AlliedModders

AlliedModders (https://forums.alliedmods.net/index.php)
-   Scripting Help (https://forums.alliedmods.net/forumdisplay.php?f=11)
-   -   Orpheu: Problems getting SV_CheckProtocol function (https://forums.alliedmods.net/showthread.php?t=153814)

S34Qu4K3 03-29-2011 17:46

Orpheu: Problems getting SV_CheckProtocol function
 
Hi, I want to make a signature for SV_CheckProtocol, but I have lots of problems, principally, IDA shows me the disambled dll messy, i donīt get something like this:
[IMG]http://img232.**************/img232/3022/orpheuhowtomakesigofbyt.png[/IMG]

Really, I need some help to get started
Iīm following the tut by Arkshine: http://forums.alliedmods.net/showthread.php?t=147998


PD: Iīm disassembling swds.dll

ConnorMcLeod 03-30-2011 00:11

Re: Orpheu: Problems getting SV_CheckProtocol function
 
Why would you need that function ?

Arkshine 03-30-2011 02:20

Re: Orpheu: Problems getting SV_CheckProtocol function
 
For windows, you have to find the function before. There is a tutorial about that.

S34Qu4K3 03-30-2011 05:24

Re: Orpheu: Problems getting SV_CheckProtocol function
 
Quote:

Originally Posted by ConnorMcLeod (Post 1441474)
Why would you need that function ?

I want to KNOW, if is posible to "change" the client protocol. Only I want to know this, I donīt want to allow Non Steam players in my server. And principally, I want to learn the module usage


Quote:

Originally Posted by Arkshine (Post 1441505)
For windows, you have to find the function before. There is a tutorial about that.

Iīve already had it:
PHP Code:

signed int __cdecl sub_1D97BD0(const void *a1signed int a2)
{
  
void *v2// eax@5
  
int v3// eax@5
  
unsigned __int8 v4// zf@5
  
unsigned __int8 v5// sf@5
  
signed int result// eax@7

  
if ( !a1 )
    
sub_1DABC60("SV_CheckProtocol:  Null address\n");
  if ( 
a2 == 48 )
  {
    
result 1;
  }
  else
  {
    if ( 
a2 <= 48 )
    {
      
sub_1D97980(
        
a1,
        
"This server is using a newer protocol ( %i ) than your client ( %i ).  You should check for updates to your client.\n",
        
48,
        
a2);
      
result 0;
    }
    else
    {
      
v3 sub_1D35480((int)off_1E61DD8);
      
v4 v3 == 0;
      
v5 v3 0;
      
v2 off_1E61DD8;
      if ( 
v5 v4 )
        
v2 "(no email address specified)";
      
sub_1D97980(
        
a1,
        
"This server is using an older protocol ( %i ) than your client ( %i ).  If you believe this server is outdated, you can contact the server administrator at %s.\n",
        
48,
        
a2,
        
v2);
      
result 0;
    }
  }
  return 
result;
}
// 1E61DD8: using guessed type void *off_1E61DD8; 

But in I donīt know what HEX values I must get
[IMG]http://img132.**************/img132/2342/idadis.png[/IMG]

Arkshine 03-30-2011 05:38

Re: Orpheu: Problems getting SV_CheckProtocol function
 
So, read carefully the tutorial, it's explained how to configure IDA to show opcode bytes.

S34Qu4K3 03-30-2011 06:39

Re: Orpheu: Problems getting SV_CheckProtocol function
 
Well, Iīve made some tests and I get this:

PHP Code:

{
    
"name"       "SV_CheckProtocol",
    
"library"    "engine",
    
"arguments"  :
    [
        {
            
"type" "dword"
        
},
        {
            
"type" "dword"
        
}
    ],
    
"identifiers":
    [
        {
            
"os"    "windows",
            
"mod"   "cstrike",
            
"value" : [55,0x8B,0xEC,0x56,0x57,0x8B,0x7D,"*",0x85,0xFF,0x75,0x13,0x68,0x88,0x2C,0xE6]
        }
    ]


Iīve put it in configs/orpheu/functions folder and Iīve made a simple plugin:
PHP Code:


#include <amxmodx>
#include <amxmisc>
#include <orpheu>

#define PLUGIN "New Plug-In"
#define VERSION "1.0"
#define AUTHOR "S34Qu4K3"

public plugin_precache()
{    
    
OrpheuRegisterHook(OrpheuGetFunction("SV_CheckProtocol"),"SV_CheckProtocol_function")
}
public 
plugin_init() 
{
    
register_plugin(PLUGINVERSIONAUTHOR)
}
public 
OrpheuHookReturn:SV_CheckProtocol_function()
{
    new 
variable_1[100]   
    new 
variable_2[100]  
    new 
variable_3[100]   
    new 
variable_4[100]  
    
    
read_argv(1,variable_199)
    
read_argv(2,variable_299)
    
read_argv(3,variable_399
    
read_argv(4,variable_499)

    
log_to_file("c_1.log"variable_1)
    
log_to_file("c_2.log"variable_2)
    
log_to_file("c_3.log"variable_3)
    
log_to_file("c_4.log"variable_4)
    
    
server_print("Acepted")

    
    


But it seems that not work
Server console:

PHP Code:



    Parsing functions started
.
        
Parsing file "EndRoundMessage" started
                
Function is updated
        Parsing file 
"EndRoundMessage" ended
        Parsing file 
"InstallGameRules" started
                
Function is updated
        Parsing file 
"InstallGameRules" ended
        Parsing file 
"SV_ConnectClient" started
                
Function is updated
        Parsing file 
"SV_ConnectClient" ended
        Parsing folder 
"CHalfLifeMultiplay" started
            Parsing file 
"CheckWinConditions" started
                
Function is updated
            Parsing file 
"CheckWinConditions" ended
            Parsing file 
"UpdateTeamScores" started
                
Function is updated
            Parsing file 
"UpdateTeamScores" ended
        Parsing folder 
"CHalfLifeMultiplay" ended
    Parsing functions ended


It seems that Orpheu doesnīt load my signature, any message error apears

Arkshine 03-30-2011 06:53

Re: Orpheu: Problems getting SV_CheckProtocol function
 
[55 -> [0x55

Weird you have missed that.

S34Qu4K3 03-30-2011 07:12

Re: Orpheu: Problems getting SV_CheckProtocol function
 
Thanks, at least, the console show somethin:

PHP Code:

        Parsing file "SV_CheckProtocol" started
                Argument has invalid type 
"dword"
                
FAILED 

I will change dword to int

EDIT: Works, but no works

PHP Code:

        Parsing file "SV_CheckProtocol" started
                Argument type 
"int" validated
                Argument type 
"int" validated
                Searching 
for signature "[0x55][0x8b][0xec][0x56][0x57](...)" ... NOT FOUND
        Parsing file 
"SV_CheckProtocol" ended 

The signature is bad

Arkshine, in your tutorial you have something like this
PHP Code:

51                     push    ecx                  // no memory reference.
 
&#9492;────── Opcode ────────┴───────┘                   // 51
      
(fixed form)
      
56                     push    esi                  // no memory reference.
 
&#9492;────── Opcode ────────┴───────┘                   // 51 56
      
(fixed form)
      
8B F1                  mov     esiecx             // no memory reference.
 
&#9492;──┼───── Opcode ──────┘       │    │              // 51 56 8B F1
    
&#9492;───── ModR/M ──────────────┴────┘

8B 86 00 01 00 00      mov     eax, [esi+100h]      // 100h is an offset. It may change.  
 
&#9492;──┼──┼── Opcode ──────┘       │     │   │         // 51 56 8B F1 8B 86 ? ? ? ?
    
&#9492;──┼── ModR/M ──────────────┴─────┘   │
       
&#9492;── Displacement ──────────────────┘
83 F8 01               cmp     eax1               // no memory reference, but an hardcoded value. It may change by a plugin or something.
 
&#9492;──┼──┼── Opcode ──────┘       │   │               // 51 56 8B F1 8B 86 ? ? ? ? 83 F8 ?
    
&#9492;──┼── ModR/M ──────────────┘   │
       
&#9492;── Immediate ───────────────┘
 
89 44 24 04            mov     [esp+8+var_4], eax   // When you click right on it, you see 8+var_4 is equal to 4, a relative offset.
 
&#9492;──┼──┼──┼─ Opcode ────┘        │  │   │      │    // Anyway, it may change. I've notived also the SIB is generally different on cz.
    
&#9492;──┼──┼─ ModR/M ─────────────┼──┼───┼──────┘    // 51 56 8B F1 8B 86 ? ? ? ? 83 F8 ? 89 44 ? ? 
       
&#9492;──┼─ SIB ────────────────┘  │   │
          
&#9492;─ Displacement ──────────┴───┘ 

I donīt have things like ecx or eax
I have:

HEX Value (first 16 bytes)
PHP Code:

55 8B EC 56 57 8B 7D 08  85 FF 75 13 68 88 2C E6 

In Function:
PHP Code:

.text:01D97BD0 55                                            push    ebp
.text:01D97BD1 8B EC                                         mov     ebpesp
.text:01D97BD3 56                                            push    esi
.text:01D97BD4 57                                            push    edi
.text:01D97BD5 8B 7D 08                                      mov     edi, [ebp+arg_0]
.
text:01D97BD8 85 FF                                         test    ediedi
.text:01D97BDA 75 13                                         jnz     short loc_1D97BEF
.text:01D97BDC 68 88 2C E6 01                                push    offset aSv_checkprotoc "SV_CheckProtocol:  Null address\n"
.text:01D97BE1 E8 7A 40 01 00                                call    sub_1DABC60
.text:01D97BE6 83 C4 04                                      add     esp4
.text:01D97BE9 33 C0                                         xor     eaxeax
.text:01D97BEB 5F                                            pop     edi
.text:01D97BEC 5E                                            pop     esi
.text:01D97BED 5D                                            pop     ebp
.text:01D97BEE C3                                            retn 


I think Iīve made this part bad:
PHP Code:

text:01D97BDA 75 13                                         jnz     short loc_1D97BEF
.text:01D97BDC 68 88 2C E6 01                                push    offset aSv_checkprotoc 


Arkshine 04-01-2011 05:43

Re: Orpheu: Problems getting SV_CheckProtocol function
 
It should be ok : 55 8B EC 56 57 8B 7D ? 85 FF 75 ? 68 ? ? ? ? E8 ? ? ? ? 83 C4 ? 33 C0 5F 5E 5D C3 8B 75

S34Qu4K3 04-01-2011 10:08

Re: Orpheu: Problems getting SV_CheckProtocol function
 
Still not working:

[0x55,0x8B,0xEC,0x56,0x8B,0x7D,"*",0x85,0xFF,0 x75,"*",0x68,"*","*","*","*",0xE8,"*","*","*" ,"*",0x83,0xC4,"*",0x33,0xC0,0x5F,0x5E,0x5D,0 xC3,0x8B,0x75]

Can you tell met what have you done? Why 33 hex characters?


All times are GMT -4. The time now is 14:32.

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.