Do I understand right that a virtual function can be found and then called either by an offset or by using a signature? Can these two methods be applied to any function or are there limits for one of the methods? Which way is the best and the easiest?

And how do I find an offset for a function for a certain mod? Is there any plugin that could do that?

Thanks.

http://wiki.alliedmods.net/Signature_Scanning

http://forums.alliedmods.net/showthread.php?t=53893

http://wiki.alliedmods.net/Useful_Signatures_%28Source%29

Thanks for the links.

But what I really mean is how it is possible to find offsets for functions. Such that you can put, like for example in sdktools.games.txt,
"Offsets"
{
"CommitSuicide"
{
"windows" "360"
"linux" "361"
}
}Such offsets are often used in many plugins.
My questions are:
1) are there functions that can be called only via offsets and not sigscanning or vice versa,
or both ways are in principle applicable to the same function;
2) how do I find the function offsets?

Or may be I miss something fundamental?

1) Yes. I think. Well you can only find the offset for some functions. You can probably sig scan these as well if you wanted...

2) Try http://plugins.mfzb.de/offsets/http://plugins.mfzb.de/offsets/

Has text files with the list of offsets for each mod (and all the ent props for each mod)

Hm.. you can by signatures or by offset
offsets are more made for plugins and game play
signatures is basically forcing to call a function within the game

You can find list of offsets here:
http://plugins.mfzb.de/offsets/


EDIT:
Dang, pRED beat me to it

Thank you guys !

You should probably try to use vitual functions hooking if you can. If you can set a players model with a signature and a vfunc, then pick the vfunc.

Signature scanning is like engine hacking basically and are more likely to break on updates than vfuncs.

Shouldn't vfuncs break more easily? I'm not sure how the vtable is arranged, but I think if valve decides to insert another virtual function before the one you want, the offset you used would be defunct. And signatures would be less likely to break unless valve drastically changed the content. example: the teleport function should always contain three unique instructions that involve the new coordinates.

Not so sure about that.

Signature scanning is finding the function by it's place in memory (i think), so if anything with the functions we hook through sigscanning is changed in the engines code, I am pretty sure it could break the signature, in which case someone would have to find the new one.

Sigscanning finds a unique pattern in memory that identifies the function you want to call.
For a signature to change, yes there'd have to be a change in the actual function, whereas vtables could change due to an extra function being added

Sigscanning finds a unique pattern in memory that identifies the function you want to call.
For a signature to change, yes there'd have to be a change in the actual function, whereas vtables could change due to an extra function being added

I see.

P.S. Would valve actually insert a new vfunc above current ones offsetting all of them by 1? Seems pretty stupid to me, just append it to the bottom.

they have the in past