AlliedModders

AlliedModders (https://forums.alliedmods.net/index.php)
-   Scripting Help (https://forums.alliedmods.net/forumdisplay.php?f=11)
-   -   Offsets of aCon_Printf (https://forums.alliedmods.net/showthread.php?t=234108)

Leonidddd 01-25-2014 11:15

Offsets of aCon_Printf
 
I've studied this and found one offset by the program IDA.I've never worked before with IDA.
Quote:

// Auto reconstructed from vtable block @ 0x0005947C
// from "orpheu_amxx_i386.so", by ida_vtables.idc
0 aCon_printf
For windows "0"
For linux it will be "general rule is windows offset = linux offset - 1" - "1?"

For linux I took such resaults:
Quote:

// Auto reconstructed from vtable block @ 0x0005947C
// from "orpheu_amxx_i386.so", by ida_vtables.idc
P.S.Using a case: server forwards,which class are they belong in the orpheu?
P.P.S.I want find offsets for
Quote:

UTIL_LogPrintf(char *,...)
(I hope,I didn't miss with that finding)...
P.P.P.S.Sorry for bad English.

Bos93 01-25-2014 12:23

Re: Offsets of aCon_Printf
 
Quote:

I've studied this and found one offset by the program IDA
This [TUT] only for virtual function. UTIL_LogPrintf is not virtual function. You need make signature.

Build 6027:

Linux:

PHP Code:

.text:00128E00 UTIL_LogPrintf(char *, ...)
.
text:00128E00                 public _Z14UTIL_LogPrintfPcz
.text:00128E00 _Z14UTIL_LogPrintfPcz proc near         CODE XREFprintEntities(void)+6Bp
.text:00128E00                                         printEntities(void)+B5p ...
.
text:00128E00
.text:00128E00 s               dword ptr -1Ch
.text:00128E00 format          dword ptr -18h
.text:00128E00 arg             dword ptr -14h
.text:00128E00 arg_0           dword ptr  4
.text:00128E00 arg_4           byte ptr  8
.text:00128E00
.text:00128E00                 sub     esp1Ch
.text:00128E03                 lea     eax, [esp+1Ch+arg_4]
.
text:00128E07                 mov     [esp+1Ch+arg], eax arg
.text:00128E0B                 mov     eax, [esp+1Ch+arg_0]
.
text:00128E0F                 mov     [esp+1Ch+s], offset _ZZ14UTIL_LogPrintfPczE6string s
.text:00128E16                 mov     [esp+1Ch+format], eax format
.text:00128E1A                 call    vsprintf
.text:00128E1F                 mov     eaxoffset _ZZ14UTIL_LogPrintfPczE6string UTIL_LogPrintf(char *,...)::string
.text:00128E24                 mov     [esp+1Ch+arg], eax
.text:00128E28                 mov     eax, (offset aSS+5)
.
text:00128E2D                 mov     [esp+1Ch+format], eax
.text:00128E31                 mov     [esp+1Ch+s], 5
.text:00128E38                 call    dword ptr ds:g_engfuncs+0F4h
.text:00128E3E                 add     esp1Ch
.text:00128E41                 retn
.text:00128E41 _Z14UTIL_LogPrintfPcz endp 

Signature: _Z14UTIL_LogPrintfPcz

Windows:

PHP Code:

.text:100C5340 int __cdecl sub_100C5340(char *Formatchar Args)
.
text:100C5340 sub_100C5340    proc near               CODE XREFsub_10003280+383p
.text:100C5340                                         ; .text:100375C4p ...
.
text:100C5340
.text:100C5340 Format          dword ptr  4
.text:100C5340 Args            byte ptr  8
.text:100C5340
.text:100C5340                 mov     ecx, [esp+Format]
.
text:100C5344                 lea     eax, [esp+Args]
.
text:100C5348                 push    eax             Args
.text:100C5349                 push    ecx             Format
.text:100C534A                 push    offset byte_101754C8 Dest
.text:100C534F                 call    _vsprintf
.text:100C5354                 push    offset byte_101754C8
.text:100C5359                 push    offset aS_1     "%s"
.text:100C535E                 push    5
.text:100C5360                 call    dword_10161CB4
.text:100C5366                 add     esp18h
.text:100C5369                 retn
.text:100C5369 sub_100C5340    endp 

Signature: 0x8D,0x44,0x24,0x08,0x50,0x51,0x68,"*","*","* ","*",0xE8,"*","*","*","*",0x68,"*","*","*"," *",0x68,"*","*","*","*",0x6A,0x05,0xFF,0x15," *","*","*","*",0x83,0xC4,0x18,0xC3

Leonidddd 01-25-2014 14:26

Re: Offsets of aCon_Printf
 
Nice,thanks a lot to you(ну ты понял)).Сигнатуры... емае,как людям усложняют жизнь.Ну да ладно,прорвемся=)

Bos93 01-25-2014 14:57

Re: Offsets of aCon_Printf
 
English pls :crab:

Leonidddd 01-25-2014 15:26

Re: Offsets of aCon_Printf
 
You make me happy:D
But I still worry for you avatar :(,but I think I'll get used for it :)

Bos93 01-25-2014 15:57

Re: Offsets of aCon_Printf
 
I'm watching you :twisted:

Leonidddd 01-26-2014 06:10

Re: Offsets of aCon_Printf
 
I found for Linux(easy,nice) and for Windows,but how did you know
PHP Code:

_cdecl sub_100C5340 

,that it's the same as UTIL_LogPrintf?

Bos93 01-26-2014 07:43

Re: Offsets of aCon_Printf
 
yes

Leonidddd 01-26-2014 08:35

Re: Offsets of aCon_Printf
 
Is that right?
PHP Code:

{
    
"name"       "UTIL_LogPrintf",
    
"library"    "mod",
    
"info" "Event is calling,when server is logging something",
    
"arguments"  :
    [
        {
            
"type" "char *"
        
}
    ],
    
"identifiers":
    [
        {
            
"os"    "windows",
            
"mod"   "cstrike",
            
"value" : [0x8D,0x44,0x24,0x08,0x50,0x51,0x68,"*","*","* ","*",0xE8,"*","*","*","*",0x68,"*","*","*"," *",0x68,"*","*","*","*",0x6A,0x05,0xFF,0x15," *","*","*","*",0x83,0xC4,0x18,0xC3]
        },
        {
            
"os"    "linux",
            
"mod"   "cstrike",
            
"value" "_Z14UTIL_LogPrintfPcz"
        
}
    ]



Bos93 01-26-2014 18:35

Re: Offsets of aCon_Printf
 
I think:

PHP Code:

    "arguments" 
    [
        {
            
"type" "char *" 
        
},
        {
            
"type" "char *" 
        
}
    ], 



All times are GMT -4. The time now is 10:15.

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.