I've become quite adept at sigscanning. If anyone needs a signature for CS:S, you can request it here :P, and I will try to find it for you. I can also do TF2 but I will need to get the updated .dll and .so file.


Fire away :)

can you sacn css zombie mod 2.0 signature?

can you sacn css zombie mod 2.0 signature?

Hmm, good question. I probably could, but what do you need to do? Turn someone into a zombie?

Hmm, good question. I probably could, but what do you need to do? Turn someone into a zombie?


1. trun someone to zombie
2. check player is zombie or not.
3. change player move speed

1. trun someone to zombie
2. check player is zombie or not.
3. change player move speed

I think you misunderstood my intentions. I can find signatures for quite a few functions in the server.dll and server_i486.dll files of CSS and (probably TF2).

I will try to get you signatures for zombiemod, but something tells me that the signatures aren't going to work.

Well I'm slowly writing things for tf2, learning as I go, I'd like to know how to get the player_death and teleport functions as a start. I'm sure I can do this too, if you have the time maybe you could explain how to write a sigscan function after you have the address, mask, etc., that's what I'm confused about.

Well I'm slowly writing things for tf2, learning as I go, I'd like to know how to get the player_death and teleport functions as a start.

player_death is an event which can be captured using IGameEventManager.

Teleport is actually a virtual function which you can use the vtable for but the offsets are liable to change very quickly. So yes, I will grab you a signature for that :D


I'm sure I can do this too, if you have the time maybe you could explain how to write a sigscan function after you have the address, mask, etc., that's what I'm confused about.

I'm writing up a nice long tutorial with pictures that explains this, albeit I've had a crazy week so I haven't gotten too much done on it.

If you are using C++, you do not need a mask. Use BAILOPAN's signature scanner from CSS: DM (search for it :D).

Please let me know as soon as you finish, in the mean time I'll play around with BAILOPAN's sigscanner and find out how to use the event manager.

Well, since you are offering...

I need a new sig for CCSPlayer::SwitchTeam

Any chance you could help?

TIA

robot

Please let me know as soon as you finish, in the mean time I'll play around with BAILOPAN's sigscanner and find out how to use the event manager.

Sure no problem.

Well, since you are offering...

I need a new sig for CCSPlayer::SwitchTeam

Any chance you could help?

TIA

robot

EDIT: Here you are:

The Signature:
\x2A\x2A\x2A\x56\x57\x8B\x7C\x24\x1C\x57\x8B\ xF1\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x85\xC0\x 2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A

Length: 33
Calling Convention: __thiscall
Prototype: CCSPlayer::SwitchTeam(int iTeamIndex)

Thanks for the fast response there! Unfortunately, for whatever reason - that sig is not working for me.

The plugin certainly finds it, but after loading, the server dies and goes into loop (although I probably need to debug a bit more to confirm exactly what is happening). I will try to debug it further on my end - but was wondering if you have confirmed that this is indeed the correct function and it is callable...?

Basically to explain a bit more, the last Valve update killed my plugin. The sig I was using was:

\x83\xEC\x10\x56\x57\x8B\x7C\x24\x1C\x57\x8B\ xF1\xE8\xDF\x4D\xF9

However now I cannot find the correct one. I should also mention my code is quite old (http://zombiehorde.svn.sourceforge.net/viewvc/zombiehorde/trunk/zhplug-1.1/) and may have other issues - although it did was working up until last update :/

robot

Thanks for the fast response there! Unfortunately, for whatever reason - that sig is not working for me.

The plugin certainly finds it, but after loading, the server dies and goes into loop (although I probably need to debug a bit more to confirm exactly what is happening). I will try to debug it further on my end - but was wondering if you have confirmed that this is indeed the correct function and it is callable...?

Basically to explain a bit more, the last Valve update killed my plugin. The sig I was using was:

\x83\xEC\x10\x56\x57\x8B\x7C\x24\x1C\x57\x8B\ xF1\xE8\xDF\x4D\xF9However now I cannot find the correct one. I should also mention my code is quite old (http://zombiehorde.svn.sourceforge.net/viewvc/zombiehorde/trunk/zhplug-1.1/) and may have other issues - although it did was working up until last update :/

robot

EDIT: This is a windows signature, not a Linux one :)

Yes. I test every single signature I create. That signature worked for me when I used it (which was right before submitting my post), so I'm sure it's the way you are using the signature. Remember that this signature is a __thiscall, which means you need to pass in a this-pointer as the first parameter in the function. Then, inside the function, you need to do the following with the __asm keyword if you are using windows (if you are using c++):

__asm {
push ecx;
mov ecx, thisptr;
push iTeamIndex;
call thesignaturefunction;
pop ecx;
};

To use signatures, I use something LDuke taught me, which he was shown by Cybermind.

Essentially, take a look at the declaration of the function. In this case, it has one parameter, int iTeamIndex. It's also a __thiscall which means that you need a pointer to an instance of CCSPlayer. If you take a look at the class heirarchy, CCSPlayer is also an instance of CBaseEntity. So from an edict_t* you do ->GetUnknown()->GetBaseEntity(); Use that as your this-pointer.

Now, create a typedef for the function, inside your code. The syntax works like this:

typedef <return-type> (<callingconvention> *<SomeName>) (<param1 type>, <param2 type>, ..etc..)

With the above, if your calling convention is anything other than a __fastcall, you do not need to put a calling convention there :).

So with CCSPlayer::SwitchTeam:
typedef void (*SwitchTeam)(CBaseEntity*, int);

Next, what I do in my code is I have a class which manages my signatures. Inside it, I create an instance of the typedef in my class's private member variables section:

private:
SwitchTeam m_SwitchTeam;.

Finally, I have a global instance of the signature scanner (I use BAILOPAN's). I have a function called Initialize() in my manager class, which I call when metamod loads. I then do the following for each "function type members" that I showed you above:

m_SwitchTeam = (SwitchTeam)g_SigMngr.ResolveSig(laddr, Signature, Signature_Length);

Finally, you need to call your newfound function! In my manager class, I have callable functions for each signature. In this case, since we have a __thiscall, you need to move the this pointer into the ecx register, and push all the parameters into the stack left to right. This is why I put the thispointer (the CBaseEntity* instance) first :D. So the code:

void S_SwitchTeam(CBaseEntity* thisptr, int iTeamIndex)
{
if(!m_SwitchTeam)
{
g_pGlobals->m_engine->Con_NPrintf(0, "m_SwitchTeam failed!");
return;
}

void* func = (void*)m_SwitchTeam;

#ifdef _WIN32
__asm {
push ecx;
mov ecx, thisptr;
push iTeamIndex;
call func;
pop ecx;
};
#else
(m_SwitchTeam)(thisptr, iTeamIndex);
#endif
}

And that's it! You can apply the same principles for pretty much any other thiscall (I haven't run into any exceptions. Also, on a side note, I am signature scanning for classes in CS:S. I have written up a page on CCSPlayer if you want to take a look:

http://wiki.alliedmods.net/CCSPlayer

I hope this helped! :D

CTFPlayer::TeamFortress_SetSpeed(void)

:)

see you in #sigs on IRC

CTFPlayer::TeamFortress_SetSpeed(void)

:)

see you in #sigs on IRC

Lol, I had a really hard time with this one. I haven't tested this because I can't run TF2 on this box, so =/, but you can :D

Prototype: void CTFPlayer::TeamFortress_SetSpeed(void)
Calling Convention: __fastcall
Signature: \x51\x56\x8B\xF1\x2A\x2A\x2A\x2A\x2A\x2A\xC1\ xE8\x03\xA8\x01\x57\x2A\x2A\x2A\x2A\x2A\x2A\x 74\x3E\x8B\x16\x2A\x2A\x2A\x2A\x2A\x2A
Length: 32

The above is untested so don't blame me if something goes wrong :D. I need LDuke to report back.

i found this, then use detours. but how to set the speed next?
\x51\x56\x8B\xF1\x2A\x2A\x2A\x2A\x2A\x2A\x85\ xC9\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x 2A\x2A\xC1\xE8\x03\xA8\x01\x57\x2A\x2A\x2A\x2 A\x2A\x2A\x74\x40\x8B\x16\x2A\x2A\x2A\x2A\x2A \x2A

Could anyone find me the sig for this:

CBaseEntityList * g_pEntityList

(TF2)

Thanks :)

The entitylist is an offset, not a pointer, and you can find it in sdktools extention or lduke's extention.

I know youve been busy lately, but heres one if you get time :)

CTFPlayer::CanAttack(void)

i found this, then use detours. but how to set the speed next?
\x51\x56\x8B\xF1\x2A\x2A\x2A\x2A\x2A\x2A\x85\ xC9\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x 2A\x2A\xC1\xE8\x03\xA8\x01\x57\x2A\x2A\x2A\x2 A\x2A\x2A\x74\x40\x8B\x16\x2A\x2A\x2A\x2A\x2A \x2A

EDIT: Disregard that function :S Dunno what I was thinking there lol.
What did you want to do?

Secondly, I don't think you can search for signatures in other binaries outside of server.dll / server_i486.so because you need to have a pointer that's stored internally in those (to get the membase of the DLL). Try using a CS function for what you want.

Ninja Edit: I'm searching for your signature Crimson :D

EDIT2: I think I found it, but you'll need to test it (I wasn't able to, so no guarantees lol):
\xA1\x2A\x2A\x2A\x2A\xD9\x2A\x2A\x56\x8B\xF1\ xD8\x2A\x2A\x2A\x2A\x2A\x8B\x2A\x2A\x2A\x2A\x 2A\xDF\xE0\xF6\xC4\x05EDIT3: The above is TESTED and working as of 2/7/09! The above is CTFPlayer::CanAttack(void).

Just to throw it out there, even though I cant get it to work (it just doesnt seem to be called) heres the sig for CBaseCombatWeapon::UsesPrimaryAmmo()


\x83\xB9\x54\x12\x00\x00\x00\x0F\x9D\xC0\xC3
your-name-here: I was actually able to find a few with the method you showed me last night :) However, theres one that I cant find a string in anywhere. If you get a chance to take a look, its CBaseEntity::CreatePredictedEntityByName(char const*, char const *, int, bool). I did see that CreateEntityByName was called inside of it, and has a string in it, but was not able to find it based off that.

Hi.
I'm searching the sig and the mask for CBasePlayer::FireBullets currently.

Thanks,
- Chris

Hi.
I'm searching the sig and the mask for CBasePlayer::FireBullets currently.

Thanks,
- Chris

What game?

@CrimsonGT: I couldn't find that sig lol, it's one of those ones that are "unsiggable" unless you tried patchdiff'ing between hl2dm and tf2 :/

Hi.
For Counterstrike: Source.

Thanks,
- Chris

Can't you just hook that function?

Virtual offset 101...

http://wiki.alliedmods.net/CBasePlayer_Offset_List_(Counter-Strike:_Source) (http://wiki.alliedmods.net/CBasePlayer_Offset_List_%28Counter-Strike:_Source%29)

How I should do this? I can't lay a hook about all player instances, that not possible. For that, I need the sig and mask, do I!?

~ Chris

You can hook when a player connects, then unhook when they leave. I do this for FireBullets, TraceAttack...

Works fine.

Nice!
Very cool idea, and yep, it works.
Thank you so much :)

Thanks,
- Chris

What game?

@CrimsonGT: I couldn't find that sig lol, it's one of those ones that are "unsiggable" unless you tried patchdiff'ing between hl2dm and tf2 :/

haha damnit, ah well. I was hoping :P

Anyone have any ideas on how I could go about finding CTFGameStats::IncrementStat(CTFPlayer *, TFStatType_t, int) ???

Anyone have any ideas on how I could go about finding CTFGameStats::IncrementStat(CTFPlayer *, TFStatType_t, int) ???

I think this is another unsiggable function because each time I get to a function that references it, I get:

v11 = 684 * (*(int (__stdcall **)(_DWORD))(*(_DWORD *)dword_1047E1B8 + 72))(*(_DWORD *)(v3 + 24));
++*(_DWORD *)(v11 + v4 + 156);
++*(_DWORD *)(v11 + v4 + 248);
++*(_DWORD *)(v11 + v4 + 340);
return v11 + v4 + 148;
It doesn't look like it's being directly called :S

What you can probably do is use this:
\x2A\x2A\x2A\x2A\x2A\x83\xB8\x18\x03\x00\x00\ x04\x53\x2A\x2A\x2A\x2A\x56\x57\x8B\xF1\xBF\x 01\x00\x00\x00\x75\x39 Which is the (untested) signature for CTFGameStats_Event_PlayerFiredWeapon which calls CTFGameStats::IncrementStats. From there....


void* pfnIncStats = NULL;
void* pfnFireWeaponFunc = gSigMngr.findsignature(laddr, the_sig_above, length_of_above_sig);

typedef void (*IncrementStatsFunc)( void* /* this */, int /* TFStat Type */, int /* Some random integer :S */);
IncrementStatsFunc pStatsFunc;

//Not sure if this is right. Very low level and only for windows :/
memcpy( pfnIncStats, ((char *)pfnFireWeaponFunc + 0x65), sizeof(char *) );

//Call the function :D
//....


This should rip the pointer to CTFGameStats__IncStats directly from eax (assuming I did the hex right :P)

Let me know if it works for you.

This really nice what you doing for everyone, very helpful :)

Can you maybe find CBasePlayer:: DisableButtons(int) if you have time? It not emergency, and not bad if not.

This really nice what you doing for everyone, very helpful :)

Heh thanks. Unlike others, I find searching for sigs to be a nice challenge.


Can you maybe find CBasePlayer:: DisableButtons(int) if you have time? It not emergency, and not bad if not.

What game is it for?

It is for TF2

It is for TF2

EDIT: Unfortunately, your function is not directly called by anything in the windows binary :S
It's fallen under the unsiggable category, unless you want to hardcode some offsets and rip the address out (which I'm waiting for LDuke to get back to me about).

Me and bl4nk both gave a try at finding the proper sig for CTFPlayer::OnTakeDamage_Alive and neither one worked. Been at it for 2 days, so if you have time to give it a shot it would be appreciated <3

Scratch this, I think im good now. The end of the sig hunt will be a marvelous day indeed!

can find "GetNumHumanPlayers" in L4d engine.dll?

i try many times, but fail...

can find "GetNumHumanPlayers" in L4d engine.dll?

i try many times, but fail...

\x53\x56\x57\x8B\xF9\x33\xDB\x33\xF6\x39\x9F\ x1C\x01\x00\x00\x7E\x29\x8B\x87

It works now, but will probably break on the next update... if it does, let me know and I'll make a new one wildcarding the changed bytes.

Could anyone find a sig to disable first blood in TF2 Arena mode?

Could anyone find a sig to disable first blood in TF2 Arena mode? there's gotta be a cvar for that.

Hi.
I'm searching for CBE::FireBullets for CS:S - it would be great if you can find a sig :)

~ Chris

You shouldn't need the signature. You can use the virtual offset found here: http://wiki.alliedmods.net/CBasePlayer_Offset_List_(Counter-Strike:_Source)


101 CBaseEntity::FireBullets(FireBulletsInfo_t const&)

Omfg, you're such right. Completly forgot to look there :D
Thank you :)

~ Chris

new request!
CSS

in linux
_ZNK8CHostage9GetLeaderEv
_ZN8CHostage6WiggleEv
_ZN8CHostage6FollowEP9CCSPlayer

i need these signature in windows

anybody have the sig for building multiple sentrys/buildings?

another CSS request

_ZN8CHostage9TrackPathERK6Vectorf
CHostage::TrackPath(Vector const&, float)

i also want to know how to change hostage walk/run speed

another CSS request

_ZN8CHostage9TrackPathERK6Vectorf
CHostage::TrackPath(Vector const&, float)


This should work, however I haven't tested.
\x83\xEC\x2A\x56\x8B\xF1\xD9\x46\x2A\x8B\x86\ x2A\x2A\x2A\x2A\xD9\x05

If anyone is able to get SendTable::Construct(SendProp *, int, char *) for Windows I would appreciate it. It has no strings and I am unable to get patchdiff working right now so not having much luck getting it.

I have IDA open anyway, so here's a quicky.

\x8B\x44\x24\x04\x8B\x54\x24\x08\x80\x61

You can use that to find it, and wildcard it if you need to... but I doubt a base function like that will change. And that's enough for it to be unique (in my tf2 server.dll at least)

Thanks, 5 minutes response time with a signature? That was impressive.

Im trying to figure out a way to get all the sendprop values on an entity without having to do GetEntProp() for like 50 sendprop's. Hopefully this works.

Actually, that signature is very easy. Simply search string "should_never_see_this"
It comes up with a huge list of xrefs, since it's part of all ServerClassInit<T>

Go to the first function, scroll to the bottom, there will be
call SendTable::Construct
mov eax,1
retn

Err, can you get the CS:S Windows signature for CBasePlayer::CSWeaponDrop?

CCSPlayer::CSWeaponDrop(CBaseCombatWeapon *, bool, bool)

@_ZN9CCSPlayer12CSWeaponDropEP17CBaseCombatWe aponbb
\x55\x8B\xEC\x81\xEC\x2A\x2A\x2A\x2A\x89\x8D\ x2A\x2A\x2A\x2A\xC6

CCSPlayer::CSWeaponDrop(CBaseCombatWeapon *, bool, bool)

@_ZN9CCSPlayer12CSWeaponDropEP17CBaseCombatWe aponbb
\x55\x8B\xEC\x81\xEC\x2A\x2A\x2A\x2A\x89\x8D\ x2A\x2A\x2A\x2A\xC6


Oh, it was CCSPlayer :3, WTH thank you, that was enormously fast!

No problem. Sorry it took so long, but I had to update my css installation and parse the binaries in IDA :-/

No problem. Sorry it took so long, but I had to update my css installation and parse the binaries in IDA :-/

:shock:

Bless you, man.

another request

CTraceFilterEntity::ShouldHitEntity

; CTraceFilterEntity::ShouldHitEntity(IHandleEn tity *, int)
_ZN18CTraceFilterEntity15ShouldHitEntityEP13I HandleEntityi
\x53\x8B\x5C\x2A\x2A\x56\x8B\xF1\x8B\x0D\x2A\ x2A\x2A\x2A\x8B\x01\x8B\x50\x2A\x57\x53\xFF\x D2\x84\xC0\x75

lol. respect!

Could you get the linux signature for Terminate Round?
its not:
"@_ZN12CCSGameRules14TerminateRoundEfi"

Could you get the linux signature for Terminate Round?
its not:
"@_ZN12CCSGameRules14TerminateRoundEfi"

that one is correct, also there are other,

CCSGameRules::EndRound(void)
_ZN12CCSGameRules8EndRoundEv

Can't get UTIL_BloodDrips to work.

.text:003CAB53 ; ---------------------------------------------------------------------------
.text:003CAB54 align 10h
.text:003CAB60
.text:003CAB60 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
.text:003CAB60
.text:003CAB60 ; Attributes: bp-based frame
.text:003CAB60
.text:003CAB60 _Z15UTIL_BloodDripsRK6VectorS1_ii proc near
.text:003CAB60 ; CODE XREF: _Z10SpawnBlood6VectorRKS_if+30p
.text:003CAB60 ; _ZN11CBaseEntity11TraceAttackERK15CTakeDamage InfoRK6VectorP10CGameTrace+130p ...
.text:003CAB60
.text:003CAB60 var_E8 = dword ptr -0E8h
.text:003CAB60 var_E4 = dword ptr -0E4h
.text:003CAB60 var_E0 = dword ptr -0E0h
.text:003CAB60 var_DC = dword ptr -0DCh
.text:003CAB60 var_D8 = dword ptr -0D8h
.text:003CAB60 var_C0 = dword ptr -0C0h
.text:003CAB60 var_BC = dword ptr -0BCh
.text:003CAB60 var_B0 = dword ptr -0B0h
.text:003CAB60 var_AC = dword ptr -0ACh
.text:003CAB60 var_A4 = dword ptr -0A4h
.text:003CAB60 var_A0 = dword ptr -0A0h
.text:003CAB60 var_9C = dword ptr -9Ch
.text:003CAB60 var_98 = dword ptr -98h
.text:003CAB60 var_94 = dword ptr -94h
.text:003CAB60 var_90 = dword ptr -90h
.text:003CAB60 var_8C = dword ptr -8Ch
.text:003CAB60 var_88 = dword ptr -88h
.text:003CAB60 var_84 = dword ptr -84h
.text:003CAB60 var_80 = dword ptr -80h
.text:003CAB60 var_7C = dword ptr -7Ch
.text:003CAB60 var_78 = dword ptr -78h
.text:003CAB60 var_74 = dword ptr -74h
.text:003CAB60 var_70 = dword ptr -70h
.text:003CAB60 var_6C = dword ptr -6Ch
.text:003CAB60 var_68 = dword ptr -68h
.text:003CAB60 var_64 = dword ptr -64h
.text:003CAB60 var_60 = dword ptr -60h
.text:003CAB60 var_5C = word ptr -5Ch
.text:003CAB60 var_58 = dword ptr -58h
.text:003CAB60 var_54 = dword ptr -54h
.text:003CAB60 var_50 = dword ptr -50h
.text:003CAB60 var_4C = byte ptr -4Ch
.text:003CAB60 var_4B = byte ptr -4Bh
.text:003CAB60 var_48 = dword ptr -48h
.text:003CAB60 var_44 = dword ptr -44h
.text:003CAB60 var_40 = dword ptr -40h
.text:003CAB60 var_3C = dword ptr -3Ch
.text:003CAB60 var_38 = dword ptr -38h
.text:003CAB60 var_34 = dword ptr -34h
.text:003CAB60 var_30 = byte ptr -30h
.text:003CAB60 var_2C = dword ptr -2Ch
.text:003CAB60 var_28 = dword ptr -28h
.text:003CAB60 var_24 = dword ptr -24h
.text:003CAB60 var_20 = dword ptr -20h
.text:003CAB60 var_C = dword ptr -0Ch
.text:003CAB60 var_8 = dword ptr -8
.text:003CAB60 var_4 = dword ptr -4
.text:003CAB60 arg_0 = dword ptr 8
.text:003CAB60 arg_4 = dword ptr 0Ch
.text:003CAB60 arg_8 = dword ptr 10h
.text:003CAB60 arg_C = dword ptr 14h
.text:003CAB60
.text:003CAB60 push ebp
.text:003CAB61 mov ebp, esp
.text:003CAB63 sub esp, 0E8h
.text:003CAB69 mov [ebp+var_C], ebx
.text:003CAB6C mov [ebp+var_8], esi
.text:003CAB6F mov [ebp+var_4], edi
.text:003CAB72 call $+5
.text:003CAB77 pop ebx
.text:003CAB78 add ebx, offset loc_9591E1
.text:003CAB7E mov edi, [ebp+arg_8]
.text:003CAB81 mov edx, [ebp+arg_0]
.text:003CAB84 mov esi, [ebp+arg_C]
.text:003CAB87 cmp edi, 0FFFFFFFFh
.text:003CAB8A jz loc_3CAD22
.text:003CAB90 test edi, edi
.text:003CAB92 jz loc_3CAD30
.text:003CAB98 mov eax, [ebx+911C4h]
.text:003CAB9E mov eax, [eax+30h]
.text:003CABA1 test eax, eax
.text:003CABA3 setnz al
.text:003CABA6
.text:003CABA6 loc_3CABA6: ; CODE XREF: _Z15UTIL_BloodDripsRK6VectorS1_ii+1DEj
.text:003CABA6 test al, al
.text:003CABA8 jz loc_3CAD22
.text:003CABAE test esi, esi
.text:003CABB0 jz loc_3CAD22
.text:003CABB6 mov eax, [ebx-9A0h]
.text:003CABBC mov eax, [eax]
.text:003CABBE mov [ebp+var_AC], eax
.text:003CABC4 mov eax, [eax]
.text:003CABC6 mov ecx, [ebp+var_AC]
.text:003CABCC mov [ebp+var_B0], edx
.text:003CABD2 mov [ebp+var_C0], eax
.text:003CABD8 mov [esp+0E8h+var_E8], ecx
.text:003CABDB call dword ptr [eax+8Ch]
.text:003CABE1 mov edx, [ebp+var_B0]
.text:003CABE7 test al, al
.text:003CABE9 lea eax, [esi+esi*4]
.text:003CABEC cmovnz esi, eax
.text:003CABEF cmp edi, 3
.text:003CABF2 jz loc_3CAD48
.text:003CABF8 mov [ebp+var_98], 0
.text:003CAC02 mov [ebp+var_94], 0
.text:003CAC0C mov [ebp+var_90], 0
.text:003CAC16 mov [ebp+var_80], 0
.text:003CAC1D mov [ebp+var_7C], 0
.text:003CAC24
.text:003CAC24 loc_3CAC24: ; DATA XREF: .text:00959135o
.text:003CAC24 mov [ebp+var_78], 0
.text:003CAC2B mov [ebp+var_74], 0
.text:003CAC32 mov [ebp+var_70], 0
.text:003CAC39 mov [ebp+var_60], 0
.text:003CAC40 mov [ebp+var_5C], 0
.text:003CAC46 mov [ebp+var_68], 0
.text:003CAC4D mov [ebp+var_64], 0
.text:003CAC54 mov [ebp+var_58], 0
.text:003CAC5B mov [ebp+var_54], 0
.text:003CAC62 mov [ebp+var_50], 0
.text:003CAC69 mov [ebp+var_4B], 0
.text:003CAC6D mov [ebp+var_48], 0
.text:003CAC74 mov [ebp+var_44], 0
.text:003CAC7B mov [ebp+var_40], 0
.text:003CAC82 mov [ebp+var_3C], 0
.text:003CAC89 mov [ebp+var_38], 0
.text:003CAC90 mov [ebp+var_34], 0
.text:003CAC97 mov [ebp+var_30], 0
.text:003CAC9B mov [ebp+var_2C], 0
.text:003CACA2 mov [ebp+var_28], 0
.text:003CACA9 mov [ebp+var_24], 0
.text:003CACB0 mov [ebp+var_20], 0
.text:003CACB7 cmp esi, 0FFh
.text:003CACBD mov eax, [edx]
.text:003CACBF mov ecx, edi
.text:003CACC1 mov [ebp+var_A4], eax
.text:003CACC7 mov eax, [edx+4]
.text:003CACCA mov [ebp+var_A0], eax
.text:003CACD0 mov eax, [edx+8]
.text:003CACD3 mov edx, [ebp+arg_4]
.text:003CACD6 mov [ebp+var_9C], eax
.text:003CACDC mov eax, [edx]
.text:003CACDE mov [ebp+var_8C], eax
.text:003CACE4 mov eax, [edx+4]
.text:003CACE7 mov [ebp+var_88], eax
.text:003CACED mov eax, [edx+8]
.text:003CACF0 mov [ebp+var_4C], cl
.text:003CACF3 mov [ebp+var_84], eax
.text:003CACF9 mov eax, 0FFh
.text:003CACFE cmovle eax, esi
.text:003CAD01 cvtsi2ss xmm0, eax
.text:003CAD05 lea eax, [ebp+var_A4]
.text:003CAD0B movss [ebp+var_6C], xmm0
.text:003CAD10 mov [esp+0E8h+var_E4], eax
.text:003CAD14 lea eax, [ebx-23A56Bh]
.text:003CAD1A mov [esp+0E8h+var_E8], eax
.text:003CAD1D call _Z14DispatchEffectPKcRK11CEffectData
.text:003CAD22
.text:003CAD22 loc_3CAD22: ; CODE XREF: _Z15UTIL_BloodDripsRK6VectorS1_ii+2Aj
.text:003CAD22 ; _Z15UTIL_BloodDripsRK6VectorS1_ii+48j ...
.text:003CAD22 mov ebx, [ebp+var_C]
.text:003CAD25 mov esi, [ebp+var_8]
.text:003CAD28 mov edi, [ebp+var_4]
.text:003CAD2B leave
.text:003CAD2C retn
.text:003CAD2C ; ---------------------------------------------------------------------------
.text:003CAD2D align 10h
.text:003CAD30
.text:003CAD30 loc_3CAD30: ; CODE XREF: _Z15UTIL_BloodDripsRK6VectorS1_ii+32j
.text:003CAD30 mov eax, [ebx+91104h]
.text:003CAD36 mov ecx, [eax+30h]
.text:003CAD39 test ecx, ecx
.text:003CAD3B setnz al
.text:003CAD3E jmp loc_3CABA6
.text:003CAD3E ; ---------------------------------------------------------------------------
.text:003CAD43 align 8
.text:003CAD48
.text:003CAD48 loc_3CAD48: ; CODE XREF: _Z15UTIL_BloodDripsRK6VectorS1_ii+92j
.text:003CAD48 mov eax, [ebx-8B4h]
.text:003CAD4E mov eax, [eax]
.text:003CAD50 mov ecx, [eax]
.text:003CAD52 mov [esp+0E8h+var_E4], edx
.text:003CAD56 mov [esp+0E8h+var_E8], eax
.text:003CAD59 mov [esp+0E8h+var_D8], 0
.text:003CAD61 mov [esp+0E8h+var_DC], 1
.text:003CAD69 mov [esp+0E8h+var_E0], 1
.text:003CAD71 call dword ptr [ecx+10h]
.text:003CAD74 mov esi, [ebx-0BB8h]
.text:003CAD7A mov eax, [esi]
.text:003CAD7C mov ecx, [eax]
.text:003CAD7E mov [esp+0E8h+var_E0], 40000000h
.text:003CAD86 mov [esp+0E8h+var_E4], 0
.text:003CAD8E mov [esp+0E8h+var_E8], eax
.text:003CAD91 call dword ptr [ecx+4]
.text:003CAD94 fstp [ebp+var_BC]
.text:003CAD9A movss xmm0, [ebp+var_BC]
.text:003CADA2 comiss xmm0, dword ptr [ebx-24F1E8h]
.text:003CADA9 jb loc_3CAD22
.text:003CADAF mov eax, [esi]
.text:003CADB1 mov ecx, [eax]
.text:003CADB3 mov [esp+0E8h+var_E0], 0Fh
.text:003CADBB mov [esp+0E8h+var_E4], 0Ah
.text:003CADC3 mov [esp+0E8h+var_E8], eax
.text:003CADC6 call dword ptr [ecx+8]
.text:003CADC9 mov edx, [ebp+var_B0]
.text:003CADCF cvtsi2ss xmm0, eax
.text:003CADD3 mov [esp+0E8h+var_E0], 41200000h
.text:003CADDB movss [esp+0E8h+var_E4], xmm0
.text:003CADE1 mov [esp+0E8h+var_E8], edx
.text:003CADE4 call _Z10UTIL_SmokeRK6Vectorff
.text:003CADE9 jmp loc_3CAD22
.text:003CADE9 _Z15UTIL_BloodDripsRK6VectorS1_ii endp
.text:003CADE9
.text:003CADE9 ; ---------------------------------------------------------------------------

.text:10224396 ; ---------------------------------------------------------------------------
.text:10224397 CC CC CC CC CC CC CC CC CC align 10h
.text:102243A0
.text:102243A0 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
.text:102243A0
.text:102243A0
.text:102243A0 sub_102243A0 proc near ; CODE XREF: sub_10224530+F5p
.text:102243A0
.text:102243A0 var_8C = dword ptr -8Ch
.text:102243A0 var_88 = dword ptr -88h
.text:102243A0 var_84 = dword ptr -84h
.text:102243A0 var_80 = dword ptr -80h
.text:102243A0 var_7C = dword ptr -7Ch
.text:102243A0 var_78 = dword ptr -78h
.text:102243A0 var_74 = dword ptr -74h
.text:102243A0 var_70 = dword ptr -70h
.text:102243A0 var_6C = dword ptr -6Ch
.text:102243A0 var_68 = dword ptr -68h
.text:102243A0 var_64 = dword ptr -64h
.text:102243A0 var_60 = dword ptr -60h
.text:102243A0 var_5C = dword ptr -5Ch
.text:102243A0 var_58 = dword ptr -58h
.text:102243A0 var_54 = dword ptr -54h
.text:102243A0 var_50 = dword ptr -50h
.text:102243A0 var_4C = dword ptr -4Ch
.text:102243A0 var_48 = dword ptr -48h
.text:102243A0 var_44 = word ptr -44h
.text:102243A0 var_40 = dword ptr -40h
.text:102243A0 var_3C = dword ptr -3Ch
.text:102243A0 var_38 = dword ptr -38h
.text:102243A0 var_34 = byte ptr -34h
.text:102243A0 var_33 = byte ptr -33h
.text:102243A0 var_30 = dword ptr -30h
.text:102243A0 var_2C = dword ptr -2Ch
.text:102243A0 var_28 = dword ptr -28h
.text:102243A0 var_24 = dword ptr -24h
.text:102243A0 var_20 = dword ptr -20h
.text:102243A0 var_1C = dword ptr -1Ch
.text:102243A0 var_18 = byte ptr -18h
.text:102243A0 var_14 = dword ptr -14h
.text:102243A0 var_10 = dword ptr -10h
.text:102243A0 var_C = dword ptr -0Ch
.text:102243A0 var_8 = dword ptr -8
.text:102243A0 arg_0 = dword ptr 4
.text:102243A0 arg_4 = dword ptr 8
.text:102243A0 arg_8 = byte ptr 0Ch
.text:102243A0 arg_C = dword ptr 10h
.text:102243A0
.text:102243A0 81 EC 8C 00 00 00 sub esp, 8Ch
.text:102243A6 0F 57 C0 xorps xmm0, xmm0
.text:102243A9 33 C0 xor eax, eax
.text:102243AB F3 0F 11 44 24 0C movss [esp+8Ch+var_80], xmm0
.text:102243B1 F3 0F 11 44 24 10 movss [esp+8Ch+var_7C], xmm0
.text:102243B7 F3 0F 11 44 24 14 movss [esp+8Ch+var_78], xmm0
.text:102243BD F3 0F 11 44 24 24 movss [esp+8Ch+var_68], xmm0
.text:102243C3 F3 0F 11 44 24 28 movss [esp+8Ch+var_64], xmm0
.text:102243C9 F3 0F 11 44 24 2C movss [esp+8Ch+var_60], xmm0
.text:102243CF F3 0F 11 44 24 3C movss [esp+8Ch+var_50], xmm0
.text:102243D5 F3 0F 11 44 24 40 movss [esp+8Ch+var_4C], xmm0
.text:102243DB F3 0F 11 44 24 5C movss [esp+8Ch+var_30], xmm0
.text:102243E1 F3 0F 11 44 24 60 movss [esp+8Ch+var_2C], xmm0
.text:102243E7 F3 0F 11 44 24 64 movss [esp+8Ch+var_28], xmm0
.text:102243ED F3 0F 11 44 24 68 movss [esp+8Ch+var_24], xmm0
.text:102243F3 F3 0F 11 44 24 6C movss [esp+8Ch+var_20], xmm0
.text:102243F9 F3 0F 11 44 24 70 movss [esp+8Ch+var_1C], xmm0
.text:102243FF F3 0F 11 44 24 7C movss [esp+8Ch+var_10], xmm0
.text:10224405 F3 0F 11 84 24 80 00 00 00 movss [esp+8Ch+var_C], xmm0
.text:1022440E F3 0F 11 84 24 84 00 00 00 movss [esp+8Ch+var_8], xmm0
.text:10224417 89 44 24 30 mov [esp+8Ch+var_5C], eax
.text:1022441B 89 44 24 34 mov [esp+8Ch+var_58], eax
.text:1022441F 89 44 24 44 mov [esp+8Ch+var_48], eax
.text:10224423 66 89 44 24 48 mov [esp+8Ch+var_44], ax
.text:10224428 89 44 24 4C mov [esp+8Ch+var_40], eax
.text:1022442C 89 44 24 50 mov [esp+8Ch+var_3C], eax
.text:10224430 89 44 24 54 mov [esp+8Ch+var_38], eax
.text:10224434 88 44 24 59 mov [esp+8Ch+var_33], al
.text:10224438 88 44 24 74 mov [esp+8Ch+var_18], al
.text:1022443C 89 44 24 78 mov [esp+8Ch+var_14], eax
.text:10224440 8B 84 24 90 00 00 00 mov eax, [esp+8Ch+arg_0]
.text:10224447 F3 0F 10 00 movss xmm0, dword ptr [eax]
.text:1022444B F3 0F 11 04 24 movss [esp+8Ch+var_8C], xmm0
.text:10224450 F3 0F 10 40 04 movss xmm0, dword ptr [eax+4]
.text:10224455 F3 0F 11 44 24 04 movss [esp+8Ch+var_88], xmm0
.text:1022445B F3 0F 10 40 08 movss xmm0, dword ptr [eax+8]
.text:10224460 8B 84 24 94 00 00 00 mov eax, [esp+8Ch+arg_4]
.text:10224467 F3 0F 11 44 24 08 movss [esp+8Ch+var_84], xmm0
.text:1022446D F3 0F 10 00 movss xmm0, dword ptr [eax]
.text:10224471 F3 0F 11 44 24 18 movss [esp+8Ch+var_74], xmm0
.text:10224477 F3 0F 10 40 04 movss xmm0, dword ptr [eax+4]
.text:1022447C F3 0F 11 44 24 1C movss [esp+8Ch+var_70], xmm0
.text:10224482 F3 0F 10 40 08 movss xmm0, dword ptr [eax+8]
.text:10224487 8A 84 24 98 00 00 00 mov al, [esp+8Ch+arg_8]
.text:1022448E 8D 0C 24 lea ecx, [esp+8Ch+var_8C]
.text:10224491 51 push ecx
.text:10224492 F3 0F 11 44 24 24 movss [esp+90h+var_6C], xmm0
.text:10224498 F3 0F 2A 84 24 A0 00 00 00 cvtsi2ss xmm0, [esp+90h+arg_C]
.text:102244A1 68 38 3A 4A 10 push offset aBloodimpact ; "bloodimpact"
.text:102244A6 F3 0F 11 44 24 40 movss [esp+94h+var_54], xmm0
.text:102244AC 88 44 24 60 mov [esp+94h+var_34], al
.text:102244B0 E8 3B D8 01 00 call sub_10241CF0
.text:102244B5 81 C4 94 00 00 00 add esp, 94h
.text:102244BB C3 retn
.text:102244BB sub_102243A0 endp
.text:102244BB
.text:102244BB ; ---------------------------------------------------------------------------

I'm having trouble finding BaseCombatCharacter::Weapon_OwnsThisType.

Any help appreciated!

I'm having trouble finding BaseCombatCharacter::Weapon_OwnsThisType.

Any help appreciated!

You didn't specify what game, so I grabbed this from TF2.
55 8B EC 51 53 8B 5D 08 56 57 89 4D FC 33 FF

I thought I had found it ... turns out I was wrong. I used yours and it worked!

Thanks!

Could someone find the Window sig for EndRound in CS:S


"Games"
{
"cstrike"
{
"Signatures"
{
"EndRound"
{
"library" "server"
"windows" "\x83\xEC\x2A\x53\x8B\x5C\x2A\x2A\x55\x56\x57\ x33\xF6\x8B\xE9\x33\xFF\x83\xFB\x2A\x89"
"linux" "@_ZN12CCSGameRules14TerminateRoundEfi"
}
}
}
}


^Old one before update

Could someone find the Window sig for EndRound in CS:S


"Games"
{
"cstrike"
{
"Signatures"
{
"EndRound"
{
"library" "server"
"windows" "\x83\xEC\x2A\x53\x8B\x5C\x2A\x2A\x55\x56\x57\ x33\xF6\x8B\xE9\x33\xFF\x83\xFB\x2A\x89"
"linux" "@_ZN12CCSGameRules14TerminateRoundEfi"
}
}
}
}


^Old one before update
Terminate Round not end round :P Why do you need it? Its included in sourcemod and if it is for a sourcemod plugin you should use the CS_TerminateRound native.

Could someone find the Window sig for EndRound in CS:S


"Games"
{
"cstrike"
{
"Signatures"
{
"EndRound"
{
"library" "server"
"windows" "\x83\xEC\x2A\x53\x8B\x5C\x2A\x2A\x55\x56\x57\ x33\xF6\x8B\xE9\x33\xFF\x83\xFB\x2A\x89"
"linux" "@_ZN12CCSGameRules14TerminateRoundEfi"
}
}
}
}


^Old one before update

SourceMod is currently using this signature:

"TerminateRound"
{
"library" "server"
"windows" "\x55\x8B\xEC\x83\xEC\x2A\x53\x8B\x2A\x2A\x56\ x57\x33\xFF\x83"
"linux" "@_ZN12CCSGameRules14TerminateRoundEfi"
"mac" "@_ZN12CCSGameRules14TerminateRoundEfi"
}


I assume it's the same function given the Linux address.

For that matter, if you're using this manually in a SourceMod plugin, please start using CS_TerminateRound (http://docs.sourcemod.net/api/index.php?fastload=show&id=966&).

I'm not sure if the cstrike extension has an interface for other extensions, though.

This was for a plugin that was made for me. It ends the round when the timer hits 0.

EDIT:

Thanks for the quick reply.

I'm tring to control CSBot more efficiency.
can someone help to get the CS:S Windows signature for CCSBot::MoveTowardsPosition(Vector const *) ?
Is this possible to control a bot move to a position directly?

CCSBot::MoveTowardsPosition(Vector const&)
Linux: _ZN6CCSBot19MoveTowardsPositionERK6Vector
Windows: \x55\x8B\xEC\x83\xEC\x30\x56\x57\x8B\xF1\x8D\ x2A\x2A\x56\x50\xE8\x2A\x2A\x2A\x2A\x8B

You'll have to try yourself.

Edit: Looks like those bots don't care for what you tell them that way :P I doubt it's possible in sourcepawn.

CCSBot::MoveTowardsPosition(Vector const&)
Linux: _ZN6CCSBot19MoveTowardsPositionERK6Vector
Windows: \x55\x8B\xEC\x83\xEC\x30\x56\x57\x8B\xF1\x8D\ x2A\x2A\x56\x50\xE8\x2A\x2A\x2A\x2A\x8B

You'll have to try yourself.

Thank you very much.

You would probably have to detour it instead and overwrite that vector

You would probably have to detour it instead and overwrite that vector
SDKCall(g_hMoveTowardsPosition, bot, origin);
You are right.I've tested it but the Bot just stuck and keep on jumping.I just don't know how to operate it.

Can I please get the windows and linux sigs for CBaseEntity:Touch and CBaseEntity:StartTouch in CS:S?
I've only been able to find offsets.
The last one for StartTouch I had before the update was:
8B 81 34 01 00 00 83 F8 FF 74 58 8B D0 81 E2 FF
_ZN11CBaseEntity10StartTouchEPS_

they're virtual, so you only need the offsets. why would you want a signature?

they're virtual, so you only need the offsets. why would you want a signature?

or you could write it as a SourceMod plugin and use SDKHooks to hook these things on entities.

TBH, I'm using it for a plugin of my own that hasn't got virtual functions implemented..
I just don't know where else to ask anyone about sig scanning. The folks down at eventscripts forums are still learning how to disassemble the windows binaries.

TBH, I'm using it for a plugin of my own that hasn't got virtual functions implemented..

Well with functions like Touch and StartTouch, which many entities override, only specifically getting the CBaseEntity version isn't likely to yield desired results, which is where virtual hooking/calling (depending on your goal) come into play.

It's for a single func_physbox on a map that has no other physics type entities.
It had been done that way before with the sig I provided above and a call to SPE which was made for eventscripts python.
From what I understand it's probably not the most efficient or compatible way of doing it, but elsewise I'd have to restructure a few things and require extra plugins.
If it's not too much effort for someone to find the sig, I'd like to try that way.

By the way,could i have a request for "void CCSBot::SetBotEnemy(CCSPlayer *pPlayer)" signature.


Linux: _ZN6CCSBot11SetBotEnemyEP9CCSPlayer
Windows: \x55\x8B\xEC\x56\x57\x8B\xF9\x8B\x87\x2A\x2A\ x2A\x2A\x83\xF8\xFF\x74\x2A\x8B\x15\x2A\x2A\x 2A\x2A\x8B\xC8\x81\xE1\xFF\x0F\x00\x00\xC1\xE 1\x04\x8D\x4C\x11\x04\xC1\xE8\x0C\x39\x41\x04 \x75\x2A\x8B\x01\xEB

Linux: _ZN6CCSBot11SetBotEnemyEP9CCSPlayer
Windows: \x55\x8B\xEC\x56\x57\x8B\xF9\x8B\x87\x2A\x2A\ x2A\x2A\x83\xF8\xFF\x74\x2A\x8B\x15\x2A\x2A\x 2A\x2A\x8B\xC8\x81\xE1\xFF\x0F\x00\x00\xC1\xE 1\x04\x8D\x4C\x11\x04\xC1\xE8\x0C\x39\x41\x04 \x75\x2A\x8B\x01\xEB


Thanks for Instantly help.
I am sorry to bother you again.
Another signature request for "CCSBot::Follow(CBasePlayer *)" please.

I'd recommend to test on linux first before asking for windows signatures, Marcos.
There only is a CCSBot::Follow(CCSPlayer *) btw.
; CCSBot::Follow(CCSPlayer *)
.text:005FB050 _ZN6CCSBot6FollowEP9CCSPlayer proc near ; CODE XREF: _ZNK13BotFollowMeme9InterpretEP6CCSBotS1_+33B p
.text:005FB050 ; _ZN6CCSBot22RespondToRadioCommandsEv+3A3p ...
.text:005FB050 push ebp
.text:005FB051 mov ebp, esp
.text:005FB051 _ZN6CCSBot6FollowEP9CCSPlayer endp
and that looks like some stub?

Can someone find this signature for me?

http://mxr.alliedmods.net/hl2sdk-ob-valve/source/game/server/physics_collisionevent.h#89

Thanks.

Can someone find this signature for me?

http://mxr.alliedmods.net/hl2sdk-ob-valve/source/game/server/physics_collisionevent.h#89

Thanks.

In CS:S:

CCollisionEvent::ShouldCollide(IPhysicsObject *, IPhysicsObject *, void *, void *)
Linux: _ZN15CCollisionEvent13ShouldCollideEP14IPhysi csObjectS1_PvS2_
Windows: \x55\x8B\xEC\x83\xEC\x1C\x53\x8B\xD9\x83\x83\ x2A\x2A\x2A\x2A\x01\x8B\x83\x2A\x2A\x2A\x2A\x 56\x8B\x75\x10\x85\xF6\x57

Many thanks for the signature, Peace-Maker!

If you have any spare time on your hands, could you also find this one too (http://mxr.alliedmods.net/hl2sdk-ob-valve/source/game/shared/util_shared.h#73)?

I'm hoping to get something nice made for the community. :D


On a side note, someone should really post a tutorial for dummies on how to find signatures. :twisted:

Many thanks for the signature, Peace-Maker!

If you have any spare time on your hands, could you also find this one too (http://mxr.alliedmods.net/hl2sdk-ob-valve/source/game/shared/util_shared.h#73)?

I'm hoping to get something nice made for the community. :D


On a side note, someone should really post a tutorial for dummies on how to find signatures. :twisted:

You could start with this tutorial by your-name-here. http://forums.eventscripts.com/viewtopic.php?p=376443#p376443
If you just want to test stuff, you should consider testing on linux as it's much faster to get a linux symbol.


Linux: _Z22PassServerEntityFilterPK13IHandleEntityS1 _

Oh wow, I had no idea this thread was still alive. If you have questions about that tutorial, feel free to ask :)

Sigs needed for CS:S update (Windows):

LookupAttachment

SetPlayerName

ChangeName

EndRound

Sigs needed for CS:S update (Windows):

LookupAttachment

SetPlayerName

ChangeName

EndRound

I don't see any broken one there.

Well sm_rename does not seem to be working at all.

Well sm_rename does not seem to be working at all.
It wasn't working in css for quite some time
https://forums.alliedmods.net/showthread.php?p=1771791#post1771791

I did some searching around and even tried to find these myself in CSGO. I had no luck. I'm looking for:
CCSPlayer::SetModelFromClass
CBaseCombatCharacter::Weapon_OwnsThisType
GetFileWeaponInfoFromHandle

EDIT: Nevermind, I think I found them:

CCSPlayer::SetModelFromClass
\x55\x8B\xEC\x51\x53\x56\x8B\xF1\x57\xB9\x2A\ x2A\x2A\x2A\xE8\x2A\x2A\x2A\x2A\x8B

GetFileWeaponInfoFromHandle
\x55\x8B\xEC\x2A\x8B\x2A\x2A\x2A\x3B\x2A\x2A\ x2A\x2A\x2A\x72\x2A\xB8\x2A\x2A\x2A\x2A\x5D\x C3

CBaseCombatCharacter::Weapon_OwnsThisType
\x55\x8B\xEC\x8B\x2A\x2A\x33\xC0\x85\xC9\x74\ x5F\x8D\x64\x2A\x2A\x39
Of course, in CSGO, Weapon_OwnsThisType seems to be hookable, so I'll probably switch this to an offset rather than a sig.

Hi,

I am searching for a Windows signature of CS:GO.
The function is called CCSBotManager::AllocateBotEntity(void)

.text:0026D4E8 CCSBotManager::AllocateBotEntity(void) proc near
.text:0026D4E8 ; DATA XREF: .data.rel.ro:_ZTV13CCSBotManagero
.text:0026D4E8
.text:0026D4E8 var_18 = dword ptr -18h
.text:0026D4E8 var_14 = dword ptr -14h
.text:0026D4E8 var_10 = dword ptr -10h
.text:0026D4E8
.text:0026D4E8 push ebp
.text:0026D4E9 mov ebp, esp
.text:0026D4EB push ebx
.text:0026D4EC sub esp, 14h
.text:0026D4EF call __i686_get_pc_thunk_bx
.text:0026D4F4 add ebx, offset aD_droop ; "d_droop"
.text:0026D4FA mov [esp+18h+var_10], 1
.text:0026D502 mov [esp+18h+var_14], 0FFFFFFFFh
.text:0026D50A lea eax, [ebx-2AA82Eh]
.text:0026D510 mov [esp+18h+var_18], eax
.text:0026D513 call CreateEntityByName(char const*,int,bool)
.text:0026D518 add esp, 14h
.text:0026D51B pop ebx
.text:0026D51C pop ebp
.text:0026D51D retn

Had no success to find it in windows

.text:0026D4E8 CCSBotManager::AllocateBotEntity(void) proc near
.text:0026D4E8 ; DATA XREF: .data.rel.ro:_ZTV13CCSBotManagero


It's virtual... use the vtable and count.

What do you mean with using the vtable and count? How can I get a sig by using a vtable ? *confused*

use offsets to call virtual functions.
Asherkin posted a nice vtable dump (https://forums.alliedmods.net/showthread.php?t=191328) script in the forums.
Probably helpful: How to get vtable offsets (https://forums.alliedmods.net/showthread.php?t=191171)

I already have the offset table. But if I want to hook a function in CCSBotManager i need at least an object of this class. That's why I need the signature of one function, that I am able to hook the others with "this" + offset

What do you mean with using the vtable and count? How can I get a sig by using a vtable ? *confused*


Use ClassInformer to find the start of the vtable
Count down each entry until you find the offset you're looking for (or multiply the offset by 4 and jump)
Double-click the entry to be taken to that function
Create a sig like normal.

Hello all !


What are lastest signatures for DOD player respawn (win and linux) please ?

What are lastest signatures for DOD player respawn (win and linux) please ?CDODPlayer::DODRespawn

_ZN10CDODPlayer10DODRespawnEv
\x56\x8B\xF1\x8B\x06\x8B\x90\x04\x01\x00\x00\ xFF\xD2\x84\xC0\x74\x2A\x80\xBE\x74\x13\x00\x 00\x00

Can someone please post the latest sings for "CSWeaponDrop"

Does any one have the new signature for "RemoveAmmo"?

Does any one have the new signature for "RemoveAmmo"?
Which game?

Can someone please post the latest sings for "CSWeaponDrop"

From files/gamedata/cssdm.games.txt (http://hg.alliedmods.net/cssdm) :


CSGO:
\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x2A\x53\x56\ x8B\x2A\x2A\x32\xDB\x57\x8B\xF9\x85\xF6\x0F\x 84
CSS:
\x55\x8B\xEC\x81\xEC\x2A\x2A\x2A\x2A\x89\x8D\ x2A\x2A\x2A\x2A\xC6\x2A\x2A\x00\x8B\x8D\x2A\x 2A\x2A\x2A\xE8
I double checked, and the sigs seem valid to me.

Which game?

Counter Strike Source

Game: CS:GO
Sig: LookupAttachment (if there is one?)
Platform: Windows (if it matters)

Thank you

I need the Windows Sig for CS:S for:

TerminateRound

Could someone please help me thanks.


EDIT:

Never mind it was in the Sourcemod Gamedata I didn't realize.

Never mind it was in the Sourcemod Gamedata I didn't realize.

Yes, and if you need it for a SourceMod plugin, you should be calling CS_TerminateRound from the cstrike extension instead of manually calling it.

Instead of creating a new thread, I'll request here.

UTIL_BloodImpact in server.dll (windows sig) [l4d2]

So far I've been able to find windows sigs fine but this one just baffles me. No matter how I search for bytes, it seems like the HL2's server.dll and L4D2's server.dll are two completely different things for UTIL_BloodImpact().

Edit: for some reason my IDA was showing the wrong opcodes. After resetting the config and re-searching, I was able to find it fine. Here's the sig if anyone wants it.

\x83\xEC\x60\xD9\xEE\x33\xC0\xD9\x54\x24\x0C\ x89\x44\x24\x30\xD9\x54\x24\x10\x89\x44\x24\x 34\xD9\x54\x24\x14\x89\x44\x24\x44\xD9\x54\x2 4\x24
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I have these three signatures for Linux:

"linux" "@_ZN11CBaseEntity15SetMoveDoneTimeEf"
"linux" "@_ZN11CBaseEntity16SetLocalVelocityERK6Vector"
"linux" "@_ZN11CBaseEntity7AddFlagEi"I am having trouble finding the Windows versions. If anyone would help me out, I would really appreciate it.

Game: Team Fortress 2

SetMoveDoneTime \x55\x8B\xEC\xF3\x0F\x10\x45\x00\x0F\x2F\x05\ x00\x00\x00\x00\x72\x1D xxxxxxx?xxx????xx
SetLocalVelocity \x55\x8B\xEC\x83\xEC\x0C\x56\x57\x8B\x7D\x08\ x8B\x07\x8B\x57\x08 xxxxxxxxxxxxxxxx
AddFlag \x55\x8B\xEC\x51\x53\x56\x8B\xD9\x8B\x83\x00\ x00\x00\x00\x8D\xB3\x00\x00\x00\x00\x57\x8B\x F8\x0B\x7D\x08 xxxxxxxxxx????xx????xxxxxx

SetMoveDoneTime \x55\x8B\xEC\xF3\x0F\x10\x45\x00\x0F\x2F\x05\ x00\x00\x00\x00\x72\x1D xxxxxxx?xxx????xx
SetLocalVelocity \x55\x8B\xEC\x83\xEC\x0C\x56\x57\x8B\x7D\x08\ x8B\x07\x8B\x57\x08 xxxxxxxxxxxxxxxx
AddFlag \x55\x8B\xEC\x51\x53\x56\x8B\xD9\x8B\x83\x00\ x00\x00\x00\x8D\xB3\x00\x00\x00\x00\x57\x8B\x F8\x0B\x7D\x08 xxxxxxxxxx????xx????xxxxxx

Thank you!

Hello i have problem with finding Windows version of those signatures. Any help would be great
Game : Team Fortress 2


"linux" "@_ZN9CTFPlayer18AddPlayerAttributeEP18CEconIt emAttribute"
"linux" "@_ZN9CTFPlayer16AwardAchievementEii"


Thanks

Hello i have problem with finding Windows version of those signatures. Any help would be great
Game : Team Fortress 2


"linux" "@_ZN9CTFPlayer18AddPlayerAttributeEP18CEconIt emAttribute"
"linux" "@_ZN9CTFPlayer16AwardAchievementEii"
Thanks
CTFPlayer::AddPlayerAttribute(CEconItemAttrib ute *)
\x55\x8B\xEC\x8B\x45\x08\x85\xC0\x74\x2A\x50\ x81\xC1\x04\x0A\x00\x00

CTFPlayer::AwardAchievement(int, int)
\x55\x8B\xEC\xA1\x2A\x2A\x2A\x2A\x83\xB8\x48\ x03\x00\x00\x05\x7D\x2A

CTFPlayer::AddPlayerAttribute(CEconItemAttrib ute *)
\x55\x8B\xEC\x8B\x45\x08\x85\xC0\x74\x2A\x50\ x81\xC1\x04\x0A\x00\x00

CTFPlayer::AwardAchievement(int, int)
\x55\x8B\xEC\xA1\x2A\x2A\x2A\x2A\x83\xB8\x48\ x03\x00\x00\x05\x7D\x2A

Thanks i got one more qustion

What am i doing wrong in my code?
It's not working


#include <sourcemod>
#include <sdktools>

new Handle:hGameConf;
new Handle:hGiveAchievement;

public OnPluginStart()
{
hGameConf = LoadGameConfigFile("tf2.achievements_manager");
StartPrepSDKCall(SDKCall_Player);
PrepSDKCall_SetFromConf(hGameConf, SDKConf_Signature, "CTFPlayer::AwardAchievement");
PrepSDKCall_SetReturnInfo(SDKType_CBasePlayer , SDKPass_Pointer);
PrepSDKCall_AddParameter(SDKType_PlainOldData , SDKPass_Plain);
PrepSDKCall_AddParameter(SDKType_String, SDKPass_Plain);
hGiveAchievement = EndPrepSDKCall();

RegConsoleCmd("achievement_debug_mvm", GiveAchievement);
}
public Action:GiveAchievement(client, args)
{
return SDKCall(hGiveAchievement, client, 2306, "Brotherhood of Steel");
}

Thanks i got one more qustion

What am i doing wrong in my code?
It's not working


#include <sourcemod>
#include <sdktools>

new Handle:hGameConf;
new Handle:hGiveAchievement;

public OnPluginStart()
{
hGameConf = LoadGameConfigFile("tf2.achievements_manager");
StartPrepSDKCall(SDKCall_Player);
PrepSDKCall_SetFromConf(hGameConf, SDKConf_Signature, "CTFPlayer::AwardAchievement");
PrepSDKCall_SetReturnInfo(SDKType_CBasePlayer , SDKPass_Pointer);
PrepSDKCall_AddParameter(SDKType_PlainOldData , SDKPass_Plain);
PrepSDKCall_AddParameter(SDKType_String, SDKPass_Plain);
hGiveAchievement = EndPrepSDKCall();

RegConsoleCmd("achievement_debug_mvm", GiveAchievement);
}
public Action:GiveAchievement(client, args)
{
return SDKCall(hGiveAchievement, client, 2306, "Brotherhood of Steel");
}



You're using AddParameter SDKType_PlainOldData and SDKType_String for a function that takes two ints. It should be two plain data type.
You're setting a return type of SDKType_CBasePlayer.
Why are you messing around with the functions for awarding achievements anyway?

You're using AddParameter SDKType_PlainOldData and SDKType_String for a function that takes two ints. It should be two plain data type.
You're setting a return type of SDKType_CBasePlayer.
Why are you messing around with the functions for awarding achievements anyway?



1. & 2. I've changed it. But it's still not working


#include <sourcemod>
#include <sdktools>

new Handle:hGameConf;
new Handle:hGiveAchievement;

public OnPluginStart()
{
hGameConf = LoadGameConfigFile("tf2.achievements_manager");
StartPrepSDKCall(SDKCall_Player);
PrepSDKCall_SetFromConf(hGameConf, SDKConf_Signature, "CTFPlayer::AwardAchievement");
PrepSDKCall_AddParameter(SDKType_PlainOldData , SDKPass_Plain);
PrepSDKCall_AddParameter(SDKType_PlainOldData , SDKPass_Plain);
hGiveAchievement = EndPrepSDKCall();

RegConsoleCmd("achievement_debug_mvm", GiveAchievement);
}
public Action:GiveAchievement(client, args)
{
SDKCall(hGiveAchievement, client, 2306, "Brotherhood of Steel");
}


Can you tell me what i did wrong this time D:

3. I'm trying to remake Mann Vs Machine in normal gamemode for fun. And i've wondered if i could give clients achievements that work in MvM only example for killing 2 tanks fast etc. So i've started test plugin that could make achievements work.

Thanks

3. I'm trying to remake Mann Vs Machine in normal gamemode for fun. And i've wondered if i could give clients achievements that work in MvM only example for killing 2 tanks fast etc. So i've started test plugin that could make achievements work.

Please test your stuff on linux first before requesting windows signatures-.-

Please test your stuff on linux first before requesting windows signatures-.-

Tested it but tested it with normal achievement ids not MvM ones. So thought something screwed up or is diffrent in windows code. It seems like my code works only in MvM :down: on MvM achievements so no luck in MvM Achievements import. Thanks anyway for signature :)

Can you help me out with this one? Linux part I don't really care about. It's the windows part that is more important. Also this is for CSS.

"BloodDrips"
{
"library" "server"
"windows" "\x57\x8B\x7C\x24\x10\x83\xFF\xFF\x0F\x2A\x2A\ x2A\x2A\x2A\x85\xFF\x75"
"linux" "@_Z15UTIL_BloodDripsRK6VectorS1_ii"
}

\x55\x8B\xEC\x57\x8B\x7D\x10\x83\xFF\xFF xxxxxxxxxx

\x55\x8B\xEC\x57\x8B\x7D\x10\x83\xFF\xFF xxxxxxxxxx

Thank you ma good man!

Here is some :bacon!::bacon!: for you!

Could you please find these for hl2dm?
void CGrenadeAR2::GrenadeAR2Touch( CBaseEntity *pOther )
void CCrossbowBolt::BoltTouch( CBaseEntity *pOther )
void CMissile::MissileTouch( CBaseEntity *pOther )
void PlayerPickupObject( CBasePlayer *pPlayer, CBaseEntity *pObject );
P.S.: I failed in compilation of server.dll to get *.pdb file, so i wanted to ask if you can share it?
P.P.S.: Sorry for my bad english.

Windows, Counter-Strike:Go

I need the new TTeamScoreOffset, i got CTTeamScoreOffset.

But since the last update TTeamScoreOffset no longer works.


char* basePtr = reinterpret_cast<char*>(getCSSGameRules());
char* offsetPtr = reinterpret_cast<char*>(this->getAddress("CSSGameRules_CheckWinLimit"));

if(!offsetPtr || !basePtr){
return 0;
}

int valueOffset = *reinterpret_cast<int*>(offsetPtr + this->vfuncOffset("TTeamScoreOffset"));
int* valuePtr = reinterpret_cast<int*>(basePtr + valueOffset);

if(valuePtr){
return *valuePtr;
} else {
return 0;
}


according to http://hg.alliedmods.net/releases/sourcemod-1.5/file/535c0935a4bb/gamedata/sm-cstrike.games/game.csgo.txt

TTeamScoreOffset = 122
CTTeamScoreOffset = 97

97 works fine, but 122 gives me 65535 :/

return (*valuePtr) - 65536;

seems to work :/

Could you please find these for hl2dm?
void CGrenadeAR2::GrenadeAR2Touch( CBaseEntity *pOther )
void CCrossbowBolt::BoltTouch( CBaseEntity *pOther )
void CMissile::MissileTouch( CBaseEntity *pOther )
void PlayerPickupObject( CBasePlayer *pPlayer, CBaseEntity *pObject );
P.S.: I failed in compilation of server.dll to get *.pdb file, so i wanted to ask if you can share it?
P.P.S.: Sorry for my bad english.


What is it that you are looking for?

What is it that you are looking for?
I wanted projectiles to go through teammates, but not through enemies. Really i don't need first three anymore, cause i wrote PassServerEntityFilter Detour and it works fine:). I need PlayerPickupObject for picking up objects like in HL2, cause i don't know how to overwrite virtual functions and CHL2MP_Player :: PickupObject(CBaseEntity*, bool) is empty.

I wanted projectiles to go through teammates, but not through enemies. Really i don't need first three anymore, cause i wrote PassServerEntityFilter Detour and it works fine:). I need PlayerPickupObject for picking up objects like in HL2, cause i don't know how to overwrite virtual functions and CHL2MP_Player :: PickupObject(CBaseEntity*, bool) is empty.

Yah, I don't think I can be much help here.

I need a signature for DoD:S which is similar to CSDropWeapon (DODWeaponDrop?)
Thanks! :mrgreen:

Do you need to hook it or call it? SDKHooks_DropWeapon uses the CDODPlayer::Weapon_Drop offset to call it, don't know if that offset has changed in 3 weeks.

void CGrenadeFrag::CreateEffects(void)
Game - HL2DM

\x55\x8B\xEC\x83\xEC\x08\x53\x56\x57\x8B\xF1\ x6A\x00 xxxxxxxxxxxxx
_ZN12CGrenadeFrag13CreateEffectsEv

\x55\x8B\xEC\x83\xEC\x08\x53\x56\x57\x8B\xF1\ x6A\x00 xxxxxxxxxxxxx
_ZN12CGrenadeFrag13CreateEffectsEv
Thank you too much :3
Compiling extension to check this)
...Oh yeah! Works perfect!

As it goes well, could you please find the same for npc_satchel:3
void CSatchelCharge::CreateEffects(void)

"NET_SendPacket"
{
"linux_symbol" "_Z14NET_SendPacketP11INetChanneliRK8netadr_sP KhiP8bf_writeb"
"sigscan" "55 8B EC B8 ? ? ? ? E8 ? ? ? ? 53 56 8B ? ? 57 8B ? ? ? ? ? ? 57 6A 00"
"win_type" "Direct"
}

The Windows signature (sigscan) was broken in the most recent CSS update. Could anyone please provide a new updated sigscan?

Help will be greatly appreciated.

-Malak

the windows signature (sigscan) was broken in the most recent css update. Could anyone please provide a new updated sigscan?NET_SendPacket: 55 8B EC B8 7C 20 00 00 E8 ? ? ? ? A1 ? ? ? ? 53 56

NET_SendPacket: 55 8B EC B8 7C 20 00 00 E8 ? ? ? ? A1 ? ? ? ? 53 56

Thank you very much!

Good job, Tony!

V952:
\x55\x8B\xEC\x83\xEC\x1C\x56\x8B\xF1\x8B\x06\ x8B\x50\x5C\x57\xFF\xD2\x8B\x06\x8B\x50\x60\x 68\x00\x00\x00\x00\x8B\xCE\xFF\xD2\x8B\x86\x0 0\x00\x00\x00\x8B\x50\x38 xxxxxxxxxxxxxxxxxxxxxxx????xxxxxx????xxx

V952:
\x55\x8B\xEC\x83\xEC\x1C\x56\x8B\xF1\x8B\x06\ x8B\x50\x5C\x57\xFF\xD2\x8B\x06\x8B\x50\x60\x 68\x00\x00\x00\x00\x8B\xCE\xFF\xD2\x8B\x86\x0 0\x00\x00\x00\x8B\x50\x38 xxxxxxxxxxxxxxxxxxxxxxx????xxxxxx????xxx

Thank you very much for your help, you saved my day:)

Hmm... the detour works, but when it's fired, npc_satchel is not spawned O_o
DETOUR_DECL_STATIC0(CSatchelCharge_CreateEffe cts, void)
{
printf("DETOUR_DECL_STATIC0->CSatchelCharge_CreateEffects()\n");
return;
}

I've opened IDA and found this sequence... it's:

void CSatchelCharge::Spawn( void )

not

void CSatchelCharge::CreateEffects( void )

Not sure if i can fix this by myself... i have no experience in ASM... i have no function names either... could you please share a server.pdb if you have one?

I found it!

"CSatchelCharge_CreateEffects"
{
"library" "server"
"windows" "\x56\x8B\xF1\x8B\x86\xA4\x04\x00\x00\x83\xF8\ xFF\x74\x25\x8B\x15\x2A\x2A\x2A\x2A\x8B\xC8\x 81\xE1\xFF\x0F\x00\x00\x03\xC9\x8D\x4C\xCA\x0 4\xC1\xE8\x0C\x39\x41\x04\x75\x09\x83\x39\x00 \x0F\x85\x2A\x2A\x2A\x2A"
}

Can anyone find the windows signature for the following?

"RoundRespawn"
"linux" "@_ZN13CTerrorPlayer12RoundRespawnEv"

Skyy, grab from https://forums.alliedmods.net/showthread.php?p=862618 if you about L4D2, this updated i tested

Strange, that's the signature I was already using.

"GetFileWeaponInfoFromHandle"
{
"linux_symbol" "_Z27GetFileWeaponInfoFromHandlet"
"sigscan" "55 8B EC ? 8B ? ? ? 3B ? ? ? ? ? 72 ? B8 ? ? ? ? 5D C3"
"win_type" "Direct"
}

CSGO's most recent update broke the "GetFileWeaponInfoFromHandle" signature for Windows. Could someone please provide an updated sigscan?

-Malak

"getfileweaponinfofromhandle"
{
"linux_symbol" "_z27getfileweaponinfofromhandlet"
"sigscan" "55 8b ec ? 8b ? ? ? 3b ? ? ? ? ? 72 ? B8 ? ? ? ? 5d c3"
"win_type" "direct"
}csgo's most recent update broke the "getfileweaponinfofromhandle" signature for windows. Could someone please provide an updated sigscan?

-malak

55 8b ec 66 8b 45 08 66 3b 05 ? ? ? ? 72 ? B8 01 00 00 00 84

Peace-Maker, I still get a sig failed when using your code above. Shouldn't there be one more number at the end?

55 8b ec 66 8b 45 08 66 3b 05 ? ? ? ? 72 ? B8 01 00 00 00 84

Thanks Peace-Maker for the signature (appears to work from my console). I was wondering if you or someone else would also be kind enough to get a new Windows sigscan for "NET_SendPacket" on the DOD:S, HL2-DM & TF2 engine(s)?

"NET_SendPacket"
{
"linux_symbol" "_Z14NET_SendPacketP11INetChanneliRK8netadr_sP KhiP8bf_writeb"
"sigscan" "55 8B EC B8 ? ? ? ? E8 ? ? ? ? 53 56 8B ? ? 57 8B ? ? ? ? ? ? 57 6A 00"
"win_type" "Direct"
}

-Malak

Can someone give instructions on how to search for signatures? I tried to use the manual (http://forums.alliedmods.net/showthread.php?t=39566), but it is already outdated... or perhaps my server.dll (hl2mp) incorrect

I'm trying to find a signature for SwitchTeam in server.dll

I got it from a file sourcemod\gamedata\sm-cstrike.games.txt

"windows" "\x55\x8B\xEC\x83\xEC\x2A\x89\x4D\x2A\x8B\x45\ x2A\x50\xE8\x2A\x2A\x2A\x2A\x83\xC4\x04\x85\x C0\x74"
And I can't find it in the recent server.dll. Does it mean that the signature is wrong or am I wrong? I can only find a piece of this signature:
\x55\x8B\xEC\x83\xEC
Can somebody share server.dll and server.pdb, It seems that my hl2mp dll is too old

I'm trying to find a signature for SwitchTeam in server.dll

I got it from a file sourcemod\gamedata\sm-cstrike.games.txt

"windows" "\x55\x8B\xEC\x83\xEC\x2A\x89\x4D\x2A\x8B\x45\ x2A\x50\xE8\x2A\x2A\x2A\x2A\x83\xC4\x04\x85\x C0\x74"And I can't find it in the recent server.dll. Does it mean that the signature is wrong or am I wrong? I can only find a piece of this signature:
\x55\x8B\xEC\x83\xEC Can somebody share server.dll and server.pdb, It seems that my hl2mp dll is too old
\x2A is the wildcard symbol (for whatever reason), meaning that anything could be there in place of it.

I'm trying to find a signature for SwitchTeam in server.dll

I got it from a file sourcemod\gamedata\sm-cstrike.games.txt

"windows" "\x55\x8B\xEC\x83\xEC\x2A\x89\x4D\x2A\x8B\x45\ x2A\x50\xE8\x2A\x2A\x2A\x2A\x83\xC4\x04\x85\x C0\x74"
And I can't find it in the recent server.dll. Does it mean that the signature is wrong or am I wrong? I can only find a piece of this signature:
\x55\x8B\xEC\x83\xEC
Can somebody share server.dll and server.pdb, It seems that my hl2mp dll is too old

It sounds like you are compiling the sdk which doesn't give you the game specific functions.

Heres a very quick break down for sigs.

Go to your mods bin folder and open both the server.dll and server(_srv).so files locate the function in the linux bin, try to find a string in the function or a function that calls the one you want with a string in it (there is other ways but that's the easiest). Search for the string in the windows one (make sure the string is semi unique and isn't used everywhere). After finding the function compare it to the linux one if it looks to be the correct one. Create a sig on the windows bin making sure the sig is unique and wildcarding anything that should be.

It sounds like you are compiling the sdk which doesn't give you the game specific functions.

Heres a very quick break down for sigs.

Go to your mods bin folder and open both the server.dll and server(_srv).so files locate the function in the linux bin, try to find a string in the function or a function that calls the one you want with a string in it (there is other ways but that's the easiest). Search for the string in the windows one (make sure the string is semi unique and isn't used everywhere). After finding the function compare it to the linux one if it looks to be the correct one. Create a sig on the windows bin making sure the sig is unique and wildcarding anything that should be.

I wanted to see if I could learn how to create signatures but I'm currently stuck. Looking at the above "CCSPlayer::SwitchTeam" signature, I used Peace-Maker's "escsig_search.idc" to change: "\x55\x8B\xEC\x83\xEC\x2A\x89\x4D\x2A\x8B\x45\ x2A\x50\xE8\x2A\x2A\x2A\x2A\x83\xC4\x04\x85\x C0\x74"

Into "55 8B EC 83 EC ? 89 4D ? 8B 45 ? 50 E8 ? ? ? ? 83 C4 04 85 C0 74"

Now I understand that 4 bytes needs to be changed into wildcards (\x2A) or masks (?), but what I am not understanding is how other wildcards/masks in the above signature(s) are determined.

//IDA Windows CCSPlayer::SwitchTeam function snippet
.text:10260280 55 push ebp
.text:10260281 8B EC mov ebp, esp
.text:10260283 83 EC 5C sub esp, 5Ch
.text:10260286 89 4D A8 mov [ebp+var_58], ecx
.text:10260289 8B 45 08 mov eax, [ebp+arg_0]

Bytes "55" to the second row "EC" are written into the signature but the following bytes: "5C", "A8" & "O8" are turned into a wildcards/masks. Could someone please explain how these are determined?

Malak, As you can see, "5C", "A8" & "O8" - addresses, which are normally changes when updating the library.
I opened server_srv.so in IDA and found SwitchTeam, but these look absolutely different than the in the server.dll http://s019.radikal.ru/i604/1308/76/10c61d33f3bf.png How can I find the key to get the dll signature?

I opened server_srv.so in IDA and found SwitchTeam, but these look absolutely different than the in the server.dll http://s019.radikal.ru/i604/1308/76/10c61d33f3bf.png How can I find the key to get the dll signature?

Give these tutorials a read:
http://forums.eventscripts.com/viewtopic.php?p=376443#p376443
http://forums.eventscripts.com/viewtopic.php?f=125&t=45240

Now assuming you found your "CCSPlayer::SwitchTeam(int)" function again in the server_srv.so. You need a easy to search string for the Windows binary, I recommend using this string:

"CCSPlayer::SwitchTeam( %d ) - invalid t"

From the first linked tutorial, read on from part 2 section 5 to get an idea of what to do with that string and where I got it.

Malak, As you can see, "5C", "A8" & "O8" - addresses, which are normally changes when updating the library.

Am I to assume that the third byte on each row needs to be changed into a wildcard, or is there a more specific pattern I'm supposed to keep an eye out for? I'll compare some more SM sigs and see.

Edit: I looked at "CCSPlayer::RoundRespawn" and the last two bytes on row 4 & 5 are wildcards. What am I not seeing here?

//IDA Windows CCSPlayer::RoundRespawn function snippet
.text:10265DF0 55 push ebp
.text:10265DF1 8B EC mov ebp, esp
.text:10265DF3 51 push ecx
.text:10265DF4 89 4D FC mov [ebp+var_4], ecx
.text:10265DF7 8B 45 FC mov eax, [ebp+var_4]
.text:10265DFA 8B 10 mov edx, [eax]
.text:10265DFC 8B 4D FC mov ecx, [ebp+var_4]

//RoundRespawn SM signature
\x55\x8B\xEC\x51\x89\x2A\x2A\x8B\x2A\x2A\x8B\ x10\x8B

Give these tutorials a read:
http://forums.eventscripts.com/viewtopic.php?p=376443#p376443
http://forums.eventscripts.com/viewtopic.php?f=125&t=45240

Now assuming you found your "CCSPlayer::SwitchTeam(int)" function again in the server_srv.so. You need a easy to search string for the Windows binary, I recommend using this string:

"CCSPlayer::SwitchTeam( %d ) - invalid t"

From the first linked tutorial, read on from part 2 section 5 to get an idea of what to do with that string and where I got it.



Am I to assume that the third byte on each row needs to be changed into a wildcard, or is there a more specific pattern I'm supposed to keep an eye out for? I'll compare some more SM sigs and see.

Edit: I looked at "CCSPlayer::RoundRespawn" and the last two bytes on row 4 & 5 are wildcards. What am I not seeing here?

//IDA Windows CCSPlayer::RoundRespawn function snippet
.text:10265DF0 55 push ebp
.text:10265DF1 8B EC mov ebp, esp
.text:10265DF3 51 push ecx
.text:10265DF4 89 4D FC mov [ebp+var_4], ecx
.text:10265DF7 8B 45 FC mov eax, [ebp+var_4]
.text:10265DFA 8B 10 mov edx, [eax]
.text:10265DFC 8B 4D FC mov ecx, [ebp+var_4]

//RoundRespawn SM signature
\x55\x8B\xEC\x51\x89\x2A\x2A\x8B\x2A\x2A\x8B\ x10\x8B

You wild card things that are likely to change, there is no set pattern.

Can somebody help me to find a css linux/windows signature for "g_Collisions" (with an explanation, if possible)?
Old signature:
"g_Collisions" // "Putting entity to sleep: %s\"
{
"library" "server"
//"windows" "\x55\x8B\xEC\x83\xEC\x10\x83\x3D\x04\xA8\x5C\ x10\x00\x53\x56\x57\x0F\x84\xBB\x02\x00\x00\x 08\x3D\x98\xE1\x56\x10\x00\x0F\x85\xAE\x02\x0 0\x00\xF3" //Old dll
"windows" "\x55\x8B\xEC\x83\xEC\x10\x83\x3D\x2A\x2A\x2A\ x2A\x00"
}

What can I do if I can not find the signature? Are there alternatives?

NET_SendPacket: 55 8B EC B8 7C 20 00 00 E8 ? ? ? ? A1 ? ? ? ? 53 56

Today's CSS update broke the above signature that GoD-Tony kindly provided. Could someone please create a new signature?

Thanks,

-Malak

NET_SendPacket: 55 8B EC B8 7C 20 00 00 E8 ? ? ? ? A1 ? ? ? ? 53 56Today's CSS update broke the above signature that GoD-Tony kindly provided. Could someone please create a new signature?

Thanks,

-Malak

It's now
55 8B EC B8 ? ? ? ? E8 ? ? ? ? A1 ? ? ? ? 53 56 33 F6 89
_Z14NET_SendPacketP11INetChanneliRK8netadr_sP KhiP8bf_writeb

Good job, PM!

Mod: HL2DM
OS: Windows
-Empty server without SourceMod or MetaMod
-There is my C++ plugin

Sometimes I have crashes in vphysics.dll, but I haven't use it in my plugin yet. I have this signature:

0F B7 7A 02 4F 78 53 8B FF 8B 46 0C 8B 48 04 8B 0C B9 8B 11 8B 52 04

I'd love to know function's name that caused crash. If someone has .pdb lib for latest vphysics.dll, could you drop it here?

I'd love to know function's name that caused crash. If someone has .pdb lib for latest vphysics.dll, could you drop it here?
If Valve distributed pdb files with its .dll files, we wouldn't need binary signatures in the first place...

If Valve distributed pdb files with its .dll files, we wouldn't need binary signatures in the first place...

Maybe ask them about doing so :grrr:

Multiple people have asked in the past. They have no interest in releasing them, even stripped versions.

I find it enraging at best that there is so little support from a company that makes a buttload of money because there are people developing mm, sm and plugins for their products.

hello all
requesting tf2 signature windows of this
name: CTFPlayerAnimState::IsItemTestingBot(void)
Linux: _ZN18CTFPlayerAnimState16IsItemTestingBotEv proc near

thankz

hello all
requesting tf2 signature windows of this
name: CTFPlayerAnimState::IsItemTestingBot(void)
Linux: _ZN18CTFPlayerAnimState16IsItemTestingBotEv proc near

thankz

If you're looking for a workaround for attachables, don't bother. Nothing you hook on the server will help you.

If it's not a real wearable that can be inspected by other clients, it's not interesting. (ie: chains of parented models, the sprite method, whatever was posted recently that caused some drama; these are all not interesting).

If it's not a real wearable that can be inspected by other clients, it's not interesting. (ie: chains of parented models, the sprite method, whatever was posted recently that caused some drama; these are all not interesting).

This.
Plus lol @ "SAY WAT NAPALM00", I already have enough ways to do better stuff, I simply don't show it publicly to avoid people like you and Xykon messing up and getting them instapatched.

Well that's not fully truth.
There's something in server_srv.so & server.dll makes client's avoid invisiblity of items
I"m not sure if it works on parenting models but it works on wearables & weapons

If your curious about it:

Pics
http://cloud-4.steampowered.com/ugc/469799292179212978/B748F2AD3F6519F0985293DFE43F11CFEC5DF4FE/
http://cloud-3.steampowered.com/ugc/469799292194752437/A9E41FAA091CA2216E1A424A4E1E7000CEBFEEA6/
http://cloud-2.steampowered.com/ugc/469799292176359233/299FD76B6C42EE42CB7EB43E6B6B68A0267C4C2C/
http://cloud-4.steampowered.com/ugc/469799292179207840/3215EBC1D9F1B5285A571F82A4096F5E95FF6EC0/
http://cloud-2.steampowered.com/ugc/469799292194739563/FAD20382328018A11A40364F037D03BEB6AB9311/


Someday i'il maybe release it when some people here stop overreacting, swearing & hating everyone who try to create something that could make Randomizer, Custom Hats, Be The Zombie etc. plugins better

"GetFileWeaponInfoFromHandle"
{
"linux_symbol" "_Z27GetFileWeaponInfoFromHandlet"
"sigscan" "55 8b ec 66 8b 45 08 66 3b 05 ? ? ? ? 72 ? B8 01 00 00 00 84"
}

CSGO's recent update broke the above sig and I'm having a difficult time creating a working signature.

55 8B EC 56 8B F1 57 8B 7D 08 39 BE 64 02 00 00

This sig should work but it always results in srcds crashing. I believe I have the correct function but if someone more experienced could provide a working sig that points to the correct function, I would be very grateful.

I think that's the right one. I'd expect you'll need more stuff changed for MAP to work on csgo on windows again though.
66 3B 0D ? ? ? ? 72 ? A1

Looking for PassServerEntityFilter signature on windows
Linux: @_Z22PassServerEntityFilterPK13IHandleEntityS 1_

- Thanks

Looking for PassServerEntityFilter signature on windows
Linux: @_Z22PassServerEntityFilterPK13IHandleEntityS 1_

- Thanks

"windows" "\x55\x8B\xEC\x83\xEC\x18\x53\x56\x57\x8B\xF1\ xE8\x2A\x2A\x2A\x2A\x6A\x10"

I'm assuming you wanted this for TF2. I may of looked in the wrong place when creating the sig so don't be surprised if it's wrong, though it is unique.

CS:Source

CPhysHinge::InputSetVelocity(inputdata_t &)
Linux _ZN10CPhysHinge16InputSetVelocityER11inputdat a_t

cs:source

cphyshinge::inputsetvelocity(inputdata_t &)
linux _zn10cphyshinge16inputsetvelocityer11inputdat a_t55 8B EC 83 EC 10 56 8B F1 83 BE 38 03 00 00 00 0F 84 ? ? ? ? 8B 8E 38 03 00 00

Edit: Fixed sig.

Thanks a lot.
Could you tell me what is the clue to look for this signature ?

Searching down CASE-INSENSITIVELY for binary pattern: 55 8B EC 83 EC 14 56 8B F1 83 BE 38 03 00 00 00 0F 84 ?? ?? ?? ?? 8B 8E 38 03 00 00
Search failed.
Command "AskBinaryText" failed
:(

Search failed.
Command "AskBinaryText" failed

:(Oops, mine was outdated. I've updated my post with the correct sig.

Thank you
How did you find this signature?

Same question as kadet
How do you guys find those signatures which are nearly impossible to be found
No strings, no xrefs with strings etc.

Same question as kadet
How do you guys find those signatures which are nearly impossible to be found
No strings, no xrefs with strings etc.I can't go into tutorial-level of detail, but in this case I checked for another function of the same class that did have a string, which was CPhysHinge::InputSetHingeFriction. From there you get an xref to DataMapInit<CPhysHinge>, which only contains two functions: InputSetHingeFriction + the one we're looking for.

It'd be really helpful if someone could get the Windows TF2 signature for TF_IsHolidayActive(int). The Linux signature is _Z18TF_IsHolidayActivei if that helps.

TF_IsHolidayActive(int)

55 8B EC A1 ? ? ? ? 83 78 30 00 74 ? 32 C0

"windows" "\x55\x8B\xEC\xA1\x2A\x2A\x2A\x2A\x83\x78\x30\ x00\x74\x2A\x32\xC0"

Hey could anyone create a signature for "CBaseCombatCharacter_Weapon_OwnsThisType" on CSGO?
linux_symbol "_ZNK20CBaseCombatCharacter19Weapon_OwnsThisTy peEPKci"

I've had no such luck finding the correct vtable in IDA, It seems to be in the middle of nowhere. Any help in creating a working signature would be appreciated.

Thanks!

-Malak101

TF_IsHolidayActive(int)

55 8B EC A1 ? ? ? ? 83 78 30 00 74 ? 32 C0

"windows" "\x55\x8B\xEC\xA1\x2A\x2A\x2A\x2A\x83\x78\x30\ x00\x74\x2A\x32\xC0"


I meant to test this, but I keep getting distracted.

Edit: Tested and verified working. It has now been added to bug 6094 (https://bugs.alliedmods.net/show_bug.cgi?id=6094).

Incidentally, does custom/ gamedata not work? I can't seem to override IsHolidayActive without replacing it in sm-tf2.games.txt.

Edit: No, apparently it doesn't for "single-file gamedata" (https://bugs.alliedmods.net/show_bug.cgi?id=5386).

Hey could anyone create a signature for "CBaseCombatCharacter_Weapon_OwnsThisType" on CSGO?
linux_symbol "_ZNK20CBaseCombatCharacter19Weapon_OwnsThisTy peEPKci"

I've had no such luck finding the correct vtable in IDA, It seems to be in the middle of nowhere. Any help in creating a working signature would be appreciated.

Thanks!

-Malak101

Slight nitpick: Isn't the function name CBaseCombatCharacter::Weapon_OwnsThisType and wouldn't it be in the CBaseCombatCharacter vtable?

Hey could anyone create a signature for "CBaseCombatCharacter_Weapon_OwnsThisType" on CSGO?
linux_symbol "_ZNK20CBaseCombatCharacter19Weapon_OwnsThisTy peEPKci"I've had no such luck finding the correct vtable in IDA, It seems to be in the middle of nowhere. Any help in creating a working signature would be appreciated.

Thanks!

-Malak101

You should just change it to vtable call/hook!
\x55\x8B\xEC\x51\x53\x8B\x5D\x2A\x8B\xC1\x56\ x57\x89\x45\xFC\x33\xFF

TF_IsHolidayActive(int)

55 8B EC A1 ? ? ? ? 83 78 30 00 74 ? 32 C0

"windows" "\x55\x8B\xEC\xA1\x2A\x2A\x2A\x2A\x83\x78\x30\ x00\x74\x2A\x32\xC0"

Thanks again. If you hadn't noticed, this new gamedata was pushed out by the SourceMod gamedata updater a few days ago as part of sm-tf2.games.txt's IsHolidayActive signature.

Today's CSS Update broke the "CBaseCombatCharacter_Weapon_OwnsThisType" signature.
linux_symbol "_ZNK20CBaseCombatCharacter19Weapon_OwnsThisTy peEPKci"

Could someone please create a new signature? It's rather difficult to find in IDA.

Thank you,

-Malak101

Today's CSS Update broke the "CBaseCombatCharacter_Weapon_OwnsThisType" signature.
linux_symbol "_ZNK20CBaseCombatCharacter19Weapon_OwnsThisTy peEPKci"Could someone please create a new signature? It's rather difficult to find in IDA.\x55\x8B\xEC\x51\x53\x8B\x5D\x08\x8B\xC1\ x56\x57\x89\x45\xFC\x33\xFF\x8D\xB0\x20\x07\x 00\x00

\x55\x8B\xEC\x51\x53\x8B\x5D\x08\x8B\xC1\x56\ x57\x89\x45\xFC\x33\xFF\x8D\xB0\x20\x07\x00\x 00

Thank you very much for the new sig and very speedy reply :)

Would love to get some help with the new sig for "_Z14UTIL_TraceLineRK6VectorS1_jPK13IHandleEnt ityiP10CGameTrace"

Being used for "UTIL_TraceLine(Vector const&, Vector const&, unsigned int, IHandleEntity const*, int, CGameTrace *)"

This is the first time i've had to do this and every guide relies on finding a string within the function, which there are none for traceline! Would be great to get a quick run through of how the linux -> windows function was found, so I can do it myself next time

Thanks

SOLVED:

old sig = 53 8B DC 83 EC 08 83 E4 F0 83 C4 04 55 8B 6B 04 89 6C 24 04 8B EC 83 EC 6C 56
new sig = 53 8B DC 83 EC 08 83 E4 F0 83 C4 04 55 8B 6B 04 89 6C 24 04 8B EC 83 EC 6C 8D 4D A0 56 FF 73 0C

You can use the IEngineTrace interface which should've everything you need.
If you still need UTIL_TraceLine, there are maybe references in the interface implementation.
You can also use the linux binary to look for references to find the function you want on Windows.

Can somebody help me to make a full offsets dump for CBaseEntity. I've only managed to dump offsets for 187 functions. But this dump doesn't contains such functions as CBaseEntity:: PrecacheSound and CBaseEntity:: PrecacheScriptSound
Game - tf2

Can somebody help me to make a full offsets dump for CBaseEntity. I've only managed to dump offsets for 187 functions. But this dump doesn't contains such functions as CBaseEntity:: PrecacheSound and CBaseEntity:: PrecacheScriptSound
Game - tf2

Those functions might be existing in signature-form only i guess

Those functions might be existing in signature-form only i guess

You might be right. I took a crack at it but I could only find Linux symbols for both PrecacheSound PrecacheScriptSound. There doesn't seem to be a vtable for either of them.

Can somebody help me to make a full offsets dump for CBaseEntity. I've only managed to dump offsets for 187 functions. But this dump doesn't contains such functions as CBaseEntity:: PrecacheSound and CBaseEntity:: PrecacheScriptSound
Game - tf2


Most of the the sound-related functions for CBaseEntity are static, so they won't show up in the object's vtable.
They're all just wrappers to calls of the same name in either IEngineSound or CSoundEmitterSystem.


SourceMod already has a PrecacheSound that calls the IEngineSound version, so that won't really help you.

PrecacheScriptSound (https://github.com/ValveSoftware/source-sdk-2013/blob/master/mp/src/game/shared/SoundEmitterSystem.cpp#L387) is a wrapper around the ISoundEmitterSystemBase interface's GetSoundIndex/IsValidIndex/InternalGetParametersForSound/GetWaveName and IEngineSound interface's PrecacheSound. If there really was a demand for it, I could probably add it to the SourceMod ReadGameSounds extension, which is the extension for reading sounds from the game_sounds files using ISoundEmitterSystemBase (it's been submitted for inclusion with SourceMod's sdktools).

Having said that, you shouldn't have to manually precache script sounds as the game automatically does it at map start. The only exception that I'm aware of is in TF2, where the mvm_ soundscripts aren't precached on non-MvM maps.

Can someone please make a signature for these?
@_ZN14CBaseAnimating16LookupAttachmentEPKc
@_ZN11CBasePlayer13SetPlayerNameEPKc
@_ZN9CCSPlayer10ChangeNameEPKc

@_ZN14CBaseAnimating16LookupAttachmentEPKc

Edit:

The previous sig I provided is more than likely wrong.


@_ZN11CBasePlayer13SetPlayerNameEPKc
@_ZN9CCSPlayer10ChangeNameEPKc

See this attachment in post: https://forums.alliedmods.net/showpost.php?p=2140100&postcount=70

Looking for a Windows signature for; CBaseClient__SetSteamID

Can you help?


OLD SIGNATURE
"CBaseClient__SetSteamID"
{
"library" "engine"
"linux" "@_ZN11CBaseClient10SetSteamIDERK8CSteamID"
"mac" "@_ZN11CBaseClient10SetSteamIDERK8CSteamID"
"windows" "\x55\x8B\xEC\x8B\x55\x08\x8B\x02\x89\x41\x59\ x8B\x42\x04"
}

Looking for a Windows signature for; CBaseClient__SetSteamID

Can you help?
//CSS
"windows" "\x55\x8B\xEC\x8B\x41\x04\x83\xC1\x04"

When you update "connect.games.txt" with the new sig, the updated text document needs to go in "sourcemod\gamedata\custom" while the original file remains in "sourcemod\gamedata"

I am still getting this error :(

L 05/20/2014 - 12:49:36: [SM] Unable to load extension "connect.ext": Failed to find CBaseClient__SetSteamID function.

I am still getting this error :(

L 05/20/2014 - 12:49:36: [SM] Unable to load extension "connect.ext": Failed to find CBaseClient__SetSteamID function.

You should mention which game you need this signature for ;)

Hey guys, I'm looking for Windows signature for LookupAttachment.
The previous one I had is currently broken after the recent CSS update.

I am still getting this error :(

L 05/20/2014 - 12:49:36: [SM] Unable to load extension "connect.ext": Failed to find CBaseClient__SetSteamID function.

I just assumed it was for CSS *shrug*, specifying what game you need the sig for in future would be helpful. In any case the plugin you need the sig for has been updated: https://forums.alliedmods.net/showpost.php?p=2140257&postcount=300

Hey guys, I'm looking for Windows signature for LookupAttachment.
The previous one I had is currently broken after the recent CSS update.

Game and Linux symbol or plugin where you need the new sig? Unless you provide such information you're unlikely to get the response you want.

Game and Linux symbol or plugin where you need the new sig? Unless you provide such information you're unlikely to get the response you want.

I thought my post was specific enough.
It's cstrike.Signatures.LookupAttachment for Windows.

I thought my post was specific enough.
It's cstrike.Signatures.LookupAttachment for Windows.

That's too vague. Could you post the file you're referring to or at least provide the Linux symbol? There could be well over a dozen references to "LookupAttachment".

Example:

"RoundRespawn"
{
"library" "server"
"windows" "\x55\x8B\xEC\x83\xEC\x08\x56\x8B\xF1\x8B\x0D\ x2A\x2A\x2A\x2A\x57\x8B\x01\xFF\x50\x2A\x83"
"linux" "@_ZN9CCSPlayer12RoundRespawnEv"
}

The Linux symbol works as a reference point for beginning to create a Windows sig.

That's too vague. Could you post the file you're referring to or at least provide the Linux symbol? There could be well over a dozen references to "LookupAttachment".


Ah, that's what you meant. Sorry for unclear posts. This is my first time asking for help on finding a signature.
Here is the one with dated offset for the windows:

"Games"
{
"cstrike"
{
"Signatures"
{
"LookupAttachment"
{
"library" "server"
"linux" "@_ZN14CBaseAnimating16LookupAttachmentEPKc"
"windows" "\x55\x8B\xEC\x56\x8B\xF1\x80\xBE\x2A\x2A\x2A\ x2A\x00\x75\x2A\x83\xBE\x2A\x2A\x2A\x2A\x00\x 75\x2A\xE8\x2A\x2A\x2A\x2A\x85\xC0\x74\x2A\x8 B\xCE\xE8\x2A\x2A\x2A\x2A\x8B\x2A\x2A\x2A\x2A \x2A\x85\xF6\x74\x2A\x83\x2A\x2A\x75\x2A\x33\ xC0"
}
}
}
}

Ah, that's what you meant. Sorry for unclear posts. This is my first time asking for help on finding a signature.
Here is the one with dated offset for the windows:

Give this a go.

//CSS - "LookupAttachment"
"windows" "\x55\x8B\xEC\x83\xEC\x0C\x56\x8B\xF1\x80\xBE\ x2D\x03\x00\x00\x00\x75\x2A\x83\xBE\x4C\x04\x 00\x00\x00\x75\x2A\xE8\x2A\x2A\x2A\x2A\x85\xC 0\x74\x2A\x8B\xCE\xE8\x2A\x2A\x2A\x2A\x8B\x8E \x4C\x04\x00\x00\x85\xC9\x74\x2A\x83\x39\x00\ x75\x2A"

"Games"
{
"cstrike"
{
"Signatures"
{
"LookupAttachment"
{
"library" "server"
"linux" "@_ZN14CBaseAnimating16LookupAttachmentEPKc"
"windows" "\x55\x8B\xEC\x56\x8B\xF1\x80\xBE\x2A\x2A\x2A\ x2A\x00\x75\x2A\x83\xBE\x2A\x2A\x2A\x2A\x00\x 75\x2A\xE8\x2A\x2A\x2A\x2A\x85\xC0\x74\x2A\x8 B\xCE\xE8\x2A\x2A\x2A\x2A\x8B\x2A\x2A\x2A\x2A \x2A\x85\xC0\x74\x2A\x83\x38\x00\x74\x2A\xFF\ x75\x08\x50\xE8\x2A\x2A\x2A\x2A\x83\xC4\x08\x 40"
}
}
}
}

Hey,

I'm looking for signature for PassServerEntityFilter for CS:GO windows.

Thanks in advance,
NT

I'm not 100% sure.

PassServerEntityFilter(IHandleEntity const*, IHandleEntity const*)

\x56\x8B\xF2\x57\x8B\xF9\x85\xF6\x74
Windows code looks intresting, The both IHandleEntity pointers seem to be passed trough ecx and edx(like a __fastcall).

I'm not 100% sure.

PassServerEntityFilter(IHandleEntity const*, IHandleEntity const*)

\x56\x8B\xF2\x57\x8B\xF9\x85\xF6\x74
Windows code looks intresting, The both IHandleEntity pointers seem to be passed trough ecx and edx(like a __fastcall).

Hey,

Thanks for that. However it didn't work. :(

Regards,
NT

What is not working? Try calling the function as a __fastcall on windows.

I'm looking for signatures for:

const QAngle& GetLocalAngles( void ) const; //CBaseEntity
const Vector& GetLocalOrigin( void ) const; //CBaseEntity
I can't find them even in the server_srv.so (tf2)

Btw, I also need to hook these functions for my extension:
SetLocalAngles
SetLocalOrigin
SetLocalVelocity
is there a way to do it without detour/signatures?

I'm looking for signatures for:

const QAngle& GetLocalAngles( void ) const; //CBaseEntity
const Vector& GetLocalOrigin( void ) const; //CBaseEntityYou might be able to use GetEntPropVector (https://sm.alliedmods.net/api/index.php?fastload=show&id=87&) with m_vecOrigin / m_angRotation instead.

How can I use this function in my extension ?

IGameHelpers will point you in the right direction.

Six years later and this thread is still going. WOW :shock:
:)

Can someone please make a signature for this (TF2) ?
VPhysicsInitNormal
The only clue I managed to find:
clue: CItem::Materialize(void) "Item.Materialize" -> CItem::CreateItemVPhysicsObject(void) -> VPhysicsInitNormal
But it gives me this wrong signature:
"VPhysicsInitNormal"
{
"library" "server"
//"windows" "\x55\x8B\xEC\x53\x8B\xD9\x83\x7B\x18\x00\x0F\ x84\xB8\x00\x00\x00\xF6\x83\x14\x01\x00\x00\x 01\x0F\x85\xAB\x00\x00\x00\x8B\x03\x56\xFF\x9 0\x70\x02\x00\x00\xFF\x75\x08\x8D\x8B\x5C\x01 \x00"
"windows" "\x55\x8B\xEC\x53\x8B\xD9\x83\x2A\x2A\x2A\x0F\ x2A\x2A\x2A\x2A\x2A\xF6\x2A\x2A\x2A\x2A\x2A\x 2A\x0F\x2A\x2A\x2A\x2A\x2A\x8B\x03\x56\xFF\x2 A\x2A\x2A\x2A\x2A\xFF\x2A\x2A\x8D\x2A\x2A\x2A \x2A\x2A\xE8"
"linux" "@_ZN11CBaseEntity18VPhysicsInitNormalE11Solid Type_tibP7solid_t"
}

I'm looking for CCSPlayer::FireBullet(...) in CS:GO and this is what I came up with. However, this windows signature isn't working. Since I'm trying to learn how to acquire signatures, can someone confirm if this is correct?

"Games"
{
"cstrike"
{
"Signatures"
{
"FireBullet"
{
"library" "server"
"windows" "\x66\x0F\xC5\xC0\x2A\x66\x25\x2A\x2A\x66\x2D\ x2A\x00\x66\x3D\x2A\x2A\x0F\x87\xE9\x00\x00\x 00\xF2\x0F\x10\x0D\xD8\x64\x79\x10\xF3\x0F\x5 9\xC8"
"linux" "@_ZN9CCSPlayer10FireBulletE6"
}
}
}
}

Can someone please make a signature for this (TF2) ?
VPhysicsInitNormalCBaseEntity::VPhysicsInitNo rmal
\x55\x8B\xEC\x53\x8B\xD9\x83\x7B\x18\x00\x0F\ x84\x2A\x2A\x2A\x2A\xF6\x83\x14\x01\x00\x00\x 01

I'm looking for CCSPlayer::FireBullet(...) in CS:GOCCSPlayer::FireBullet
\x53\x8B\xDC\x83\xEC\x08\x83\xE4\xF0\x83\xC4\ x04\x55\x8B\x6B\x04\x89\x6C\x24\x04\x8B\xEC\x 81\xEC\x2A\x05\x00\x00\x66\x0F\x6E\x43\x24

Thanks for the quick reply. I tried that signature but it doesn't work. I've tested with CCSPlayer::Deafen(...) to ensure my detours are working. I also realize I accidentally put "cstrike" in the game data instead of "csgo", so I'm not sure if you looked up CS:GO or CS:S, but I was actually unable to find that sequence of bytes in the most recent CS:GO binary. I apologize for all this confusion, I'm still trying to figure most of this out myself.

Thanks for the quick reply. I tried that signature but it doesn't work.I edited my post a few minutes before your reply since I forgot to wildcard some bytes. Try it again?

Thanks, much appreciated. I tried your updated sequence of bytes and did find a unique result in my most recent windows binary. The detour did not work however, but I'm fairly certain this is an error in my code. Would you happen to know the return type of CCSPlayer::FireBullet(...)? Is it not void?

EDIT: Here is the error I'm getting...

Run-Time Check Failure #0 - The value of ESP was not properly saved across a function call. This is usually a result of calling a function declared with one calling convention with a function pointer declared with a different calling convention.

Also, how did you go about finding this function? I can find the static FX_FireBullets(...) since it has quite a few unique strings inside it. It should also be the only function calling CCSPlayer::FireBullet(...), correct? I'm unable to find that call even though it should be right before the second "bullets" string found in the function.

For CS:GO on Windows, you're in for an extra bit of hurt for any non-virtual and non-public functions as many of them have been optimized by link-time code generation (LTCG), leading to non-standard calling conventions.

So are you saying that I'll most likely be unable to detour CCSPlayer::FireBullet() on windows? I believe it's a public function, isn't it?

Also, I have successfully detoured FX_FireBullets(...), but it crashes whenever I try to execute the call:

DETOUR_STATIC_CALL(DetourFXFireBullets)(a1, a2, Vector(0, 0, 0), QAngle(0, 0, 0), a5, a6, a7, a8, a9, a10, a11, a12);

Also, if I comment out the DETOUR_STATIC_CALL, it appears as if the original FX_FireBullets(...) is still being called (but the static detour is being called as well because I see the chat text logged by the forward). I was expecting no bullets to be registering when I commented that out, but it seems that the detour still calls the original function.

...since SDKHooks already has a FireBulletsPost hook, couldn't you just look at what it's doing?

SDKHooks is actually hooking the virtual function CBaseEntity::FireBullets(...) using an offset. I'm looking to detour CCSPlayer::FireBullet(...), which is not virtual. I think I may also be able to detour the static function FX_FireBullets(...) since it is the only function that references CCSPlayer::FireBullet(...), but I cannot get either method to work at this time. The FireBullet(...) detour will not work, and the FX_FireBullets(...) static call crashes the server (along with having no call still somehow calling the original function).

SDKHooks is actually hooking the virtual function CBaseEntity::FireBullets(...) using an offset. I'm looking to detour CCSPlayer::FireBullet(...), which is not virtual.
Indeed. Being non-virtual, it was probably affected by LTCG (only applicable right now on CS:GO and Dota 2, only on Windows). This affects the calling convention, often changing the actual count of parameters, passing some through registers instead. You may need to add some inline assembly to your copy of the function.

GetSequenceActivity - CS:S
"PrepSDKCall_SetFromConf(gameConf, SDKConf_Signature, "GetSequenceActivity");"

EzPz

"GetSequenceActivity"
{
"windows" "\x55\x8B\xEC\x83\x7D\x08\xFF\x56\x8B\xF1\x74\ x4E\x80\xBE\x2D\x03"
"linux" "@_ZN14CBaseAnimating19GetSequenceActivityEi"
}

I'm trying to verify if these windows signatures are accurate. can anyone verify? (left 4 dead 2)

"Games"
{
"left4dead2"
{
"Offsets"
{
"oAbility"
{
"windows" "928"
"linux" "948"
}
}

"Signatures"
{
"SetClass"
{
"library" "server"
"windows" "\x55\x8b\xec\x56\x8b\xf1\xe8****\x83\xf8*\x0f \x85****\xa1****\x40\xa3"
"linux" "@_ZN13CTerrorPlayer8SetClassE15ZombieClassTyp e"
}

"CreateAbility"
{
"library" "server"
"windows" "\x55\x8b\xec\x83\xec*\x56\x8b\x75*\x85\xf6\x0 f\x84****\x8b\xce\xe8"
"linux" "@_ZN12CBaseAbility15CreateForPlayerEP13CTerro rPlayer"
}
"RoundRespawn"
{
"library" "server"
"linux" "@_ZN13CTerrorPlayer12RoundRespawnEv"
"windows" "\x56\x8B\xF1\xE8\x2A\x2A\x2A\x2A\xE8\x2A\x2A\ x2A\x2A\x84\xC0\x75"
}
"CSpitterProjectile_Detonate"
{
"library" "server"
"linux" "@_ZN18CSpitterProjectile8DetonateEv"
"windows" "\x81\xEC\x8C\x2A\x2A\x2A\x55\x57\x8B\xE9\xE8\ xB1\x2A\xD6\xFF\x8B\xF8\xF6\x47\x42\x04\x0F\x 85\xC6\x02"
//"windows" "\x81\xEC\x8C\x2A\x2A\x2A\x55\x57\x8B\xE9\xE8\ x61\x09\xD6\xFF\x8B\xF8\xF6\x47\x42\x04\x0F\x 85\xC6\x02"
}
"CTerrorPlayer_OnAdrenalineUsed"
{
"library" "server"
"linux" "@_ZN13CTerrorPlayer16OnAdrenalineUsedEf"
"windows" "\xD9\x44\x24\x04\x56\x8B\xF1\x51\x8D\x8E\x2A\ x32\x2A\x2A\xD9\x1C\x24\xE8\x2A\x2A\xD6\xFF\x 80\xBE"
//"windows" "\xD9\x44\x24\x04\x56\x8B\xF1\x51\x8D\x8E\x84\ x32\x2A\x2A\xD9\x1C\x24\xE8\x3A\x37\xD6\xFF\x 80\xBE"
//"windows" "\xD9\x44\x24\x04\x56\x8B\xF1\x51\x8D\x8E\x84\ x32\x2A\x2A\xD9\x1C\x24\xE8\x8A\x34\xD6\xFF\x 80\xBE"
}
/*
* CTerrorPlayer::OnRevived(void) - used by the game to revive Survivors
*/
"CTerrorPlayer_OnRevived"
{
"library" "server"
"linux" "@_ZN13CTerrorPlayer9OnRevivedEv"
"windows" "\x83\xEC\x38\x53\x55\x56\x8B\xF1\x8B\x06\x8B\ x90\x24\x01\x2A\x2A"
//"windows" "\x83\xEC\x38\x53\x55\x56\x8B\xF1\x8B\x06\x8B\ x90\x2A\x2A\x2A\x2A\x57\xFF\xD2\x84\xC0\x0F\x 84\xF1\x06"
}
"CTerrorPlayer_OnVomitedUpon"
{
"library" "server"
"linux" "@_ZN13CTerrorPlayer13OnVomitedUponEPS_b"
"windows" "\x83\xEC\x2A\x53\x55\x56\x57\x8B\xF1\xE8\x2A\ x2A\x2A\x2A\x84\xC0\x74\x2A\x8B\x06\x8B"
/* 83 EC ? 53 55 56 57 8B F1 E8 ? ? ? ? 84 C0 74 ? 8B 06 8B */
/* OLD 83 EC 00 53 55 56 57 8B F1 E8 00 00 00 00 84 C0 74 00 8B 06 8B */
}
"SetHumanSpec"
{
"library" "server"
"linux" "@_ZN11SurvivorBot17SetHumanSpectatorEP13CTerr orPlayer"
"windows" "\x53\x56\x8B\xF1\x33\xDB\x39*******\x5E\x32\x C0\x5B"
}
"TakeOverBot"
{
"library" "server"
"linux" "@_ZN13CTerrorPlayer11TakeOverBotEb"
"windows" "\x81*****\x53\x55\x56\x8D***\x57\x8B\xF1\x33\ xDB"
}
}
}
}

Can somebody help me to finde the signature of this function:
CBaseAnimating::GetModelPtr(void) for CSS

I only have this clue:
"Achievements disabled: Steam not runnin" top purple text "ecx, ds:g_VProfCurrentProfile" above function
but either it's very old and I can't use it or I just don't understand it

Why would you need it?

It is inlined.

mov eax, [esi+44Ch]
test eax, eax

aka

CStudioHdr *hdr = reinterpret_cast<CStudioHdr*>(pBaseAnimating + 0x44C);
if(hdr && hdr->IsValid())
...
you may have to LockStudioHdr before accessing it(and check what GetModel() returns).

I got this from a old server.dll, offset probably changed.
Find latest offset:
1. search "ERROR: Mapmaker tried to spawn DispatchEffect %s"
2. look for this:

.text:100A5733 E8 08 8C 01 00 call CBaseEntity__GetModel
.text:100A5738 85 C0 test eax, eax
.text:100A573A 74 07 jz short loc_100A5743
.text:100A573C 8B CE mov ecx, esi
.text:100A573E E8 8D D7 FF FF call CBaseEntity__LockStudioHdr
.text:100A5743
.text:100A5743 loc_100A5743:
.text:100A5743 8B 86 4C 04 00 00 mov eax, [esi+44Ch] <-- offset
.text:100A5749 85 C0 test eax, eax
.text:100A574B 0F 84 8E 00 00 00 jz loc_100A57DF
.text:100A5751 83 38 00 cmp dword ptr [eax], 0
.text:100A5754 0F 84 85 00 00 00 jz loc_100A57DF
.text:100A575A 8D 45 08 lea eax, [ebp+arg_0]
.text:100A575D 50 push eax
.text:100A575E 68 58 E7 39 10 push offset aD_3 ; "%d"
.text:100A5763 57 push edi ; char *
.text:100A5764 E8 C4 C5 29 00 call _sscanf
all info you need should be there.

Thank you, it's really inlined.

"linux_symbol" "_Z11UTIL_RemoveP11CBaseEntity"

Would anyone be kind enough to make a win signature for CSGO from the above?

I would do it myself but there's no searchable string near by so I'm stuck.

"linux_symbol" "_ZN9CCSPlayer12RoundRespawnEv"Would anyone be kind enough to make a win signature for CSGO from the above?

I would do it myself but there's no searchable string near by so I'm stuck.
https://github.com/alliedmodders/sourcemod/blob/master/gamedata/sm-cstrike.games/game.csgo.txt#L71

https://github.com/alliedmodders/sourcemod/blob/master/gamedata/sm-cstrike.games/game.csgo.txt#L71

Whoops I accidentally copied the wrong symbol over in my previous post, I meant this one:
"linux_symbol" "_Z11UTIL_RemoveP11CBaseEntity"
I apologies for the mix up.

Whoops I accidentally copied the wrong symbol over in my previous post, I meant this one:
"linux_symbol" "_Z11UTIL_RemoveP11CBaseEntity"I apologies for the mix up.
You don't need a byte signature to call it in CS:S. You can just call RemoveEntity on IServerTools.

https://github.com/alliedmodders/hl2sdk/blob/css/public/toolframework/itoolentity.h#L208

i found a jaredballou's insurgency gamedata (https://github.com/jaredballou/insurgency-sourcemod/blob/master/gamedata/insurgency.games.txt#L44) without windows signatues ._.
i'm looking for "ForceRespawn", "Spawn", "AddMags" signatues for windows

i found a jaredballou's insurgency gamedata (https://github.com/jaredballou/insurgency-sourcemod/blob/master/gamedata/insurgency.games.txt#L44) without windows signatues ._.
i'm looking for "ForceRespawn", "Spawn", "AddMags" signatues for windows

Yeah, try as I might I can't get my head around how to get Windows signatures or offsets. I would LOVE to have someone walk through this with me for 30 minutes, I think if I had some help I could get it done. Anyone know how to do this, and want to help improve Insurgency support?....

If someone has win and linux binaries for insurgency uploaded somewhere, please let me know and I'll go for it.

http://ins.jballou.com/fastdl/bin/ - all the binaries, lmk if you need anything else. Thanks!

Edit: Also, these are the Linux signatures I found which are all working(ish). Hope this helps.
"linux" "@_ZN10CINSPlayer12ForceRespawnEv"
"linux" "@_ZN10CINSPlayer8ResupplyEv"
"linux" "@_ZN10CINSPlayer5SpawnEv"
"linux" "@_ZNK10CINSWeapon12GetPrintNameEv"
"linux" "@_ZN19CINSWeaponMagazines7AddMagsEi"
"linux" "@_ZN19CINSWeaponMagazines10RoundCountEv"
"linux" "@_ZNK12CINSGearBase7GetNameEv"
"linux" "@_ZN10CINSPlayer6DeafenEf"
"linux" "@_ZN10CINSPlayer15ForceChangeTeamEi"
"linux" "@_ZN10CINSPlayer12GetMagazinesEi"
"linux" "@_ZN9CINSRules11InitTheaterEv"
"linux" "@_ZN20CTheaterCoreSettingsC1Ev"
"linux" "@_ZN20CTheaterCoreSettings10InitFromKVEP9KeyV alues"
"linux" "@_ZN16CTheaterDirector17LoadTheaterScriptEPKc b"
"linux" "@_ZN16CTheaterDirector21LoadTheaterAmmoScript EP9KeyValues"
"linux" "@_ZNK27CTheaterPlayerClassTemplate7GetNameEv"
"linux" "@_ZNK29CTheaterPlayerGearDefinitions7GetNameE v"
"linux" "@_ZNK23CTheaterTeamDefinitions11GetTeamNameEi"
"linux" "@_ZNK25CTheaterWeaponDefinitions7GetNameEv"
"linux" "@_ZNK32CTheaterWeaponUpgradeDefinitions7GetNa meEv"
"linux" "@_Z29DumpTheaterEntityFactories_CCv"
"linux" "@_Z15Theater_Load_CCRK8CCommand"
"linux" "@_Z19ValidateTheaterFileP7IConVarPKcf"

Those are a lot. Don't expect me to do all of these.

For anyone else reading this and wanting to help out: I'm starting from the bottom.

Some I flagged with "idk". These don't access any strings directly, so they're not that easy to find. I'd rather get the others first.

"@_ZNK27CTheaterPlayerClassTemplate7GetNameEv" "\xB8\xD8\xA7\x4F\x10\xC3"
"@_ZNK29CTheaterPlayerGearDefinitions7GetName Ev" "\xB8\x80\xA7\x4F\x10\xC3"
"@_ZNK23CTheaterTeamDefinitions11GetTeamNameE i" "idk"
"@_ZNK25CTheaterWeaponDefinitions7GetName Ev" "\xB8\xD0\xA6\x4F\x10\xC3"
"@_ZNK32CTheaterWeaponUpgradeDefinitions7GetN ameEv" "\xB8\x24\xA7\x4F\x10\xC3"
"@_Z29DumpTheaterEntityFactories_CCv" "idk"
"@_Z15Theater_Load_CCRK8CCommand" \x55\x88\xEC\x8B\x4D\x08\x83\xF8\x02\x2A\x2A\ xC7\x45\x08\x2A\x2A\x2A\x2A\x5D\xFF\x2D\x98\x 52\x43\x10"
"@_Z19ValidateTheaterFileP7IConVarPKcf" "\x55\x88\xEC\x81\xEC\x2A\x2A\x2A\x2A\x56\x8B\ x75\x08\x8D\x4D\xF8\x57\x56\xE8\x2A\x2A\x2A\x 2A\x8B\x45\xFC\x8B\x78\x24"

Sorry, I assumed that more function names would be helpful. The only ones I need right now are
"linux" "@_ZN10CINSPlayer12ForceRespawnEv"
"linux" "@_ZN10CINSPlayer8ResupplyEv"
"linux" "@_ZN10CINSPlayer5SpawnEv"
"linux" "@_ZNK10CINSWeapon12GetPrintNameEv"
"linux" "@_ZN10CINSPlayer15ForceChangeTeamEi"

Thanks again, I really appreciate this.

virtual means that function has a vtable entry(you dont need a sig lookup)

CINSPlayer::Spawn

55 8B EC 83 EC 40 53 8B D9 56 80 BB DE 19 00 00 00
SM Format: \x55\x8B\xEC\x83\xEC\x40\x53\x8B\xD9\x56\x80\ xBB\xDE\x19\x00\x00\x00
Size: 17 bytes
CINSPlayer::ForceRespawn (virtual)

56 8B F1 E8 ? ? ? ? 84 C0 74 ? 8B CE E8 ? ? ? ? 85 C0 74 ? 8B 10 8B C8 6A 01
SM Format: \x56\x8B\xF1\xE8\x2A\x2A\x2A\x2A\x84\xC0\x74\ x2A\x8B\xCE\xE8\x2A\x2A\x2A\x2A\x85
\xC0\x74\x2A\x8B\x10\x8B\xC8\x6A\x01
Size: 29 bytes
CINSPlayer::Resupply

55 8b EC 51 56 8B F1 8B 06 8B ? ? ? ? ? FF D0 84 C0 0F 84 ? ? ? ? 80
SM Format: \x55\x8b\xEC\x51\x56\x8B\xF1\x8B\x06\x8B\x2A\ x2A\x2A\x2A\x2A\xFF\xD0\x84\xC0\x0F
\x84\x2A\x2A\x2A\x2A\x80
Size: 26 bytes
CINSWeapon::GetPrintName (virtual)

55 8B EC 83 EC 08 A1 ? ? ? ? 56 8B F1 57 8B 78 14 8B 86 84 05 00 00 89 45 F8 8D 45 F8 50 8D 4F 04 E8 ? ? ? ? 83 F8 FF 74 ? 8D 0C 40 8B 47 08 83 7C C8 14 00
SM Format: \x55\x8B\xEC\x83\xEC\x08\xA1\x2A\x2A\x2A\x2A\ x56\x8B\xF1\x57\x8B\x78\x14\x8B\x86
\x84\x05\x00\x00\x89\x45\xF8\x8D\x45\xF8\x50\ x8D\x4F\x04\xE8\x2A\x2A\x2A\x2A\x83
\xF8\xFF\x74\x2A\x8D\x0C\x40\x8B\x47\x08\x83\ x7C\xC8\x14\x00
Size: 55 bytes(!)
.. you should vfunc call this or try to shorten the sig but there was this TheaterDirector stuff which was in 2 other funcs
CINSPlayer::ForceChangeTeam (virtual)

55 8B EC 51 53 56 8B 75 08 8B DE 57 8B F9
SM Format: \x55\x8B\xEC\x51\x53\x56\x8B\x75\x08\x8B\xDE\ x57\x8B\xF9
Size: 14 bytes
CINSPlayer::Deafen

55 8B EC 83 EC 20 56 8B F1 8B 06 FF 90 6C 06 00 00
SM Format: \x55\x8B\xEC\x83\xEC\x20\x56\x8B\xF1\x8B\x06\ xFF\x90\x6C\x06\x00\x00
Size: 17 bytes
If a sig doesn't work just post and I'll look into it

...

i just tested ForceRespawn sig, it works!
Thanks you for help ._.)