Quote:
Originally Posted by drekes
...
|
Nice try, but that's not totally correct.
When you check if the signature is well referenced one time, you see 2 references.
You need add more bytes.
Also you use "*" wrongly. See below, in blue it's what you should use "*". It should be enough.
Code:
.text:10064C80 56 push esi
.text:10064C81 8B F1 mov esi, ecx
.text:10064C83 57 push edi
.text:10064C84 8B 86 A4 00 00 00 mov eax, [esi+0A4h]
.text:10064C8A 83 F8 02 cmp eax, 2
.text:10064C8D 0F 84 FC 00 00 00 jz loc_10064D8F
.text:10064C93 83 F8 03 cmp eax, 3
.text:10064C96 0F 84 F3 00 00 00 jz loc_10064D8F
.text:10064C9C 8B 44 24 0C mov eax, [esp+8+arg_0]
So, a final signature would be :
[0x56,0x8B,0xF1,0x57,0x8B,0x86,"*","*","*","*" ,0x83,0xF8,"*",0x0F,0x84,"*","*","*","*",0x83 ,0xF8,"*",0x0F,0x84,"*","*","*","*",0x8B]
But like you can see in IDA, you see
CBasePlayer::ButtonUse(CBaseEntity*,CBaseEnti ty*,USE_TYPE,float) is exported (you can see easily because you see all the arguments type), it means there is a symbol name for this function. Click right on the function at left and choose "Edit function". You will see : ?
ButtonUse@CBaseButton@@QAEXPAVCBaseEntity@@0W 4USE_TYPE@@M@Z
About the signature file, you have not written properly the arg type. The 2 first should be
CBaseEntity * (It's written in IDA). About "int", the type is "USE_TYPE" but it's just a tag for an enum and the value passed is anyway an "int", but since "USE_TYPE" is supported, use it.
So, the file should be like :
Code:
{
"name" : "ButtonUse",
"class" : "CBaseButton",
"library" : "mod",
"arguments" :
[
{
"type" : "CBaseEntity *",
"info" : "pActivator"
},
{
"type" : "CBaseEntity *",
"ingo" : "pCaller"
},
{
"type" : "USE_TYPE",
"info" : "useType"
},
{
"type" : "float",
"info" : "value"
}
],
"identifiers":
[
{
"os" : "windows",
"mod" : "cstrike",
"value" : "?ButtonUse@CBaseButton@@QAEXPAVCBaseEntity@@0W4USE_TYPE@@M@Z"
},
{
"os" : "linux",
"mod" : "cstrike",
"value" : "ButtonUse__11CBaseButtonP11CBaseEntityT18USE_TYPEf"
}
]
}
Notive I've added the linux signature. If you release a plugin with a signature file, don't forget to do for linux. You have just to open the .so, editing the function and copy-paste the symbol name.
You are encouraged to make comments if necessary by using the key "info".
Hope you will understand better. Nice to see someone trying to play with orpheu.
__________________