From d2ba2df3aa72384d5a35918e9cece3f28b75874d Mon Sep 17 00:00:00 2001
From: Swapnadeep Som <75885103+Dying-Doomer@users.noreply.github.com>
Date: Wed, 28 Jul 2021 15:23:36 -0700
Subject: [PATCH 1/4] update python version to 3

---
 patch.py | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/patch.py b/patch.py
index 6e312cd..6b9e2aa 100644
--- a/patch.py
+++ b/patch.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python2
+#!/usr/bin/env python3
 import shutil
 import struct
 import os
@@ -14,35 +14,35 @@ def patch(d, offset, s):
     d[offset:offset+len(s)] = s
 
 ######### engine.so
-dat = bytearray(open("bin/engine.orig.so").read())
+dat = bytearray(open("bin/engine.orig.so", "rb").read())
 
 # Jump to forkserver entry point after initialization.
 # 0x286d20 is the NET_CloseAllSockets function.
 patch(dat, 0x286D20,
-    (
-    '\xb8' + struct.pack('<I', startpoint) +  # mov eax, startpoint
-    '\xff\xd0'                                # call eax
-    ))
+(
+  b'\xb8' + struct.pack('<I', startpoint) +  # mov eax, startpoint
+  b'\xff\xd0'                                # call eax
+))
 
 # Patch out a function that is registered via atexit().
 # You can find it by looking for the single xref to the string
 # "Missing shutdown function for %s"
-patch(dat, 0x2CCDB0, "\xc3")
+patch(dat, 0x2CCDB, b"\xc3")
 
 # nop out a call to BeginWatchdogTimer in the initialization sequence, so that we
 # don't get SIGABRT after a while
-patch(dat, 0x263F5F, "\x90"*6)
+patch(dat, 0x263F5F, b"\x90"*6)
 
 with open("bin/engine.so", "wb") as f:
   f.write(dat)
 
 ######### libtier0.so
-dat = bytearray(open("bin/libtier0.orig.so").read())
+dat = bytearray(open("bin/libtier0.orig.so", "rb").read())
 
 # Avoid Plat_ExitPlatform crash
 # .text:000156E7                 test    ebx, ebx
 # .text:000156E9                 jz      short loc_156F5
 # .text:000156EB                 mov     ds:dword_0, 1
-patch(dat, 0x156E7, "\x90"*(0x156F5-0x156e7))
+patch(dat, 0x156E7, b"\x90"*(0x156F5-0x156e7))
 with open("bin/libtier0.so", "wb") as f:
   f.write(dat)

From 3863b8e147866aa0f7f9adf96c36067e44dadbf2 Mon Sep 17 00:00:00 2001
From: Swapnadeep Som <75885103+Dying-Doomer@users.noreply.github.com>
Date: Wed, 28 Jul 2021 15:26:53 -0700
Subject: [PATCH 2/4] print error if shared object fails to load

---
 main.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/main.cpp b/main.cpp
index 19b35ea..13f0862 100644
--- a/main.cpp
+++ b/main.cpp
@@ -57,11 +57,17 @@ int main(int argc, char** argv) {
     }
 
     struct link_map *lm = (struct link_map*)dlopen("dedicated.so", RTLD_NOW);
+    if(lm == NULL){
+    	
+    	fprintf(stderr, dlerror());
+    
+    }
     void* dedicated = (void*)lm->l_addr;
     assert(dedicated);
     lm = (struct link_map*)dlopen("engine.so", RTLD_NOW);
     void* engine = (void*)lm->l_addr;
     assert(engine);
+    
 
     cout << "dedicated.so loaded at " << dedicated << endl;
     cout << "engine.so loaded at " << engine << endl;

From effde27efbde8c6085d81b0e194ca0e267a76618 Mon Sep 17 00:00:00 2001
From: Swapnadeep Som <75885103+Dying-Doomer@users.noreply.github.com>
Date: Fri, 30 Jul 2021 18:33:16 +0530
Subject: [PATCH 3/4] added newer offsets in the code

---
 main.cpp | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/main.cpp b/main.cpp
index 13f0862..bf646ad 100644
--- a/main.cpp
+++ b/main.cpp
@@ -10,7 +10,7 @@ using namespace std;
 void (*DedicatedMain)(int argc, const char** argv);
 
 // engine
-void (*CModelLoader_GetModelForName)(void*, const char* name, int referencetype);
+void (*CModelLoader_ReferenceModel)(void*, const char* name, int referencetype);
 void** p_modelloader;
 
 template <typename T> void ptr(T*& f, void* so, uint32_t offset) {
@@ -26,7 +26,6 @@ char *mappath;
 
 void startpoint() {
     fprintf(stderr, "startpoint()\n");
-
     void* modelloader = *p_modelloader;
     cout << "modelloader @ " << modelloader << endl;
 
@@ -36,10 +35,10 @@ void startpoint() {
         cerr << "Press enter to continue" << endl;
         getchar();
     }
-
+    
     void *buf = alloca(0x10000);
 
-    CModelLoader_GetModelForName(modelloader, mappath, 2);
+    CModelLoader_ReferenceModel(modelloader, mappath, 2);
     cout << "Done" << endl;
 
     _exit(0);
@@ -57,14 +56,17 @@ int main(int argc, char** argv) {
     }
 
     struct link_map *lm = (struct link_map*)dlopen("dedicated.so", RTLD_NOW);
-    if(lm == NULL){
-    	
+    if(lm == NULL)
+    {
     	fprintf(stderr, dlerror());
-    
     }
     void* dedicated = (void*)lm->l_addr;
     assert(dedicated);
     lm = (struct link_map*)dlopen("engine.so", RTLD_NOW);
+    if (lm == NULL)
+    {
+    	fprintf(stderr, dlerror());
+    }
     void* engine = (void*)lm->l_addr;
     assert(engine);
     
@@ -83,11 +85,11 @@ int main(int argc, char** argv) {
     cout << "Reading from " << mappath << endl;
 
     // dedicated
-    ptr(DedicatedMain, dedicated, 0x1beb0);
+    ptr(DedicatedMain, dedicated, 0x1d000);
 
     // engine
-    ptr(CModelLoader_GetModelForName, engine, 0x180460);
-    ptr(p_modelloader, engine, 0x6E3C80);
+    ptr(CModelLoader_ReferenceModel, engine, 0x18A400);
+    ptr(p_modelloader, engine, 0x70E2E0);
 
     const char* args[] = {"x", "-game", "csgo", "-nominidumps", "-nobreakpad"};
     DedicatedMain(sizeof args / sizeof *args, args);

From 6ee0cd16faf9ace0cd2fdfd443ec2dcdf3dbcb71 Mon Sep 17 00:00:00 2001
From: Swapnadeep Som <75885103+Dying-Doomer@users.noreply.github.com>
Date: Fri, 30 Jul 2021 18:34:34 +0530
Subject: [PATCH 4/4] added newer offsets to the code

---
 patch.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/patch.py b/patch.py
index 6b9e2aa..1c13344 100644
--- a/patch.py
+++ b/patch.py
@@ -18,7 +18,7 @@ def patch(d, offset, s):
 
 # Jump to forkserver entry point after initialization.
 # 0x286d20 is the NET_CloseAllSockets function.
-patch(dat, 0x286D20,
+patch(dat, 0x29E6B0,
 (
   b'\xb8' + struct.pack('<I', startpoint) +  # mov eax, startpoint
   b'\xff\xd0'                                # call eax
@@ -27,11 +27,11 @@ def patch(d, offset, s):
 # Patch out a function that is registered via atexit().
 # You can find it by looking for the single xref to the string
 # "Missing shutdown function for %s"
-patch(dat, 0x2CCDB, b"\xc3")
+patch(dat, 0x2E5900, b"\xc3")
 
 # nop out a call to BeginWatchdogTimer in the initialization sequence, so that we
 # don't get SIGABRT after a while
-patch(dat, 0x263F5F, b"\x90"*6)
+patch(dat, 0x27459F, b"\x90"*6)
 
 with open("bin/engine.so", "wb") as f:
   f.write(dat)
@@ -43,6 +43,6 @@ def patch(d, offset, s):
 # .text:000156E7                 test    ebx, ebx
 # .text:000156E9                 jz      short loc_156F5
 # .text:000156EB                 mov     ds:dword_0, 1
-patch(dat, 0x156E7, b"\x90"*(0x156F5-0x156e7))
+patch(dat, 0x15877, b"\x90"*(0x15885 - 0x15877))
 with open("bin/libtier0.so", "wb") as f:
   f.write(dat)