View Single Post
Peace-Maker
SourceMod Plugin Approver
Join Date: Aug 2008
Location: Germany
Old 02-07-2020 , 07:02   Re: Signature Request Thread
Reply With Quote #347

Quote:
Originally Posted by manicogmaing View Post
What are the lastest signatures for these functions in CS:GO?

CCSBot::MoveTowardsPosition(Vector const&)
CCSBot::IncreaseMorale( void )
CCSBot:ecreaseMorale( void )
Most of those functions are inlined or optimized out on windows, so you'd have to emulate their logic yourself if you need windows support. I've tried to outline how to find them below:

CCSBot::MoveTowardsPosition
search for the -0.25 constant in the .rodata section: "00 00 80 BE"
select the function with the two references to that constant.
Code:
linux: \x55\x89\xE5\x57\x56\x53\x81\xEC\x9C\x00\x00\x00\x8B\x5D\x08\x8B\x75\x0C\xF6\x83\xDD\x00\x00\x00\x08\x74\x2A\x89\x1C\x24\xE8\x2A\x2A\x2A\x2A\xF3\x0F\x10\x83\xE4\x01\x00\x00
windows: \x55\x8B\xEC\x83\xE4\xF8\x81\xEC\x98\x00\x00\x00\x56\x8B\xF1\x57\x8B\x86\xD4\x00\x00\x00
CCSBot::IncreaseMorale
String "winner", select function which references that string 3 times (CCSBot::OnRoundEnd), IncreaseMorale is called if player team is equal to winning team. DecreaseMorale is called if the other team won.
Code:
linux: \x55\x89\xE5\x8B\x45\x08\x8B\x90\xC8\x3B\x00\x00\x83\xFA\x02
windows: inlined... morale at CCSBot * + 3822
CCSBot:ecreaseMorale
see above.
Code:
linux: \x55\x89\xE5\x8B\x45\x08\x8B\x90\xC8\x3B\x00\x00\x83\xFA\xFE
windows: inlined too.
Quote:
Originally Posted by manicogmaing View Post
How can I find the signature for CAttributeList::SetValue in the up-to-date server.dll?

I've tried to search for similar strings between the server.so and server.dll and I there are no strings in the nearby functions, so how can I get the up-to-date signature for this function?
CAttributeList::SetValue
Code:
CAttributeList::SetValue
 calls CAttributeList::UpdateManagerCache
  called by CAttributeList::AddAttribute
   xrefs CEconItemAttribute vtable
To find the vtable: Look for the "18CEconItemAttribute" string. xref to typeinfo of CEconItemAttribute class, starts at the offs_* reference above the string reference.
xref to vtable of CEconItemAttribute. find xrefs to vtable address within a mov instruction into [eax] like "mov dword ptr [eax], offset off_E28D60".
That's CAttributeList::AddAttribute, which calls CAttributeList::UpdateManagerCache at the bottom. Check xrefs to UpdateManagerCache, the first one should be CAttributeList::SetValue.
Code:
linux: \x55\x89\xE5\x83\xEC\x28\x89\x5D\xF4\x8B\x5D\x0C\x89\x75\xF8\x8B\x75\x10\x89\x7D\xFC\x8B\x7D\x08\x39\x73\x08
windows: couldn't find it due to UpdateManagerCache being inlined. the function is probably optimized out, since it's never called. thanks LTCG
I got stuck on CAttributeManager::ClearCache in the below chain on windows.
Code:
win: \x56\x8B\xF1\x80\x7E\x20\x00\x0F\x85\x2A\x2A\x2A\x2A
Code:
CAttributeList::SetValue
 calls CAttributeList::UpdateManagerCache -> ??? inlined into some other function.
  calls CAttributeManager::ClearCache
   called by CAttributeContainer::InitializeAttributes
    xref to CAttributeContainer vtable (index win: 4, lin: 5) (use Class Informer plugin to find vtables on windows binary in IDA)
__________________
Peace-Maker is offline