[pvtschlag]

You are correct DrMon. It is working fine for me after I realized the stupid mistake I was making when testing it. In the config file with the signatures I had the game set to left4dead and not left4dead2.

I'm betting AtomicStryker made the same mistake.

[AtomicStryker]

I did not. My mistake was another - i didnt check the Handle 0 error line.

Its caused by yet another Signature SDK Call INFRONT of TakeOverBot, SetHumanSpec.

But thank you so much for the working (!!)TakeOverBot Signature. Ill try to figure out SetHumanSpec now.



EDIT:

Okay now .. xD

How do i find a function in the decompiled Windows binary that isn't in the HL2DM binary? In the function after SetHumanSpec, in the Linux binary, theres a function that has a String "everyone is ready" behind it. Now if i find that in the Windows binary and take the function above that one ... it doesnt even look similar. So its elsewhere.

In noobs terms, please. What do i click and why

[AtomicStryker]

Okay im sure that method was very very crude, but i found ANOTHER command in the linux binary that is rare and contained in SetHumanSpec - GoAwayFromKeyBoard(void).

That one i managed to find in the Windows binary, i copied its cryptic Code XREF, and searched for more of its kind in the Windows binary.

After 2 attempts i stumbled upon the correct function, and adress ^^


So, here it is, l4d2switchplayers.txt

Code:

"Games"
{
    "left4dead2"
    {
        "Signatures"
        {
            "TakeOverBot"
            {
                "library"    "server"
                "linux"    "@_ZN13CTerrorPlayer11TakeOverBotEb"
                "windows" "\x81*****\x53\x55\x56\x8D***\x57\x8B\xF1\x33\xDB"
            }
            "SetHumanSpec"
            {
                "library"    "server"
                "linux" "@_ZN11SurvivorBot17SetHumanSpectatorEP13CTerrorPlayer"
                "windows" "\x53\x56\x8B\xF1\x33\xDB\x39*******\x5E\x32\xC0\x5B"
            }
        }
    }
}

I cannot thank all the contributors enough

But by all means tell me what would have been the smart way to do this:

How do i find a function in the decompiled Windows binary that isn't in the HL2DM binary?

[antihacker]

I am not sure if i understood your question, but i would look into the linux files. Select any xref funtion with an string in it, and then search for this string in the windows binary and from there find the function call.

[AtomicStryker]

My question was "what if there is no string to search for"

[antihacker]

Mhm check xrefs of xrefs? What function are you searching?

[AtomicStryker]

PHP Code:

.text:00599240                         ; =============== S U B R O U T I N E =======================================
.text:00599240
.text:00599240
.text:00599240                         ; CTerrorGameRules::GetTeamScore(int, bool)
.text:00599240                         _ZN16CTerrorGameRules12GetTeamScoreEib proc near
.text:00599240                                                                 ; CODE XREF: CDirector::Restart(void)+7BFp
.text:00599240                                                                 ; CDirector::Restart(void)+7F1p ...
.text:00599240
.text:00599240                         arg_0           = dword ptr  4
.text:00599240                         arg_4           = dword ptr  8
.text:00599240                         arg_8           = byte ptr  0Ch
.text:00599240
.text:00599240 8B 4C 24 08                             mov     ecx, [esp+arg_4]
.text:00599244 31 C0                                   xor     eax, eax
.text:00599246 0F B6 54 24 0C                          movzx   edx, [esp+arg_8]
.text:0059924B 85 C9                                   test    ecx, ecx
.text:0059924D 7E 0F                                   jle     short locret_59925E
.text:0059924F 84 D2                                   test    dl, dl
.text:00599251 75 0D                                   jnz     short loc_599260
.text:00599253 8B 54 24 04                             mov     edx, [esp+arg_0]
.text:00599257 8B 84 8A 74 03 00 00                    mov     eax, [edx+ecx*4+374h]
.text:0059925E
.text:0059925E                         locret_59925E:                          ; CODE XREF: CTerrorGameRules::GetTeamScore(int,bool)+Dj
.text:0059925E F3 C3                                   rep retn
.text:00599260                         ; ---------------------------------------------------------------------------
.text:00599260
.text:00599260                         loc_599260:                             ; CODE XREF: CTerrorGameRules::GetTeamScore(int,bool)+11j
.text:00599260 8B 54 24 04                             mov     edx, [esp+arg_0]
.text:00599264 8B 84 8A 7C 03 00 00                    mov     eax, [edx+ecx*4+37Ch]
.text:0059926B C3                                      retn 


Lets say i want to find this function in the windows Binary. Theres no string i could look for.

[bl4nk]

I do it either by looking for strings, using vtables, or by going through xrefs (all while comparing the code of the functions I'm looking at in the Windows and Linux binaries).

[AtomicStryker]

Please explain "using vtables" and "going through xrefs"

As in, step-by-step? ^^

[Downtown1]

Don't bother about the "using vtables" part, L4D2 voffsets change quite often like almost every patch in my experience.. unless you want to be releasing new offsets every time there is an L4D2 patch.