[spidershift]

SDKHooks is actually hooking the virtual function CBaseEntity::FireBullets(...) using an offset. I'm looking to detour CCSPlayer::FireBullet(...), which is not virtual. I think I may also be able to detour the static function FX_FireBullets(...) since it is the only function that references CCSPlayer::FireBullet(...), but I cannot get either method to work at this time. The FireBullet(...) detour will not work, and the FX_FireBullets(...) static call crashes the server (along with having no call still somehow calling the original function).

[psychonic]

Quote:

Originally Posted by spidershift SDKHooks is actually hooking the virtual function CBaseEntity::FireBullets(...) using an offset. I'm looking to detour CCSPlayer::FireBullet(...), which is not virtual.

Indeed. Being non-virtual, it was probably affected by LTCG (only applicable right now on CS:GO and Dota 2, only on Windows). This affects the calling convention, often changing the actual count of parameters, passing some through registers instead. You may need to add some inline assembly to your copy of the function.

[EzPz]

GetSequenceActivity - CS:S
"PrepSDKCall_SetFromConf(gameConf, SDKConf_Signature, "GetSequenceActivity");"

[Root_]

EzPz

Code:

"GetSequenceActivity"
{
	"windows"	"\x55\x8B\xEC\x83\x7D\x08\xFF\x56\x8B\xF1\x74\x4E\x80\xBE\x2D\x03"
	"linux"	"@_ZN14CBaseAnimating19GetSequenceActivityEi"
}

[sparksterRK]

I'm trying to verify if these windows signatures are accurate. can anyone verify? (left 4 dead 2)

Code:

"Games"
{
    "left4dead2"
    {
        "Offsets"
        {
            "oAbility"
            {
                "windows"    "928"
                "linux"        "948"
            }
        }

        "Signatures"
        {
            "SetClass"
            {
                "library"       "server"
                "windows"    "\x55\x8b\xec\x56\x8b\xf1\xe8****\x83\xf8*\x0f\x85****\xa1****\x40\xa3"
                "linux"         "@_ZN13CTerrorPlayer8SetClassE15ZombieClassType"
            }

            "CreateAbility"
            {
                "library"    "server"
                "windows"    "\x55\x8b\xec\x83\xec*\x56\x8b\x75*\x85\xf6\x0f\x84****\x8b\xce\xe8"
                "linux"         "@_ZN12CBaseAbility15CreateForPlayerEP13CTerrorPlayer"
            }
            "RoundRespawn"
            {
                "library"    "server"
                "linux"        "@_ZN13CTerrorPlayer12RoundRespawnEv"
                "windows"    "\x56\x8B\xF1\xE8\x2A\x2A\x2A\x2A\xE8\x2A\x2A\x2A\x2A\x84\xC0\x75"
            }
            "CSpitterProjectile_Detonate"
            {
                "library"    "server"
                "linux"        "@_ZN18CSpitterProjectile8DetonateEv"
                "windows" "\x81\xEC\x8C\x2A\x2A\x2A\x55\x57\x8B\xE9\xE8\xB1\x2A\xD6\xFF\x8B\xF8\xF6\x47\x42\x04\x0F\x85\xC6\x02"
                //"windows" "\x81\xEC\x8C\x2A\x2A\x2A\x55\x57\x8B\xE9\xE8\x61\x09\xD6\xFF\x8B\xF8\xF6\x47\x42\x04\x0F\x85\xC6\x02"
            }
            "CTerrorPlayer_OnAdrenalineUsed"
            {
                "library"    "server"
                "linux"        "@_ZN13CTerrorPlayer16OnAdrenalineUsedEf"
                "windows" "\xD9\x44\x24\x04\x56\x8B\xF1\x51\x8D\x8E\x2A\x32\x2A\x2A\xD9\x1C\x24\xE8\x2A\x2A\xD6\xFF\x80\xBE"
                //"windows" "\xD9\x44\x24\x04\x56\x8B\xF1\x51\x8D\x8E\x84\x32\x2A\x2A\xD9\x1C\x24\xE8\x3A\x37\xD6\xFF\x80\xBE"
                //"windows" "\xD9\x44\x24\x04\x56\x8B\xF1\x51\x8D\x8E\x84\x32\x2A\x2A\xD9\x1C\x24\xE8\x8A\x34\xD6\xFF\x80\xBE"
            }
            /*
             *   CTerrorPlayer::OnRevived(void) - used by the game to revive Survivors
             */
            "CTerrorPlayer_OnRevived"
            {
                "library"    "server"
                "linux"        "@_ZN13CTerrorPlayer9OnRevivedEv"
                "windows" "\x83\xEC\x38\x53\x55\x56\x8B\xF1\x8B\x06\x8B\x90\x24\x01\x2A\x2A"
                //"windows" "\x83\xEC\x38\x53\x55\x56\x8B\xF1\x8B\x06\x8B\x90\x2A\x2A\x2A\x2A\x57\xFF\xD2\x84\xC0\x0F\x84\xF1\x06"
            }
            "CTerrorPlayer_OnVomitedUpon"
            {
                "library"    "server"
                "linux"    "@_ZN13CTerrorPlayer13OnVomitedUponEPS_b"
                "windows" "\x83\xEC\x2A\x53\x55\x56\x57\x8B\xF1\xE8\x2A\x2A\x2A\x2A\x84\xC0\x74\x2A\x8B\x06\x8B"
                /* 83 EC ? 53 55 56 57 8B F1 E8 ? ? ? ? 84 C0 74 ? 8B 06 8B */
                /* OLD  83 EC 00 53 55 56 57 8B F1 E8 00 00 00 00 84 C0 74 00 8B 06 8B */
            }
            "SetHumanSpec"
            {
                "library"    "server"
                "linux" "@_ZN11SurvivorBot17SetHumanSpectatorEP13CTerrorPlayer"
                "windows" "\x53\x56\x8B\xF1\x33\xDB\x39*******\x5E\x32\xC0\x5B"
            }
            "TakeOverBot"
            {
                "library"    "server"
                "linux"    "@_ZN13CTerrorPlayer11TakeOverBotEb"
                "windows" "\x81*****\x53\x55\x56\x8D***\x57\x8B\xF1\x33\xDB"
            }
        }
    }
}

[kadet.89]

Can somebody help me to finde the signature of this function:
CBaseAnimating::GetModelPtr(void) for CSS

I only have this clue:

Code:

"Achievements disabled: Steam not runnin" top purple text "ecx, ds:g_VProfCurrentProfile" above function

but either it's very old and I can't use it or I just don't understand it

[donrevan]

Why would you need it?

It is inlined.

Code:

mov     eax, [esi+44Ch]
test    eax, eax

aka

CStudioHdr *hdr = reinterpret_cast<CStudioHdr*>(pBaseAnimating + 0x44C);
if(hdr && hdr->IsValid())
...

you may have to LockStudioHdr before accessing it(and check what GetModel() returns).

I got this from a old server.dll, offset probably changed.
Find latest offset:
1. search "ERROR: Mapmaker tried to spawn DispatchEffect %s"
2. look for this:

Code:

.text:100A5733 E8 08 8C 01 00                                call    CBaseEntity__GetModel
.text:100A5738 85 C0                                         test    eax, eax
.text:100A573A 74 07                                         jz      short loc_100A5743
.text:100A573C 8B CE                                         mov     ecx, esi
.text:100A573E E8 8D D7 FF FF                                call    CBaseEntity__LockStudioHdr
.text:100A5743
.text:100A5743                               loc_100A5743:
.text:100A5743 8B 86 4C 04 00 00                             mov     eax, [esi+44Ch] <-- offset
.text:100A5749 85 C0                                         test    eax, eax
.text:100A574B 0F 84 8E 00 00 00                             jz      loc_100A57DF
.text:100A5751 83 38 00                                      cmp     dword ptr [eax], 0
.text:100A5754 0F 84 85 00 00 00                             jz      loc_100A57DF
.text:100A575A 8D 45 08                                      lea     eax, [ebp+arg_0]
.text:100A575D 50                                            push    eax
.text:100A575E 68 58 E7 39 10                                push    offset aD_3     ; "%d"
.text:100A5763 57                                            push    edi             ; char *
.text:100A5764 E8 C4 C5 29 00                                call    _sscanf

all info you need should be there.

[kadet.89]

Thank you, it's really inlined.

[Malak101]

Code:

"linux_symbol"	"_Z11UTIL_RemoveP11CBaseEntity"

Would anyone be kind enough to make a win signature for CSGO from the above?

I would do it myself but there's no searchable string near by so I'm stuck.

[psychonic]

Quote:

Originally Posted by Malak101 Code: "linux_symbol" "_ZN9CCSPlayer12RoundRespawnEv" Would anyone be kind enough to make a win signature for CSGO from the above? I would do it myself but there's no searchable string near by so I'm stuck.

https://github.com/alliedmodders/sou...e.csgo.txt#L71