I have similar problem trying to patch bone name that used to attach shield hitbox when it's not deployed (CS:GO).
PHP Code:
"Games"
{
"csgo"
{
"MemPatches"
{
"ShieldAttachBone_AttachEquipment"
{
"signature" "AttachEquipment"
"windows"
{
"offset" "77Ah"
"verify" "\x68\x70"
"patch" "\x68\x70\x00\x00\x00\x00"
"preserve" "\xFF\xFF\xFF\xFF\xFF\xFF"
}
}
}
"Signatures"
{
"AttachEquipment"
{
"library" "server"
"windows" "\x55\x8B\xEC\x83\xE4\xF0\x81\xEC\x88\x02\x00\x00"
}
}
}
}
According to IDA, the offset in that function contains push opcode with pointer to string "spine_2":
PHP Code:
68 70 D9 8D 10 push offset aSpine_2 ; "spine_2"
I tried to make plugin that will override that string in that specific function. This "spine_2" string is also used by 3 other function, so I thought it'd be better to patch opcode pointer like in plugin above instead of overriding string directly.
PHP Code:
#include <sourcemod>
#include <sourcescramble>
char BoneName[32];
Handle g_pGameConfig;
ConVar shieldattach_bonename;
MemoryPatch patch;
public void OnPluginStart()
{
g_pGameConfig = LoadGameConfigFile("shieldattach.games");
patch = MemoryPatch.CreateFromConf(g_pGameConfig, "ShieldAttachBone_AttachEquipment");
if(!patch.Validate())
{
PrintToServer("[MEMPATCH - FAILED]: Failed to verify patch!");
delete g_pGameConfig;
return;
}
if(patch.Enable())
{
PrintToServer("[MEMPATCH - SUCCESS]: Patch has been applied!");
}
shieldattach_bonename = CreateConVar("shieldattach_bonename", "spine_2", "Bone name for attaching shield hitbox", FCVAR_NOTIFY, true, 0.0, true, 1.0);
shieldattach_bonename.AddChangeHook(OnBoneChanged);
StoreToAddress(patch.Address + view_as<Address>(2), view_as<int>(GetAddressOfString(BoneName)), NumberType_Int32);
}
public void OnBoneChanged(ConVar convar, const char[] oldValue, const char[] newValue)
{
strcopy(BoneName, sizeof(BoneName), newValue);
}
That code makes server crash when player is killed and address of plugin string seems to be incorrect.
Opcodes before patch:
PHP Code:
server.dll+469999 - 50 - push eax
server.dll+46999A - 68 70D99920 - push server.dll+8DD970 { ("spine_2") }
server.dll+46999F - E8 5CFCD5FF - call server.dll+1C9600
server.dll+4699A4 - 50 - push eax
server.dll+4699A5 - 8B CF - mov ecx,edi
server.dll+4699A7 - FF 96 58030000 - call dword ptr [esi+00000358]
Opcodes after patch:
PHP Code:
server.dll+469999 - 50 - push eax
server.dll+46999A - 68 7074186E - push 6E187470 { 1847096432 }
server.dll+46999F - 22 5C FC D5 - and bl,[esp+edi*8-2B]
server.dll+4699A3 - FF 50 8B - call dword ptr [eax-75]
server.dll+4699A6 - CF - iretd
server.dll+4699A7 - FF 96 58030000 - call dword ptr [esi+00000358]