Quote:
Originally Posted by spumer
Hi. I have problem with dumping symbols.
I got crash with `ladder_rambos.ext.so + 0xc09e`
And try to dump this binary manually: nm -nC ladder_rambos.ext.so
But in dump output I can't find function with given offset (0xc09e).
Accelerator: 2.3.3 (i use old sourcemod)
Why offsets can be different?
|
I checked the offset in the new binary according to the IDA offset bar the offset has not changed
unless my brain is not functioning.
Function dump from IDA
Code:
.text:0000C060
.text:0000C060
.text:0000C060 ; _DWORD LadderSafeDrop::Patch(LadderSafeDrop *__hidden this)
.text:0000C060 _ZN14LadderSafeDrop5PatchEv proc near ; CODE XREF: LadderSafeDrop::OnExtensionStateChanged(IConVar *,char const*,float):loc_C2B0↓p
.text:0000C060
.text:0000C060 name = dword ptr -1Ch
.text:0000C060 len = dword ptr -18h
.text:0000C060 prot = dword ptr -14h
.text:0000C060 this = dword ptr 4
.text:0000C060
.text:0000C060 ; __unwind {
.text:0000C060 56 push esi
.text:0000C061 53 push ebx
.text:0000C062 83 EC 14 sub esp, 14h
.text:0000C065 8B 1D E0 25 02 00 mov ebx, ds:_ZL23pCTerrorPlayer_PreThink ; pCTerrorPlayer_PreThink
.text:0000C06B 85 DB test ebx, ebx
.text:0000C06D 74 39 jz short loc_C0A8
.text:0000C06F C7 04 24 1E 00 00 00 mov [esp+1Ch+name], 1Eh ; name
.text:0000C076 8B 35 D0 25 02 00 mov esi, ds:_ZL6offset ; offset
.text:0000C07C E8 4B 7D 01 00 call sysconf
.text:0000C081 C7 44 24 08 07 00 00 00 mov [esp+1Ch+prot], 7 ; prot
.text:0000C089 89 44 24 04 mov [esp+1Ch+len], eax ; len
.text:0000C08D 89 D8 mov eax, ebx
.text:0000C08F 01 F3 add ebx, esi
.text:0000C091 25 00 F0 FF FF and eax, 0FFFFF000h
.text:0000C096 89 04 24 mov [esp+1Ch+name], eax ; addr
.text:0000C099 E8 FE 7C 01 00 call mprotect
.text:0000C09E
.text:0000C09E loc_C09E: ; CODE XREF: LadderSafeDrop::Patch(void)+133↓j
.text:0000C09E C6 03 14 mov byte ptr [ebx], 14h
.text:0000C0A1 83 C4 14 add esp, 14h
.text:0000C0A4 5B pop ebx
.text:0000C0A5 5E pop esi
.text:0000C0A6 C3 retn
.text:0000C0A6 ; ---------------------------------------------------------------------------
.text:0000C0A7 90 align 4
.text:0000C0A8
.text:0000C0A8 loc_C0A8: ; CODE XREF: LadderSafeDrop::Patch(void)+D↑j
.text:0000C0A8 8B 0D E0 24 02 00 mov ecx, ds:g_pGameConf
.text:0000C0AE 8B 11 mov edx, [ecx]
.text:0000C0B0 C7 44 24 08 E0 25 02 00 mov [esp+1Ch+prot], offset _ZL23pCTerrorPlayer_PreThink ; pCTerrorPlayer_PreThink
.text:0000C0B8 C7 44 24 04 30 C3 01 00 mov [esp+1Ch+len], offset aCterrorplayerP ; "CTerrorPlayer::PreThink"
.text:0000C0C0 89 0C 24 mov [esp+1Ch+name], ecx
.text:0000C0C3 FF 52 0C call dword ptr [edx+0Ch]
.text:0000C0C6 84 C0 test al, al
.text:0000C0C8 74 5E jz short loc_C128
.text:0000C0CA 8B 1D E0 25 02 00 mov ebx, ds:_ZL23pCTerrorPlayer_PreThink ; pCTerrorPlayer_PreThink
.text:0000C0D0 85 DB test ebx, ebx
.text:0000C0D2 74 54 jz short loc_C128
.text:0000C0D4 8B 35 E0 24 02 00 mov esi, ds:g_pGameConf
.text:0000C0DA 8B 06 mov eax, [esi]
.text:0000C0DC C7 44 24 08 D0 25 02 00 mov [esp+1Ch+prot], offset _ZL6offset ; offset
.text:0000C0E4 C7 44 24 04 94 C3 01 00 mov [esp+1Ch+len], offset aCterrorplayerP_0 ; "CTerrorPlayer::PreThink__SafeDropLogic"
.text:0000C0EC 89 34 24 mov [esp+1Ch+name], esi
.text:0000C0EF FF 10 call dword ptr [eax]
.text:0000C0F1 84 C0 test al, al
.text:0000C0F3 74 0A jz short loc_C0FF
.text:0000C0F5 8B 1D D0 25 02 00 mov ebx, ds:_ZL6offset ; offset
.text:0000C0FB 85 DB test ebx, ebx
.text:0000C0FD 75 51 jnz short loc_C150
.text:0000C0FF
.text:0000C0FF loc_C0FF: ; CODE XREF: LadderSafeDrop::Patch(void)+93↑j
.text:0000C0FF A1 24 21 02 00 mov eax, ds:g_pSM
.text:0000C104 8B 35 50 21 02 00 mov esi, ds:myself
.text:0000C10A 8B 18 mov ebx, [eax]
.text:0000C10C 89 74 24 04 mov [esp+1Ch+len], esi
.text:0000C110 C7 44 24 08 BC C3 01 00 mov [esp+1Ch+prot], offset aLadderRambosCo_9 ; "Ladder Rambos -- Could not obtain offse"...
.text:0000C118 89 04 24 mov [esp+1Ch+name], eax
.text:0000C11B FF 53 1C call dword ptr [ebx+1Ch]
.text:0000C11E 83 C4 14 add esp, 14h
.text:0000C121 5B pop ebx
.text:0000C122 5E pop esi
.text:0000C123 C3 retn
.text:0000C123 ; ---------------------------------------------------------------------------
.text:0000C124 8D 74 26 00 align 8
.text:0000C128
.text:0000C128 loc_C128: ; CODE XREF: LadderSafeDrop::Patch(void)+68↑j
.text:0000C128 ; LadderSafeDrop::Patch(void)+72↑j
.text:0000C128 A1 24 21 02 00 mov eax, ds:g_pSM
.text:0000C12D 8B 0D 50 21 02 00 mov ecx, ds:myself
.text:0000C133 8B 10 mov edx, [eax]
.text:0000C135 C7 44 24 08 48 C3 01 00 mov [esp+1Ch+prot], offset aLadderRambosCo_10 ; "Ladder Rambos -- Could not obtain signa"...
.text:0000C13D 89 4C 24 04 mov [esp+1Ch+len], ecx
.text:0000C141 89 04 24 mov [esp+1Ch+name], eax
.text:0000C144 FF 52 1C call dword ptr [edx+1Ch]
.text:0000C147 83 C4 14 add esp, 14h
.text:0000C14A 5B pop ebx
.text:0000C14B 5E pop esi
.text:0000C14C C3 retn
.text:0000C14C ; ---------------------------------------------------------------------------
.text:0000C14D 8D 76 00 align 10h
.text:0000C150
.text:0000C150 loc_C150: ; CODE XREF: LadderSafeDrop::Patch(void)+9D↑j
.text:0000C150 C7 04 24 1E 00 00 00 mov [esp+1Ch+name], 1Eh ; name
.text:0000C157 8B 35 E0 25 02 00 mov esi, ds:_ZL23pCTerrorPlayer_PreThink ; pCTerrorPlayer_PreThink
.text:0000C15D E8 6A 7C 01 00 call sysconf
.text:0000C162 C7 44 24 08 07 00 00 00 mov [esp+1Ch+prot], 7 ; prot
.text:0000C16A 89 F1 mov ecx, esi
.text:0000C16C 01 F3 add ebx, esi
.text:0000C16E 81 E1 00 F0 FF FF and ecx, 0FFFFF000h
.text:0000C174 89 0C 24 mov [esp+1Ch+name], ecx ; addr
.text:0000C177 89 44 24 04 mov [esp+1Ch+len], eax ; len
.text:0000C17B E8 1C 7C 01 00 call mprotect
.text:0000C180 0F B6 13 movzx edx, byte ptr [ebx]
.text:0000C183 C7 05 C4 25 02 00 01 00 00 00 mov ds:dword_225C4, 1
.text:0000C18D 88 15 B0 25 02 00 mov ds:_ZL30pCTerrorPlayer_PreThinkRestore, dl ; pCTerrorPlayer_PreThinkRestore
.text:0000C193 E9 06 FF FF FF jmp loc_C09E
.text:0000C193 ; } // starts at C060
.text:0000C193 _ZN14LadderSafeDrop5PatchEv endp
.text:0000C193
.text:0000C193 ; ---------------------------------------------------------------------------
Point of crash in IDA by the look of it.
Code:
.text:0000C150 C7 04 24 1E 00 00 00 mov [esp+1Ch+name], 1Eh ; name
.text:0000C157 8B 35 E0 25 02 00 mov esi, ds:_ZL23pCTerrorPlayer_PreThink ; pCTerrorPlayer_PreThink
.text:0000C15D E8 6A 7C 01 00 call sysconf
.text:0000C162 C7 44 24 08 07 00 00 00 mov [esp+1Ch+prot], 7 ; prot
.text:0000C16A 89 F1 mov ecx, esi
.text:0000C16C 01 F3 add ebx, esi
.text:0000C16E 81 E1 00 F0 FF FF and ecx, 0FFFFF000h
.text:0000C174 89 0C 24 mov [esp+1Ch+name], ecx ; addr
.text:0000C177 89 44 24 04 mov [esp+1Ch+len], eax ; len
.text:0000C17B E8 1C 7C 01 00 call mprotect
.text:0000C180 0F B6 13 movzx edx, byte ptr [ebx]
.text:0000C183 C7 05 C4 25 02 00 01 00 00 00 mov ds:dword_225C4, 1
.text:0000C18D 88 15 B0 25 02 00 mov ds:_ZL30pCTerrorPlayer_PreThinkRestore, dl ; pCTerrorPlayer_PreThinkRestore
.text:0000C193 E9 06 FF FF FF jmp loc_C09E
Throttle crash dump.
Code:
Thread 0 (crashed):
0: ladder_rambos.ext.so!LadderSafeDrop::Patch() + 0x3e
eax: 0x00000000 ebp: 0xffddacd8 ebx: 0xee596117
ecx: 0x00001000 edi: 0x00000002 edx: 0x00000089
efl: 0x00210217 eip: 0xe7f4f09e esi: 0xee595fc0
esp: 0xffddac50
e7f4f08d 89 d8 mov eax, ebx
e7f4f08f 01 f3 add ebx, esi
e7f4f091 25 00 f0 ff ff and eax, 0xfffff000
e7f4f096 89 04 24 mov [esp], eax
e7f4f099 e8 c2 f5 d2 0f call 0xf7c7e660
> e7f4f09e c6 03 14 mov byte [ebx], 0x14
e7f4f0a1 83 c4 14 add esp, 0x14
e7f4f0a4 5b pop ebx
e7f4f0a5 5e pop esi
e7f4f0a6 c3 ret
e7f4f0a7 90 nop
ffddac50 00 50 59 ee 00 10 00 00 07 00 00 00 00 00 00 00 |.PY.............|
ffddac60 31 00 00 00 c0 52 f6 e7 a0 ac dd ff b5 f2 f4 e7 |1....R..........|
Found via instruction pointer in context
I guess it's crashing when applying the patch?
https://github.com/Attano/LadderRamb..._patch.cpp#L80
I'm still rather new to this forgive me for anything wrong.
__________________