From c7c5d913c48ff14ee585ae29558144e3b7ed06ab Mon Sep 17 00:00:00 2001
From: pizzaboxer <41478239+pizzaboxer@users.noreply.github.com>
Date: Sat, 22 Jan 2022 12:02:42 +0000
Subject: [PATCH] Add support for CApp::RobloxAuthenticate via command line
 args

---
 PolygonClientUtilities/Config.h           | 14 +++++++++----
 PolygonClientUtilities/RobloxMFCClasses.h |  7 +++++--
 PolygonClientUtilities/RobloxMFCHooks.cpp | 24 ++++++++++++++++++++++-
 PolygonClientUtilities/RobloxMFCHooks.h   |  7 ++++++-
 PolygonClientUtilities/dllmain.cpp        | 11 ++++++-----
 5 files changed, 50 insertions(+), 13 deletions(-)

diff --git a/PolygonClientUtilities/Config.h b/PolygonClientUtilities/Config.h
index aefe947..900f192 100644
--- a/PolygonClientUtilities/Config.h
+++ b/PolygonClientUtilities/Config.h
@@ -5,7 +5,10 @@
 
 // RobloxApp (2010)
 #ifdef MFC2010
-#define STRUCTOFFSET_DATAMODEL__JOBID                    2912
+#define CLASSLOCATION_CROBLOXAPP                   0x00BFF898
+#define CLASSLOCATION_CAPP                         0x00405D20
+
+#define STRUCTOFFSET_DATAMODEL__JOBID              2912      
 
 #define ADDRESS_DATAMODEL__GETJOBID                0x005CACC0
 #define ADDRESS_STANDARDOUT__PRINT                 0x0059F340
@@ -23,15 +26,18 @@
 
 // RobloxApp (2011)
 #ifdef MFC2011
-#define STRUCTOFFSET_DATAMODEL__JOBID                    2956
+#define CLASSLOCATION_CROBLOXAPP                   0x00CBA8A0
+#define CLASSLOCATION_CAPP                         0x00406D80
+
+#define STRUCTOFFSET_DATAMODEL__JOBID              2956      
 
 #define ADDRESS_DATAMODEL__GETJOBID                0x005E70C0
 #define ADDRESS_STANDARDOUT__PRINT                 0x005B25E0
 #define ADDRESS_NETWORK__RAKNETADDRESSTOSTRING     0x0
 #define ADDRESS_HTTP__TRUSTCHECK                   0x005B7050
 #define ADDRESS_CRYPT__VERIFYSIGNATUREBASE64       0x00809EC0
-#define ADDRESS_CAPP__CREATEGAME                   0x0
-#define ADDRESS_CAPP__ROBLOXAUTHENTICATE           0x0
+#define ADDRESS_CAPP__CREATEGAME                   0x00406D80
+#define ADDRESS_CAPP__ROBLOXAUTHENTICATE           0x00409050
 #define ADDRESS_CROBLOXAPP__INITINSTANCE           0x004613C0
 #define ADDRESS_CROBLOXAPP__CREATEDOCUMENT         0x0045D030
 #define ADDRESS_CWORKSPACE__EXECURLSCRIPT          0x0049FC90
diff --git a/PolygonClientUtilities/RobloxMFCClasses.h b/PolygonClientUtilities/RobloxMFCClasses.h
index 64e64a9..9ace391 100644
--- a/PolygonClientUtilities/RobloxMFCClasses.h
+++ b/PolygonClientUtilities/RobloxMFCClasses.h
@@ -19,10 +19,13 @@ struct CRobloxDoc
 	CWorkspace* workspace;
 };
 
+// padding1[4] = offset of 0x10
+// padding1[40] = offset of 0xA0
+
 struct CApp;
 
-const auto CApp__CreateGame = (CWorkspace * (__thiscall*)(CApp * _this, LPCWSTR, LPCWSTR))ADDRESS_CAPP__CREATEGAME;
-const auto CApp__RobloxAuthenticate = (void * (__thiscall*)(CApp * _this, LPCWSTR, LPCWSTR))ADDRESS_CAPP__ROBLOXAUTHENTICATE;
+// const auto CApp__CreateGame = (CWorkspace * (__thiscall*)(CApp * _this, LPCWSTR, LPCWSTR))ADDRESS_CAPP__CREATEGAME;
+const auto CApp__RobloxAuthenticate = (void * (__thiscall*)(CApp * _this, void*, LPCWSTR, LPCWSTR))ADDRESS_CAPP__ROBLOXAUTHENTICATE;
 
 struct CRobloxApp;
 
diff --git a/PolygonClientUtilities/RobloxMFCHooks.cpp b/PolygonClientUtilities/RobloxMFCHooks.cpp
index 30545cb..6025c29 100644
--- a/PolygonClientUtilities/RobloxMFCHooks.cpp
+++ b/PolygonClientUtilities/RobloxMFCHooks.cpp
@@ -26,6 +26,7 @@ StandardOut__print_t StandardOut__print = (StandardOut__print_t)ADDRESS_STANDARD
 // Network__RakNetAddressToString_t Network__RakNetAddressToString = (Network__RakNetAddressToString_t)ADDRESS_NETWORK__RAKNETADDRESSTOSTRING;
 #endif
 #if defined(MFC2010) || defined(MFC2011)
+CApp__CreateGame_t CApp__CreateGame = (CApp__CreateGame_t)ADDRESS_CAPP__CREATEGAME;
 CRobloxApp__InitInstance_t CRobloxApp__InitInstance = (CRobloxApp__InitInstance_t)ADDRESS_CROBLOXAPP__INITINSTANCE;
 CRobloxCommandLineInfo__ParseParam_t CRobloxCommandLineInfo__ParseParam = (CRobloxCommandLineInfo__ParseParam_t)ADDRESS_CROBLOXCOMMANDLINEINFO__PARSEPARAM;
 #endif
@@ -140,16 +141,35 @@ void __fastcall StandardOut__print_hook(int _this, void*, int type, std::string*
 #endif
 
 #if defined(MFC2010) || defined(MFC2011)
+INT __fastcall CApp__CreateGame_hook(CApp* _this, void*, int a2, int* a3)
+{
+    printf("\n");
+    printf("Pointer location of CApp: %p\n", &_this);
+    printf("Pointer value of CApp: %p\n", _this);
+    // CApp__RobloxAuthenticate(_this, NULL, L"http://polygondev.pizzaboxer.xyz/login/negotiate.ashx", L"0");
+    return CApp__CreateGame(_this, a2, a3);
+}
+
 BOOL __fastcall CRobloxApp__InitInstance_hook(CRobloxApp* _this)
 {
     if (!CRobloxApp__InitInstance(_this))
         return FALSE;
 
+    CApp* app = reinterpret_cast<CApp*>(CLASSLOCATION_CAPP);
+
     if (hasAuthUrlArg && hasAuthTicketArg && !authenticationUrl.empty() && !authenticationTicket.empty())
     {
-        // TODO: implement this using CApp__RobloxAuthenticate
+        CApp__RobloxAuthenticate(app, NULL, authenticationUrl.c_str(), authenticationTicket.c_str());
     }
 
+    // printf("Pointer location of CRobloxApp: %p\n", &_this);
+    // printf("Pointer value of CRobloxApp: %p\n", _this);
+    // printf("Pointer location of CRobloxDoc: %p\n", document);
+    // printf("Pointer location of CWorkspace: %p\n", &document->workspace);
+
+    // printf("Pointer location of CApp: %p\n", &app);
+    // printf("Pointer value of CApp: %p\n", app);
+
     if (hasJoinArg && !joinScriptUrl.empty())
     {
         try
@@ -205,6 +225,8 @@ void __fastcall CRobloxCommandLineInfo__ParseParam_hook(CRobloxCommandLineInfo*
 #ifdef ARBITERBUILD
     if (hasJobId && jobId.empty())
     {
+        // command line args are parsed AFTER CRobloxApp::InitInstance is run, so the logger will too be initialized after
+
         jobId = std::string(pszParam);
         Logger::Initialize(jobId);
 
diff --git a/PolygonClientUtilities/RobloxMFCHooks.h b/PolygonClientUtilities/RobloxMFCHooks.h
index 92db71a..c511abd 100644
--- a/PolygonClientUtilities/RobloxMFCHooks.h
+++ b/PolygonClientUtilities/RobloxMFCHooks.h
@@ -2,6 +2,8 @@
 
 #include "RobloxMFCClasses.h"
 
+// #include <atlstr.h>
+
 // Type Definitions //
 
 typedef BOOL(__thiscall* Http__trustCheck_t)(const char* url);
@@ -12,6 +14,7 @@ typedef void(__thiscall* StandardOut__print_t)(int _this, int type, std::string*
 // typedef void(__thiscall* Network__RakNetAddressToString_t)(int raknetAddress, bool writePort, char portDelineator);
 #endif
 #if defined(MFC2010) || defined(MFC2011)
+typedef INT(__thiscall* CApp__CreateGame_t)(CApp* _this, int a2, int *a3);
 typedef BOOL(__thiscall* CRobloxApp__InitInstance_t)(CRobloxApp* _this);
 typedef void(__thiscall* CRobloxCommandLineInfo__ParseParam_t)(CRobloxCommandLineInfo* _this, const char* pszParam, BOOL bFlag, BOOL bLast);
 #endif
@@ -26,6 +29,7 @@ extern StandardOut__print_t StandardOut__print;
 // extern Network__RakNetAddressToString_t Network__RakNetAddressToString;
 #endif
 #if defined(MFC2010) || defined(MFC2011)
+extern CApp__CreateGame_t CApp__CreateGame;
 extern CRobloxApp__InitInstance_t CRobloxApp__InitInstance;
 extern CRobloxCommandLineInfo__ParseParam_t CRobloxCommandLineInfo__ParseParam;
 #endif
@@ -35,11 +39,12 @@ extern CRobloxCommandLineInfo__ParseParam_t CRobloxCommandLineInfo__ParseParam;
 BOOL __fastcall Http__trustCheck_hook(const char* url);
 void __fastcall Crypt__verifySignatureBase64_hook(HCRYPTPROV* _this, void*, char a2, int a3, int a4, int a5, int a6, int a7, int a8, char a9, int a10, int a11, int a12, int a13, int a14, int a15);
 #ifdef ARBITERBUILD
-INT __fastcall DataModel__getJobId_hook(char* _this, void*, int a2);
+INT  __fastcall DataModel__getJobId_hook(char* _this, void*, int a2);
 void __fastcall StandardOut__print_hook(int _this, void*, int type, std::string* message);
 // std::string __fastcall Network__RakNetAddressToString_hook(int raknetAddress, bool writePort, char portDelineator);
 #endif
 #if defined(MFC2010) || defined(MFC2011)
+INT  __fastcall CApp__CreateGame_hook(CApp* _this, void*, int a2, int *a3);
 BOOL __fastcall CRobloxApp__InitInstance_hook(CRobloxApp* _this);
 void __fastcall CRobloxCommandLineInfo__ParseParam_hook(CRobloxCommandLineInfo* _this, void*, const char* pszParam, BOOL bFlag, BOOL bLast);
 #endif
\ No newline at end of file
diff --git a/PolygonClientUtilities/dllmain.cpp b/PolygonClientUtilities/dllmain.cpp
index 13aeb40..307ab3f 100644
--- a/PolygonClientUtilities/dllmain.cpp
+++ b/PolygonClientUtilities/dllmain.cpp
@@ -6,15 +6,16 @@
 START_PATCH_LIST()
 ADD_PATCH(Http__trustCheck, Http__trustCheck_hook)
 ADD_PATCH(Crypt__verifySignatureBase64, Crypt__verifySignatureBase64_hook)
-#if defined(MFC2010) || defined(MFC2011)
-ADD_PATCH(DataModel__getJobId, DataModel__getJobId_hook)
-ADD_PATCH(CRobloxApp__InitInstance, CRobloxApp__InitInstance_hook)
-ADD_PATCH(CRobloxCommandLineInfo__ParseParam, CRobloxCommandLineInfo__ParseParam_hook)
-#endif
 #ifdef ARBITERBUILD
+ADD_PATCH(DataModel__getJobId, DataModel__getJobId_hook)
 ADD_PATCH(StandardOut__print, StandardOut__print_hook)
 // ADD_PATCH(Network__RakNetAddressToString, Network__RakNetAddressToString_hook)
 #endif
+#if defined(MFC2010) || defined(MFC2011)
+// ADD_PATCH(CApp__CreateGame, CApp__CreateGame_hook)
+ADD_PATCH(CRobloxApp__InitInstance, CRobloxApp__InitInstance_hook)
+ADD_PATCH(CRobloxCommandLineInfo__ParseParam, CRobloxCommandLineInfo__ParseParam_hook)
+#endif
 END_PATCH_LIST()
 
 // DLLs for release will be loaded with VMProtect, so this isn't necessary