Im not creating an extension, i just want a SDK call whose signature has changed from L4D to L4D2. And ive tried right clicking the commandline of course, there is no menu popping up.
The function is CTerrorPlayer::TakeOverBot(bool) in L4D2 - the still correct linux Signature is "_ZN13CTerrorPlayer11TakeOverBotEb"
I'd welcome more hints or an updated tutorial (would be willing to WRITE one) on how to generally do this - there are many interesting functions there not accessible by Virtual Function Calls
The Code:
PHP Code:
.text:00BE5FD0 ; CTerrorPlayer::TakeOverBot(bool)
.text:00BE5FD0 _ZN13CTerrorPlayer11TakeOverBotEb proc near
.text:00BE5FD0 ; CODE XREF: CDirector::NewPlayerPossessBot(DirectorNewPlayerType_t &,SurvivorBot *)+1F6j
.text:00BE5FD0 ; CDirector::SwapTeams(void)+27Ep ...
.text:00BE5FD0
.text:00BE5FD0 var_25C = dword ptr -25Ch
.text:00BE5FD0 var_258 = dword ptr -258h
.text:00BE5FD0 var_254 = dword ptr -254h
.text:00BE5FD0 var_250 = dword ptr -250h
.text:00BE5FD0 var_24C = dword ptr -24Ch
.text:00BE5FD0 var_245 = byte ptr -245h
.text:00BE5FD0 var_244 = dword ptr -244h
.text:00BE5FD0 var_234 = byte ptr -234h
.text:00BE5FD0 var_1FC = dword ptr -1FCh
.text:00BE5FD0 var_1F8 = dword ptr -1F8h
.text:00BE5FD0 var_1F4 = dword ptr -1F4h
.text:00BE5FD0 var_1F0 = dword ptr -1F0h
.text:00BE5FD0 var_1EC = dword ptr -1ECh
.text:00BE5FD0 var_1D4 = dword ptr -1D4h
.text:00BE5FD0 var_1D0 = dword ptr -1D0h
.text:00BE5FD0 var_1CC = dword ptr -1CCh
.text:00BE5FD0 var_1C8 = dword ptr -1C8h
.text:00BE5FD0 var_1C4 = dword ptr -1C4h
.text:00BE5FD0 var_140 = dword ptr -140h
.text:00BE5FD0 var_13C = dword ptr -13Ch
.text:00BE5FD0 var_138 = dword ptr -138h
.text:00BE5FD0 var_134 = dword ptr -134h
.text:00BE5FD0 var_130 = dword ptr -130h
.text:00BE5FD0 var_28 = byte ptr -28h
.text:00BE5FD0 arg_0 = dword ptr 4
.text:00BE5FD0 arg_4 = byte ptr 8
.text:00BE5FD0
.text:00BE5FD0 55 push ebp
.text:00BE5FD1 57 push edi
.text:00BE5FD2 56 push esi
.text:00BE5FD3 53 push ebx
.text:00BE5FD4 81 EC 4C 02 00 00 sub esp, 24Ch
.text:00BE5FDA 8B 15 8C 07 1B 01 mov edx, ds:gpGlobals
.text:00BE5FE0 0F B6 8C 24 64 02 00 00 movzx ecx, [esp+25Ch+arg_4]
.text:00BE5FE8 88 4C 24 17 mov [esp+25Ch+var_245], cl
.text:00BE5FEC 8B 42 14 mov eax, [edx+14h]
.text:00BE5FEF 85 C0 test eax, eax
.text:00BE5FF1 0F 8E C3 00 00 00 jle loc_BE60BA
.text:00BE5FF7 BE 01 00 00 00 mov esi, 1
.text:00BE5FFC
.text:00BE5FFC loc_BE5FFC: ; CODE XREF: CTerrorPlayer::TakeOverBot(bool)+E4j
.text:00BE5FFC 89 34 24 mov [esp+25Ch+var_25C], esi
.text:00BE5FFF E8 C8 67 18 00 call _Z18UTIL_PlayerByIndexi ; UTIL_PlayerByIndex(int)
.text:00BE6004 85 C0 test eax, eax
.text:00BE6006 89 C3 mov ebx, eax
.text:00BE6008 0F 84 9A 00 00 00 jz loc_BE60A8
.text:00BE600E 8B 40 28 mov eax, [eax+28h]
.text:00BE6011 85 C0 test eax, eax
.text:00BE6013 0F 84 8F 00 00 00 jz loc_BE60A8
.text:00BE6019 8B 15 8C 07 1B 01 mov edx, ds:gpGlobals
.text:00BE601F 2B 42 58 sub eax, [edx+58h]
.text:00BE6022 C1 F8 04 sar eax, 4
.text:00BE6025 85 C0 test eax, eax
.text:00BE6027 0F 84 81 00 00 00 jz loc_BE60AE
.text:00BE602D 8B 03 mov eax, [ebx]
.text:00BE602F 89 1C 24 mov [esp+25Ch+var_25C], ebx
.text:00BE6032 FF 90 68 01 00 00 call dword ptr [eax+168h]
.text:00BE6038 84 C0 test al, al
.text:00BE603A 74 6C jz short loc_BE60A8
.text:00BE603C 83 BB 8C 1F 00 00 02 cmp dword ptr [ebx+1F8Ch], 2
.text:00BE6043 74 63 jz short loc_BE60A8
.text:00BE6045 89 1C 24 mov [esp+25Ch+var_25C], ebx
.text:00BE6048 E8 8B EE AF FF call _ZNK11CBaseEntity13GetTeamNumberEv ; CBaseEntity::GetTeamNumber(void)
.text:00BE604D 83 F8 02 cmp eax, 2
.text:00BE6050 0F 85 02 05 00 00 jnz loc_BE6558
.text:00BE6056 C7 44 24 0C 00 00 00 00 mov [esp+25Ch+var_250], 0
.text:00BE605E C7 44 24 08 78 8D FB 00 mov [esp+25Ch+var_254], offset _ZTI11SurvivorBot ; `typeinfo for'SurvivorBot
.text:00BE6066 C7 44 24 04 08 73 FC 00 mov [esp+25Ch+var_258], offset _ZTI13CTerrorPlayer ; `typeinfo for'CTerrorPlayer
.text:00BE606E 89 1C 24 mov [esp+25Ch+var_25C], ebx
.text:00BE6071 E8 52 5C 67 00 call __dynamic_cast
.text:00BE6076 85 C0 test eax, eax
.text:00BE6078 89 C5 mov ebp, eax
.text:00BE607A 74 2C jz short loc_BE60A8
.text:00BE607C 8B 15 18 04 1B 01 mov edx, ds:engine
.text:00BE6082 8B BC 24 60 02 00 00 mov edi, [esp+25Ch+arg_0]
.text:00BE6089 8B 98 E4 42 00 00 mov ebx, [eax+42E4h]
.text:00BE608F 8B 0A mov ecx, [edx]
.text:00BE6091 8B 47 28 mov eax, [edi+28h]
.text:00BE6094 89 14 24 mov [esp+25Ch+var_25C], edx
.text:00BE6097 89 44 24 04 mov [esp+25Ch+var_258], eax
.text:00BE609B FF 51 40 call dword ptr [ecx+40h]
.text:00BE609E 39 C3 cmp ebx, eax
.text:00BE60A0 0F 84 73 05 00 00 jz loc_BE6619
.text:00BE60A6 db 66h
.text:00BE60A6 66 90 nop
.text:00BE60A8
.text:00BE60A8 loc_BE60A8: ; CODE XREF: CTerrorPlayer::TakeOverBot(bool)+38j
.text:00BE60A8 ; CTerrorPlayer::TakeOverBot(bool)+43j ...
.text:00BE60A8 8B 15 8C 07 1B 01 mov edx, ds:gpGlobals
.text:00BE60AE
.text:00BE60AE loc_BE60AE: ; CODE XREF: CTerrorPlayer::TakeOverBot(bool)+57j
.text:00BE60AE 83 C6 01 add esi, 1
.text:00BE60B1 3B 72 14 cmp esi, [edx+14h]
.text:00BE60B4 0F 8E 42 FF FF FF jle loc_BE5FFC
.text:00BE60BA
.text:00BE60BA loc_BE60BA: ; CODE XREF: CTerrorPlayer::TakeOverBot(bool)+21j
.text:00BE60BA 31 FF xor edi, edi
.text:00BE60BC
.text:00BE60BC loc_BE60BC: ; CODE XREF: CTerrorPlayer::TakeOverBot(bool)+5EDj
.text:00BE60BC 31 ED xor ebp, ebp
.text:00BE60BE
.text:00BE60BE loc_BE60BE: ; CODE XREF: CTerrorPlayer::TakeOverBot(bool)+64Bj
.text:00BE60BE 80 7C 24 17 00 cmp [esp+25Ch+var_245], 0
.text:00BE60C3 0F 84 FB 04 00 00 jz loc_BE65C4
.text:00BE60C9
.text:00BE60C9 loc_BE60C9: ; CODE XREF: CTerrorPlayer::TakeOverBot(bool)+606j
.text:00BE60C9 85 ED test ebp, ebp
.text:00BE60CB 0F 84 9F 02 00 00 jz loc_BE6370
.text:00BE60D1 8B B5 9C 2B 00 00 mov esi, [ebp+2B9Ch]
.text:00BE60D7 89 34 24 mov [esp+25Ch+var_25C], esi
.text:00BE60DA E8 C5 1F 9D FF call _Z21SurvivorCharacterName21SurvivorCharacterType ; SurvivorCharacterName(SurvivorCharacterType)
.text:00BE60DF 8B 15 18 04 1B 01 mov edx, ds:engine
.text:00BE60E5 8B 9C 24 60 02 00 00 mov ebx, [esp+25Ch+arg_0]
.text:00BE60EC 8B 0A mov ecx, [edx]
.text:00BE60EE 89 C6 mov esi, eax
.text:00BE60F0 8B 43 28 mov eax, [ebx+28h]
.text:00BE60F3 89 14 24 mov [esp+25Ch+var_25C], edx
.text:00BE60F6 89 44 24 04 mov [esp+25Ch+var_258], eax
.text:00BE60FA FF 51 40 call dword ptr [ecx+40h]
.text:00BE60FD 8B 94 24 60 02 00 00 mov edx, [esp+25Ch+arg_0]
.text:00BE6104 89 C3 mov ebx, eax
.text:00BE6106 8B 02 mov eax, [edx]
.text:00BE6108 89 14 24 mov [esp+25Ch+var_25C], edx
.text:00BE610B FF 90 B4 00 00 00 call dword ptr [eax+0B4h]
.text:00BE6111 89 5C 24 0C mov [esp+25Ch+var_250], ebx
.text:00BE6115 89 74 24 10 mov [esp+25Ch+var_24C], esi
.text:00BE6119 C7 44 24 04 94 5A FC 00 mov [esp+25Ch+var_258], offset aTakeoverSDIsTr ; "[TAKEOVER]: %s (%d) is trying to take o"...
.text:00BE6121 C7 04 24 01 00 00 00 mov [esp+25Ch+var_25C], 1
.text:00BE6128 89 44 24 08 mov [esp+25Ch+var_254], eax
.text:00BE612C E8 17 5A 67 00 call DevMsg
.text:00BE6131 8B 0D 00 23 1D 01 mov ecx, ds:TheDirector
.text:00BE6137 8B 99 68 05 00 00 mov ebx, [ecx+568h]
.text:00BE613D 80 7B 34 00 cmp byte ptr [ebx+34h], 0
.text:00BE6141 0F 84 15 02 00 00 jz loc_BE635C
That should hopefully be enough