_DLL_LOAD("engine.dll", ClientModeShared, (CModule module))
{
o_pCC_crash_test_f = module.Offset(0x15BEE0).RCast<decltype(o_pCC_crash_test_f)>();
HookAttach(&(PVOID&)o_pCC_crash_test_f, (PVOID)h_CC_crash_test_f);
}
|
