Raised This Month: $12 Target: $400
 3% 

Solved [CS:GO] Need some help with signature scanning


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
pcmaster
AlliedModders Donor
Join Date: Sep 2009
Old 05-17-2017 , 17:32   [CS:GO] Need some help with signature scanning
Reply With Quote #1

So, I am currently trying to SDKCall (and later Detour) the function int CCSGameRules::MaxNumPlayersOnCTTeam() (later on int CCSGameRules::MaxNumPlayersOnTerrorTeam() as well), but am having trouble getting the SDKCalls to work.
The plugin always fails to load with "Signature not found" which, according to the documentation, means it can't find the key in the gamedata file - even though it's there (file was copied from some other plugin, and modified).

Code:
PHP Code:
public void OnPluginStart()
{
        
Handle gameConf LoadGameConfigFile("botfix.games");
        if(
gameConf == null)
        {
                
SetFailState("Config not found");
        }

        
StartPrepSDKCall(SDKCall_Raw);
        if(!
PrepSDKCall_SetFromConf(gameConfSDKConf_Signature"Test"))
        {
                
SetFailState("Signature not found");
        }

        
PrepSDKCall_SetReturnInfo(SDKType_PlainOldDataSDKPass_Plain);
        
Handle test EndPrepSDKCall();

        if(
test == null)
        {
                
SetFailState("Unable to prepare call");
        }

        
delete gameConf;

Gamedata:
PHP Code:
"Games"
{
        
"csgo"
        
{
                
"Signatures"
                
{
                        
"Test"
                        
{
                                
"library"       "server"
                                "windows"       ""
                                "linux"         "\x55\x89\xE5\x53\x83\xEC\x14\xA1\x7C\xA1\x41\x01\x8B\x5D\x08"
                                "mac"           ""
                        
}
                }
        }

Raw signature: 55 89 E5 53 83 EC 14 A1 7C A1 41 01 8B 5D 08 (taken until the last cmp before jump, no changing memory addresses as far as I can see).

Does PrepSDKCall_SetFromConf actually already resolve the address or did I do something else wrong?
Thanks in advance!
__________________
Stopped hosting servers as of November 2018, no longer active around here.

Last edited by pcmaster; 05-18-2017 at 16:11.
pcmaster is offline
asherkin
SourceMod Developer
Join Date: Aug 2009
Location: OnGameFrame()
Old 05-17-2017 , 18:13   Re: [CS:GO] Need some help with signature scanning
Reply With Quote #2

PrepSDKCall_SetFromConf does ensure that the signature scan resolves.

7C A1 41 01 is a far memory address that will be relocated at runtime and thus needs wildcarding - you really should use the makesig.idc script, it'll generate the shortest valid signature.

Don't forget that you need to restart the server after changing gamedata files.
__________________

Last edited by asherkin; 05-17-2017 at 18:16.
asherkin is offline
Benoist3012
Veteran Member
Join Date: Mar 2014
Location: CWave::ForceFinish()
Old 05-18-2017 , 10:40   Re: [CS:GO] Need some help with signature scanning
Reply With Quote #3

Quote:
Originally Posted by asherkin View Post
Don't forget that you need to restart the server after changing gamedata files.
Can't we just change the signature inside the .txt file and reload the plugin? Maybe it's just me who can't recall correctly, but I remember being able to change the signature inside the text file and reloading the plugin, and everything worked fine.
__________________

Last edited by Benoist3012; 05-18-2017 at 10:42.
Benoist3012 is offline
asherkin
SourceMod Developer
Join Date: Aug 2009
Location: OnGameFrame()
Old 05-18-2017 , 13:12   Re: [CS:GO] Need some help with signature scanning
Reply With Quote #4

No, you can't, which is why I said it.
__________________
asherkin is offline
pcmaster
AlliedModders Donor
Join Date: Sep 2009
Old 05-18-2017 , 14:20   Re: [CS:GO] Need some help with signature scanning
Reply With Quote #5

To be honest, I actually remembered about a script which could create sigs, but couldn't remember the name of it..
Now, when I try to run the script, I get the following error:
makesig.idc,23: Syntax error near: auto

Using the search function, I suspect that my IDA version is too old (using IDA Pro Free 5.0).
Is there no way of getting the script running without buying a full license of IDA? (don't really want to spend 529€)
__________________
Stopped hosting servers as of November 2018, no longer active around here.
pcmaster is offline
General Lentils
Senior Member
Join Date: Jul 2016
Old 05-18-2017 , 15:59   Re: [CS:GO] Need some help with signature scanning
Reply With Quote #6

That auto error happened to me too in IDA free, it worked in IDA Pro...
General Lentils is offline
pcmaster
AlliedModders Donor
Join Date: Sep 2009
Old 05-18-2017 , 16:11   Re: [CS:GO] Need some help with signature scanning
Reply With Quote #7

Got the script working, generated the following for CCSGameRules::MaxNumPlayersOnCTTeam():
\x55\x89\xE5\x53\x83\xEC\x14\xA1\x2A\x2A\x2A\ x2A\x8B\x5D\x08\x3D\x2A\x2A\x2A\x2A\x74\x2A\x 8B\x10\x89\x04\x24\xFF\x52\x40\x83\xF8\x01

And for T:
\x55\x89\xE5\x53\x83\xEC\x14\x8B\x5D\x08\x89\ x1C\x24\xE8\x2A\x2A\x2A\x2A\x84\xC0\x75\x2A\x A1\x2A\x2A\x2A\x2A\x3D\x2A\x2A\x2A\x2A\x74\x2 A\x8B\x10\x89\x04\x24\xFF\x52\x40\x83\xF8\x01

Although the one for T seems a bit long (most likely due to the function being bigger interestingly), both seem to work fine - after changing the SDKCallType to SDKCall_GameRules, getting 4 as a result for each team on a empty retakes server).
__________________
Stopped hosting servers as of November 2018, no longer active around here.

Last edited by pcmaster; 05-18-2017 at 16:14.
pcmaster is offline
Byte
Senior Member
Join Date: Jun 2010
Location: 📦 CCSPlayer
Old 05-18-2017 , 17:52   Re: [CS:GO] Need some help with signature scanning
Reply With Quote #8

Quote:
Originally Posted by pcmaster View Post
Got the script working, generated the following for CCSGameRules::MaxNumPlayersOnCTTeam():
\x55\x89\xE5\x53\x83\xEC\x14\xA1\x2A\x2A\x2A\ x2A\x8B\x5D\x08\x3D\x2A\x2A\x2A\x2A\x74\x2A\x 8B\x10\x89\x04\x24\xFF\x52\x40\x83\xF8\x01

And for T:
\x55\x89\xE5\x53\x83\xEC\x14\x8B\x5D\x08\x89\ x1C\x24\xE8\x2A\x2A\x2A\x2A\x84\xC0\x75\x2A\x A1\x2A\x2A\x2A\x2A\x3D\x2A\x2A\x2A\x2A\x74\x2 A\x8B\x10\x89\x04\x24\xFF\x52\x40\x83\xF8\x01

Although the one for T seems a bit long (most likely due to the function being bigger interestingly), both seem to work fine - after changing the SDKCallType to SDKCall_GameRules, getting 4 as a result for each team on a empty retakes server).
The actual signatures can get a little shorter, its still unique if you remove ending 0xF8, 0x01.
I'm guessing makesig.idc doesn't always produce shortest unique signatures.
__________________
STEAM: /id/invexbyte | Github: Mo Beigi | Discord: Byte#0017
Community: Invex Gaming | My Plugins: Click Me!

Byte is offline
asherkin
SourceMod Developer
Join Date: Aug 2009
Location: OnGameFrame()
Old 05-18-2017 , 18:13   Re: [CS:GO] Need some help with signature scanning
Reply With Quote #9

Quote:
Originally Posted by Byte View Post
The actual signatures can get a little shorter, its still unique if you remove ending 0xF8, 0x01.
I'm guessing makesig.idc doesn't always produce shortest unique signatures.
It avoids splitting individual opcodes.

More because IDA it per-opcode than anything else, a 2nd pass could be done after building the unique sig to trim it byte by byte.

Re-writing it in IDA Python with some fancy other features is on my todo list, sadly some of the stuff I'd like to add could do with a research team and 5 years.

Also been looking at porting some of the stuff like makesig to Radere2, but I get pretty lost every time I try and use that thing.
__________________

Last edited by asherkin; 05-18-2017 at 18:17.
asherkin is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 04:28.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode