Thread: Windows sigscan address finding
View Single Post
Mani
Veteran Member
Mani's Avatar
Join Date: Dec 2004
Location: UK
Old 07-29-2010 , 08:39   Re: Windows sigscan address finding
Reply With Quote #4
Quote:
Originally Posted by Chrisber View Post
Since players get items when they spawn an idea might be to find the sig to GiveNamedItem (which is quiet easy because you can search for strings) and then check references to that function. RoundRespawn should also call GiveNamedItem.
Chris
This is how I tend to find things using IDA Pro, by looking through the linux lib and finding functions that are used within or somewhere around a call to the function I'm interested in that have a low call count. If I can find the equivalent function in the windows lib then it's not too hard to start mapping out the function names. IDA Pro allows you to manually rename unknown functions so it's easier to visualise (especially with the code graphing enabled)

I worked out the following sigs which are all called from the function that calls RoundRespawn.
Code:
// #define CCSGameRules_GiveC4_Sig "81 EC ? ? ? ? 53 55 83 C8 FF 56 57 89 ? ? ? 89 ? ? ? A1 ? ? ? ? 33 ED 33 DB BF 01 00 00 00"
// #define CCSPlayer_CheckTKPunishment "B0 01 38 81 ? ? ? ? 75 ? 8B 15 ? ? ? ? 83 7A ? ? 74 ? 88 81 ? ? ? ? 8B 01 8B 90"
// #define UTIL_PlayerByIndex "8B 44 24 04 56 33 F6 85 C0 7E ? 8B 0D ? ? ? ? 3B 41 ? 7F ? 8B 0D ? ? ? ? 8B 11 50 8B 42"
// #define CCSGameRules_CleanUpMap "83 EC 08 80 B9 ? ? ? ? ? 0F 85 ? ? ? ? 56 6A 00 B9 ? ? ? ? E8 ? ? ? ? 8B F0 85 F6"
// #define CCSPlayer_ObserverRoundRespawn_Sig "56 57 8B F1 E8 ? ? ? ? 80 BE ? ? ? ? ? 8D BE ? ? ? ? 74 ? 57 8B CE E8"
None of these are used within the MAP code but I'm keeping them for reference incase the sig for RoundRespawn breaks again.

Quote:
Originally Posted by Chrisber View Post
@ Mani: I thought MAP uses the gametypes.txt to get signatures. Are they now hardcoded to the files?

Chris
They have always been hardcoded into the source code for historical reasons that are not really valid today.
I would imagine we will get them into the gametypes.txt at some point but it's complicated by the fact that we don't always use sigscans in the same way.

For instance getting at g_pEntityList requires a sigscan for the the function IsThereABomb() and then using an index into that function to derive g_pEntityList.

Another instance is where the function you are after is very short in length. You can either have your sigscan include bytes from the previous function and provide an offset into the signature where the start of the function resides, or have a sigscan that finds a function that calls the function you are interested in and provide an offset into the function for that call.

How we would represent this in gametypes.txt I'm not sure.

Mani
__________________
Installation files, documentation and help can be found at: -

www.mani-admin-plugin.com
Last edited by Mani; 07-29-2010 at 08:52.
Mani is offline