[CS:GO] CBaseAnimating
 

Hello everyone, i have a problems with find those signatures to the current CS:GO update
I want to use the first one to check the attachments in the player models and apply the costume if it exist or try to find another one,
and second one (is quite more important for me) i need to get the position of attachment (shoot position) on the precache_viewmodel, (Not a real view model of weapon) i already have code with use the attachment of the worldplayermodel position, but it still not quite nice compare to getting the proper shoot position of the custom view model for creating nice beam, i already use one sig for the view model which called (CBaseAnimating::GetSequenceActivity) and it work for precache_viewmodel, so anyone can help me find the two signatures above, and the GetAttachment should work for precached_viewmodel?, The guide which i found on wiki is quite incomprehensible for me, Sorry guyz) Thanks a million. And other question how frequenly i need to update them?

I have already some sig and dont sure abount them, i found one for windows here: https://forums.alliedmods.net/showthread.php?t=306114 and i think is quite new, but i am dont know about the LookupAttachment sig at all, i think they quite old

Re: [CS:GO] CBaseAnimating
 

I'll go through this one and try to explain how I did it, but only because it isn't as straightforward as most functions are with strings where you can directly search for inside the function. One thing that you need to understand however is that there isn't just "a way" to find the functions you're looking for. Think of it as a puzzle where all the function names are gone and you need to use your head to find out where the function you're looking for is. More often than not this is done with strings since they are the easiest to find, but it can also be done in other ways, for example using references to globals or using the vtable.

The easiest way to do this in CS:GO is to find an old binary that has symbols so you can easily find the function. You can find CS:GO binaries with symbols here: https://users.alliedmods.net/~asherk.../csgo_symbols/

In this example I'll use server.so to find the functions, then use the info I get from there to find them in an up-to-date server.dll where I'll get the signature.

So to start you open the server.so file with symbols and then click File->New Instance to open the server.dll simultaneously in another window and wait for the autoanalysis to finish. We'll be working out of server.so from here on and only using server.dll in case we need to check things. Click View->Open Subviews->Names to open the Names window. Do the same to open the Strings window. To keep things clean you can close all windows except for IDA View, Names window and Strings window, they're (usually) all you need.

I'll also be using IDA Pro which has the pseudocode view, but that isn't a must. You can find all the strings and info you need in the assembly view but it might be a bit harder to navigate. To open the pseudocode view, go to the IDA view and press Tab. You can press it again to switch back.

Next, open the Names window and press Ctrl+F to do a search for the function you want. In this case I'll do a search for CBaseAnimating::GetAttachment. This specific function has about 5 different overloads, each with a different set of parameters. Looking at the thread you linked, Pelipoika seems to use the one that takes (char *, Vector &, QAngle &) so double click on that one to go into it. Should look something like this:

https://i.imgur.com/RjQSdiG.png

The first thing you should be looking for is strings so that you can identify the function, but clearly this function doesn't have any so we'll have to find another way to do this. To do this we'll find cross-references to the function and try to find something to go off of from there. Cross-references (or xrefs for short) are places where the function or variable or string are referenced. For example if function X was used in functions Y and Z, the xrefs for X would show me Y and Z. IDA lets you see the xrefs by pressing your 'X' key on a function, variable or string. Finding xrefs is one of the tools you'll use the most in IDA so try to remember it and understand it. Let's try to use it on the CBaseAnimating::GetAttachment function.

https://i.imgur.com/gqbA10V.png

Open the first function and you'll find that there are lots of strings that we can use here. In fact CBaseAnimating::GetAttachment is called with a string "Muzzle".

https://i.imgur.com/4XIHEQ9.png

To make sure this string is unique and can be used to easily find our function, press X on it to see the xrefs. You'll see it is only used twice and both times with the GetAttachment function, so this string should work fine. Let's switch over to server.dll and open the Strings window to do a quick search for "Muzzle".

https://i.imgur.com/I3z0JuR.png

Unfortunately our "Muzzle" doesn't show up. You might think that the top result "muzzle" is the same, but the casing matters and if you look at the xrefs you'll see it's used in a different function. We still have a lot of other xrefs to GetAttachment we can look at so let's look for others in server.so again. After skimming through the list I found that it's used in CBaseServerVehicle::GetPassengerExitPoint (second last function) with the string "vehicle_driver_exit" which has only 1 xref, so it's unique. Once again, switch over to server.dll and do a string search for "vehicle_driver_exit".

https://i.imgur.com/Yuan2U5.png

There's only 1 result, so double click on it to go to it. IDA will take you to the rdata section which looks like this:

https://i.imgur.com/Jwwg1iv.png

To find where the string is used click on aVehicleDriverE and press X. There's only 1 xref, go to it.

https://i.imgur.com/uV4aufK.png

This should look familiar, it's the same CBaseServerVehicle::GetPassengerExitPoint function from server.so but without symbols. For comparison this is what it looks like in server.so with symbols.

https://i.imgur.com/A2scRIu.png

Clearly sub_101A50D0 is CBaseAnimating::GetAttachment. To make things clearer, press N on it to rename it. This will also let you find it easily in the future in case you need it again. Now all you have to do is use the makesig.idc script (replace dtyp with dtype in the script if it fails on IDA 7 for you).

This generates the signature:
\x56\x04\x85\xC0\x74\x2A\x8B\xCF\xE8\x2A\x2A\ x2A\x2A\x8B\x8F\x9C\x04\x00\x00\x85\xC9\x74\x 2A\x83\x39\x00\x74\x2A\x8B\x55\x08

A similar process can be used to find LookupAttachment, try to find it yourself. Hope this helps.

Re: [CS:GO] CBaseAnimating
 

hmmmmm, Thanks a million, so i appreciate that kind of datails in guide, i will try to extract some of sginatures using your guide, if i will have success or not, i will tell here, but i hope i wont have problems with using your great guide!

Re: [CS:GO] CBaseAnimating
 

i am still just had a tiny question about that great guide which use wrote, so i am have diffuculties to see smth like that after i am going to xref of the call, i already understand how to use the sig excrator when i know the string like "Muzzle", i just dont see any of them in the reference, can you tell me more detaily where i should see those kind of strings?

https://forums.alliedmods.net/image-...4551392e706e67

I have smth like that
https://image.ibb.co/jG9Nmo/image.png
https://image.ibb.co/niXxK8/2.png

Re: [CS:GO] CBaseAnimating
 

It isn't a guarantee that you will find functions with strings when you go to the first xref (or any). Try going to the next one if the current one doesn't have any strings. Also if you're on the Pro version of IDA then press Tab to go into pseudocode view, it'll make navigating a lot easier.

Also remember what I mentioned about there not being "a way" to do this, try to get creative and find something you can use to identify the function. Even if it takes you an hour the first time, it'll be 5 minutes the next time. In the end it all comes down to experience.

Re: [CS:GO] CBaseAnimating
 

I install the IDA Pro and preudo code helped a lot, now i see something like that

Just last question, where exectly i should call the IDA makesig script? In the call sub_? section bellow the aVehicleDriverE ?

For example i found that aMuzzle and i try to use script both with dtype/dtyp and IDA just freeze, may be i should use script in different place? What i do wrong? Thanks a million
https://image.ibb.co/m191Yd/2.png

Re: [CS:GO] CBaseAnimating
 

Just open the function you want the signature and then use the script. Not sure about the freezing issue, hasn't happened to me before.

Re: [CS:GO] CBaseAnimating
 

Do i need to select that function to run the script?

Re: [CS:GO] CBaseAnimating
 

You just have to be anywhere in the function, the script will automatically go to the beginning of the function and generate a signature for that.

Re: [CS:GO] CBaseAnimating
 

I just waited for longer and I got the signature. Thanks a lot for help
But if the signature which I need to find won't have a strings, how I should find it?