AlliedModders

AlliedModders (https://forums.alliedmods.net/index.php)
-   Scripting Help (https://forums.alliedmods.net/forumdisplay.php?f=11)
-   -   Help on a particular signature (https://forums.alliedmods.net/showthread.php?t=187227)

Misery 06-10-2012 12:07

Help on a particular signature
 
Hi,

I'm trying to hook PF_WriteByte_I(). I've been able to hook successfully PF_MessageBegin_I() and PF_MessageEnd_I(), but I just cannot get WriteByte to work...
ANd here why: it's a relatively short, in fact very short function. It's more a wrapper than anything else, and all the other PF_Write[Type]_I() are based on the same skeleton, so it's hard to make a sig for it, since I end up with many memory refs. My only option was to use a displacement.

I've came to that sig:
Code:


{
        "name" : "PF_WriteByte_I",
        "library" : "engine",
        "arguments" :
        [
                {
                        "type" : "int"
                }
        ],
        "identifiers":
        [
                {
                        "os" : "windows",
                        "value" : [0xC3,0x90,"*","*","*","*","*","*","*","*","*","*","*","*","*","*","*","*",0x55,0x8B,"*",0xA1,"*","*","*","*",0x85,0xC0,0x75,"*",0x68,"*","*","*","*",0xE8,"*","*","*","*","*","*","*",0x8B,"*","*",0x50,0x68,"*","*","*","*",0xE8,"*","*","*","*",0x83,"*","*","*",0xC3],
                        "displacement" : 18
                },
                {
                        "os" : "linux",
                        "value" : "PF_WriteByte_I"
                }
        ]
}

No choice but to use a displacement. STill, the function is not working... each time my hook takes effect (i.e. when the func gets called), the server ends up crashing. Note on Linux it works perfectly, thanks to symbolic data.

I don't really know what I'm doing wrong on the windows part. I've used a 18 bytes displacement so I could make the signature unique. But, absolutely not working.

I'm posting the disasm here too.
As you can see, it just returns the return value of a called func.

Code:

.text:01D6ACAB                                                loc_1D6ACAB:                            ; CODE XREF: sub_1D6AA40+33j
.text:01D6ACAB                                                                                        ; sub_1D6AA40+138j ...
.text:01D6ACAB 5F                                                              pop    edi            ; jumptable 01D6AC4F default case
.text:01D6ACAC 5E                                                              pop    esi
.text:01D6ACAD 5B                                                              pop    ebx
.text:01D6ACAE C3                                                              retn
.text:01D6ACAE                                                sub_1D6AA40    endp
.text:01D6ACAE
.text:01D6ACAE                                                ; ---------------------------------------------------------------------------
.text:01D6ACAF 90                                                              align 10h
.text:01D6ACB0 56 AC D6 01 5C AC D6 01 78 AC D6 01 93 AC D6 01 off_1D6ACB0    dd offset loc_1D6AC56  ; DATA XREF: sub_1D6AA40+20Fr
.text:01D6ACB0                                                                dd offset loc_1D6AC5C  ; jump table for switch statement
.text:01D6ACB0                                                                dd offset loc_1D6AC78
.text:01D6ACB0                                                                dd offset loc_1D6AC93
.text:01D6ACC0
.text:01D6ACC0                                                ; =============== S U B R O U T I N E =======================================
.text:01D6ACC0
.text:01D6ACC0                                                ; Attributes: bp-based frame
.text:01D6ACC0
.text:01D6ACC0                                                sub_1D6ACC0    proc near              ; CODE XREF: sub_1D54F80+141p
.text:01D6ACC0                                                                                        ; sub_1D55150+17Fp
.text:01D6ACC0                                                                                        ; DATA XREF: ...
.text:01D6ACC0
.text:01D6ACC0                                                arg_0          = dword ptr  8
.text:01D6ACC0
.text:01D6ACC0 55                                                              push    ebp
.text:01D6ACC1 8B EC                                                          mov    ebp, esp
.text:01D6ACC3 A1 B4 27 03 02                                                  mov    eax, dword_20327B4
.text:01D6ACC8 85 C0                                                          test    eax, eax
.text:01D6ACCA 75 0D                                                          jnz    short loc_1D6ACD9
.text:01D6ACCC 68 C0 B3 E5 01                                                  push    offset aWrite_byteCall ; "WRITE_BYTE called with no active messag"...
.text:01D6ACD1 E8 4A 14 04 00                                                  call    sub_1DAC120
.text:01D6ACD1                                                ; ---------------------------------------------------------------------------
.text:01D6ACD6 83                                                              db  83h ; â
.text:01D6ACD7 C4                                                              db 0C4h ; -
.text:01D6ACD8 04                                                              db    4
.text:01D6ACD9                                                ; ---------------------------------------------------------------------------
.text:01D6ACD9
.text:01D6ACD9                                                loc_1D6ACD9:                            ; CODE XREF: sub_1D6ACC0+Aj
.text:01D6ACD9 8B 45 08                                                        mov    eax, [ebp+arg_0]
.text:01D6ACDC 50                                                              push    eax
.text:01D6ACDD 68 FC A7 E5 01                                                  push    offset off_1E5A7FC
.text:01D6ACE2 E8 A9 AF FC FF                                                  call    sub_1D35C90
.text:01D6ACE7 83 C4 08                                                        add    esp, 8
.text:01D6ACEA 5D                                                              pop    ebp
.text:01D6ACEB C3                                                              retn
.text:01D6ACEB                                                sub_1D6ACC0    endp
.text:01D6ACEB
.text:01D6ACEB                                                ; ---------------------------------------------------------------------------
.text:01D6ACEC 90 90 90 90                                                    align 10h

Function starts at sub_1D6ACC0().


I was wondering if anyone could help me making it work. Note it's a tricky one... There is something I'm probably missing.

I wasnt sure about the arg type either. I know it's a WriteByte (hence it could be char), but I made an int there... I tried too with char in the sig, but not working better :(

Thanks!

Misery

ConnorMcLeod 06-10-2012 13:03

Re: Help on a particular signature
 
1. What do you want to do ? hook messages sent from plugins ? or what ?

Misery 06-10-2012 13:12

Re: Help on a particular signature
 
Exactly Connor. More specifically to recover certains messages not hookable through register_event(). The best example I have being the TeamInfo sent by cs_set_user_team().

ConnorMcLeod 06-10-2012 13:32

Re: Help on a particular signature
 
Have you tried with offset to see if same crash occurs ?

Arkshine 06-10-2012 13:41

Re: Help on a particular signature
 
Misery, for pfn* functions, you don't need signatures. See the first post of Orpheu module thread.

Misery 06-11-2012 05:14

Re: Help on a particular signature
 
Oh thanks Arkshine, works quite well now ^^

I have a question on the hook, and I thought it's not worth doing another topic with this...
If I hook MessageBegin() and put a variable there to check the message. such as this
Code:

public OnMessageBegin(msg_dest, msg_type, p1, p2)
{
              if (msg_type == g_msgid && dest == 2)
              {
                          bla bla
              }
}

ANd doing the same kind of thing for WriteByte... I was wondering, can it affect directly registry (i mean, on shots)? Aren't messages used to communicate the damages and stuff related to regs?
Not sure on that, I'm asking...

Thanks,
Misery

Arkshine 06-11-2012 05:42

Re: Help on a particular signature
 
Not sure to understand what you're asking (registry?), you're doing only checks, unless you supercede at some point, there is no problem. Your second question is vague, most of game events are related to the HUD on the client and not the internal datas (I mean calculating damage and updating client hud are 2 different things).

Anyway, be more precise/clear and I will try to make a more decent answer.

Misery 06-12-2012 03:45

Re: Help on a particular signature
 
Well, thanks for answering Arkshin. Indeed, I do only checks in the hooks, and only one check per functions. That means if the condition is not met it stops there.

My question was about regs... Have you ever heard people complaining about "regs" on a counter-strike server?

Say Bob shoots on John, and Bob's aim is precisly, undoubtly on John's head, but the shot is not "registered" i.e. John does not get any damage, even if he was supposed to. Some servers have better "registry" than others, depending on the hardware they use...

In a more technical view. Say Misery shoots on Arkshine. Does the data related to bullets fired and angles is sent to the server through messages (i.e. the data needed so the server can calculate the damage)?

I just don't want to affect server performances...

Thanks!

Misery

OvidiuS 06-13-2012 05:12

Re: Help on a particular signature
 
Quote:

Originally Posted by Misery (Post 1727126)
Well, thanks for answering Arkshin. Indeed, I do only checks in the hooks, and only one check per functions. That means if the condition is not met it stops there.

My question was about regs... Have you ever heard people complaining about "regs" on a counter-strike server?

Say Bob shoots on John, and Bob's aim is precisly, undoubtly on John's head, but the shot is not "registered" i.e. John does not get any damage, even if he was supposed to. Some servers have better "registry" than others, depending on the hardware they use...

In a more technical view. Say Misery shoots on Arkshine. Does the data related to bullets fired and angles is sent to the server through messages (i.e. the data needed so the server can calculate the damage)?

I just don't want to affect server performances...

Thanks!

Misery

I'm not sure about tehnical side, but i know that player rates/loss/choke etc.. have effect on this. Player and server settings can lead to interpolation and extrapolation.

Misery 06-14-2012 07:05

Re: Help on a particular signature
 
Well, thanks Ovidius, but, no offense, you don't really answer my question.

I'm asking if hooking pfnMessageBegin and other message functions (assuming I only do checks there, and execute code if needed to) can, in a situation say where multiple players shoot at the same time, it can lead to damage not taken into account i.e. If it can affects regs.
So yeah... I just want to know if messages are used for providing data necessary to damage calculations by the server.

Is this technique (i.e. using Orpheu this way) differs much from AMXX's register_event() hook?

Thanks

Misery


All times are GMT -4. The time now is 06:16.

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.